Professional Documents
Culture Documents
BANKING INSTITUTIONS
RISK BASED SUPERVISION FRAMEWORK
(Draft)
(Volume 6b1)
August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Table of Contents
Page
1.0 Mission, Vision and Core Values of Banking Supervision (BS)...................................1
1.1 Mission ....................................................................................................................1
1.2 Vision ......................................................................................................................1
1.3 Objectives................................................................................................................1
1.4 Core Values .............................................................................................................1
2.0 Introduction ...................................................................................................................1
3.0 Benefits of RBS Framework .........................................................................................1
4.0 Key Principles/Policies..................................................................................................1
5.0 Coordination of Supervisory Activities.........................................................................2
5.1 Desk Officer ........................................................................................................2
5.2 Examiner-in-charge .............................................................................................3
6.0 RBS Methodology .........................................................................................................3
6.1 Understanding the Institution ..............................................................................4
6.2 Assessing the Institution’s Risk...........................................................................4
6.3 Planning and Scheduling Supervisory Activities.................................................12
6.4 Defining Examination Activities .........................................................................14
6.5 Performing On-site Activities..............................................................................15
6.6 Following up Findings and Recommendations ...................................................18
7.0 Reliance on Work of Third Parties ................................................................................19
Appendices
Appendix I: Detail Steps of Supervisory Process and Their Respective Outputs .................20
Appendix II: Guidance Notes and Institutional Overview ....................................................21
Appendix III: Guidance Notes and Corporate Profile ...........................................................25
Appendix IV: Functional Risk Mapping Chart ....................................................................27
Appendix V: Sample Supervisory Files and Review Note Formats......................................28
Appendix VI Risk Assessment Criteria.................................................................................55
Appendix VII (a): Board of Directors ...................................................................................58
Appendix VII (b): Senior Management.................................................................................62
Appendix VII (c): Risk Management ....................................................................................66
Appendix VII (d): Internal Auditors......................................................................................69
Appendix VII (e): Compliance..............................................................................................72
Appendix VII (f): Information and Communication .............................................................75
Appendix VIII: Overall Net Risk ..........................................................................................78
Appendix IX: Earnings..........................................................................................................79
Appendix X: Capital..............................................................................................................80
Appendix XI: Composite Risk Rating...................................................................................82
Appendix XII: Risk Matrix ...................................................................................................83
Appendix XIII: Risk Assessment Format..............................................................................84
Appendix XIV: CAMEL Rating & Financial Highlights......................................................85
Appendix XV: Guide to Intervention for Banks ...................................................................86
Appendix XVI: Guidance Notes to Completing Supervisory Plan .......................................89
Appendix XVII: Supervisory Plan Format............................................................................91
Appendix XVIII: A Sample Information Request Letter ......................................................92
Appendix XIX: Pre-Examination Working Tools.................................................................95
Appendix XX: Pre-Examination Checklist ...........................................................................105
Appendix XXI: Instructions for Preliminary Assessment of Risk & Financial Condition ...110
Appendix XXII: Scope Memorandum Format......................................................................114
Appendix XXIII: Scope Memorandum Sample ....................................................................115
i
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
ii
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
2.0 INTRODUCTION
The roles of banking supervision involve assessing the safety and soundness of banks, providing
feedback to the banks, and using supervisory powers to intervene in a timely manner to achieve
supervisory objectives. The objective of this Supervisory Framework (Framework) is to provide a
systematic and effective process to assess the safety and soundness of banks. This is achieved by
evaluating a bank’s risk profile, risk management processes, compliance with applicable laws and
regulations, and financial condition.
1
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The exercising of sound judgment in identifying and evaluating risks in a bank is central to
the effectiveness of the Framework.
Supervisory assessment would be driven by significant activities carried out by the banks.
Supervisory work will focus on identified material risks or areas of concern. Nevertheless,
supervisory attention will continue to be placed on critical details which may affect safety
and soundness of a bank.
Supervisory assessment will include reviews of risk management control functions (RMCF)
such as Board Oversight, Senior Management, Risk Management, Internal Audit,
Compliance, and Information and Communication.
Supervisory cycle of banks shall be extended up to a maximum of 24 months; but, may be
shortened depending on risk profile of each bank.
Communication of findings and recommendations to the bank shall be carried out on timely
basis.
Supervisory intervention shall be timely and the degree of the intervention shall
commensurate with the risk profile of the banks, in accordance with the ‘Guide to
Intervention for Financial Institutions’.
Ratings shall be provided to banks quarterly. The ratings will be lined to the stage rating
which will determine the supervisory intervention actions in accordance with the ‘Guide to
Intervention for Banks’.
Supervisors, where appropriate, shall use the work of the bank’s management and internal
control functions depending on the competency and reliability of the functions. The NBE
shall also rely on external auditors for fairness of the financial statements and will use their
work to determine the scope of reviews to minimize duplication of efforts.
Examination report of banks shall be confidential, unless release of which is authorized in
writing by D/Director.
Banks shall be entitled to submit objection to both quarterly ratings & examination reports of
FISP within a reasonable period of time.
Degree of supervisory intervention by BS shall be in accordance with related guide &
commensurate with risk profile of banks; & costs to banks &/or their customers associated to
these measures shall be proportionate to expected benefits.
BS shall conduct at least one bilateral prudential meeting with bank management & its
external auditor each, & tripartite meeting with bank management & its external auditor
every fiscal year; apart from continuous periodic meetings with bank throughout supervisory
cycle to obtain information &/or discuss supervisory concerns.
(i) Be responsible for the preparation and updating of Institutional profile in a timely manner
as well as preparation of supervisory plan;
(ii) Be knowledgeable, on an ongoing basis, about the bank’s financial condition,
management structure, strategic plan and direction, operations and the risk profile;
2
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(iii) Be knowledgeable and keep abreast with changes in the risk management policies
including those pertaining to new products and services;
(iv) Remain up-to-date and be knowledgeable regarding all supervisory activities, monitoring
and surveillance information, correspondences and various requests by banks, meetings
with management & external auditor and enforcement issues, if applicable;
(v) Ensure appropriate follow-up of supervisory concerns, corrective actions, or other matters
which come to light through ongoing communications, meetings or surveillance
including report of examination;
(vi) Participate in the examination process, as needed, to ensure consistency with the bank’s
supervisory plan and effective allocation of resources, and to facilitate requests for
information from the bank, wherever possible; and
(vii) In discharging some of the foregoing activities, the desk officer may arrange to visit the
bank under him/her upon obtaining necessary clearance from D/Director.
5.2 EIC
EIC shall be responsible for:
i. Coordinating Preliminary Review including pre-examination meeting;
ii. Preparation of scope memorandum;
iii. Leading the team of on-site examination;
iv. Preparing the report of examination; and
v. Accompanying D/Director to present report of examination to the board of the examined
bank.
3
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Two documents are produced to facilitate the understanding of the institution, namely, the
institutional overview and corporate profile. These documents will form attachments to the
supervisory plan. The instructional overview should contain in one concise document, an
executive summary that demonstrates an understanding of the bank’s present condition, its
current and prospective risk profiles as well as key issues and past supervisory findings. In
general, information in the overview should include:
A brief description of the overall condition, with comments on the impact of mergers,
changes in key business lines, growth areas, product lines, etc. since the last review;
A summary of the risk assessment of the bank;
External and internal factors affecting the bank;
An overview of management;
A brief analysis of the consolidated financial condition and trends;
A description of the future prospects of the bank; and
Key issues arising from the previous examination.
The corporate profile captures general information on the bank, such as the capital and ownership
structure, business strategies as will as composition of the board of directors and senior
management.
Formats of Institutional Overview and Corporate Profile, along with corresponding Guidance
Notes, are shown in Appendix II and Appendix III, respectively.
Risk assessment begins with identifying significant activities carried out by an institution. The net
risk in these activities is a function of the aggregate of inherent risks offset by the aggregate
quality of risk management. This evaluation is illustrated by the following equation:
The results of risk assessment are summarized in the Risk Matrix in subsection 6.10.
4
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
a) Assets generated by an activity in relation to total assets (both on- and off-balance sheet);
b) Risk-weighted assets generated by an activity in relation to total risk-weighted assets;
c) Revenue generated by an activity in relation to total revenue;
d) Net income before tax for an activity in relation to total net income before tax;
e) Expenditure of an activity in relation to total expenditure;
f) Internal allocation of capital to an activity in relation to total capital;
g) Capital charge for an activity in relation to total capital charge; and
h) Reserves held as a percentage of total reserves.
The supervisors need to determine and rank the materiality of the identified SA and it is to be
rated as ‘high’, ‘moderate’ or ‘low’. This is important as the supervisors would need to consider
the relative materiality of all SA in deriving at the Overall Net Risk. Lending is a compulsory SA
to be assessed. Detailed assessments of each SA shall be documented in the respective review
notes.
A thorough understanding of the environment in which a bank operates and the bank’s various
business activities, is essential to effectively identify and assess the risks inherent in those
activities. In the meantime, ‘A&L’ of CAMEL components are rated 1-5 here using CAMEL
Rating Guidelines in Appendix XXX. Inherent risks can be grouped in the following categories
for supervisory assessment purposes:
a) Credit Risk
Credit risk arises from counterparty’s inability or unwillingness to meet or fully meet its on-
balance sheet and/or off-balance sheet contractual obligations. Exposure to this risk results from
financial transactions with a counterparty including borrower or guarantor.
5
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
b) Market Risk
Market risk is defined as the potential that changes in the market rates/prices may have an adverse
impact on the bank’s financial condition. In other words, it is the risk that the bank’s earnings or
capital position will be affected by fluctuations in interest rate and foreign exchange. Two types
of market risk factors that could be considered are:
c) Liquidity Risk
Liquidity risk arises from a bank’s inability to obtain the necessary funds, either by increasing its
liabilities or converting its assets, to meet on-balance sheet and/or off-balance sheet obligations as
they come due, without incurring unreasonable losses.
d) Operational Risk
Generally, operational risk is defined as the risk of loss resulting from inadequate or failed
internal processes, people, and systems or from external events. The definition includes:
IT Risk;
Legal and Regulatory Risk;
Strategic Risk; and
Reputational Risk.
6
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Strategic risk arises from a bank’s inability to implement appropriate business plans, strategies,
decision-making, resource allocation and its inability to adapt to changes in the business
environment.
After SAs have been identified, the level of each risk type inherent in those activities is assessed
as low, moderate or high. This assessment is made without considering the impact of risk
mitigations by the bank’s risk management processes and controls. The quality of these
mitigations is considered separately and netted-off against the inherent risk assessment to
determine the net risk of each SA. Upon determining the level of each risk type inherent in a SA,
the aggregate inherent risks for the SA is then determined, incorporating considerations of the
relative significance of each risk type to the activity.
The following are the definitions of the level of inherent risk ratings.
In addition to OM, seven RMCFs that may exist in banks i.e. Board Oversight, Senior
Management, Risk Management, Internal Audit, Compliance, and Information and
Communication are identified as mitigations to inherent risks. The presence and nature of these
functions vary based on the size and complexity of banks.
After assessing the OM and each RMCF, an aggregate ‘quality of risk management’ is
determined, incorporating considerations on the relative significance of the OM and each RMCF
to the activity. The aggregate ‘quality of risk management’ assessment is then netted against the
aggregate inherent risk assessment for the given SA to derive net risk for the activity.
a) Operational Management
Operational Management (OM) for a given activity is a group of personnel who are directly
involved in planning, directing and controlling the day-to-day operations of the activity.
Examples of OM are heads of business units, e.g. Head of Corporate Banking, as well as other
management positions who report to him/her. They must ensure that policies and procedures are
7
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
implemented, control systems are adequate and adhered to, and resources are adequate to
effectively manage and mitigate the risks inherent in that activity. In performing their day-to-day
operations, they should focus on preventing and detecting material errors or irregularities in a
timely manner. For example, a business manager should not be only concerned with business
growth but must also ensure that adequate check and balance, and controls are in place.
OM acts to mitigate all types of inherent risk and not just operational risk. OM is not treated as
part of the RMCF due to its non-independent nature from the day-to-day operations.
The degree of assessment of OM depends on the assessment of the effectiveness of the RMCF.
For example, for a bank with ‘weak’ RMCF, supervisors would need to perform greater
supervisory work in assessing the OM. OM is assessed as strong, acceptable, or weak. There’s no
assessment criteria for OM, therefore supervisors are to exercise judgment based on the
explanations above.
Where independent RMCF are lacking and where independent reviews of OM by the RMCF have
not been carried out, supervisors will under normal circumstances, make appropriate
recommendations or direct appropriate work to be done. The following are brief descriptions of
each RMCF.
i) Board of Directors
The Board of Directors is responsible for providing stewardship and management oversight to the
bank. Its key responsibilities include:
Ensure that organizational and procedural controls, including policies and procedures are
adequate and effective;
Ensure compliance with approved policies and procedures;
Develop strategies and plans to achieve approved strategic and business objectives; and
8
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Identification of risks;
Development of systems for measurement of risks;
Establishment of policies and procedures to manage risks;
Development of risk tolerance limits;
Monitoring of positions against approved risk tolerance limits; and
Reporting of results of risk monitoring to senior management and the Board.
(v) Compliance
Compliance is an independent function within a bank that:
Sets the policies and procedures to ensure adherence to regulatory requirements in all
jurisdictions where the bank operates;
Monitors the bank’s compliance with these policies and procedures; and
Reports on compliance matters to senior management and Board.
The broad assessment criteria for each RMCF are described in Appendix VII (a) to Appendix
VII (f).
The broad assessment criteria for each RMCF under Track 2 are similar with the one used under
paragraph 5.2.3(b) and described in Appendix VII (a) to Appendix VII (f). ‘M’ of CAMEL
components is also rated 1-5 here (using CAMEL Rating Guidelines in Appendix XXX).
9
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Detailed assessments of each RMCF shall be documented in the respective review notes.
For example, the investment banking activity of a bank may be evaluated as having a high
aggregate level of inherent risk arising from a combination of high credit risk, high market risk,
and high liquidity risk. However, net risk for the activity may be rated as moderate due to
mitigation by a strong aggregate quality of risk management resulting from strong operational
management, strong internal audit, strong risk management, and strong Board oversight. Net risk
is rated as low, moderate or high as shown in the chart below:
The direction of net risk will be influenced by the impact of potential changes in inherent risks,
operational management or RMCF, businesses and economic climate on significant activities, as
well as the nature and pace of planned changes within the bank. Under normal circumstances, a
time horizon of ‘in the next twelve months’ shall be used. However, the time horizon would be
shorter in the period of greater changes and volatility.
10
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
months’ shall be used. However, the time horizon would be shorter in the period of greater
changes and volatility.
A determination on the expected direction of ‘Capital’ and ‘Earnings’ positions is also made as
either ‘Improving’, ‘Stable’ or ‘Deteriorating’. Such a determination is made in the context of a
defined period, e.g. ‘in the next twelve months’, ‘in the next six months’ etc. Under normal
circumstances, a time horizon of ‘in the next twelve months’ shall be used. However, the time
horizon would be shorter in the period of greater changes and volatility.
11
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The supervisory plan for each institution includes the following considerations:
Environment and industry risks;
Concerns or issues relating to the bank; and
Benchmarking, peer reviews, or other special studies conducted on the bank.
The supervisory plan is subject to revisions if unforeseen events alter the risk profile of the
institution. Any changes require reassessment of priorities, not just an extension of the scope of
the supervisory efforts. Guidance Notes to Completing Supervisory Plan and Supervisory Plan
Format are shown in Appendix XVI and Appendix XVII, respectively.
12
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(a) Full scope on-site examination: is one that is sufficient in scope to assess a bank’s CAMEL
components and the risk management system and make a conclusion about its safety and
soundness. Full scope onsite examination should be conducted at least once every 24 months.
(b) Targeted examination: is an onsite examination which does not cover all the CAMEL
components but rather focuses on specific product, area, or risk e.g. consumer loans, treasury
or operational risk.
(c) Planned meetings: are meetings with bank’s management to discuss its financial
performance, risk profile, strategies, the market in which it operates, and/or any other issue of
supervisory concern. These meetings should be conducted at least once during supervisory
period.
(d) Ad hoc meetings: are meetings with bank’s management either at NBE or onsite to discuss
business developments or plans and issues or concerns arising from the risk assessment
process or offsite analysis.
(e) Meetings with external auditors of the bank: are meetings with external auditors to
discuss supervisory issues and any other issue that might need attention of both the auditor
and the supervisor. If necessary, arrange with bank management to meet with the external
auditor to discuss:
The external audit’s scope, results or significant findings, and upcoming audit plans or
activities;
Reports, management letters, and other communications (written or oral) with the bank’s
board audit committee;
Audit planning methodologies, risk assessments and sampling techniques, if necessary;
How much the external auditor relies on the work of internal auditors and the extent of
external audit’s assessment and testing of financial reporting controls; and
Assigned audit staff experience and familiarity with banking and bank auditing,
particularly in specialized areas.
(f) Off-site surveillance: this involves continuous off-site monitoring of the bank on the
performance and condition together with progress on implementation of various instructions
and/or recommendations from the supervisor.
During the supervisory period, the findings from different supervisory tools that have been
applied will provide NBE with new and more detailed information about the areas of risk or
concern identified during the risk assessment stage. This information will assist NBE to draw
conclusions, make instructions and recommendations for remedial action.
At any time during the supervisory period, NBE may need to seek remedial action from the bank
or take action itself to deal with issues of serious supervisory concern. In addition, a bank’s
circumstances may change because it is entering new markets, making an acquisition or is
affected by market developments. NBE will address first those areas which it considers to be
higher risk or concern. If such events occur, the supervisory plan may need to be revised.
Alternatively, NBE may decide that it should undertake another risk assessment as the profile of
the bank may have changed significantly.
13
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
All banks will be subjected to a supervisory plan. However, a bank with a low risk profile will
normally be subject to a less intensive supervisory plan. Nevertheless, a minimum level of
supervision is required across all banks to keep abreast of changes in the business. At minimum,
all banks should be subject to off-site surveillance and planned meetings.
As specific items are selected for inclusion in the information request letter, the following
guidelines should be considered:
(a) Reflect risk-based supervision objectives and the examination scope. Items that are not
needed to support selected examination procedures should not be requested;
(b) Facilitate efficiency in the examination process and lessen the burden on banks. Minimize the
number of requested items, and avoid, to the extent possible, duplicating requests for
information already provided to NBE;
(c) Eliminate items used for audit-type procedures (e.g. verifications). Such procedures are
generally performed only when there is a reason to suspect that significant problems exist;
(d) Distinguish information to be received through mail for preliminary review to be conducted
off-site from information to be held at the bank for onsite review. Information that is not
easily reproduced should be reviewed on-site (e.g. policies, board minutes); and
(e) Allow management sufficient lead-time to prepare the requested information. The lead-time
should be at least two weeks.
14
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
preliminary review, both on-site and off-site including pre-examination meeting with the senior
management of the bank. Documentation of pre-examination review is as per Appendices XIX,
XX and XXI.
(a) Primary target market and business lines, and significant changes in bank products or
services including areas of growth since previous examination;
(b) Economic conditions within the target markets and any other external factors affecting
the primary business lines;
(c) Areas representing the greatest risk to the bank and/or markets;
(d) Changes in bank management, key personnel or operations since previous examination;
(e) Results of audit and internal controls review, any follow-up required by management;
(f) Any material changes to internal or external audit’s schedules or scope and adequacy of
audit staffing;
(g) Purchase, acquisition, merger or divestiture considerations;
(h) Changes in technology including operational systems, technology vendors/service
providers, critical software, internet banking, or plans for new products/activities that
involve new technology since previous examination;
(i) Issues regarding compliance with laws, directives and circulars governing banking
business;
(j) Other issues that may affect the risk profile; and
(k) Management concerns about the bank or NBE’s supervision including any areas the bank
would like the NBE to consider in the examination scope.
The scope memorandum should be tailored to the size, complexity and current rating of the bank
and should define the objectives of the examination. The memorandum should generally include:
15
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The scope memo should be submitted to Deputy Director for authorization. Scope memorandum
format and sample are attached as Appendix XXII and Appendix XXIII, respectively.
Authorization is granted by signing the Scope Authorization Form (Appendix XXIV).
In performing full scope examination, examiners will use core assessment and expanded
procedures (when necessary) to assess whether the risks within each bank are appropriately
identified and managed. The examination procedures should be tailored to fit the scope
memorandum for the examination. The examination also determines and validates the bank’s
condition. The core assessment will cover procedures to review the following areas:
The EIC should tailor the examination procedures to the risk rating as summarized in the risk
matrix. The core assessment procedures are divided into minimum-scope core assessment and
standard core assessment. The minimum-scope core assessment procedures are used in low-risk
areas while standard assessment procedures are used in areas identified as moderate-risk. A
combination of standard core assessment and expanded procedures (as needed) are used in high-
risk rated areas. The table below indicates the relationship between the risk rating and the
examination procedures:
16
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The minimum-scope core assessment, which is the foundation for review in low-risk areas,
determines whether any significant changes have occurred in business activities, the risk profile,
management, or the condition of a low-risk area from the prior bank’s risk assessment. These
procedures will be used in low-risk areas to assign the appropriate CAMEL and risk ratings. If no
significant changes in the bank’s risk profile are identified after completion of the minimum
procedures, no further work will be done. However, if the assessment identifies supervisory
concerns, the EIC has the flexibility to expand the scope of the examination by completing other
procedures from the standard core assessment and/or expanded procedures.
Under the CAMEL, each bank is assigned a composite rating based on an evaluation and rating of
five essential components of a bank’s financial condition and operations. These component
factors address the adequacy of capital, the quality of assets, the capability of management
(quality of risk management), the quality and level of earnings, and the adequacy of liquidity.
Evaluations of the components take into consideration the bank’s size and sophistication, the
nature and complexity of its activities, and its risk profile.
Composite and component ratings are assigned based on 1 to 5 numerical scale where 1 indicates
the highest rating, implying strongest performance, risk management practices and least degree of
supervisory concern; while 5 indicates the lowest rating, implying weakest performance,
inadequate risk management practices and, therefore, the highest degree of supervisory concern.
17
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The composite rating generally bears a close relationship to the component ratings. Composite
rating is not derived by computing an arithmetic average of the component ratings but rather, the
ratings are dependent on the worst rating in any of the five CAMEL components. Each
component rating is based on both quantitative and qualitative analyses of the factors comprising
that component and its interrelationship with the other components. It is important to note that
rating definitions under Composite 4 and 5 are similar with exception of two factors outlined
below which could lead a bank being rated 5 instead of 4:
(i) If the volume and severity of problems are beyond management’s ability or willingness
to control or correct; and
(ii) If immediate outside financial or other assistance is needed in order for the bank to be
viable.
Assigned composite and component ratings are disclosed to the bank’s board of directors and
senior management. Definition of Ratios for Risk and CAMEL ratings is provided in Appendix
XXIX. The composite rating definitions, and the descriptions and definitions for the five CAMEL
component ratings is attached as Appendix XXX. Similarly, Risk Rating Guidelines are attached
as Appendix XXXI to supplement risk rating process.
The ability of management to respond to changing circumstances and to address the risks that
may arise from changing business conditions, or the initiation of new activities or products, is an
important factor in evaluating a bank’s overall risk profile and the level of supervisory attention
warranted.
More specifically, the supervisory file includes an updated copy of the RAS, a copy of reports,
and related correspondences, and copies of various review notes. A review note is prepared based
on standard format for each significant activity, RMCF and CAMEL component review. The
review notes are used to document assessments of SA, RMCF and CAMEL components.
Working papers necessary to support the assessment are also filed. If a significant activity or
RMCF is not reviewed during an on-site visit, the latest review notes for the SA or RMCF are
brought forward to ensure that the file contains the latest information on the institution.
18
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
bank. For targeted examination, the report should communicate findings arising from specific
areas examined. Recommendations should be specific, time bound and listed in order of
importance.
Findings and recommendations are first discussed during the exit meeting with senior
management of the bank together with its Risk Management and/or Internal Audit departments.
This is followed by management meeting with its Chief Executive Officer and board and/or board
committees. The feedbacks from the discussions will be taken into account in finalizing the
examination report. Examination reports to the bank are addressed to the Chairperson of the
board. Format and contents of report of examination are in Appendices XXXII and XXXIII,
respectively.
19
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: I
20
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: II
A. Overall Condition
Summarize the overall condition based on the level of supervisory concern, assessment of Risk
Management system and adequacy of management oversight over the bank. Any key
issues/concerns relating to the strategies employed should also be highlighted.
Example
Overall, supervisory concern over the bank is moderate. The bank is embarking on an expansion program
and contemplating introduction of new financial products. This new focus is characterized by increasing
level of operational, credit and liquidity risk. However, the bank employs a satisfactory risk management
system, complemented by adequate policies, procedures and internal controls. The board and management
exercise close supervision over the bank and have demonstrated their capabilities in steering the bank
through the recent financial crises. Strategies are in place to address the bank’s short and long term needs.
The financial performance of the bank remains satisfactory.
State the level of inherent risk, the adequacy of risk management systems, the overall composite
risk and the direction of overall composite risk.
Example
21
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
– Board Oversight,
– Senior Management,
– Risk Management,
– Internal Audit,
– Compliance,
– Information and Communication.
State briefly, events that may have an impact on, or influence on the bank’s operations and
condition. For example:
22
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
F. Financial Overview
(i) Bank
Provide a brief write-up on the overall assessment of the financial performance of
the bank, based on Capital, Asset, Earnings and Liquidity.
List down any instance of non-compliance and corrective actions taken or to be taken by
the bank.
H. Environmental Considerations
Identify and state any external environmental factor, which may have an impact on the
operations and conditions of the bank, e.g. economic environment.
Identify and state significant accounting or reporting issues that may have any impact on
the operations and condition of the bank. For example,
Departure from standard accounting practices and the NBE guidelines on disclosure
and presentation.
Significant transactions such as inter-company transactions and portfolio transfers.
J. Future Prospects
(i) State the result of stress test/s conducted by the NBE and the bank.
(ii) State the bank’s strategic forecasts for key performance areas, and budget
projections, and/or new markets and products
State any pending matters which have been identified through correspondences, previous
examination reports, specific approvals/exemptions and issues to follow-up arising from
internal and external audit reports.
L. Supervisory Concerns
M. Attachments
23
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Organization Chart.
Business Plan.
Risk Matrix.
Annual Report.
Relevant Extracts from internal audit reports.
Any other relevant information.
At least three consecutive audit financial statements that includes:
Summary of key ratios
Comparative income statements and balance sheet
N. Sign-off
The various parties have to sign-off (and date) the institutional overview.
(a) Desk Officer who prepared the institutional overview.
(b) Team Leader who concurred with.
(c) D/Director who approved the institutional overview.
A. Overall Condition
Composite Rating
24
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
J. Future Prospects
(i) Stress Test Results
(ii) Projections
L. Attachments
M. Sign-Off
Name Signature Date Designation
Prepared by
Concurred by
Approved by
APPENDIX: III
25
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
4. Complete the following items in relation to customer profile (and indicate the reference date):
CP11. List of top 10 borrowers (aggregate all facilities under a single customers)
CP12. List of 10 non-performing loans (aggregate all NPLs under a single customer)
CP13. List of top 20 depositor (aggregate all facilities under a single customers)
CP14. NPLs by Economic Sectors.
26
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Associates
No. of Staff
APPENDIX: IV
FUNCTIONAL RISK MAPPING CHART
No. Functional Areas/Activities Inherent Risks
(based on the financial statements & business plan of
the bank) Credit Liquidity Market Operational
Forex Interest Rate
1 Banking operations:
-deposit liabilities other than banks X X X X
-special deposit accounts X X X
-deposits from banks and financial banks X X X X
-bankers checks and drafts issued X X
-payment orders/transfers payable X X
-borrowings X X X X
-subordinated debt X X X X
-trust and safe custody X
2 Cash management X X
3 Clearing/Payment system:
- checks and items for clearing X X
-Inter-branch float items X X
-electronic payment system e.g. ATMs, internet X
27
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
12 Information systems X
13 Internal controls & audit X
14 Other activities:
-other assets X
-accrued taxes & other expenses not paid X
-unearned income and other deferred credits X
-outstanding acceptances executed by or for account of
the bank X
-other liabilities X
APPENDIX: V
SAMPLE SUPERVISORY FILES AND REVIEW NOTES
SUPERVISORY FILE 1
INSTITUTION:
STATEMENT PERIOD:
SECTION: CORPORATE BANKING (modify for any significant activity)
DESCRIPTION WP REF
REVIEW NOTES
28
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
REVIEW NOTES 1
INSTITUTION:
STATEMENT PERIOD:
SECTION: CORPORATE BANKING
PREPARED/UPDATED BY: DATE:
REVIEWED BY: DATE:
REFERENCES:
This review note is used to provide an analysis and assessment of corporate banking activity of a bank. The purpose of
this general review note is to cover all aspects of corporate banking. This general review note should be used when it is
not appropriate or useful to further segment the activity into Corporate Real Estate, Loan Syndications, Trade Finance,
etc.
References:
1. Related Laws, NBE Directives and Guidelines
2. Commercial Bank Examination Manual, Federal Reserve Bank of U.S. Available on FRB Web site –
http://www.bog.fed.us
29
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Discuss and analyze the assets and liabilities (on and off balance sheet) generated by corporate banking activities on a
comparative basis over the past few years. Review unusual and/or material balances resulting from the corporate
banking activities. Assess the treasury/funding activities associated with corporate banking activities. Consider the
financial risks associated with these activities.
Risk Policies
What are management’s risk policies regarding credit risk, market risk, etc. for corporate banking activities? Risk
averse or risk inclined? Does the institution “squeeze margins” to gain customer relationships? Does it seek market
share versus profitability? Do the risk policies adequately support the key strategies for corporate banking?
Financial Performance
Discuss financial performance on a comparative basis over the past few years. What factors have contributed to that
performance? Analyze margins by product, region, etc and compare to peers. Analyze loan loss experience and
compare to peers. What problems are there and what remedial action has management taken to address those problems?
Include a discussion of interim performance. Consider reviewing changes in average loan size, rates of new business
acceptance and rates of renewals. Indicate the trend in the non-interest expense ratio over the last few years. What has
contributed to the trend? How does this compare to its peer group?
30
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
INHERENT RISK
Consider: Economic conditions, market environment, stages of the business cycle, competitive forces, target markets
and characteristics of those markets, distribution methods, concentration of risk, portfolio growth rates, entry into new
markets or product lines, significant changes in market share, and characteristics of loan portfolios. Nature of margin
trends and sensitivity of margins to market conditions, loan loss ratios significantly different from peers in similar
business, centralized vs. decentralized operations. Degree of reliance on intermediaries and adequacy of contractual
agreement. Concentration of credit risk.
Inherent risks should be discussed using the categories identified in the Supervisory Framework: Credit, Market,
Liquidity, Operational, as applicable.) Please use sub-headings and indicate your assessment of each category).
Credit (Level: )
Market (Level: )
Liquidity (Level: )
Operational (Level: )
31
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Evaluate the compensation policies and practices used in corporate banking activities. Do they support the key
strategies for corporate banking? Do they encourage excessive risk taking? How are they integrated into human
resource and performance management? How do the policies and practices compare to the institution’s peers in
corporate banking?
Outsourcing
Have any corporate banking products, services or operations been outsourced? If so, what products, services or
operations? Are the outsourcing arrangements managed according to NBE guidelines and circulars (to be issued)? Is
there independent third party review of the outsourcing?
Compliance (Quality: )
Provide an assessment of the oversight by Compliance for the activity. What role(s) does the compliance function play
in the compliance processes? How effective are they in carrying out these roles? What responsibility does the
Compliance function have for making sure corporate banking activities are in compliance with all relevant legislation
and regulations for all jurisdictions in which the institution conducts corporate banking activities? How do they carry
out these responsibilities? Have they identified and confirmed key compliance elements?
32
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Board/Committees (Quality: )
Provide an assessment of the effectiveness of the Board of Directors and Committees in overseeing corporate banking
activities? How open is the relationship between the Board and senior management regarding investment activities?
Does the Board actively engage in discussions, concerns and recommendations regarding corporate banking activities?
What limits/reports does the Board review and approve? What type of information does the Board receive on a regular
basis regarding corporate banking? Does the Board have a special committee for corporate banking activities?
PROCEDURES
Select procedures appropriate for the risks identified. If no risks remain to be addressed, not further procedures may be
necessary.
33
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
RECOMMENDATIONS
To the Institution
Disposition of recommendations should be noted after each point by indicating the action taken (e.g. included in
Examination Report, quarterly ratings, verbally discussed with institution, etc.)
Notes Ref
34
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The IT and network infrastructure that involved in the merger exercise would be complex. Merger exercise will
impact IT operation & IT infrastructure to be more complex.
The magnitude and complexity of processing, transaction enquiries or reports produced or printed by the IT
system that are to be merged.
Weaknesses in DR readiness. The first disaster recovery (DR) testing after merger was conducted in June 2007.
Although there were a few shortcomings, they managed to identify the root cause and provide solution. But there
is possibility that customers could be lost to another bank that could provide more reliable system. A more
comprehensive and enhanced DR testing need to be done to ensure minimum disruption during disaster.
The tendency and impact of data integrity and data quality issue due to merger exercise (cleanliness of the data
used for the merger, customer data, management reporting). Currently for each month-end report; the data need to
be extracted form various systems and figures to be reconciled. Time consuming.
System limitation to set month end close. If there is need to set early month end closing, they need to change the
system date. The changing of the system-date in not acceptable from an audit point of view and proper solution
should be provided.
Experienced significant glitches in ITD staff movement during the merger exercise.
35
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Need to revise business owners and IT representatives for the merged operations. This would impact the business
process.
Need to consolidate the list of IT contracts & agreements (rationalization on contract expiry) and revisit/streamline
as part of ISO 90001 project requirements.
36
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
1 How effective is senior Senior management plays effective role in monitoring the A1.5
management in monitoring the achievement of the Board-approved IT plans, strategies and
activity? effectiveness of IT organizational structure and controls.
Among its prefix agenda for IT are IT services update and IT
systems update.
2 What management tools There are various committees to discuss on IT matter i.e. IS A1.6
(committees, independent Steering Committee (BCC), Business Continuity Committee
reviews, etc) are used to support (BCC), Information Security Committee (ISMC). The agreed
senior management oversight of frequency of meeting for :
these processes? ISSC, BCC and ISMC- quarterly
3 How well does senior IT-related risks are adequately identified, discussed, A1.5
management control the monitored and controlled.
implementation of information Senior management also actively monitors adherence to
technology/business continuity approved policies and procedures, and compliance
plans? requirement, and ensures that timely action is taken to
remedy any deficiencies that may arise.
4 What is the knowledge and The senor management effectively oversees the execution of A1.5
awareness level of the senior approved IT strategies and effective management of overall
management group regarding IT operations. They put forward their ideas/suggestion or
these activities? concerns regarding implementation of IT/BCP during the
ITSC meeting.
37
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The component of RMCF is strong to manage and mitigate the inherent risk. The main contributing factor is the
adequate IT merger plan with proper working committees to oversee IT merger implementation. The management
also plays and active role as to ensure the merger of IT system and Operations are successful according to the plan.
The direction of risk is assessed as stable as the company has managed to identify the problems faced and its
solutions. In addition, the efforts to comply with GPIS 1 will definitely enhance the overall IT environment.
Furthermore, the IT risk management framework is in place and management will review the IT risk identification
and evaluation on quarterly basis. The internal audit has also taken a proactive measure in enhancing their IT audit.
External auditors are also engaged to perform IT audit.
38
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Support the use of the work of 3rd parties with detailed information regarding scope of review, findings and impact
on the NBE’s review. Copies of 3rd party documentation should be included to the extent considered necessary to
support use of their work.
Notes Ref
Notes Ref
A1.5
1. Application review related to the SA A2.4
2. Data migration C1.3
3. Data integrity & reconciliation – management reports
4. BCM framework
5. IT IA functions and scope
All results and conclusions should be set out here. Include an overall assessment of the department’s business
practices and experience.
Notes Ref
Inability to assure mission critical business processes are available in the event of a disaster
XG: PROCEDURES
Select procedures appropriate for the risks identified. If no risks remain to be addressed, not further procedures may
be necessary.
Notes Ref
The procedures used for the assessment are based on the PRiSM work program and the questions provided
in the review notes.
All results and conclusions should be set out here. Include an overall assessment of the department’s business
39
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Notes Ref
Inability to assure mission critical business processes are available in the event of a disaster.
XI: RECOMMENDATIONS
XI 1: To the Institution
Disposition of recommendations should be noted after each point by indicating the action taken (e.g. included in
Examination Report, Quarterly Rating, verbally discussed with institution, etc.
Notes Ref
Notes Ref
XJ: OTHERS
This area is meant for other relevant matters with regard to the financial institution.
Internal and external correspondences should be included in this section. The chronological order of the
correspondences is as per listing on the inner cover of this file.
SUPERVISORY FILE 3
INSTITUTION:
STATEMENT PERIOD:
SECTION: BOARD OF DIRECTORS
DESCRIPTION WP REF
REVIEW NOTES
40
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
REVIEW NOTES 3
INSTITUTION:
STATEMENT PERIOD:
SECTION: BOARD OF DIRECTORS
PREPARED/UPDATED BY: DATE:
REVIEWED BY: DATE:
41
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
REFERENCES:
1. Corporate governance guidelines (to be issued)
2. Proclamations and related NBE directives/guidelines
BOARD COMPOSITION
Indicate the Board of Directors membership. Does the Board have proper proportion of inside and outside directors?
What is the size of the board? Is it adequate to function effectively? Are the business and financial experience of
directors appropriate in relation to the business activities and risk profile of the bank? Is the selection process for new
directors appropriate? Is it largely directed by management? Is it independent? Is there any board policy limiting the
number of years that a person can be a member of the board and specific board committees? Does the bank have
documented criteria to select Board and Board Committee members? Are policies for Conflict of Interest and
Confidential Information appropriate, effective and is adherence to them monitored?
Board Mandate
Overall is there evidence on focus on central issues, knowledge of chairman, attitudes, and skills for effective
leadership? Is there evidence that the Board explicitly assumes stewardship responsibility of the bank by taking
responsibilities on the following matters:
Adoption of a strategic planning process;
The identification of the principal risks of the bank’s business and ensuring the implementation of appropriate
systems to manage these risks;
Succession planning, including appointing, training and monitoring senior management;
A communication policy for the corporation;
The integrity of the bank’s internal control and management information system; and
Compliance with government legislation.
Is there a Board member’s manual that outlines the Board and its committee’s mandates, roles, responsibilities and
structures? Does the Board receive appropriate information in timely manner in order to meet their mandate, roles and
responsibilities? Does the Board provide a regular, independent assessment of senor management?
Board Committees
Evaluate the knowledge and involvements of the Board’s significant committees consider:
COMPOSITION:
Describe the composition for significant committees.
Do outside directors make up a majority of the committee?
Are any members officers or employees of the bank or its subsidiary?
Do the Committee members have meaningful qualifications?
Is there an adequate succession planning and compensation? Are there sufficient resources?
STRUCTURE:
Does the committee have defined structures and mandates which are appropriately documented and communicated
to all involved parties (directors, management, auditors and regulators)?
MANDATE, ROLES AND RESPONSIB
Does the committee perform the duties as set out in guidelines, as appropriate?
Does it report to the Board after each meeting?
Does the committee have direct and unrestricted communication channels (e.g. to external auditors, etc.) to discuss
and review specific issues, as appropriate?
Does the committee meet with the full Board frequently enough to effectively deal with critical issues and monitor
the institution?
Does the committee appear to come to grips with critical problems?
Do minutes appear to appropriately document deliberations, decisions, dissent and approval?
42
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Is there evidence of accurate, adequate and timely information provided to and produced by the
Board/Committees? (agendas, minutes, committee reports):
Audit Committee
Remuneration Committee
Nominating Committee
Other Committees
Board Self-Assessment
Does the Board have a mechanism to measure its effectiveness? Is there a periodic performance review process for
Board members?
OVERALL ASSESSMENT
Assess effectiveness of the Board and its committees in overseeing and directing management’s responsibilities.
Provide justification and rational for your assessment. Insight may be gained, among other things, through the
process of analyzing the significant activities, discussions with external auditors, internal auditors, general
observations, on-going contact with the bank and/or exchange of information with other supervisors.
RATING DIRECTION
EFFECTIVENESS RATING (Strong, Acceptable, (Improving, Stable or
Marginal or Weak) Deteriorating)
BOARD OF DIRECTORS AND COMMITTEES
RECOMMENDATIONS
To the Institution
Disposition of recommendations should be noted after each point by indicating the action taken (e.g. included in
Examination Report, quarterly ratings, verbally discussed with bank, etc.)
43
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
SUPERVISORY FILE 4
INSTITUTION:
STATEMENT PERIOD:
SECTION: RISK MANAGEMENT
DESCRIPTION WP REF
REVIEW NOTES
44
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
REVIEW NOTES 4
INSTITUTION:
STATEMENT PERIOD:
SECTION: RISK MANAGEMENT
PREPARED/UPDATED BY: DATE:
REVIEWED BY: DATE:
REFERENCES:
You may wish to use the following documents to assist you in the preparation of this review note:
1. RBS Framework.
2. BIS – Operational Risk Management paper
3. BIS- Principles for the Management of Interest Rate Risk
4. Related laws, NBE directives and guidelines/Circulars
Also here are some nifty web sites for further up to date info:
1. Global Association of Risk Professionals: http://WWW.barp.com/
2. International Association of Finance Engineers: http://www.jafe.org/
3. Management Control Concepts: http://WWW.mc2consulting.com/
4. Strategic Risk Management Group: http://WWW.srm.co.uk/
5. RISKLIST- Resources for Risk Managers: http://home.clara.net/rlowther/risklist.html
What corporate mandate has been established for the risk management department and/or its head? Is the department’s
scope sufficient to provide management and the Board an assessment on all material risks inherent in the institution’s
operations? How are roles and responsibilities assigned and managed in the department? How frequently is the group’s
mandate reviewed by the Board? Are risk management personnel given sufficient authority to deal with line
counterparts?
What is the department’s budget for current and future years? What has been the trend in resources and staffing? How
are resources allocated? Is the group staffed with sufficient experience and expertise to deliver on its mandate? How are
staffs recruited? What amount and type of training is provided for staff?
What type of approach or focus does the institution use for risk management; integrated, enterprise-wide, business unit
45
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
or service function, individual risk, trading vs. non-trading, etc? Does the approach include assessing capital adequacy?
Compare this approach to the strategic planning framework of the institution. Assess the strengths and weakness of the
institution’s approach and its adequacy for the risks inherent in the activities of the institution.
Assess the department’s process and framework of policies, procedures and limits? How comprehensive are they? Are
they consistent with management’s experience, the institution’s business strategies and objectives and the financial
strength of the institution? Are they adequate for identifying, measuring, monitoring and controlling the risk inherent
(new or existing) in the institution’s businesses or products (new or existing)? What is the process used to develop and
modify the policies, procedures and limits?
Assess the risk management methodologies and models used by the institution. Does the institution use standardized
models and methodologies? How are the methodologies and models linked to the risk philosophies, policies,
procedures and limits? Do they adequately support the policies, procedures and limits? Does the institution utilize
specialists/consultants for certain areas? How are the methodologies and models independently validated? How are
methodologies and models reviewed and updated and how frequently?
How are the institution’s risk management policies, procedures and limits translated into its day-to-day operations?
What are the types of analysis and documentation required to support the assumption or underwriting of individual
risks? What is the role of the risk management department in this area? Is there congruence between the policies,
procedures and limits and the analysis and documentation?
Measurement
How does the institution’s risk measurement standards and systems link to its policies and procedures? Does the
institution measure and aggregate risks form trading and non-trading activities on a comprehensive institution-wide
basis? Are the risk measurement standards understood by relevant personnel throughout the institution? How “real-
time” is the measurement system? How does the institution measure and analyze stress situations as a result of probable
events or market changes? Are the risk measurement systems adequate to measure the scale, complexity and nature of
the risks inherent in the institution’s activities?
Does the institution adequately monitor and control its risk management policies, procedures and limits? At what
organizational levels does the monitoring and controlling take place? What enforcement procedures and mechanisms
are used? How are new products monitored and controlled? Are the management information systems adequate to
quantify and monitor the risk positions of the institution?
46
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Reporting
Do the institution’s management reporting systems produce accurate, informative and timely information to support the
risk management policies, procedures and limits? What are the nature, content and frequency of reports made to senior
management and the Board? Is there any assessment of the systemic impact of risk management issues on the whole
institution?
How effective is senior management in planning, directing and controlling the risk management process? What
management tools (committees, independent reviews, etc) are used to support senior management oversight of the
institution’s risk management function? What is the knowledge and awareness level of the senior management group
regarding risks inherent in the institution’s businesses and products?
How effective is the Board of Directors and Committees in overseeing the risk management function? How open is the
relationship between the Board and risk management? Does the Board actively engage in risk management discussions,
concerns and recommendations? What type of risk management information does the Board receive on a regular basis?
Does the internal audit department have an effective role for independently evaluating the risk management function
within the institution? What other roles does internal audit have in the risk management processes of the institution, i.e.
limit compliance, reliability of risk management information? Is there an internal quality control review process for risk
management? Are there standards for the risk management department’s performance and documentation of work?
What is the relationship between the institution’s risk management department and its external auditors? How do they
each rely on or use each other’s work? Does the external auditor perform additional work in areas of risk management
weakness?
47
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
OVERALL ASSESSMENT
Assessment and conclusions regarding effectiveness of risk management functions of the institution
RECOMMENDATIONS
To the Institution
Disposition or recommendations should be noted after each point by indicating the action taken (e.g. include in
Examination Report, Quarterly, verbally discussed with institution, etc)
Recommendations made here should be regarding items not addressed in the current examination and should include
recommendations for ways of enhancing the efficiency and effectiveness of our future reviews).
48
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
SUPERVISORY FILE 5
INSTITUTION:
STATEMENT PERIOD:
SECTION: EARNINGS
DESCRIPTION WP REF
REVIEW NOTES
49
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
REVIEW NOTES 5
INSTITUTION:
STATEMENT PERIOD
SECTION: EARNINGS
PREPARED/UPDATED BY: DATE:
REVIEWED BY: DATE:
REFERENCES:
This review note is used to provide historical information and analysis regarding the institution’s total earnings record.
This information and analysis combined with supervisory work related to earnings completed in other Significant
Activities or Quality of Risk Management functions sections form the basis for establishing and supporting the earnings
rating on the Risk Matrix. To avoid duplication of effort, information considered in the earnings rating that is contained
in other review notes should be cross-referenced in this review note.
References:
1. RBS Framework.
2. Financial Statements of the bank.
3. Related laws, NBE directives, and guidelines.
Summarize and assess the composition of the institution’s earnings through an analysis of the major components, (i.e.
premiums, fees, interest, and expenses, and capital gains/losses). Assess the level and trends in the institution’s
earnings history, i.e. ROA, ROE, growth rates, etc. Review earnings performance against budget set by Board and
senior management. Identify provision quantum. Ensure proper accounting controls are in place for preparation of
accounts. Independently verify accounts that are susceptible to fraud such as miscellaneous accounts, or other accounts.
Highlight any concerns raised by external auditors.
How much volatility is there in the institution’s earnings history? Does the institution have a stable level of core
earnings? How diversified are the institution’s earnings sources, i.e. market niches, geographical distribution, product
mix? Is the institution’s earnings vulnerable to easy erosion from existing or new competitors? How exposed is the
institution’s earnings to potential “shock” or “surprise” events, i.e. sudden changes in claims or loan losses? Can the
institution’s earnings levels and growth be sustained over the medium to long term? How “aggressive” or changeable is
the application of stress scenarios assumptions on the institution’s earnings?
Based on the analysis and assessment contained in the above sections, compare the institution’s earnings record to
the earnings record of a group of its peers.
50
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Provide a concluding assessment and rating regarding the quality of the earnings of the institution. The rating should
be based on the analysis and assessment contained in the other parts of this review note or in other review notes on
the institution, i.e. Strategic Directions and Future Outlook, Internal Audit, Senior Management, Board of Directors,
etc. Cross-referencing to other review notes should be provided in this review note. The Earnings rating worksheets
used under the CAMEL frameworks can be useful in establishing the Earnings rating here.
RECOMMENDATIONS
To the Institution
Disposition of recommendations should be noted after each point by indicating the action taken (e.g. included in
Examination Report, Quarterly Rating, verbally discussed with institution, etc.)
Recommendations made here should be regarding items not addressed in the current examination and should include
recommendations for enhancing the efficiency and effectiveness of our reviews in the future.
51
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
SUPERVISORY FILE 6
INSTITUTION:
STATEMENT PERIOD:
SECTION: CAPITAL
DESCRIPTION WP REF
REVIEW NOTES
52
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
REVIEW NOTES 6
INSTITUTION:
STATEMENT PERIOD
SECTION: CAPITAL
PREPARED/UPDATED BY: DATE:
REVIEWED BY: DATE:
REFERENCES:
1. RBS Framework.
2. Other Related laws, NBE directives and Guidelines/Circulars.
Have any capital instruments been issued or redeemed since the last examination?
Has there been any significant change in ownership?
To what extent does the institution rely on lower quality/quasi capital?
Is there cross holdings of capital of other banks?
REGULATORY COMPLIANCE
Capital Adequacy
Assess the institution’s preparation of the Capital Adequacy for completeness and accuracy. Do the current types of
instruments used and the amount of capital qualify for inclusion in calculating institution’s regulatory requirements? Is
the institution’s regulatory level in excess of minimum requirements? What are the compositions of total capital? Are
the appropriate risk weights being used? How is goodwill treated? Determine the components of on and off balance
sheet items. Is the computation of RWCR accurate? Consider historical trends. How does the institution ensure that it is
in compliance with regulatory requirements on a continuous basis? Are there any issues with respect to solvency and its
willingness to support a small subsidiary?
CAPITAL ADEQUACY
Capital Adequacy
Evaluate capital adequacy within the context of the overall risk profile of the institutions to determine any risk exposure
that may adversely affect the institution’s solvency and capital position. Consideration should be given to earnings
experience, the level and composition of asset, management’s tolerance/appetite for risk and the institution’s prospects
for growth, impact of off-balance sheet items or contingencies, etc. Identify how capital is allocated i.e. based on risk or
business line. Determine how capital is allocated for new products or business ventures. Is the institution adequately
capitalized on a stand-alone basis?
53
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Access to Capital
Assess the institution’s ability to raise capital or increase deposit requirements. Consider such factors as: internal
capital generation capability, the financial strength of the institution or its parent, willingness of shareholders or head
office to inject additional capital when required, etc. Has the institution demonstrated solid ability to raise capital?
Assess the extent the institution has established and implemented i) sound and prudent policies and procedures
governing the quantity and quality of capital ii) appropriate and effective procedures to monitor, on an on-going basis,
the capital required to support the current and future business needs? Are the procedures for calculating capital/deposit
adequacy requirements independently verified for accuracy and completeness? What is the policy on dividend payouts?
Planning
Evaluate the institution’s capital plan. How is it developed? Which departments or committees are responsible for
capital management? How is it linked to the institution’s strategic plan? Is it adequate to meet regulatory requirements
and the risk profile of the institution?
Assess the system used by the institution to manage the allocation of capital within the institution. How is this system
integrated into the planning, decision making and performance evaluation of business units, products and individuals
within the institution? How is stress testing of capital done? Identify the stress scenarios and frequency. Identify
options or strategies in place for undercapitalized institution.
Assess the Board of Director’s involvement in its oversight for the development and implementation capital
management policies and procedures to monitor the institution’s capital requirements and future needs. How effective
54
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
is the Board and Committees in overseeing capital management? Does the Board actively engage in capital
management discussions, concerns and recommendations? What type and quality of capital management information
does the Board receive on a regular basis? What is internal audit’s view on the management of capital by the Board?
Review the work of third parties (i.e. external auditors, consultants, where applicable) including scope of engagement,
findings and impact on the management and adequacy of capital.
Provide a concluding assessment and rating regarding the capital of the institution. The Capital rating worksheets used
under the CAMEL framework can be useful in establishing the Capital rating here.
RECOMMENDATIONS
To the Institution
Disposition of recommendations should be noted after each point by indicating the action taken (e.g. included in
Examination Report, Quarterly Rating, Verbally discussed with institution, etc.)
Recommendations made here should be regarding items not addressed in the current examination and should include
recommendations for enhancing the efficiency and effectiveness of our reviews in the future.
55
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: VI
The uniqueness of a bank is an important consideration in determining the criteria that are
relevant to the assessment of inherent risks. Examples of assessment criteria to determine the
level of inherent risks are as follows:
1. Credit Risk
Changes in underwriting standards including credit score, leverage, policies, price, tenor,
collateral, guarantor support, covenants and structure;
The borrowers’ ability to service debt based on debt service coverage, debt/income ratios and
credit history;
The volume and extent of exceptions from credit policy;
The bank’s credit strategy, including the target market, the portfolio and product mix,
acquisitions, diversification of repayment sources, new products, third-party originations and
concentration;
The maintenance of an appropriate balance between risk and rewards;
The impact of external factors including economic, industry, competitive and market
conditions, legislative and regulatory changes and technological advancement;
The levels and trends of delinquencies, non-performing loans and problem assets, losses, risk
ratings and loan loss reserves;
Trend in the growth and volume of lending, fee-based credit, including off-balance sheet
activities, and investments;
Trends in the banking performance of the borrowers and counterparties;
Trends identified in stress testing methods;
Internal auditors’ assessment.
2. Market Risk
Interest Rate Risk
The re-pricing mismatches of assets and liabilities over short and long-term horizon;
The ability of funding strategy to tolerate adverse interest rate movements;
The impact of the bank's overall business strategy on interest rate risk; and
The ability to withstand losses arising from changes in interest rates caused by external
factors including economic and industry conditions, legislative and regulatory changes,
market competition and conditions.
56
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
3. Liquidity Risk
The adequacy of current and projected cash flow projections in normal environments, as well
as in significantly deteriorated environments – New;
Liquidity Framework;
The deposit mix and tenor;
The stability of deposits including the volume, composition, growth trends and projections of
retail and wholesale sectors;
The concentration of deposits;
The capacity to access additional unsecured market funding both in the current environment
and in a distressed environment;
The presence of off-balance sheet items which could result in cash flows to or from the
balance sheet, including:
- Unused loan commitments;
- Guarantees;
- Letters of credit or other contingent liabilities.
How external sources of liquidity view the bank’s current and projected asset quality,
earnings, capital and reputation risk;
The impact of the parent company and affiliate's performances (if applicable);
The impact of the external market environment, including:
Relative cost of funds (debt spreads over comparable Treasury securities, compared with
those of competitors); and
Economic conditions, including job growth, industry concentrations, competitions etc.
4. Operational Risk
The volume, type and complexity of transactions, products and services offered throughout
the bank;
Segregation of incompatible functions;
System of checks-and-balances;
The capacity and capability of systems and staff to cope with the volume and complexity of
transactions;
The development of new markets, products, services, technologies and delivery systems in
order to maintain competitive position and gain strategic advantage;
The volume and severity of operational, administrative and accounting control exceptions;
The effectiveness of the internal audit function and the responsiveness of management to
internal audit findings;
The volume and significance of non-compliance and non-conformance with policies and
procedures, laws, regulations, prescribed practices and ethical standards; and
The amount and significance of litigation and customer complaints.
57
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The frequency, trend or impact of slow response of IT systems to the bank’s operational
effectiveness;
The tendency, trend or impact of data integrity or data quality issue to the bank’s operational
effectiveness;
Potential flaws, defects, stability issues, problems or obsolescence in the operating systems,
application systems and or databases used;
Potential security compromise, vulnerabilities, weaknesses or obsolescence in the security
systems, encryption and authentication method used;
Potential vulnerabilities, security weaknesses or obsolescence in the IT infrastructure used;
Potential flaws, obsolescence or support issues due to the outdated version number for all
critical software used;
Potential weaknesses in the mode of data processing used; and
Potential weaknesses or vulnerabilities in the type of network architecture adopted.
Strategic Risk
The existence of a clear and viable business strategy;
The quality of the strategic planning process, including the achievability and its implications
to the bank;
The track record of strategy implementation;
The level of support and technical expertise demonstrated by the Board and Senior
Management to implement strategic goals and business strategies;
The ability to evaluate risk associated with new activities and the impact to the business
strategies;
The adequacy of the resources deployed (in terms of communication channels, operating
systems, delivery networks and managerial capacities and capabilities); and
The impact of external factors including economic, industry, competitive and market
conditions, legislative and regulatory changes and technological advancement.
58
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
An overall rating of the Board of Directors considers both its characteristics and the effectiveness of its
performance in carrying out its role and responsibilities in the context of the nature, scope, complexity,
and risk profile of the institution. Characteristics and examples of performance indicators that guide
supervisory judgment in determining an appropriate rating are set out below.
Ratings Definition
Strong The composition, role and responsibilities, and practices of the Board meet or exceed
what is considered necessary, given the nature, scope, complexity, and risk profile of
the institution. The Board has consistently demonstrated highly effective performance.
Board characteristics and performance are superior to generally accepted corporate and
IT governance practices.
Acceptable The composition, role and responsibilities, and practices of the Board meet what is
considered necessary, given the nature, scope, complexity, and risk profile of the
institution. Board performance has been effective. Board characteristics and
performance meet generally accepted corporate and IT governance practices.
Weak The composition, role and responsibilities, and practices of the Board are not, in a
material way, what is considered necessary, given the nature, scope, complexity, and
risk profile of the institution. Board performance has demonstrated serious instances
where effectiveness needs to be improved through immediate action. Board
characteristics and/or performance often do not meet generally accepted corporate and
IT governance practices.
59
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
BOARD OF DIRECTORS
ASSESSMENT CRITERIA
BOARD CHARACTERISTICS
The following criteria describe the characteristics to be used in assessing the quality of Board stewardship and
oversight of management and operations of the institution, with due consideration to its safety and soundness.
The application and weighting of the individual criteria will depend on the nature, scope, complexity, and risk
profile of the institution and will be assessed collectively, together with Board performance, in rating its
overall effectiveness.
Essential Elements Criteria
1. Composition Compliance with the provisions of enabling legislation.
Adequacy of policies and practices to regularly determine Board size, range of
directors’ qualifications, knowledge, skills, and experience, and level of
commitment required to fulfill Board responsibilities.
Appropriateness of Board size, range of directors’ qualifications, knowledge,
skills and experience, and level of commitment available to fulfill Board
responsibilities.
Adequacy of policies and practices to recommend the selection, approval,
renewal, and succession of directors.
Adequacy of policies and practices to ensure that there is sufficient unaffiliated
representation on the Board.
Appropriateness of the unaffiliated representation on the Board.
2. Roles and Adequacy of policies and practices to develop, approve, and periodically review
Responsibilities the role and responsibilities of the Board (including those of the Chair/Lead
Director) and to ensure that directors comply with sound corporate governance
practices.
Extent to which the Board’s responsibilities include:
i) Appointing the CEO, establishing his/her mandate, monitoring his/her performance
and approving his/her compensation;
ii) Approving the institution’s organizational structure;
iii) Approving the appointment of qualified individuals to senior management
positions, monitoring their performance and approving their compensation;
iv) Reviewing and approving, at least annually, human resources and compensation
policies and practices, including those pertaining to succession planning;
v) Approving business and IT objectives, strategies and plans, at least annually, and
regularly monitoring their execution and performance;
vi) Approving financial statements and related disclosures;
vii) Reviewing and approving, at least annually, significant risk management policies
and practices, and obtaining assurances that they are being adhered to;
viii) Reviewing and approving, at least annually, liquidity, funding and capital
management and IT policies and plans and obtaining assurances that approved
policies and plans are being adhered to;
ix) Approving the institution’s communication and disclosure policies;
x) Obtaining assurances on a regular basis that the institution’s risk management,
control environment and management information systems are appropriate and
operating effectively;
xi) Requiring implementation of a system to ensure compliance with applicable laws,
regulations and guidelines;
xii) Approving policies and practices for dealing with conflicts of interest; and
xiii) Establishing standards of ethical business conduct for the institution and
obtaining assurances that they are being adhered to.
xiv) Obtaining assurances that the institution’s IT strategic plan consistently supports
its strategic business plan;
60
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
xv) Reviewing and approving budget proposal for capital and non-capital IT
expenditures;
xvi) Requiring the implementation of a system to ensure the corrective measures
indicated by independent reviewer(s) are being adhered to;
xvii) Obtaining assurances on a regular basis, that the institution’s key performance
indicators and service level agreements mechanism are appropriately implemented.
Appropriateness of policies and practices to periodically communicate Board
responsibilities to stakeholders.
3. Committees Adequacy of policies and practices to regularly review the structure and
composition of Board committees to ensure that they provide sufficient oversight.
Adequacy of policies and practices to establish and regularly review board
committee mandates.
Adequacy of policies and practices to ensure that there is sufficient unaffiliated
representation on Board committees.
Nature and extent to which Board committee mandates promote independent and
comprehensive oversight, with timely and regular reporting to the Board.
4. Practices Adequacy of policies and practices to orient new directors, and periodically
update existing directors, on their responsibilities and on the institution’s
businesses and related risks.
Adequacy of policies and practices to promote independent, effective, and timely
decision making, including practices related to the role of unaffiliated directors.
Adequacy of policies and practices to establish and monitor work plans for
fulfilling Board goals and responsibilities.
Adequacy of policies and practices to set Board agendas and priorities, arrange
and conduct meetings, and record its deliberations and decisions. Extent to which
these practices promote transparency in
Board accountabilities.
Adequacy of policies and practices to ensure that the directors are provided with
timely, relevant, accurate and complete information (including access to
independent advice) to enable them:
i) To determine that responsibilities delegated to Board committees and Senior
Management are being discharged effectively, and
ii)To enable directors to make informed and sound decisions.
Extent to which the directors’ compensation program promotes prudent decision
making with due regard to the objectives of the institution.
With respect to the oversight functions on which it relies (e.g., Internal Audit),
the extent to which the Board:
i) Approves the appointment of the function heads; and
ii)Ensures that they have adequate authority, independence and resources to carry
out their mandates;
iii) Provides appointees with unrestricted access to the Board and/or its
committees; and
Requires periodic independent reviews of the functions.
5. Self-Assessment Adequacy of policies and practices to regularly assess the effectiveness of the
Board, its committees, and individual directors (including the Chair) in carrying
out their responsibilities.
Appropriateness of policies and practices to communicate Board achievements
against its responsibilities to stakeholders.
BOARD PERFORMANCE
The quality of the Board’s performance is demonstrated by its effectiveness in providing stewardship and
oversight of management and operations of the institution to ensure the institution is in control, its risks
are appropriately mitigated and business objectives, strategies, and policies and practices are appropriate
and executed effectively.
The assessment will consider how actively the Board embraces its responsibilities, bringing its collective
skills and experience to bear in providing objective and thoughtful insight and guidance to the institution.
61
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
BNM will look to indicators of effective Board performance to guide its judgment in the course of its
supervisory activities. These activities may include: conversations with directors and management to
determine the nature and extent of discussion, evaluation, and questioning of management at Board
meetings, the nature of discussions at meetings of unaffiliated directors and matters raised from those
discussions, and the extent of interaction of senior management with the Board and/or its committees;
review of how particular issues are dealt with by the Board; assessment of Board practices; review of
minutes, etc.
Examples of indicators that could be used to guide supervisory judgment include the extent to which the
Board:
i) Performs a regular, in-depth review and evaluation of the institution’s business and IT objectives and
strategies, as well as events and transactions that could pose significant risks to the institution, with a view to
balancing both business and IT objectives with appropriate controls and governance;
ii) Is actively involved in the selection and performance evaluation of the CEO, and other Senior Management
as appropriate;
iii) Objectively assesses, on a regular basis, the appropriateness of the overall risk tolerance, major business
and IT activities and risks of the institution;
iv) Establishes thresholds for the type and significance of issues to be brought to its attention (including
adverse results, deficiencies in or breaches of limits, controls or policies, and changes in the external
environment that might require a review of the operating strategy or control environment). Responds quickly
to, and proactively follows up on, issues identified by management, internal or external audit, risk
management, appointed actuaries, BNM or other regulators, in order to satisfy itself that appropriate action
has been taken or resolution achieved;
v) Defines and periodically assesses for continued relevance, the type, comprehensiveness and frequency of
information and reporting it needs to monitor and act on a timely basis, and ensures needed changes are made
as required;
vi) Actively engages in the review of materials presented by management for information purposes or for
Board approval, appropriately weighing salient issues and alternatives, engaging in discussions, challenging
management’s underlying assumptions, and requesting additional information and/or explanation;
vii) Ensures its meetings provide an appropriately balanced focus on key issues and ongoing governance
requirements;
viii) h) Ensures there is sufficient opportunity for unaffiliated directors to meet ‘in camera’, and seriously
considers the output of such meetings;
ix) Proactively engages in reviewing the mandates, resources and scope of work of the key oversight
functions upon which it relies for risk management, control and compliance assurances, and ensuring that
Senior Management appropriately supports these functions; and
x) Performs a comprehensive self-assessment against its responsibilities and promptly addresses matters
identified.
62
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
63
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
SENIOR MANAGEMENT
ASSESSMENT CRITERIA
SENIOR MANAGEMENT CHARACTERISTICS
The following criteria describe the characteristics to be used in assessing the quality of Senior Management
oversight of the institution’s activities and related risks, with due consideration to the institution’s safety and
soundness. The application and weighting of the individual criteria will depend on the nature, scope, complexity,
and risk profile of the institution and will be assessed collectively, together with Senior Management performance,
in rating its overall effectiveness.
Essential Elements Criteria
1. Mandate Extent to which the Board has delegated to the CEO responsibility for developing
and implementing policies and practices for the effective management of the
institution’s operations. This may include, but is not limited to:
i) Strategic management;
ii) Risk management;
iii) Liquidity and funding management;
iv) Capital management;
v) Internal control environment;
vi) Information technology; and
vii) Ethical business conduct.
Adequacy of policies and practices to delegate responsibilities from the CEO to
other members of Senior Management and to regularly review the
appropriateness of the delegation.
Appropriateness of the mandates for Senior Management positions and the extent
to which they clearly define lines of authority, responsibility and accountability.
Extent to which these mandates are communicated across the institution.
With respect to the oversight functions on which it relies (e.g., Internal Audit),
the extent to which Senior Management (a) approves the appointment of the
function heads; (b) ensures that they have adequate authority, independence and
resources to carry out their mandates; (c) provides appointees with unrestricted
access to Senior Management and/or its committees; and (d) requires periodic
independent reviews of the functions.
2. Organization Structure Adequacy of policies and practices to regularly review Senior Management
organization structure.
Appropriateness of Senior Management organization structure.
3. Committees Extent to which Senior Management committees are used to oversee the
management of significant activities and related risks.
Extent to which Senior Management committee mandates are clearly defined and
communicated across the institution.
4. Expertise Adequacy of policies and practices to regularly review the range of
qualifications, knowledge, skills and experience required to fulfill Senior
Management responsibilities.
Appropriateness of the range of qualifications, knowledge, skills and experience
available to fulfill Senior Management responsibilities.
Adequacy of policies and practices for the selection, appointment and succession
of Senior Management.
Extent to which management development programs are available to Senior
Management.
5. Practices Adequacy of policies and practices to establish business and IT objectives,
strategies and plans, and to monitor the institution’s performance against them.
64
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
65
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
ii) Actively monitors adherence to approved policies, organizational and procedural controls, and compliance
requirements; ensures that appropriate and timely action is taken to remedy any deficiencies that may arise,
including issues brought to it by other control functions and regulators; and ensures that management
information systems provide timely and relevant information to support its oversight responsibilities;
iii) Is successful in attracting, developing and retaining high- calibre staff and in maintaining good morale and
ensures that direct reports clearly understand their responsibilities and holds them accountable for discharging
them;
iv) Sets an appropriate “tone from the top”, performing its duties in an ethical manner and expecting the same
from individuals across the institution; and
v) Keeps the Board and its committees fully apprised, on a timely basis, of market conditions, strategic
opportunities and concerns, operating performance and issues that could significantly affect the well-being of
the institution. This includes the quality of information provided to the Board.
66
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
67
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
RISK MANAGEMENT
ASSESSMENT CRITERIA
RISK MANAGEMENT CHARACTERISTICS
The following criteria describe the characteristics to be used in assessing the quality of the Risk Management
function’s oversight of the management of the institution’s activities and related risks, with due consideration to
the institution’s safety and soundness. The application and weighting of the individual criteria will depend on the
nature, scope, complexity, and risk profile of the institution and will be assessed collectively, together with Risk
Management performance, in rating its overall effectiveness.
Essential Elements Criteria
1. Mandate Extent to which the function’s mandate establishes:
i) Clear objectives and enterprise-wide authority for its activities;
ii) Authority to carry out its responsibilities independently;
iii) Right of access to the institution’s records, information and personnel;
iv) A requirement to report regularly on the effectiveness of the institution’s risk
management processes and on its aggregate exposures compared to approved
limits; and
v) Authority to follow-up on action taken by management in response to
identified issues and related recommendations.
Extent to which the function’s mandate is communicated within the institution
2. Organization Structure Appropriateness of the stature and authority of the function head within the
organization for the function to be effective in fulfilling its mandate.
Extent to which the function head has direct access to the CEO and the Board (or
a Board committee).
Appropriateness of the function’s organizational structure.
Extent to which the function is independent of day-to-day management of risks.
3. Resources Adequacy of the function’s processes to determine the required:
i) Level of resources necessary to carry out responsibilities;
ii) Qualifications and competencies of staff; and
iii) Continuing professional development programs to enhance staff
competencies.
Adequacy of the function’s resources and appropriateness of its collective
qualifications and competencies for carrying out its mandate.
Sufficiency of staff development programs.
The effectiveness of people, processes, methodologies and technology designated
to execute selected risk management strategy.
4. Methodology and Adequacy of process to regularly review and update risk management policies,
Practices processes and limits to take into account changes in the industry and in the risk
appetite of the institution.
Appropriateness of risk management policies, practices, and limits given the
institution’s activities and related risks.
Extent to which risk management policies and practices are co-ordinated with
strategic, capital and liquidity management, and IT policies and practices.
Extent to which risk management policies, practices and limits are documented,
communicated and integrated with the institution’s day-today business activities.
Adequacy of policies and practices to monitor positions against approved limits
and for timely follow-up on material variances.
Adequacy of policies and practices to monitor trends and identify emerging risks,
and to respond effectively to unexpected significant events.
Adequacy of policies and practices to model and measure the institution’s risks.
Adequacy of management information system (MIS) to support risk management
functions.
5. Reporting Adequacy of policies and practices to report identified issues along with
recommendations to management of business units.
Adequacy of policies and practices to monitor and follow up on the resolution of
the identified issues.
68
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
69
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
70
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
INTERNAL AUDIT
ASSESSMENT CRITERIA
INTERNAL AUDIT CHARACTERISTICS
The following criteria describe the characteristics to be used in assessing the quality of the Internal Audit
function’s oversight of the effectiveness of, and adherence to, the institution’s organizational and procedural
controls. The application and weighting of the individual criteria will depend on the nature, scope, complexity, and
risk profile of the institution and will be assessed collectively, together with Internal Audit performance, in rating
its overall effectiveness.
Essential Elements Criteria
1. Mandate Extent to which the function’s mandate establishes:
i) Clear objectives and enterprise-wide authority for its activities;
ii) Authority to carry out its responsibilities independently;
iii) Right of access to the institution’s records, information and personnel;
iv) A requirement to express an opinion on the effectiveness of, and adherence
to, the institution’s organizational and procedural controls and applicable laws
and regulations; and
v) Authority to follow-up with management on action taken in response to audit
findings and recommendations.
Extent to which the mandate is communicated within the institution.
2. Organization Structure Appropriateness of the stature and authority of the function head within the
organization for the function to be effective in fulfilling its mandate.
Extent to which the function head has direct access to the CEO and the Board (or
Audit Committee).
Appropriateness of the function’s organization structure.
Extent to which the function is independent of activities it audits and day-to-day
internal control processes.
3. Resources Adequacy of the function’s processes to determine the required:
i) Level of resources necessary to carry out responsibilities;
ii) Qualifications and competencies of staff; and
iii) Continuing professional development programs to enhance staff
competencies.
Adequacy of the function’s resources and appropriateness of its collective
qualifications and competencies for executing its mandate.
Sufficiency of staff development programs and trainings.
4. Methodology and Adequacy of policies and practices to ensure that audit methodologies conform to
Practices generally accepted industry practices and current professional standards
applicable laws and regulations.
Adequacy of audit methodologies and practices to ensure the reliability and
integrity of the institution’s IT systems.
Adequacy of policies and practices to provide early detection of fraud, errors,
omissions and other irregularities.
Appropriateness of audit methodologies and practices to execute the function’s
mandate.
Extent to which the function’s audit methodology is risk-based and responds to
changes in the institution’s risk profile.
5. Planning Adequacy of policies and practices to review audit cycles in response to changes
in the institution’s environment and risk profile.
Extent to which the annual audit planning process clearly identifies audit
objectives and scope of work.
6. Reporting Adequacy of policies and practices to report audit findings and recommendations
to management and in accordance to the reporting requirement of BNM.
Adequacy of policies and practices to follow-up on the resolution of audit
71
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
72
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
73
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
COMPLIANCE
ASSESSMENT CRITERIA
COMPLIANCE CHARACTERISTICS
The following criteria describe the characteristics to be used in assessing the quality of the Compliance
function’s oversight of the management of the institution’s compliance with applicable laws, regulations and
guidelines. The application and weighting of the individual criteria will depend on the nature, scope,
complexity and risk profile of the institution and will be assessed collectively, together with the Compliance
function’s performance, in rating its overall effectiveness.
Essential Elements Criteria
1. Mandate Extent to which the function’s mandate establishes:
i) Clear objectives and enterprise-wide authority for its activities;
ii) Authority to carry out its responsibilities independently;
iii) Right of access to the institution’s records, information and personnel;
iv) A requirement to express an opinion on the adequacy and effectiveness of the
compliance processes and status of compliance; and
v) Authority to follow-up with management on issues identified and
recommendations made related to compliance.
Extent to which the mandate is communicated within the institution.
2. Appropriateness of the stature and authority of the function head within the
Organization
Structure organization for the function to be effective in fulfilling its mandate.
Extent to which the function head has direct access to the CEO and the Board (or a
Board Committee).
Appropriateness of the function’s organizational structure.
Extent to which the function is independent of the institution’s business activities and
day-to-day compliance processes.
3. Resources Adequacy of the function’s processes to determine the required:
i) Level of resources necessary to carry out responsibilities;
ii) Qualifications and competencies of staff; and
iii) Continuing professional development programs to enhance staff competencies.
Adequacy of the function’s resources and appropriateness of its collective
qualifications and competencies for executing its mandate.
Sufficiency of staff development programs and trainings.
4. Methodology and Adequacy of policies and practices to ensure that the function’s approach and
Practices practices are in line with industry and regulatory compliance practices and are
appropriate for executing its mandate.
Adequacy of policies and practices to keep abreast of new and changing legislation
and changes in the institution’s risk profile.
Adequacy of policies and practices to promptly develop or amend the institution’s
compliance policies as legislation is introduced or amended or as new or changing
business activities impose different legislative requirements on the institution.
Adequacy of policies and practices to document new or amended compliance policies
and communicate them across the institution on a timely basis.
Adequacy of policies and practices to assist management in identifying, addressing
and integrating significant legislative or regulatory requirements into their business
and IT activities through appropriate procedural controls.
Adequacy of policies and practices to monitor adherence to applicable laws,
regulations, circulars and guidelines across the institution in order to ensure that
significant issues are identified and brought to Senior Management’s attention for
timely resolution, as well as to support Senior Management’s opinion on the status of
compliance.
Adequacy of policies to review compliance practices regularly for continued
effectiveness.
5. Extent to which Board (or a Board committee) and Senior Management approval is
Senior
Management required for:
74
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
and Board Oversight i) The appointment and/or removal of the function head; and
ii) The function’s mandate and resources.
Adequacy of policies and practices to report periodically to the Board (or a Board
committee) and Senior Management on compliance issues, recommendations and
status of compliance.
Adequacy of policies and practices to perform periodic, independent reviews of the
function, and to communicate results to the Board (or a Board committee) and Senior
Management.
COMPLIANCE PERFORMANCE
The quality of the Compliance function’s performance is demonstrated by its effectiveness in overseeing
management of the institution’s compliance with applicable laws, regulations, circulars and guidelines.
The assessment will consider the effectiveness with which the Compliance function actively promotes
compliance with applicable laws, regulations and guidelines throughout the institution, ensuring that breaches
are identified and resolved on a timely basis. BNM will look to indicators of effective performance to guide
its judgment in the course of its supervisory activities. These activities may include: discussions with directors
and management, including the Chief Compliance Officer; review of practices to detect and dispose of
breaches of compliance; review of reports of independent assessments of the function; the institution’s
regulatory correspondence file; etc.
Examples of indicators that could be used to guide supervisory judgment include the extent to which
Compliance:
i) Develops, documents and actively communicates new and amended compliance policies or requirements to
all impacted areas of the institution;
ii) Proactively assists management in identifying, addressing and integrating significant legislative or
regulatory compliance requirements into its business and IT activities;
iii) Actively monitors adherence to applicable laws, regulations, circulars and guidelines across the
institution;
iv) Escalates significant breaches of compliance requirements to Senior Management and the Board;
v) Proactively follows up to ensure that significant issues are addressed on a timely basis; and
vi) Periodically reviews compliance practices for continuing effectiveness.
75
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
76
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
77
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
and Communication:
i) Produces reports, independently of the business areas being reported on, for Senior Management and the Board
that are accurate, timely and understandable, and that include an appropriate analysis of key performance
indicators, and highlights matters requiring Senior Management and Board attention;
ii) Proactively provides insightful recommendations on strategic and/or business opportunities;
iii) Responds quickly to requests for ad hoc reports;
iv) Actively engages the CEO and Board Chair or lead director in discussion to confirm that its reports and
presentations continue to meet the needs of Senior Management and the Board; and
v) Proactively reconsiders, on a regular basis, the adequacy of management information systems to provide
effective and timely decision-making.
78
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: VIII
Net Risk for each Significant Activity is a function of the level of Inherent Risks in the activity offset
by the Quality of Risk Management for the activity as a whole.
Risk Management includes Operational Management as well as applicable oversight functions of the
institution. These oversight functions would include Board of Directors, Senior Management, Risk
Management, Internal Audit, Compliance and Information & Communication as appropriate to the
institution.
Ratings Definition
Low The institution has risk management that substantially mitigates risks inherent in its
significant activities down to levels that collectively have lower-than-average
probability of a material adverse impact on its capital and earnings in the foreseeable
future.
Normally, institutions in this category will have a significant number of their activities
rated as moderate net risk, or a few of their significant activities rated as high net risk
with others rated as low net risk. Other combinations may be possible depending on the
circumstances of the institution.
High The institution has weaknesses in its risk management that may pose a serious threat to
its financial viability or solvency and give rise to high net risk in a number of its
significant activities. As a result, net risks in its significant activities collectively have a
high probability of a material adverse impact on its capital and earnings in the
foreseeable future.
Normally, institutions in this category will have the majority of their significant
activities rated as high net risk, or will have rated as high net risk one or more
significant activities that have a pervasive impact on its operations. Other combinations
may be possible depending on the circumstances of the institution. The weaknesses in
risk management lead to considerable doubt about the institution’s capability and/or
willingness to apply prompt and effective corrective measures to sufficiently mitigate
high net risks in its significant activities.
79
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: IX
EARNINGS
ASSESSMENT CRITERIA
(The Assessment Criteria should be read in conjunction with Appendix XXX)
ROLE OF EARNINGS
Earnings absorb normal and expected losses in a given period and provide a source of financial support by
contributing to the institution’s internal generation of capital and its ability to access capital externally.
EARNINGS PERFORMANCE
The following statements describe the rating categories used in assessing an institution’s earnings and its
ability to continue to generate earnings required to ensure its long-term viability. The adequacy of an
institution’s earnings will be evaluated in the context of the nature, scope, complexity, and risk profile of
the institution. This evaluation considers quality, quantity and volatility of earnings.
Ratings Definition
Strong The institution has consistent earnings performance, producing returns that significantly
contribute to its long term viability, and there is no undue reliance on non-recurring
sources of income to enhance earnings. The earnings outlook for the next 12 months
continues to be positive.
Acceptable The institution has satisfactory earnings performance, producing returns needed to
ensure its long term viability, and there is no undue reliance on non-recurring sources of
income to enhance earnings. Although there is some exposure to earnings volatility, the
outlook for the next 12 months remains positive.
Weak The institution has consistently recorded operating losses or earnings that are
insufficient to ensure its long term viability. It may be heavily dependent on
nonrecurring sources of income to show a profit. The earnings outlook for the next 12
months is expected to remain negative.
EARNINGS
ASSESSMENT CRITERIA
EARNINGS CRITERIA
The following statements describe the criteria for assessing an institution’s earnings performance. The application and
weighting of the individual criteria will depend on the nature, scope, complexity, and risk profile of the institution,
and will be assessed collectively in evaluating its ability to generate earnings required for long-term viability.
Essential elements Criteria
1. Historical trends, Level and Adequacy of earnings relative to the risk profile of the institution.
Composition Earnings contributions from volatile and non-volatile sources of income.
Trend and volatility of earnings.
Level of, and reasons for, earnings variances to plan.
Extent to which sources of income are diversified.
Extent to which the institution relies on interpretations of accounting and/or
actuarial principles to enhance earnings.
Extent to which earnings are from non-recurring sources of income.
2. Peer Group Comparison Profitability and earnings trends compared to its peers.
3. Future Outlook Vulnerability of earnings to competition.
Extent to which the institution’s earnings may be affected by an economic
downturn or market event.
Extent to which the institution’s earnings ensure its long-term viability.
80
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX X
CAPITAL
ASSESSMENT CRITERIA
(The Assessment Criteria should be read in conjunction with Appendix XXX)
ROLE OF CAPITAL
Capital is a source of financial support to protect an institution against unexpected losses, and is,
therefore, a key contributor to its safety and soundness. Capital management is the on-going process of
raising and maintaining capital at levels sufficient to support planned operations. For complex institutions,
it also involves allocation of capital to recognize the level of risk in its various activities. The assessment
is made in the context of the nature, scope, complexity, and risk profile of an institution.
ADEQUACY OF CAPITAL
The following statements describe the rating categories used in assessing capital adequacy and capital
management policies and practices of an institution. Capital adequacy includes both the level and quality
of capital. The assessment is made in the context of the nature, scope, complexity, and risk profile of an
institution.
Ratings Definition
Strong Capital adequacy is strong for the nature, scope, complexity, and risk profile of the
institution, and meets the NBE’s target levels. The trend in capital adequacy over the
next 12 months is expected to remain positive. Capital management policies and
practices are superior to generally accepted industry practices.
Acceptable Capital adequacy is appropriate for the nature, scope, complexity, and risk profile of
the institution and meets the NBE’s target levels. The trend in capital adequacy over
the next 12 months is expected to remain positive. Capital management policies and
practices meet generally accepted industry practices.
Weak Capital adequacy is inappropriate for the nature, scope, complexity, and risk profile of
the institution and does not meet, or marginally meets, minimum regulatory
requirements. The trend in capital adequacy over the next 12 months is expected to
remain negative. Capital management policies and practices do not meet generally
accepted industry practices.
CAPITAL
ASSESSMENT CRITERIA
CAPITAL CRITERIA
The following statements describe the criteria for assessing an institution’s capital adequacy and capital
management policies and practices. The application and weighting of the individual criteria will depend
on the nature, scope, complexity, and risk profile of an institution.
Essential Elements Criteria
1. Capital Adequacy Adequacy of the level of capital in relation to regulatory minimum and
target requirements, the institution’s risk profile, and internal targets.
Appropriateness of the types and mix of capital instruments, and the level
of high quality capital.
Extent of regulatory arbitrage in managing capital adequacy.
Adequacy of the level of capital to support planned business activities.
Willingness and ability of the shareholder(s) or head office to assist the
institution in maintaining regulatory capital or vesting requirements and/or
ability of the institution to raise capital externally.
2. Capital Management Extent to which capital management policies and practices are enterprise-
Policies and Practices wide and supported by sufficient authority and resources.
Appropriateness of the process for developing capital management
policies and practices.
Appropriateness of capital management policies and practices.
81
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
82
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XI
COMPOSITE RISK RATING
ASSESSMENT CRITERIA
Definition of Composite Risk
The Composite Risk Rating is an assessment of the institution’s overall risk profile, after considering
the impact of capital and earnings on its Overall Net Risk. It reflects the NBE’s assessment of the
safety and soundness of the institution.
An institution’s Composite Risk Rating is assessed as low, moderate, above average, or high, with the
direction of change assessed as decreasing, stable or increasing for a specified time frame, depending
on the institution’s circumstances, and the business and economic environment.
QUALITY OF INFORMATION AND COMMUNCIATION
Ratings Definition
Low A strong, well-managed institution. The combination of its overall net risk and its
capital and earnings makes the institution resilient to most adverse business and
economic conditions without materially affecting its risk profile. Its performance has
been consistently good, with most key indicators in excess of industry norms, allowing
it ready access to additional capital. Any supervisory concerns have a minor effect on
its risk profile and can be addressed in a routine manner.
Normally, an institution in this category would have a low overall net risk coupled with
acceptable capital and earnings, or a moderate overall net risk coupled with strong
capital and earnings. Other combinations may be possible depending on the
circumstances of the institution.
Moderate A sound, generally well-managed institution. The combination of its overall net risk and
its capital and earnings makes the institution resilient to normal adverse business and
economic conditions without materially affecting its risk profile. The institution’s
performance is satisfactory, with key indicators generally comparable to industry
norms, allowing it reasonable access to additional capital. Supervisory concerns are
within the institution’s ability to address.
Normally, an institution in this category would have moderate overall net risk coupled
with acceptable capital and earnings, or low overall net risk coupled with capital and
earnings that need improvement. Other combinations may be possible depending on the
circumstances of the institution.
High Poorly managed institution. The institution has serious safety and soundness concerns.
One or more of the following conditions are present. The combination of its overall net
risk and its capital and earnings is such that the institution is vulnerable to most adverse
business and economic conditions, posing a serious threat to its financial viability or
solvency unless effective corrective action is implemented promptly. Its performance is
poor, with most key indicators below industry norms, seriously impairing its ability to
access additional capital.
Normally, an institution in this category would have high overall net risk, which is not
sufficiently mitigated by capital and earnings, or above average overall net risk coupled
with capital and earnings that need improvement. Other combinations may be possible
depending on the circumstances of the institution.
83
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XII
XYZ BANK S.C. RISK MATRIX As At (Date)
Quality of Risk Management
Inherent Risk OM RMCF
Operational Management
Internal Audit
Compliance
Operational
Aggregate
Aggregate
Liquidity
Net Risk
Market
Credit
TRACK 1
Activity 1
Activity 2, etc
Overall Net Risk
TRACK 2
Vertical RMCF
TRACK 3
Vertical Risk
Overall Vertical Risk Mgt
Net Vertical Risk
Direction of NVR
84
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XIII
RISK ASSESSMENT SUMMARY FORMAT
Bank : _______________________________________________
Cut-off Date : _______________________________________________
i) Assessment of capital
ii) Assessment of earnings
6. Sign-off
The various parties have to sign-off (and date) the risk assessment summary.
i) Person who prepared the risk assessment summary (the desk officer)
ii) Person who concurred with the risk assessment summary (the team leader)
iii) Person who approved the risk assessment summary (deputy director of BS)
Appendices
i) Risk Matrix;
ii) A listing of significant events that occurred during the past 3 months;
iii) CAMEL rating, including previous two ratings, and financial highlights on
capital position, asset quality, earnings performance and liquidity (stress test
result incorporated);
iv) Status of rectification measures by the bank;
v) Supervisory plan; and
vi) Intervention activities and status reports.
85
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XIV
b) Asset Quality
Asset quality of the bank is satisfactory. However, high growth in loans was observed, the bank
has low NPLs to total capital ratio of 2 percent, which was below peer average. Credit
concentration was noted to be high as large exposures accounted for 333% of total capital and 17
big borrowers made up 46% of the loan portfolio. Off balance sheet activities were moderate.
c) Earnings
Earnings were rated satisfactory. For the year ended June 30, 2009, the bank made a profit before
tax of Birr 18,004.00 million as compared to Birr 10,951.00 million made in the year 2004, an
increase of 64.40%. The bank recorded a return on assets of 3.40% and return on equity of
37.80%, which were both above the peer average. For the period up to 30th June, 2006, the bank
made a profit before tax of Birr 18,121.85 million. Return on average assets was 0.50%, and net
interest income to average earnings assets was 4.86%. Ratio of non-interest expenses to gross
income was 43% as compared to 56.45% recorded in the previous examination. Major sources of
income were interest income from loans and advances which contributed 40% of total income,
interest income from investment in debt securities (24%) commissions, fees and charged (18%)
and foreign exchange trading (11.40%).
d) Liquidity
Liquidity of the bank was rated strong. The liquid asset ratio was 55.2% which was above the
regulatory requirement of 25% and peer average. The ratio of loans to deposit was 53.95% which
was lower than industry average of 60%. The bank’s major sources of funding include Current
account deposits (57.11%); Savings deposits (20.03%); Time deposits (14.22%); Bankers Checks
and Drafts Issued (1.62%); Other Liabilities (4.63%); indicating stable sources of funding. The
bank also enjoys good market perception and access to inter-bank funding. Top ten depositors
accounted for 24% of total deposits, depicting moderate funding concentration.
86
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XV
GUIDE TO INTERVENTION FOR BANKS
CRR Intervention Stage
Low Stage 0 - Low Priority. Banks are well managed
and in good financial condition
87
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
statement or that external auditor perform other procedures, and prepare a report thereon. The NBE
may assign cost of external auditor’s work to bank
Unless circumstances require otherwise, the use of informal enforcement tools (e.g. supervisory
letter, letter of undertaking and board resolution) is appropriate
88
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Depending on situation, NBE examination staff may be posted at bank to monitor situation on an
ongoing basis.
A special audit may be required from an auditor other than the bank’s own external auditor if the
NBE is of the opinion that it is required. The NBE may assign cost of external auditor’s work to
bank*
Depending on circumstances, business restrictions may be enhanced or additional ones imposed on
bank
Pressure may be exerted on bank’s management and board to restructure the bank, or to seek out an
appropriate merger partner or prospective purchaser.
The NBE develops contingency plan for taking rapid control of the assets of the bank if changes in
circumstances so warrant. This may include the appointment of external experts* to value the
business, assets and/or liabilities of the bank, the cost of which may be assigned to the bank.
The NBE updates its assessment of the competency of the bank’s directors and senior officers and,
if appropriate, removes such directors or officers from office, by way of an order pursuant to Article
31 of Banking Business Proclamation No. 592/2008.
The use of Directions of Compliance is appropriate. Depending on the circumstances, the use of an
order pursuant to Article 31 of Banking Business Proclamation No. 592/2008 may be warranted.
* To develop policies and procedures for appointing third party contractors for intervention actions.
89
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XVI
Bank : _______________________________________________________________
A. Supervisory Concerns
Off-site Monitoring
Example:
The bank is subject to continuous off-site surveillance through monthly reporting on key financial
indicators, quarterly CAMEL assessment and evaluation of stress test results. In addition,
interactions with the following parties to gather information and gain a better understanding of
the bank have been scheduled.
90
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
On-site Examination
Provide information on proposed on-site examination activities, taking into consideration the
objectives, scope, date of last onsite examination and specific supervisory concerns.
Example:
To enable the supervisory concerns to be adequately addressed, full and limited scope on-site
examinations should be performed throughout the year on the Head Office, main branch, and
subsidiary X. Each examination should encompass a review of significant financial and
managerial issues, processes and reporting system. The proposed on-site examination program for
the bank is as follows:
C. Sign-Off
The various parties have to sign-off (and date) the supervisory plan.
91
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XVII
A. Supervisory Concerns
Offsite Monitoring
Comments:
92
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX : XVIII
President,
XYZ Bank S.C.
P.O. Box 186
Addis Ababa.
Dear Sir,
RE: REQUEST FOR INFORMATION
As authorized under Article 5(7) of the NBE Establishment Proclamation No. 591/08, and Article
29(1) of the Banking Business Proclamation No. 592/08, the Banking Supervision is planning to
conduct a full scope examination of your bank. The examination cut-off date will be June 30th,
2009 and is scheduled to begin on August 14th, 2009.
To increase the effectiveness of the examination, and to minimize the disruption to your bank, we
will conduct a preliminary review of the bank beginning on July 10, 2009, which will be
conducted both offsite at the NBE and on-site at your head office. The purpose of the review is to
gain an understanding of your operations so that the subsequent examination may be more
appropriately targeted to those areas of higher concern and/or risk. As part of the preliminary
review, examiners will have a meeting with senior management of the bank at your office on July
13, 2009.
Attached to this letter is a list of information that will be required for the preliminary review. List
A contains information to be submitted to the NBE not later that July 12, 2009, List B contains
information to be available onsite at your office from August 14, 2009 while List C contains
some of the issues to be discussed during the pre-examination meeting with the senior
management of your bank.
In case of any question, please contact the Team Leader, Ato Taye Sime at phone number 011
551 7430.
93
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Yours faithfully,
Getu Belay
Deputy Director
Banking Supervision
List A: Information to be submitted to NBE by July 12, 2009. (All information as at June 30 th 2009)
(i) Trial Balance/General Ledger;
(iii) An organization chart listing reporting lines for all major functions and individuals. In
addition, please provide a listing of all branch offices and business locations. Highlight any
branches or locations that have opened/closed since the previous on-site examination;
(iv) Provide a listing of investments in corporate entities, including the name of the entity, the
nature of the entity’s business, the date of investment, the number of shares held and the
level (percentage) of ownership;
(vi) Internal audit plan for the current year and a summary of compliance with the audit plan;
(vii) A list of loans and advances to insiders and employees and their related interests. Please
provide details regarding the name and position of the insider, the purpose of the advance,
the amount of the advance (total committed and current balance), the term of the advance,
the rate charged and a description and value of the collateral;
(xi) List of assets written off indicating amount sanctioned, expiry date, amount written off, and
date written off;
(xii) List of foreclosed assets indicating the name of the debt satisfied, value of debt satisfied,
types and values of foreclosed assets;
(xiii) A list of investment securities held; list the type of security, amount, and date purchased;
(xiv) List of litigations where the bank is the defendant detailing the plaintiff’s name, amount of
claim, and brief synopsis of the claim; and
(xv) Provide information on Directors and members of Senior Management as per the format
below (list Directors first, then members of Senior Management):
94
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(ii) The board audit committee minutes for each meeting since the prior on-site examination;
(iii) The strategic business plan, the current year budget and a comparison of actual performance
relative to the budget;
(iv) Internal audit reports completed since the previous on-site examination;
(v) The external audit reports, management letter with management response completed since
the previous on-site examination;
(vi) A copy of all available policies including credit policy, asset/liability management policy,
liquidity policy, etc.; provide dates of approval or up dates;
(vii) The records of shareholdings and a current shareholders list with the following information;
shareholder name, place of shareholder residence, number of shares held, percentage
ownership, disclosure of any agreement to purchase or sell shares in the future, and
disclosure of any voting rights. If any shares are held in corporate name, please list the
individuals who are authorized to vote, and the individuals who actually vote.
List C: Agenda Items for a Pre-Examination Meeting (to be Conducted at Your Premises on July 13,
2009)
The following issues will be discussed during the pre-examination meeting with the senior management of
your bank:
(i) Primary target market and business lines, and significant changes in bank products or
services including areas of growth;
(ii) Economic conditions within the target markets and any other external factors affecting the
primary business lines;
(iii) Areas representing the greatest risk to the bank and/or market;
(iv) Changes in bank management, key personnel or operations since previous examination;
(v) Results of audit and internal controls review, any follow-up required by management;
(vi) Any material changes to internal or external audit’s schedules or scope and adequacy of
audit staffing;
95
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(ix) Issues regarding compliance with laws, directives and circulars governing banking
business;
(x) Other issues that may affect the risk profile; and
(xi) Management concerns about the bank or NBE’s supervision including any areas the bank
would like the NBE to consider in the examination scope.
APPENDIX: XIX
Bank:
Examination Date:
EIC:
Reviewed by:
When a bank is part of a larger conglomerate (group), events such as financial distress in one or more of the
related companies can potentially spread to the healthier part of the group directly or indirectly through:
Attempts of senior management of the group to support or strengthen the weaker affiliate by
transferring cash or capital out of the bank thus weakening the ability of the bank to support its current
risk profile.
Increased cash dividends payments, which typically lead to lower capital ratios. Even if the capital
ratios continue to meet the minimum regulatory guidelines, the reduced level of capital may be
insufficient to meet the changing risk profile of the bank. Therefore, capital ratios should be
maintained well above the minimum guidelines.
Other times the bank may be called upon to support the weak affiliate by providing loans at non-arms
length implying that capital of the bank is under-employed.
Distress can spread throughout the group due to the market perceptions.
These insights can be gained through review of the consolidated financial statements, published third party
analysis and credit ratings. If possible the examiner should attempt to obtain, separate entity financial
statements for the significant entities within the group.
96
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
List any related entities (affiliates/subsidiaries) that operate in sectors known to be experiencing
economic stress.
Affiliates/Subsidiary Sector/comments:
Name
2) Review the previous two on-site examination reports. Note significant and recurring deficiencies.
Comment on compliance with recommendations from prior examinations.
The examiner should review the previous two on-site examination reports to gain understanding of the
existing issues and outstanding areas of concern and check compliance with the previous recommendations.
CAMEL Rating;
Risk Management Practices and Ratings;
Summarize major findings;
Comment Compliance with previous Recommendations; and
Identity issues that need follow up.
After each comment note the risk that may be attested and the level of risk associated with the deficiency.
Comments: Type of Risk Affected; Risk Level
Credit, market,
liquidity, operational.
Examination Reference Date: (Year 1) L M H
Comments on CAMEL Ratings
97
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Check for accuracy and consistency e.g. between Form Type of Risk Affected Risk Level
SD1and its schedules, Form SD2 and corresponding
reports
Note any significant errors
Returns Comments on accuracy and significant errors L M H
Operational
Comments:
The examiner should review key ratios over four quarters and contrast the banks performance to the peer
and/or industry average. The examiner should follow actual market events to identify new issues affecting
the industry as well as potential effects of these changes. Note and comment on:
Recurring deficiencies;
Areas of increased risk;
Unusual Ratios and those that differ significantly from the peer and/or industry average;
Rapid growth;
98
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Declining performance;
The level and trend of key ratios relative to the industry; and
Rate of change versus the industry average.
Deposits
Borrowings
Due to local banks
Due to banks abroad
Total Capital
Total Liabilities &
Capital
Growth Rate
Comments:
99
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Bank Peer Ind. Bank Peer Ind. Bank Peer Ind. Bank Peer Ind.
Avg. Avg. Avg. Avg.
Return
on
Average
Assets
Return
on
Average
Equity
Net
Interest
Margin
Cost to
Income
Comments:
Type of Risk
Preliminary Capital Adequacy Rating: Risk Level
Rating at the Previous Examination: Affected
Quarter Ended – 4 quarter up to the most recent L M H
e.g.
31/3/2006 31/12/2005 30/09/2005 31/06/2005
Total Capital
Total RW Assets
Comments:
100
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
L M H
Quarter Ended
Bank Ind. Bank Ind. Bank Ind. Bank Ind.
Avg. Avg. Avg. Avg.
NPAs/Total
Assets
NPLs/Gross
Loans
NPAs net of
provision
/Total Capital
Accumulated
Loan Loss
Provision/
NPL
Insider Loans/
Total Capital
Large
exposures/Tot
al Advances
Large
exposures/Tot
al Capital
List of large exposure (10% or more of Total Capital), indicating name of borrower, outstanding balances, and percentage
to Total Capital
Comments:
101
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Assets/ Total
Assets
Gross Loans/
Total
Deposits
One year
Cumulative
Gap/Total
Capital
Comments:
These provide feedback on operation of the bank in various areas. Note and Comment on significant issues
including:
Examiners should obtain the current organizational chart prior to the beginning of the on-site examination.
Changes in the structure and management represent areas of primary importance. Note and comment on:
102
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Compromises of independence;
Lack of experience; and
Determine the primary risks affected and the level of impact.
Vacant position
Lack of relevant
experience/qualification
Other:
Comments:
6) Review the strategic plan and performance relative to budget for the previous year, and year
to-date.
The strategic plan serves as a roadmap for where the bank wants to go. The budget provides the details of
who is required to do what, by when and the level of resources committed to achieve specific
goals/objectives.
List the Primary Goals of the Strategic Plan and their reasonableness;
Assess budge performance;
Discuss any significant changes in corporate direction, organization or culture;
Determine if the bank is a market leader or market follower;
Review and record the organization’s progress in meeting the goals; and
Identify goals which the bank has not been able to meet.
Deposits
Borrowings
Capital
103
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Net Income
B: Based on the above table (or otherwise) comment on banks business strategies (i.e. Products, Markets,
Processes, and Expansion):
C. Budget review
Line Item Previous Year-End 2005 YTD Type of Risk Level
May 2006 Risk Affected
Actual Budget Variance Actual Budget Variance L M H
Total Assets
Loans,
Advances,
Overdrafts
and
Discounts
Deposits
Borrowings
Capital
Net Interest
Income
Non-Interest
Income
Non-Interest
Expense
Net Income
Comments:
104
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Comments:
8) Review the structure and capacity of internal audit department, a sample of audit reports
and determine whether internal audit reviews risk management function.
The primary function of the internal audit department is to provide an on-going assessment of the bank’s
internal control system. The primary purpose is to determine the level of reliance that can be placed on the
organization’s self-assessment function. This is an additional validation of the control environment and
could lead to reduction or increase in the level of transaction testing. Examiners resources can be more
efficiently targeted at weaknesses/deficiencies pointed out by a reliable internal audit function. The
examiner must be convinced that: the function is independent of line management and is properly staffed,
deficiencies are promptly identified corrective actions have time frames for implementation, and follow up
is preformed.
Review
(a) Audit Committee Minutes;
(b) Frequency and attendance to the meetings and issues discussed by the committee;
(c) Mandate of the Audit committee;
(d) Composition of Audit Committee members;
(e) Organization Chart of the audit department;
(f) Staff and Qualifications of the audit department;
(g) Audit plan and supporting budget;
(h) Audit reports completed since the previous examination;
(i) Audit exceptions follow up log; and
(j) Unresolved audit deficiencies and note:
(i) Deficiencies in internal control structure;
(ii) Evidence of repeat deficiencies;
(iii) Unresolved reconciling differences; and
(iv) Instances of similar deficiencies across functional or departmental lines
Comments:
9) Shareholders Register
Check whether individuals or related group own more than 5% of share capital;
Note changes in shareholding since the previous examination; and
Check for any transfers of shares/ownership.
Shareholder Name Current Examination Prior Examination Transfers > 5
Shares % Ownership Shares % Ownership Y/N Date of NBE
Approval
105
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Media (newspapers, trade publication, TV, radio) can be a useful source of information.
Comments:
106
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XX
PRE-EXAMINATION CHECKLIST
Introduction
The starting point of risk-focused supervision is developing an understanding of the bank. This step is
critical in tailoring the supervision program. It focuses the supervisory activities on the areas of greatest
risk to the bank. The examiner should perform a preliminary risk assessment, basically a review of the
strengths and vulnerabilities (weaknesses) of the bank.
The purpose of the pre-examination stage is to develop a basic understanding of what the bank does and
how well it does it. This information is used to develop the preliminary risk assessment and subsequently
the scope of the examination.
1. The Financial and Operating Conditions of the Group and Related Entities
(Inter Group Companies)
When a bank is part of al larger conglomerate (group), events such as financial distress in one or
more of the affiliated companies can potentially spread to the healthier part of the group directly or
indirectly through:
Attempts of senior management of the group to support or strengthen the weak affiliate by
transferring cash or capital out of the bank thus weakening the ability of the bank to support
its current risk profile.
Increased cash dividends payments, which typically lead to lower capital ratios. Even if the
capital ratios continue to meet the minimum regulatory guidelines, the reduced level of capital
may be insufficient to meet the changing risk profile to the bank. Therefore, capital ratios
should be maintained well above the minimum guidelines.
Other times the bank may be called upon to support the weak affiliate by providing loans at
non-arms length implying that capital of the bank is under-employed.
Distress can spread throughout the group due to the market perceptions.
These insights can be gained through review of the consolidated financial statements, published
third party analysis and credit ratings. If possible the examiner should attempt to obtain, separate
entity financial statements for the significant entities within the group.
The examiners should review the previous two on-site examination reports to gain understanding
of the existing issues and outstanding areas of concern and check compliance with the previous
recommendations.
After each comment note the risk that may be affected and the level of risk associated with the
deficiency.
107
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Recurring deficiencies;
Areas of increased risk;
Unusual ratios;
Rapid growth; and
Declining performance.
After each comment, note the primary risk area that may be affected and the level of risk
associated with the deficiency.
4. Prudential Returns
Examiner should confirm the accuracy and validity of the prudential returns. In addition,
analytical review of changes in trends and patterns should be done quarterly over a one-year
period.
Balance Sheet
List key accounts of the balance sheet over the past four quarters;
Review balance sheet growth ratios; and
Describe significant growth trends and changes in the balance sheet composition.
The examiners should review key ratios over 4 quarters and contrast the banks performance to the
industry average.
The examiner should follow actual market events to identity new issues affecting the industry as
well as potential effects of these changes.
6. Correspondences
These provide feedback on changes in business strategy or the introduction of new banking
products and it is a source for the assessment of the strength of the organizations response to
suggestions and recommendations contained in the examination reports. Note:
7. Organizational Chart
Examiners should obtain the current organizational chart prior to the beginning of the on-site
examination. Changes in the structure and management represent areas of primary importance.
Note:
108
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The strategic plan serves as a road map for where the bank wants to go. The budget provides the
details of who is required to do what, by when and the level of resources committed to achieve
specific goals/objectives.
9. Board Minutes
The review of the corporate minutes will help the examiner gain insight into who dominates the
decision making process and the future direction of the organization. The large part of the
assessment of corporate governance/strategic risk will be based on the appropriateness of the
strategic plan and budget as well as the consistency of management’s efforts to achieve the plan.
Note any shifts in plans and plans should be supported by analysis of benefits and potential risks.
Risk management systems should be put in place to support new products and services prior to
product launch.
109
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The primary function of the internal audit department is to provide an on-going assessment of the
bank’s internal control system. The primary purpose is to determine the level of reliance that can
be placed on the organizations self assessment function.
This is an additional validation of the control environment and could lead to reduction or
increase in the level of transaction testing; and
Obtain
110
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Check whether individuals or related group own more than 5% of share capital;
Note changes in shareholding since the previous examination; and
Check for any transfers of shares/ownership.
Media (newspapers, trade publications, TV, radio) can be a useful source of information. Actions
of competitors, announcements (e.g. introduction of new products, plans to reduce expenses, close
branches, reduce pricing, targeted sectors).
Note:
111
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXI
Overall Conclusions:
This section is summary for your overall conclusions. Complete it last. Record previous exam rating and
current proposed rating. Note the level of exposure posed by the group
I.
CAMEL
Previous Examination Date 31/05/2005 Rating 22222/2
Date of Risk Assessment 31/05/2005 Proposed Rating
Risk Exposure from the Group or Low Moderate High
related entities
Note: In completing this section, examiner should summarize conclusions drawn from pre-examination
working tool in Appendix XVIII as well as from CAMEL Rating Guidelines
______________________________________________________________________________________
________________________________________________________________________
Asset Quality 1___2___ 3 4___ 5__________________________________________
Summarize conclusions in bullet points and tick as appropriate.
*
*
*
*
* ______
* ______
112
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Note the level, distribution, severity, and trend of problem, classified, delinquent, non-accrual, non-
performing, and restricted assets, Both on-and off-balance-sheet, adequacy of provisions,
demonstrated ability to identify, administer, and collect problem asset; the diversification and quality
of loan and investment portfolios; the adequacy of loan and investment policies, procedures, and
practices; the extent of securities underwriting activities and exposure to counter-parties in trading
activities, asset concentration, underwriting standards, risk-identification practices, controls, and
management information systems.
______________________________________________________________________________________
________________________________________________________________________
Management 1___2 _ 3 4___ 5_____
______
Summarize conclusions.
* ______
* ______
* ______
* ______
* ______
* ______
The Board of Directors and Management are evaluated against all factors necessary to operate the bank in
a safe and sound manner and their ability to identify, measure, monitor, and control the risks of the bank’s
activities. This combines strategic risk management and corporate governance. Consideration is given to
the level and quality of oversight and support provided by the board and management; compliance with
regulations and statutes; the ability to plan for and respond to risks that may arise from changing business
conditions or initiation of new products or services; the accuracy, timeliness, and effectiveness of
management information and risk-monitoring systems; the adequacy of and compliance with internal
policies and controls; the adequacy of audit and internal control systems; the responsiveness to
recommendations form auditors and supervisory authorities; the reasonableness of compensation policies
and avoidance of self-dealing; a demonstrated understanding and willingness to serve the legitimate
banking need of the community; management depth and succession; the extent that management is affected
by or susceptible to dominant influence or concentration of authority, and the overall performance of the
bank and its risk profile.
______________________________________________________________________________________
Earnings 1___2____3 4___ 5_____
Summarize conclusions in bullet points and tick as appropriate. ______
*
*
*
*
*
Quality and quantity of earnings are evaluated in relation to the ability to provide for adequate capital
through retained earnings; level, trend, and stability of earnings, quality and sources of earnings;
level of expenses in relation to operations; vulnerability of earnings to market-risk exposures;
adequacy of provisions to the allowance for loan losses; reliance on unusual or nonrecurring gains or
losses; contribution of extraordinary items, and tax effects to net income; and adequacy of budgeting
systems, forecasting processes, and management information system.
113
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
*
*
*
*
*
*
Refer to NBE Directives No. SBB/44/08. Liquidity and asset/liability management is evaluated in
relation to the trend and stability of deposits; degree and reliance on short-term, volatile sources of
funds, including any undue reliance on borrowings or brokered deposits to fund longer-term assets;
availability of assets readily convertible to cash without undue loss. Access to money markets and
other sources of funding; adequacy of liquidity sources and ability to meet liquidity needs;
effectiveness of liquidity policies and practices, funds-management strategies, management
information systems, and contingency funding plans; capability of management to properly identify,
measure, monitor, and control liquidity, and level of diversification of funding sources, both on-and
off-balance sheet.
Note: In completing this section, the examiner should summarize conclusions drawn from pre-examination
working tool in Appendix XVI as well as from Risk Rating Guidelines
Briefly support the conclusions you presented in the risk matrix above.
Explain why quantity of risk is high, moderate or low in bullet form. Your comments should cover risks
presented by the external environment over which the bank has little control (e.g. Trends in the economy
and sector exposures for credit risk) and internal changes and practices (e.g. Underwriting Standards,
Staffing, MIS, launching of new products, level, distribution and trend of classified assets, insider lending,
non-accruals, restructured loans.
Next explain why risk management is weak, acceptable or strong, e.g. appropriateness of the organization
structure, reporting lines and board oversight, policies, procedures and limits, risk monitoring reports,
adequacy of MIS and internal control systems.
Finally assess the aggregate level and direction of risk. Aggregate risk is a function of the level of inherent
risk and how well you think management controls that risk. High inherent risk can be offset by strong risk
management, leading to a low or moderate aggregate risk. Conversely, moderate inherent risk can
increase to high if the risk management systems are week.
The direction of risk is a function of change, internal or external. For example is the organization
initiating more and more complex activities or products or is it streamlining operations into a few,
repetitive operations? Is the external environment changing while the bank is still? The direction can be
assessed over the next 12 months.
Credit Risk
*
*
*
114
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
*
*
*
*
*
Liquidity Risk
*
*
*
*
*
Market Risk
*
*
*
*
*
Operational Risk
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
115
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXII
Financial condition
Risk assessment
Other issues of concern
Make a summary of the pre-examination meeting highlighting on the major issues that may need a
further follow up.
Determine adequacy of the audit both external and internal and internal risk management systems to
establish level of reliance.
EIC should highlight areas of concentration during examination as indicated in Scope Memo Sample.
6. Resource Planning
Prepare and assign tasks by Risk/CAMEL and indicate required days for each examiner. Also indicate
a team leader for each Risk/CAMEL to be reviewed on-site.
7. Sign-off
116
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXIII
A full scope examination of XYZ Bank S.C. (XYZ) is scheduled to commence on July 24, 2009, with a cut
off date of June 30, 2009. The objectives of the examination are:
1. To determine the overall financial condition of the bank with regard to CAMEL;
2. To evaluate the risk management systems with emphasis on credit and operational risks;
3. To determine the bank’s compliance with laws, directives and circulars;
4. To review the internal control systems, self assessments systems and risk controls for the high tech
products (VISA, ATMs and Internet Banking)
5. To review scope, independence and effectiveness of the internal audit function.
The composite CAMEL rating of the bank was considered satisfactory. Capital was rated satisfactory.
Total capital to risk weighed assets ratio was 12.28%, which was above the regulatory requirements of 8%.
Asset quality was rated satisfactory. NPLs ratio net of provision to total loans was 2.44%, indicating low
exposure. Ratio of large exposures to capital was 281.20% while 17 top borrowers accounted for 46% of
the loan portfolio posing high risk.
Management was rated satisfactory on account of adequate Board and Senior Management oversight and
satisfactory financial performance. The bank has three board committees namely Audit, Risk and
Compliance Committee, Lending Committee and Remuneration Committee. The bank has been in long
outstanding labor dispute; however, agreement to resolve the same has been executed and filed with the
court.
Earnings were rated satisfactory. Net interest income accounted for 63% of total income while foreign
exchange trading contributed 11%.
Liquidity was rated strong with liquid asset ratio of 55.2% which was above the regulatory requirement of
25%. The loan to deposit ratio was 53.95% which was within the industry average of 60%.
Sensitivity to Market risk was considered moderate due to moderate foreign exchange risk and interest rate
risk.
117
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
The bank’s risk management system was considered satisfactory; the board of directors assumes the
ultimate responsibility for managing bank’s risks. The bank has Risk Officer who reports to the Board
Audit, Risk and Compliance Committee. However, each business unit is responsible for managing risks
inherent in their activities. The bank has put in place Management Risk Committee to oversee risk
management practices. The bank has adopted bank-wide Risk Management approach so as to manage
bank’s risk in an integrated manner. Policies and procedures approved by the board are in place and are
being reviewed annually. However, credit policy has not been reviewed since 2003 and foreign exchange
policy is still in the draft form. The bank has put in place Risk Management Programs which spell out its
risk management framework.
The overall risk of the bank is considered moderate and increasing due to high business growth, and
introduction of new products. The bank’s significant exposures arise from operational and credit risks. The
risk matrix is summarized below:
During the period under review, the Chairperson of the bard, Ato Zeru resigned following appointment to a
post in IMF. Other two directors resigned due to expiry of their terms in office but one W/ Gete was re-
appointed. However, Ato Zeru was appointed an Acting Chairman.
BBC Bank acquired 60% of BIG Group which is a major shareholder of XYZ Bank S.C. BBC being a
major shareholder is yet to put in place new business strategies toward XYZ Bank S.C. The bank
introduced a new managerial post of Risk Officer. During the period under review the bank opened new
branch in Merkato area.
The meeting was held on 11th July 2009. The focus of the meeting was on issues enumerated in the
preliminary review section of the methodology. During the meeting the following issues came up:
Management reported that finance performance of the bank was satisfactory and compared to its peers.
Also, it was reported that, the bank surpassed the budget. Assets, loans and deposits grew between
30% and 45%. Growth for 2010 was projected at 40%. New products include group loans guaranteed
by employers, and the focus remained on Corporate and SMEs and trading.
On whether BBC Bank’s strategies toward XYZ Bank S.C. will change following its acquisition of
BIG Group, management reported that nothing has been decided yet. However, communication with
NBE on the matter has started.
118
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Internal audit function and independence was observed to be impaired due to limitation in scope of
audit as internal auditors do not audit some Head offices functions. However, the management argued
that, this was due to lack of capacity and requisite skills on the part of Internal Auditors in particular
inability to apply BIG Group’s Audit Methodology. Head Office operations are, however, audited by
Group’s Auditor.
Management indicated challenges of acquisition of BIG Group by BBC Bank, such as compliance with
Money Laundering risks and labor issues.
Management reported that they do not anticipate any major changes in their core banking application
i.e. Flexcube and the system was robust enough to accommodate any new products.
Examiners observed that the budgets have been achieved by far in nearly all areas of operations. They
queried the underlying assumptions. Management responded that the assumptions were realistic and
promised to avail copies; the same will be analyzed during onsite examination.
(vii) Board of Directors Composition and Quorum
Examiners observed that the Board Audit, Risk and Compliance Committee had no quorum for two
consecutive meetings thus rendering it ineffective. Management responded that they had gaps in the
board following appointment of the board chairman to a post of IMF. Other two directors resigned due
to expiry of their term in office but one W/ Gete was re-appointed. Ato Zeru was appointed an Acting
Chairman.
Examiners observed the need to align capital to growth in business. Management clarified that the
bank had divided policy which recognizes capital compliance issues
(ix) Provisioning
The internal audit was considered adequate except for the limitation in scope where some Head Office
functions are not audited by the bank’s internal auditors but audited by the Group’s auditors. Risk
management system of the bank is considered adequate. The bank has adopted a bank-wide risk
management system and has established a set-up that is responsible for management of the overall risk.
However, some lapses have been observed such as lack of foreign exchange policy, failure to review and
update its credit policy, lack of investment and liquidity limits, failure to perform stress tests and failure to
put in place liquidity contingent plan.
Summarized below are the examination focus areas and snap procedures to be applied for this examination
(N.B. These procedures are not intended to replace the procedures enlisted in this document under
Appendix X. These procedures are specific for this examination of XYZ bank. Each EIC will have to tailor
different procedures for each examination).
119
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Credit Risk is rated moderate and increasing. Standard core assessment procedures and expanded
procedures (if necessary) will be applied. The examiner will perform the following procedures:
1. At the beginning of the examination hold a discussion with the head of credit to ascertain Board and
Senior Management oversight (e.g. Existence of committees), existence of Policies, Procedures and
Limits, MIS for credit risk and ICS in the credit administration and management and control.
Consider whether there is a need for expanded procedures for the areas of concern
120
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Liquidity risk is rated Low and Stable, minimum scope core assessment procedures and standard core
assessment procedures (if necessary) will be applied. The Examiner (s) will perform the following
procedures:
1. At the beginning of the examination, hold discussions with management covering actual or planned:
1. Follow up on significant liquidity audit issues identified during pre-examination review. Specifically,
examiner will be requite to review the following:
(a) The bank’s liquidity reports including the most recent Maturity Gap Report; and
(b) ALCO minutes and reports since the last onsite examination.
3. Assess the bank’s compliance with prudential requirements regarding liquidity and liquidity risk.
Findings should be communicated to the examiner reviewing Management.
4. If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the
above information raises substantive issues, the examiner should expand the activity’s scope to include
additional objectives or procedures, as appropriate. If this review does not result in any significant
changes or issues, conclude the liquidity review.
a. Provide the examiner evaluating credit risk with a list of classified investments, and communicate
findings to other examiners, as appropriate;
b. In consultation with the EIC and other examiners, identify and communicate to other examiners as
appropriate any conclusions and findings from the liquidity review that are relevant to other areas
being reviewed; and
Foreign exchange risk is rated moderate and stable. Standard core assessment procedures and expanded
assessment procedures (if necessary) will be applied. The examiner will perform the following procedures:
121
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
At the beginning of the examination, hold discussions with management covering actual or planned:
(i) Changes to the foreign exchange operation policy (i.e. limit structure, risk measurement etc);
(ii) Changes in the foreign exchange risk management process;
(iii) Material changes in the bank’s foreign currency denominated asset and liability structure; and
(iv) Obtain and review the regulatory reports (e.g. Form 16.4 (a) and (b) and the most recent bank-
prepared reports used to monitor and manage foreign exchange risk.
(a) Review minutes of any committees responsible for overseeing foreign exchange risk;
(b) Determine whether the board has approved policies relating to foreign exchange risk and whether
the policies:
(c) Assess the effectiveness of management and the board in overseeing foreign exchange risk.
Consider:
(i) The existence and reasonableness of board-approved limits for foreign exchange risk;
(ii) Compliance with established risk limits;
(iii) The adequacy of controls over the foreign exchange risk management process;
(iv) Management’s level of understanding of foreign exchange risk and ability to anticipate and
respond appropriately to changes in foreign exchange rates or economic conditions including
competition in the market; and
(v) The quality of personnel and their responsibilities.
4. Assess the bank’s compliance with prudential requirements on foreign exchange operations. Findings
should be communicated to the examiner reviewing management.
5. Expanded procedures are available in the Examination Procedures. The extent to which examiners will
expand procedures will be decided on a case-by-case basis.
122
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(i) In consultation with the EIC and other examiners, identify and communicate to other
examiners as appropriate any conclusions and findings from the foreign exchange risk review
that are relevant to other areas being reviewed.
(ii) Provide preliminary conclusions about:
Interest rare risk is rated moderate and stable. Standard core assessment procedures and expanded
assessment procedures (if necessary) will be applied. The examiner will perform the following procedures:
1. At the beginning of the examination, hold discussions with management covering actual or planned:
(a) Changes to the IRR policy and Management structures (i.e. Committees, limits, risk measurement
methods, etc);
(b) Material changes in the bank’s interest bearing asset and sensitive liability structure;
(c) Changes in the investment portfolio and its impact on IRR (stress testing);
2. Obtain and review the most recent reports used to monitor and manage IRR, including ALCO reports.
Determine the appropriateness and effectiveness of the risk management practices over IRR.
(i) Determine whether the board has approve policies establishing responsibility for the
management of IRR, communicating risk tolerance limits, and providing sound guidelines for
the management of IRR;
(iv) Consider annual review of investment strategies and policies and whether significant risks in
the bank’s investment activities are understood and properly reported;
(v) Consider whether the bank performs and documents the results of stress testing;
(vi) Periodic evaluations of aggregate risk exposure and the overall performance of the investment
portfolio;
123
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(viii) The ability to respond to competitive pressures in financial and local markets; and
(ix) Whether staff skills are appropriate for the level of complexity and risk.
a. In consultation with the EIC and other examiners, identify and communicate to other
examiners as appropriate any conclusions and findings from the interest rate risk review that
are relevant to other areas being reviewed;
Operational risk is rated high and increasing. Standard core assessment procedures and expanded
assessment procedures will be applied (when necessary). The examiner will perform the following
procedures:
At the beginning of the examination hold a discussion with the line manager to ascertain, Board and Senior
management oversight (operational Risk Committee), awareness of operational risk triggers relevant to the
bank’s current and planned activities, existence of checklists and minimum operations procedures and
manuals and implementation of dual controls, physical security and access rights, IT changes and KYC
processes.
124
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(ii) Review board minutes and board committee minutes and ascertain the effectiveness of the
board and the newly constituted board committees for ALCO, Audit and Enterprise Risk
Management;
(iii) Review the branch expansion strategy and development of new products;
(iv) Review the quality of the strategic planning given the high inherent risks in most areas of
operations and assess internal and external threats to the bank;
(v) Review the budgeting process and budget performance reviews;
(vi) Review human resources management and staff incentives and compensation issues;
(vii) Review management succession and depth;
(viii) Review effectiveness of management committees;
(ix) Review the shareholding structure and capitalization plan;
(x) Review affiliate relationships and associated risks;
(xi) Review existence and implementation of policies, procedures and risk management limits;
(xii) Establish the extent of integration of the IT strategy to the business strategy; and
(xiii) Ascertain the level of inherent risk, quality of risk management systems, aggregate level and
direction of strategic risk.
(f) Earnings:
Resources Planning
Summary of Activities
Risk/Activity Assigned Planned Actual Variances
Examiner (s) Days Days
Credit Risk and Asset Quality W/ Roza & Ato Bayu 8
Liquidity and Liquidity risk Ato Mola 3
Interest Rate Risk Ato Mamo 3
Foreign Exchange Risk Ato Mamo 3
Operational Risk W/ Lily 8
Capital Adequacy Ato Lulu 3
Board, Management & Corporate Ato Taye 8
125
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Governance
Internal Audit W/ Kiya 3
Risk Management Framework W/Kiky 2
Earnings Ato Lulu 3
Sensitivity to Risk Ato Mamo 2
Branch examination
Based on the preliminary risk assessment, 25 branches will be examined with emphasis on the following:
126
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXIV
127
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXV
SAMPLE INTRODUCTION/ENTRY LETTER
In accordance with Article 5(7) of the NBE Establishment Proclamation No. 591/08, and Article 29(1) of
the Banking Business Proclamation No. 592/08, the Banking Supervision will conduct an examination of
your bank from 11th September to 20th October 2009.
The examination will be full in scope, and will cover the bank’s Head Office and branches.
Kindly accord the team your maximum co-operation so that the exercise can be a success.
Yours sincerely,
Getu Belay
Deputy Director
Banking Supervision
128
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXVI
RBS EXAMINATION PROCEDURES
EXAMINATION PLANNING PROCEDURES
EIC will be responsible for performing these procedures. For procedure 4, other examination team
members will also be involved.
3. Send information request letter to the bank at least 35 days before the beginning of examination.
4. Conduct preliminary onsite review at least three weeks before the beginning of examination. The
review will be conducted in two stages, pre-examination meeting and review of information;
(a) Pre-examination meeting with senior management of the bank covering discussion of the
following:
(a) Primary target market and business lines, and significant changes in bank products or services
including areas of growth;
(b) Economic conditions within the target markets and any other external factors affecting your
primary business lines;
(c) Areas representing the greatest risk to the bank and/or markets;
(d) Changes in bank management, key personnel or operations;
(e) Results of audit and internal controls review, any follow-up required by management;
(f) Any material changes to internal or external audit’s schedules or scope and adequacy of audit
staffing;
(g) Purchase, acquisition, merger or divestiture considerations;
(h) Changes in technology including operational systems, technology vendors/service providers,
critical software, internet banking, or plans for new products/activities that involve net
technology;
(i) Issues regarding compliance with laws, directives and circulars governing banking business;
(j) Other issues that may affect the risk profile; and
(k) Management concerns about the bank or NBE’s supervision including any areas the bank
would like the NBE to consider in the examination scope.
(i) The board of directors’ minutes and papers and AGM minutes for each meeting since the
prior on-site examination;
(ii) The board audit committee minutes for each meeting since the prior on-site examination;
129
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(iii) The strategic business plan, the current year budget and a comparison of actual performance
relative to the budget;
(iv) Structure and financial conditions of related affiliates/groups;
(v) The records of shareholdings and a current shareholders list with the following information;
shareholder name, place of shareholder residence, number of shares held, percentage
ownership, disclosure of any agreement to purchase or sell shares in the future, and disclosure
of any voting rights. If any shares are held in corporate name, please list the individuals who
are authorized to vote, and the individuals who actually vote the shares;
(vi) Internal audit reports completed since the previous on-site examination;
(vii) Structure and capacity of internal audit function;
(viii) The external audit reports, management letter with management response completed since the
previous on-site examination;
(ix) A copy of all available policies including credit policy; and asset/liability management policy,
liquidity policy, etc. provide dates of approval of up dates.
5. Using the information obtained from the above procedures, prepare a scope memorandum for
management approval. The memorandum should include:
6. Prepare and send a letter of authority signed by the management to the bank.
7. Allocate assignments for examination team members according to planning and control schedule
(Appendix XXVII) and communicate the same to every team member.
8. Conduct a briefing session on the forthcoming examination with all team members. Some of the issues
to discuss include:
(a) Issues raised in the scope memorandum;
(b) Examination focus;
(c) Review and consolidate issues to be discussed at the beginning of examination (i.e. first
procedure in all areas to be reviewed);
(d) Work days; and
(e) Administrative issues.
ASSET QUALITY AND CREDIT RISK EXAMINATION PROCEDURES
Conclusion:
Asset quality is rated (1, 2, 3, 4, or 5)
Credit Risk is rated (Low, Moderate, or High)
Direction of Credit Risk (Decreasing, Stable or Increasing)
Complete this section’s objectives to assign the asset quality and credit risk ratings. In assigning the ratings,
examiner should consult with the EIC and other appropriate examiners. When assigning the asset quality
and credit risk ratings, examiners should take into consideration rating factors outlined in the CAMEL
Rating Guidelines (Appendix XXVIII) and Risk Rating Guidelines (Appendix XXIX), respectively.
CORE ASSESSMENT
130
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
losses, the quantity of credit risk, and the quality of credit risk management.
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering
actual or planned:
2. Follow up on significant asset quality and credit risk audit issues identified by the examiner
reviewing Audit and Internal Control Section.
3. If not previously provided, obtain and review the following information and documents, as
appropriate:
The size of the sample should be based on the trends and overall risk posed by those segments
of the loan portfolio and should at least cover 40%. The purpose of the review is to determine
whether the loans evidence any changes in the bank’s risk selection, the bank’s underwriting
practices, its credit administration, its risk-rating criteria, or any other aspect of its credit risk
management. Examiner should ensure that the review covers all the criteria used for assessing
and rating the quality of credit risk management as pointed out in the risk matrix. This may be
accomplished by reviewing credit files, approval documents, and loan committee minutes.
Documentation of credit file reviews can normally be limited to summary comments detailing
the loan classification and the facts supporting it.
5. Assess the bank’s compliance with prudential requirements. Findings should be communicated
to the examiner reviewing Management.
6. If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of
the above information raises substantive issues, the examiner should expand the scope to
131
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
include additional objectives or procedures, as appropriate. If this review does not result in any
significant changes or issues, conclude the asset quality and credit risk review.
NOTE: Examiners should select the appropriate objectives and procedures necessary to assess the
bank’s condition and risks.
Objective 1: Determine the scope of the asset quality and credit risk review
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering
actual or planned:
2. Review the previous examination report and other supervisory information to identify any
problems in this area that require follow-up.
3. Discuss with the examiner responsible for completing the “Audit and Internal Control” section
of the core assessment whether there are any significant audit findings that require follow-up or
whether a review of audit work papers is required.
4. If not previously provided, obtain and review the following information an documents, as
appropriate:
(a) Credit Policy and Procedures and any changes made since the last examination;
(b) The most recent loan review report by the bank;
(c) List of renewed or restructured credit facilities;
(d) Past-due and non-performing assets reports;
(e) Internal loan grading report;
(f) Problem and “watch” loan lists;
(g) List of loans to insiders including employees;
(h) Loans to politically connected borrowers
(i) Concentration of credit reports;
(j) The detail of any “other asset” accounts that are material to the financial statements; and
(k) Any other report that may be useful for the review of this area.
5. Review regulatory reports and other information provided by the bank to assess the size,
composition, and trends in the loan portfolio and any off-balance-sheet exposures. Consider:
(a) Current and planned loan growth in relation to bank capital and risk limits;
(b) Areas of high growth;
(c) Internal portfolio management reports (loan policy exceptions, concentrations of credit,
etc.);
(d) Unfunded and/or un-drawn loan commitments and other off-balance sheet items;
(e) Deteriorating trends in asset quality indicators; and
(f) Any other information related to the risk characteristics of the loan portfolio, including:
Economic indicators;
Industry trend; and
New products planned or already initiated.
132
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
6. Obtain asset quality and credit risk-related information from the examiner assigned to review
board minutes. If necessary, repeat the review of the credit committee minutes to review the
bank’s lending practices.
7. Use bank reports to select an appropriate sample to loans from the bank’s loan portfolio
(commercial, retail, etc). Consult with the EIC when selecting the sample. Consider:
Since credit risk typically poses the largest single risk to a bank’s earnings and capital, and
loans are the largest asset concentration in most banks, loan portfolio forms a significant
percentage of assets to be reviewed.
The size and composition of the loan sample should be commensurate with the quantity of
credit risk, the adequacy of risk management, the bank’s condition, and the objectives of the
asset quality and credit risk review. The sample size for moderate and high risk level should at
least be 60% and 80%, respectively.
The types of loans in the sample are as important as how much of the portfolio is reviewed. The
sample should be skewed toward the predominant risks in the portfolio. The higher the risk
posed to the bank, the more comprehensive the coverage and testing.
In a stable, well-managed bank exhibiting few signs of change, examiners should sample a
smaller number of new and pass-rated credits for the purpose of determining the continued
adequacy of loan quality and credit risk management.
133
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
6. Based on the results of the portfolio analysis of retail loans, select a sample of loans to
determine the bank’s underwriting and account management practices.
7. Determine the credit risk inherent in the loan portfolio as a whole, considering the risk-rating
profile, underwriting and risk selection practices, concentrations, loan policy exceptions, credit
and collateral exceptions, pricing, collateral coverage, adequacy or analysis and credit
administration practices, economic indicators, etc
Objective 3: Determine the quantity of credit risk associated with assets other than loans:
1. As appropriate, obtain and review a list of the following items:
2. Obtain a list of classified investments and other appropriate findings regarding the quality and
composition of investments from the examiner evaluating the investment portfolio.
3. In discussion with bank management and based on the review of assets listed above, determine
which items should be classified or charged off.
Objective 4: Determine the adequacy of the allowance for probable losses.
1. Evaluate the method used to determine the allowance for probable losses balance. Consider:
2. If the allowance for probable losses methodology is considered flawed, consult with the EIC to
independently determine the adequacy of the allowance for probable losses balance. If it is
determined to be inadequate:
(a) Calculate the necessary provision to restore the allowance for probable losses to an
adequate level;
(b) Direct bank management to make any necessary adjustments to the bank’s books of
accounts and regulatory reports; and
(c) As appropriate, share these findings with other examiners.
Objective 5: Determine the quality of credit risk management systems.
1. Determine whether the number and nature of credit, collateral, and policy exceptions; risk rating
changes; or other loan review findings raise concerns about the quality of the credit administration
function.
2. Determine whether loan management and personnel are adequate to effectively manage the level of
credit risk inherent in the loan portfolio. Consider:
134
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
3. Assess the timeliness, completeness, accuracy, and relevance of MIS for credit risk. Consider the
sources of reports, controls over the preparation of reports, and whether the reports’ accuracy is
independently validated. Risk management reports should cover major sources of credit risk
identified in objectives 2 and 3 above. This review should be coordinated with the examiners
responsible for all areas of the examination, including internal control, to avoid duplication of effort.
Findings should be communicated to the examiner reviewing operational risk.
4. Using the findings from achieving the previous objectives consult with the EIC and other
appropriate examiners to make preliminary judgments on the adequacy of portfolio risk
management systems. Consider whether:
(a) Board and Management recognize and understand existing and emerging risks;
(b) Management measures risk in an accurate and timely manner;
(c) The board establishes, communicates, and controls risk limits; and
(d) Management accurately and appropriately monitors established risk levels.
5. Assess the bank’s system of internal control over the credit function. Examiners should take into
consideration the relevant controls listed in objective 5 of the “Audit and Internal Control” section
of the core assessment. Examiners should also take into consideration other controls pertinent to the
credit function.
6. In addition to the above procedures, examiners should consider all criteria specified in the Risk
Rating Guidelines for credit risk (Appendix XVIII)
Objective 6: Assess the bank’s compliance with prudential requirements.
Findings should be communicated to the examiner reviewing Management.
2. In consultation with the EIC and other examiners, identify and communicate to other examiners as
appropriate any conclusions and findings from the asset quality and credit risk review that are
relevant to other areas being reviewed.
3. Use the results of the foregoing procedures and any other applicable examination findings to
compose comments on asset quality and credit risk management for the report of examination.
135
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Conclusion:
Liquidity is rated (1,2,3,4, or 5)
Liquidity risk is rated (Low, Moderate, or High)
Direction of liquidity risk (Decreasing, stable or increasing)
Complete this section’s objectives to assign the liquidity and liquidity risk ratings. In assigning the ratings,
examiner should consult with the EIC and other appropriate examiners. When assigning the liquidity and
liquidity risk ratings, examiners should take into consideration rating factors outlined in the CAMEL
Rating Guidelines (Appendix XI) and Risk Rating Guidelines (Appendix XVIII) respectively.
CORE ASSESSMENT
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering actual
or planned:
2. Follow up on significant liquidity audit issues identified by the examiner reviewing the bank’s Audit
and Internal Control section.
(a) The bank’s liquidity reports including the most recent Maturity Gap Report; and
(b) ALCO minutes and reports since the last onsite examination.
4. Assess the bank’s compliance with prudential requirements. Findings should be communicated to
the examiners reviewing Management.
5. If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the
above information raises substantive issues, the examiner should expand the activity’s scope to
include additional objectives or procedures as appropriate. If this review does not result in any
significant changes or issues, conclude the liquidity review.
STANDARD CORE ASSESSMENT
2. Review the previous examination report and other supervisory information to identity any
problems that require follow-up in this area.
136
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
3. Discuss with the examiner responsible for completing the “Audit and Internal Control” section
of the core assessment whether there are any significant audit findings that require follow –up.
5. Discuss current investment, liquidity, and funds management strategies with appropriate
management.
Objective 2: Determine the adequacy of liquidity and the quantity of liquidity risk risk.
Procedures:
1. Identify volume and rends in funding by reviewing:
(a) Sources of funding, e.g. retail vs. wholesale;
(b) Projected funding needs vs. available sources;
(c) Wholesale funding that may be credit sensitive;
(d) Funding concentrations;
(e) Use and reliance on liabilities with short-term maturities;
(f) Liquid assets levels and trends;
(g) Off-balance-sheet commitments; and
(h) Proportion of long term assets financed by short term liabilities.
2. Evaluate the nature and magnitude of demands on the bank’s liquidity. Consider the following:
(a) Existence of ample sources of liquidity to ensure timely payment of all debt obligations;
(b) Magnitude of any anticipated increase in loan demand/volume. Consider continuing quality of
the loan portfolio including collateral sufficiency to support additional debt;
(c) The volume of outstanding loan commitments, giving consideration to the amount of
commitments likely to be drawn upon in light of seasonal loan volume fluctuations and
projected peak loan demand;
(d) Frequency and materiality of litigation issues;
(e) Other potential contingent liabilities;
(f) Significance of planned near-term capital expenditures;
(g) Liquidity needed to cover timing differences and/or any shortfall between operating income
and expense; and
(h) Significance of any anticipated cash dividends and/or cash redemption of shares/stock.
3. Evaluate the adequacy of sources of funds to meet anticipated or potential needs. Consider:
137
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(iii) Stocks/shares.
(h) The capacity to borrow from the NBE’s discount window.
4. Evaluate the quality of the investment portfolio as a potential source of liquidity. Consider the
following:
(a) Percentage and quality of investment portfolio that is un-pledged;
(b) Level and impact of portfolio depreciation;
(c) Maturity distribution of the investment portfolio;
(d) Distribution of securities designated held-to-maturity and available-for-sale;
(e) Trends in monthly cash flow from the investment portfolio; and
(f) Potential impact of embedded options on the cash flow patterns.
7. If the bank relies significantly on wholesale/corporate funding, review factors that influence
wholesale/corporate funds providers. Consider the following:
8. Considering the foregoing and the relevant risk assessment factors, consult with EIC and other
appropriate examiners to determine the quantity of liquidity risk.
2. Determine whether the board has clearly articulated policies and guidelines outlining lines of
authority/responsibility for the management of liquidity and its tolerance for liquidity risk. Consider:
(a) Has a measurement system that captures and quantifies risk been established?
(b) Are limits/guidelines defined and communicated to management and other relevant staff?
(c) Are the limits/guidelines reasonable?
(d) Do the planning, budgeting, and new product areas consider liquidity when making decisions?
3. Determine whether management has planned for adequate sources of liquidity to meet current and
potential funding needs.
4. Review the contingency funding plan and determine whether it adequately details management
responsibilities, quantifies potential funding needs/sources under multiple scenarios, and prioritizes
management action to respond to funding needs. Ensure that the plan is appropriate given the
complexity of the bank’s circumstances.
5. Determine whether strategies used to achieve the desired mix and maturities of assets and liabilities
are adequate. Consider:
138
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
6. Assess the timeliness, completeness, accuracy, and relevance of MIS for liquidity. Consider the
sources of reports, controls or the preparation of reports, and whether the reports’ accuracy is
independently validated. This review should be coordinated with the examiners responsible for all
areas of the examination to avoid duplication of effort. Findings should be communicated to the
examiner reviewing operational risk. Consider whether MIS monitors:
7. Assess the system of internal control over liquidity. Examiners should take into consideration the
relevant controls listed in objective 5 of the “Audit and Internal Control” section of the core
assessment. Examiners should also take into consideration other controls pertinent to liquidity.
8. Using the findings from the foregoing, consult with the EIC and other appropriate examiners to
determine the quality of liquidity risk management. Examiners should consider all criteria specified
in the Risk Rating Guidelines for liquidity risk.
2. From discussions with management and by reviewing internal reports, determine whether there is an
appropriate due diligence process to ensure that all securities acquired conform to lending policies
for credit analysis, underwriting, and approval.
3. From discussions with management and by reviewing internal reports, assess the trend in credit
quality of the investment portfolio between examinations. Determine whether there has been a
significant change in the credit risk profile and whether that change has been appropriately
managed.
4. From discussions with management and by reviewing internal reports, determine whether there are
any issues in the portfolio that are ineligible, in default, or below investment grade and distribute
findings, as appropriate, to the examiners reviewing credit risk, earnings, and capital adequacy.
139
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(a) Provide the examiner evaluating credit risk with a list of classified investments, and
communicate findings to other examiners, as appropriate.
(b) In consultation with the EIC and other examiners, identify and communicate to other examiners
as appropriate any conclusions and findings from the liquidity review that are relevant to other
areas being reviewed.
Complete this section’s objectives to assign the foreign exchange risk rating. In assigning the rating,
examiner should consult with the EIC and other appropriate examiners. When assigning the foreign
exchange risk rating, examiners should take into consideration rating factors outlined in the Risk Rating
(Appendix XXIX).
CORE ASSESSMENT
MINIMUM SCOPE CORE ASSESSMENT
Minimum objective: Determine the quantity of risk and the quality of risk management for foreign
exchange risk.
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering actual
or planned:
(a) Changes to the foreign exchange operation policy (i.e. limits, structures, risk measurement,
etc);
(c) Material changes in the bank’s foreign currency denominated asset and liability structure.
2. Follow up on significant foreign exchange risk audit issues identified by the examiner reviewing the
bank’s Audit and Internal Control section.
140
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
4. Assess the bank’s compliance with prudential requirements. Findings should be communicated to
the examiner reviewing Management.
5. If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the
above information raises substantive issues, the examiner should expand the activity’s scope to
include additional objectives or procedures, as appropriate. If this review does not result in any
significant changes or issues, conclude the foreign exchange risk review.
STANDARD CORE ASSESSMENT
(a) Changes to the foreign exchange operation policy (i.e. limits, structures, risk measurement etc);
(c) Material changes in the bank’s foreign currency denominated asset and liability structure.
2. Review previous examination report/any supervisory information to identify any problems that
require follow-up in this area.
3. Discuss with the examiner responsible for completing the “Audit and Internal Control” section of
the core assessment whether there are any significant audit findings that require follow-up.
4. Obtain and review NBE reports and the most recent bank-prepared reports used to monitor and
manage foreign exchange risk.
2. Using the findings from the above procedure and considering the relevant factors, consult with the
EIC and other appropriate examiners to determine the quantity of foreign exchange risk.
Objective 3: Determine the quality of risk management for foreign exchange risk.
Procedures
141
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
1. Obtain foreign exchange risk-related information from the examiner assigned to review board
minutes. Review, as appropriate, minutes of any committees responsible for overseeing foreign
exchange risk.
2. Determine whether the board has approved policies relating to foreign exchange risk that establishes
responsibility for the management of foreign exchange risk, communicating risk tolerance, and
providing sound guidelines for the management of foreign exchange risk.
3. Assess the effectiveness of management and the board in overseeing foreign exchange risk.
Consider:
(a) The existence and reasonableness of board-approved limits for foreign exchange risk;
(b) Compliance with established risk limits;
(c) The adequacy of controls over the foreign exchange risk management process;
(d) Management’s level of understanding of foreign exchange risk and ability to anticipate and
respond appropriately to changes in foreign exchange rates or economic conditions including
competition in the market; and
(e) The quality of personnel and their responsibilities.
4. Determine whether the risk management system used to measure foreign exchange risk is
appropriate for the level and complexity of the bank’s exposure. Determine whether the major
assumptions used to measure the risk are reasonable.
5. Determine whether assumptions used in the risk measurement system are documented with
sufficient detail so as to allow verification of their reasonableness and accuracy.
6. Assess the timeliness, completeness, accuracy, and relevance of MIS. Consider the sources of
reports, controls over report preparation, and whether reports’ accuracy is independently validated.
This review should be coordinated with the examiners responsible for all functional areas of the
examination, including internal control, to avoid duplication of effort. Findings should be
communicated to the examiner reviewing Operational risk.
8. Assess the adequacy of the system of internal control over foreign exchange risk. Examiners should
take into consideration the relevant controls listed in objective 5 of the “Audit and Internal Control”
section of the core assessment. Examiners should also take into consideration other controls
pertinent to foreign exchange risk.
9. Using the findings under this objective, determine whether the risk management system to identify,
measure, monitor, and control foreign exchange risk is effective. Examiners should consider all
criteria specified in the Risk Rating Guidelines on foreign exchange risk.
Objective 4: Assess the bank’s compliance with prudential requirements on foreign exchange
operations.
Findings should be communicated to the examiner reviewing Management.
142
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
1. In consultation with the EIC and other examiners, identify and communicate to other examiners, as
appropriate, any conclusions and findings from the foreign exchange risk review that are relevant to
other areas being reviewed.
Conclusion:
Interest rate risk assessment (Low, Moderate, or High)
Direction of IRR (Decreasing, Stable or Increasing)
Complete this section’s objective to assign the interest rate risk rating. In assigning the ratings, examiner
should consult with the EIC and other appropriate examiners. When assigning the interest rate risk rating,
examiners should take into consideration rating factors outlined in the Risk Matrix.
CORE ASSESSMENT
MINIMUM SCOPE CORE ASSESSMENT
Objective: Determine the quantity of risk and the quality of risk management for interest rate risk (IRR).
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering actual
or planned:
(a) Changes to the IRR policy (i.e.., limit, structures, risk measurement etc);
(b) Changes in the IRR management process;
(c) Material changes in the bank’s asset and liability structure; and
(d) Changes in the investment portfolio and its impact on IRR.
2. Follow up on significant interest rate risk audit issues identified by the examiner reviewing Audit and
Internal Control section.
4. Assess the bank’s compliance with prudential requirements. Findings should be communicated to the
examiner reviewing Management.
If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the above
information raises substantive issues, the examiner should expand the activity’s scope to include
additional objectives or procedures, as appropriate. If this review does not result in any significant
changes or issues, conclude the interest risk review.
STANDARD CORE ASSESSMENT
143
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(a) Changes to the IRR policy (i.e.., limit, structures, risk measurement etc);
(b) Changes in the IRR management process;
(c) Material changes in the bank’s asset and liability structure; and
(d) Changes in the investment portfolio and its impact on IRR.
2. Review the previous examination reports/any supervisory information to identify any previous
problems that require follow-up in this area.
3. Discuss with the examiner responsible for completing the “Audit and Internal Control” section of the
core assessment whether there are any significant audit findings that require follow-up, or whether a
review of audit work papers is required.
4. Obtain and review the most recent reports prepared by the bank used to monitor and manage IRR,
including ALCO reports.
Objective 2: Determine the appropriateness and effectiveness of the risk management practices over
investments portfolio.
Procedures:
1. Evaluate board and senior management oversight. Consider:
2. Review pre-purchase analyses of recent investments, and determine whether the analyses provide
adequate information to understand the price sensitivity of the security.
3. Determine whether the limits established by management are reasonable and serve as an appropriate
subset of bank-wide IRR limits, given the bank’s capital, earnings and management’s expertise.
(a) Whether significant risks in the bank’s investment activities are understood and properly
reported;
(b) Whether the bank performs and documents the results of stress testing; and
(c) Periodic evaluations of aggregate risk exposure and the overall performance of the investment
portfolio.
(a) The composition and maturities of assets and liabilities (GAP Analysis);
(b) The volatility of the net interest margin over time;
(c) The support provided by low-cost, stable non-maturity deposits (Savings and current).
2. Review the level and trend of earnings-at-risk as indicated by the bank’s risk measurement system, if
any.
144
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
3. Using the findings from performing the above procedures and considering the relevant factors,
consult with the EIC and other appropriate examiners to determine the quantity of interest rate risk.
Objective 4: Determine the quality of risk management for interest rate risk.
Procedures
1. Obtain interest rate risk-related information from the examiner assigned to review board minutes.
Review, as appropriate, minutes of ALCO or any committee responsible for overseeing IRR.
2. Determine whether the board has approved policies establishing responsibility for the management of
IRR, communicating risk tolerance, and providing sound guidelines for the management of IRR.
3. Assess the effectiveness of management and the board in overseeing IRR. Consider:
(a) The existence and reasonableness of board-approved limits for exposure to IRR; and.
4. Determine whether the risk management system used to measure the effect of interest rate changes to
earnings is appropriate for the level and complexity of the bank’s exposure and whether the major
assumptions used are reasonable.
5. Determine whether the risk management system used to measure the effect of interest rate changes to
economic value is appropriate for the level and complexity of the bank’s exposure and whether the
major assumptions used are reasonable.
6. Determine whether assumptions used in the risk measurement system are documented with sufficient
detail so as to allow verification of their reasonableness and accuracy.
8. Assess the timeliness, completeness, accuracy, and relevance of MIS. Consider the sources of report,
controls over report preparation, and whether reports’ accuracy is independently validated. Findings
should be communicated to the examiner reviewing operational risk.
9. Determine whether a competent, independent review process periodically evaluates the effectiveness
of the IRR management system. In reviewing measurement tools, evaluators should determine
whether the assumptions used are reasonable and whether the range of interest rate scenarios
considered are appropriate.
10. Assess the adequacy of the system of internal control over IRR. Examiners should take into
consideration the relevant controls listed in objective 5 of the “Audit and Internal Control” section of
the core assessment. Examiners should also take into consideration other controls pertinent to IRR.
11. Using the findings from the above procedures, determine whether the risk management system to
identify, measure, monitor, and control IRR is effective. Examiners should consider all criteria
specified in the Risk Management Guidelines for interest rate Risk.
145
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Objective 4: Assess the bank’s compliance with prudential requirements on interest rate.
Findings should be communicated to the examiner reviewing Management.
1. In consultation with the EIC and other examiners, identify and communicate to other examiners as
appropriate any conclusions and findings from the interest rate risk review that are relevant to other
areas being reviewed.
Complete this section’s objectives to assign the operational risk rating. In assigning the rating, examiner
should consult with the EIC and other appropriate examiners. When assigning the operational risk rating,
examiners should take in to consideration rating factors outlined in the Risk Rating Guidelines (Appendix
XXIX).
CORE ASSESSMENT
MINIMUM SCOPE CORE ASSESSMENT
Objective: Determine the quantity of risk and quality of operational risk management.
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering:
(a) Actual system failures, service interruptions and frauds since previous examination;
(b) Actual or planned changes to the current or new business initiatives;
(c) Changes to the policies ad procedures to accommodate new activities or products;
(d) Changes in the financial condition of, or quality of service provided by, IT vendors and/or other
service providers;
(e) Actual or planned changes in IT vendors and/or other service providers’ systems, applications,
distribution channels, or personnel;
(f) Changes in the information security or contingency planning processes;
(g) Changes in the processes or reports management uses to monitor operational risk; and
(h) Impact of the changes noted above on the bank’s operational risk.
2. Follow up on significant audit issues related to operational risk identified by the examiner reviewing
the Audit and Internal Controls Section.
146
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(a) Report on compliance with internal policies and procedures, legal and regulatory requirements;
(b) Report on customer complaints;
(c) The extent and impact of staff turnover;
(d) Report on actual or potential litigations against the bank;
(e) Report on external market information about events and conditions that may have an impact on
the bank’s operations;
(f) Results of tests of the bank’s IT security and management’s response;
(g) Results of tests of the bank’s contingency plan and management’s response;
(h) Reports on operational risk profile of the bank submitted to the board;
(i) Recent MIS reports on frauds, business disruption, system failures, and processing errors and
losses; and
(j) Documentation for major IT initiatives.
4. Assessment on compliance with laws and other prudential requirements should include the
following:
(a) NBE Establishment Proclamation No. 591/08 and Banking Business Proclamation No. 592/08
on issues not specifically covered in other areas of liquidity, asset quality, capital, market risk,
audit and internal control;
(b) NBE Directives No. SBB: 3-4/95; 9-10/95; 12-13/96; 19/96; 21/96; 24/99; 26-27/01; 29-31/02;
35-37/04; 38-40/06; 43/08; 44/08; 45/08;
(c) Other relevant laws like those related to labor, tax, etc.
If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the above
information raises substantive issues, the examiner should expand the activity’s scope to include addition
objectives or procedures, as appropriate. If this review does not result in any significant changes or
issues, conclude the operational risk management review.
STANDARD CORE ASSESSMENT
(a) How management administers and controls IT activities throughout the organization;
(b) Actual system failures, service interruptions and frauds since previous examination;
(c) Actual or planned changes to the current or new business initiatives;
(d) Changes to the policies and procedures to accommodate new activities or products;
(e) How management monitors the quality and reliability of outsourced services and support
functions;
(f) Changes in the financial condition of, or quality of service provided by, IT vendors and/or other
service providers;
(g) Actual or planned changes in IT vendors and/or other service providers’ system, applications,
distribution channels, or personnel;
(h) Changes in the information security or contingency planning processes;
(i) Changes in the processes or reports management uses to monitor operational risk; and
(j) Impact of the changes noted above on the bank’s operational risk.
2. Review previous examination reports to identify any problems that require follow-up in this area.
3. Discuss with the examiner responsible for completing the “Audit and Internal Control” section of
the core assessment whether there are any significant audit findings that require follow-up, or
whether a review of audit work papers is required.
147
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
4. If not previously provided, obtain and review lists describing the complexity of the bank’s
processing environment and reports management uses to monitor operational risk, including but not
limited to:
(a) A list of vendors or other service providers, description of the products or services provided,
and bank’s analysis of vendors’ and/or other service providers’ financial condition;
(b) A list of computer systems and networks;
(c) A list of software and applications that support financial information processing or the risk
management process;
(d) Reports used to monitor computer activity, network performance, system capacity, security
violations, and network intrusion attempts:
(e) Report on compliance with internal policies and procedures, legal and regulatory requirements;
(f) Report on external market information about events and conditions that may have an impact on
the bank’s operations;
(g) Results of tests of the bank’s IT security and management’s response;
(h) Results of tests of the bank’s contingency plan and management’s response;
(i) Recent MIS reports on frauds, business disruption, system failures, and processing errors and
losses;
(j) Insurance policies;
(k) Documentation for major IT initiatives;
(l) Reports on operational risk profile of the bank submitted to the board;
5. Using the information obtained above, determine which processes or systems represent the most
significant risks to the bank to review during this examination.
Examiner should also consider:
(a) New regulatory guidance;
(b) Actual or planned organizational changes;
(c) The significance of the system or application in supporting bank products and services;
(d) The volume or average size of transactions processed;
(e) The overall complexity of the bank’s It environment;
(f) Management reliance on the application or its output; and
(g) Recent audit coverage provided internally or externally.
6. If an area of higher risk is identified, expand the review as necessary to assess the additional risks
inherent in such activities using procedures from the Examination Procedures.
Objective 2: Determine the quantity of operational risk.
Procedures:
1. Obtain and review the following information and documents, as appropriate:
(a) Reports on actual or attempted internal and external frauds, noting frequency and volumes of
losses;
(b) Levels of staff turnover and their impact on the bank’s operations;
(c) Number and frequency of customer complaints noting nature, seriousness of the complaints and
management’s responses;
(d) Number of actual and potential litigations against the bank determining the amount involved;
(e) Number and frequency of processing errors and losses, establishing nature and seriousness of
the errors; and
(f) Frequency of systems failures, establishing nature and impact on the bank’s operations.
Objective 3: Assess the quality of operational risk management.
Procedures:
148
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
1. Obtain information regarding operational risk from the examiner assigned to review board
minutes. Review, as appropriate, minutes of any committee responsible for overseeing
operational risk.
2. Analyze applicable internal and external audit reports as they relate to operational risks.
(a) Whether the board has clearly articulated and communicated policies and guidelines
outlining lines of authority/responsibility for the management of operational risk;
(b) If systems to evaluate operational risks involved in all products, and processes;
(c) Whether policies and operational manuals are reviewed frequently; and
(d) Whether Management addresses deficiencies revealed from Audit, examinations timely.
4. Review organizational charts, job descriptions, compensation, staff turnover, and training
programs to ensure that the bank has a sufficient number of personnel with the expertise the
bank requires.
5. Review the effectiveness of the bank’s management and monitoring of vendor and other service
providers by evaluating the following:
6. Determine the adequacy of and compliance with IT security policy. Consider the following:
(a) Whether the policy has been approved and overseen by the board;
(b) Whether it is adjusted, as appropriate, for changes in the bank’s (or service provider’s)
processing environment or systems; and
(c) Whether it prescribes reports to the board (or committee) on the overall status of the IT
security and the bank’s compliance with the policy.
7. Review MIS reports for significant IT systems and activities to ensure that risk identification,
measurement, control, and monitoring are commensurate with the complexity of the bank’s
technology and operating environment. MIS should be timely, accurate, complete, and
relevant. Consider:
8. Review insurance policies to determine whether they are current and provide adequate
coverage.
9. Determine whether the volume and nature of fraud and processing losses, network and
processing interruptions, customer-reported processing errors, or audit criticisms lower the
quality of automated activities and services.
10. Determine whether the bank’s risk assessment process for customer information and its test of
149
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
key controls, systems, and procedures in the bank’s system security are commensurate with the
sensitivity of the information and the complexity and scope of the bank’s activities.
11. Assess the timeliness, completeness, accuracy, and relevance of MIS for operational risk.
Consider the source of reports, controls over report preparation, and independent validation of
report accuracy. Risk management reports should cover major sources of operational risk
identified above.
12. Using the findings from the above procedures, combined with the information from the EIC and
other appropriate examiners, make preliminary judgments on the quality of operational risk
management systems. Consider whether:
(a) Board and Management recognize and understand existing and emerging risks;
(b) The board establishes and communicates policies for operational risk management;
(c) Management measures risk in an accurate and timely manner; and
(d) Management accurately and appropriately monitors established risk limits.
Objective 4: Assess the adequacy of controls to assure the integrity of data and the resulting MIS
reports.
Note: The review should be coordinated with the examiners responsible for the review of other risks and
the internal control portion of the examination to avoid duplication of effort.
Procedures:
150
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
1. Evaluate the separation of duties and responsibilities in the operation and data processing areas.
Check if the following duties are segregated:
2. Review controls and audit trails over master file change requests (such as address changes, due
dates, loan payment extensions or renewals, loan or deposit interest rates, and the service charge
indicator). Consider:
(a) Individuals authorized to make changes and potential conflicting job responsibilities;
(b) Documentation/audit trail of authorized changes; and
(c) Procedures used to verify the accuracy of master file changes.
3. Assess adequacy of controls over changes to systems, programs, data files, and personal-computer-
based applications. Consider:
4. Determine whether employees’ level of online access (blocked, read-only, update, override, etc.)
match current job responsibilities.
5. Evaluate the effectiveness of password administration for employee and customer passwords
considering the complexity of the processing environment and type of information accessed.
Consider:
6. Determine whether the bank has removed/reset default profiles and passwords from new systems an
equipment and determine whether access to system administrator level is adequately controlled.
Objective 5: Evaluate the effectiveness of controls to protect data confidentiality, i.e. to prevent the
inadvertent disclosure of confidential information.
Procedures:
1. Evaluate systems used to monitor access and detect unauthorized internal or external attempts to
access the bank’s systems (i.e. intruder detection).
2. Evaluate control and security for data transmitted to or from remote location. Consider:
151
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
transmission.
3. Evaluate controls over remote access (by modem or internet link) to ensure use/access by authorized
users only.
Objective 6: Assess the adequacy of the bank’s policies and procedures to ensure the availability of
automated information and ongoing support for IT-based products and services.
Procedures:
1. Review the written business resumption contingency plan. Consider whether:
(a) The plan gives alternative mechanisms for resuming service in the event of an outage;
(b) The plan adequately addresses all mission-critical activities or services; and
(c) The board of directors or a board committee annually reviews the plan.
2. Review the annual validation of the contingency plan, including backup/alternate site test findings.
Determine whether the board and senior management were apprised of the scope and results of the
backup test.
3. If third-party service providers provide mission-critical activities or systems, ensure that the bank’s
recovery plan is compatible with the business recovery plans of the service providers.
5. Assess processes and procedures to prevent destruction of electronic files and other storage media.
Consider:
6. Determine whether only authorized personnel have access to the computer area, electronic media,
supplies of negotiable items, and whether equipment and networks supporting mission-critical
services are appropriately secured. Consider physical security as well as environmental controls.
Objective 7: Assess the bank’s processes for managing operational risk
Procedures:
152
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
1. Analyze applicable internal and external audit reports as they relate to operational risks.
2. Determine whether the volume and nature of fraud and processing losses, network and processing
interruptions, customer-reported processing errors, or audit criticisms lower the quality of automated
activities and services.
3. Determine whether the bank’s risk assessment process for customer information and its test of key
controls, systems, and procedures in the bank’s system security are commensurate with the
sensitivity of the information and the complexity and scope of the bank’s activities.
4. Assess the timeliness, completeness, accuracy, and relevance of MIS for operational risk. Consider
the source of reports, controls over report preparation, and independent validation of report
accuracy. Risk management reports should cover major sources of operational risk identified above.
5. Using the findings from the above procedures, combined with the information from the EIC and
other appropriate examiners, make preliminary judgments on the quality of operational risk
management systems. Consider whether:
(a) Board and Management recognize and understand existing and emerging risks;
(b) The board establishes and communicates policies for operational risk management;
(c) Management measures risk in an accurate and timely manner; and
(d) Management accurately and appropriately monitors established risk limits.
Objective 8: Assess the bank’s compliance with laws and other prudential requirements.
Assessment on compliance with laws and other prudential requirements should include the following:
1. NBE Establishment Proclamation No. 591/08 and Banking Business Proclamation No. 592/08
on issues not specifically covered in other areas of liquidity, asset quality, capital, market risk,
audit and internal control;
2. NBE Directives No. SBB: 3-4/95; 9-10/95; 12-13/96; 19/96; 21/96; 24/99; 26-27/01; 29-31/02;
35-37/04; 38-40/06; 43/08; 44/08; 45/08; and
153
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
2. Communicate to other examiners as appropriate any conclusions and findings from the
operational risk review that are relevant to other areas being reviewed;
3. Use the results of the foregoing procedure and any other applicable examination findings to
compose comments on operational risk for the report of examination;
4. Examiner should incorporate findings from review of Audit and Internal Controls in arriving at
the rating of operational risk;
Conclusion:
Capital is rated (1, 2, 3, 4, or 5)
Complete this section’s objectives to assign the capital adequacy rating. In assigning the rating, examiner
should consult with the EIC and other appropriate examiners. When assigning the capital adequacy rating,
examiners should take into consideration rating factors outlined in the CAMEL Rating Guidelines
(Appendix XXVIII).
CORE ASSESSMENT
MINIMUM SCOPE CORE ASSESSMENT
Objective: Determine the capital rating and any potential impact on the bank’s risk assessment.
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering:
a. The bank’s present condition and future plans (e.g. dividends, growth of operations,
new products, and strategic initiatives, including any plans to raise and deploy
significant new injections of capitals); and
b. Actual or planned changes in controlling ownership.
2. Follow up on significant capital audit issues identified by the examiner reviewing the bank’s
Audit and Internal Control Section.
4. Assess the bank’s compliance with prudential requirements. Findings should be communicated to
the examiner reviewing Management.
154
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
After consultation with examiners reviewing other areas, the examiner should consider if the bank’s
activities, risk profile, or risk controls have changed significantly, or if review of the above information
raises substantive issues, the examiner should expand the activity’s scope to include additional objectives
or procedures, as appropriate. If this review does not result in any significant changes or issues, conclude
the capital review.
STANDARD CORE ASSESSMENT:
(a) The bank’s present condition and future plans (e.g. dividends, growth of operations, new
products, and strategic initiatives, including any plans to raise and deploy significant new
injections of capital); and
(b) Actual or planned changes in controlling ownership.
2. Review the previous examination reports/any supervisory information to identify any problems that
require follow-up in this area.
3. Discuss with the examiner responsible for completing the Audit and Internal Control section of the
core assessment whether there are any significant audit findings that require follow-up, or whether a
review of audit work papers is required.
2. Obtain capital-related information from the examiner assigned to review board minutes.
(a) Dividends;
(b) Earnings;
(c) Asset quality and adequacy of allowance for probable losses;
(d) Historical and planned growth;
(e) On-and off-balance-sheet activities;
(f) Strategic initiatives, including any plans to raise and deploy significant new injections of
capital;
(g) Financial plans and budgets, including replacement costs for fixed assets and technology;
(h) New products, services, or distribution channels; and
(i) Related organizations (parent, subsidiary, associate, etc).
155
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Objective 3: Determine the risk to capital posed by the level (composite risk) or direction of any
applicable risks.
In consultation with the EIC and other examiners, decide whether the composite risk or direction of any
risk has an adverse impact on current or future capital adequacy.
Objective 4: Determine the quality of risk management systems through discussions with management
and analysis of applicable information.
Procedures:
1. Assess the bank’s system of internal controls over the capital accounts. Take into considerations the
relevant controls listed in objective 5 of the Audit and Internal Control section of the core assessment.
Also take into consideration other controls pertinent to capital.
2. Assess the timelines, completeness, accuracy, and relevance of MIS for capital. Consider the sources
of reports, controls over the preparation of reports, and whether the reports’ accuracy is
independently validated. This review should be coordinated with the examiners responsible for all
functional areas of the examination, including internal controls, to avoid duplication of effort,
findings should be communicated to the examiner reviewing operational risk.
Objective 5: Assess the bank’s compliance with prudential requirements.
Findings should be communicated to the examiner reviewing Management.
(a) Adjust the bank’s reported capital computation to reflect the results of the examination and
communicate them to appropriate examiners.
Consider:
(b) In consultation with the EIC and other examiners, identify and communicate to other examiners as
appropriate any conclusions and findings from the capital review that are relevant to other areas being
reviewed.
(c) Use the results of the foregoing procedures and any other applicable examination findings to make a
summary for the report of examination.
Conclusion:
156
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Complete this section’s objectives to assign the earnings rating. In assigning the ratings, examiners
should consult with the EIC and other appropriate examiners. When assigning the earnings rating,
examiners should take into consideration rating factors outlined in the CAMEL Rating Guidelines
(Appendix XXVIII).
CORE ASSESSMENT
MINIMUM SCOPE CORE ASSESSMENT
Objective: Determine the earnings component rating and any potential impact on the bank’s risk
assessment.
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering:
2. Follow up on significant earnings audit issues identified by the examiner reviewing the bank’s Audit
and Internal Control section.
4. Assess the bank’s compliance with prudential requirements. Findings should be communicated to the
examiner reviewing Management.
5. After consultation with examiners reviewing other areas, the examiner should consider if the bank’s
activities, risk profile, or risk controls have changed significantly, or if review of the above information
raises substantive issues, the examiner should expand the activity’s scope to include additional
objectives or procedures, as appropriate. If this review does not result in any significant changes or
issues, conclude the earnings review.
STANDARD CORE ASSESSMENTS:
2. Discuss with the examiner responsible for completing the Audit and Internal Controls section of the
core assessment whether there are any significant audit findings that require follow-up.
157
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
2. Obtain earnings-related information from the examiner assigned to review board minutes.
3. As necessary, discuss earnings trends and variances with management. Coordinate discussions with
examiners examining other areas.
5. Determine the root causes of any significant trends and the impact of non-recurring items. Consider:
6. As appropriate, adjust the bank’s reported earnings to reflect the results of the examination and project
the current year’s net income. Distribute adjustments to appropriate examiners.
Objective 4: Determine the risk to bank earnings posed by the level (composite risk) or direction of any
applicable risks.
In consultation with the EIC and other examiners, decide whether the level or direction of any risk has an
adverse impact on the bank’s current or future earnings.
Objective 5: Determine the quality of risk management systems through discussions with management and
analysis of applicable internal and external audit reports, and any other relevant reports.
Procedures:
1. Assess the bank’s system of internal controls over income and expense accounts, examiners should take
into consideration the relevant controls listed in objective 5 of the Audit and Internal Control section of
the core assessment. Examiners should also take into consideration other controls pertinent to earnings.
2. Assess the timelines, completeness, accuracy, and relevance of MIS for earnings. Consider the source
158
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
of reports, controls over the preparation of reports, and whether the reports’ accuracy is independently
validated. This review should be coordinated with the examiners responsible for all functional areas of
the examination, including internal controls, to avoid duplication of efforts; findings should be
communicated to the examiner reviewing operational risk.
Objective 6: Assess the bank’s compliance with prudential requirements.
Findings should be communicated to the examiner reviewing Management.
Consider whether there is a need for expanded procedures for the areas of concerns. Expanded procedures
are available in the Examination Procedures. The extent to which examiners will expand procedures will be
decided on a case-by-case basis.
(a) Use the results of the foregoing procedures and any other applicable examination findings to compose
appropriate comments for the report of examination.
(b) In consultation with the EIC and other examiners, identify and communicate to other examiners as
appropriate any conclusions and findings from the earnings review that are relevant to other areas being
reviewed.
Complete this section’s objectives to assess the quality of the bank’s overall audit and system of internal
controls. In completing these assessments, the examiner should consult the EIC and other appropriate
examiners. Consider the following factors when assessing the quality of audit and internal controls:
CORE ASSESSMENT
159
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(c) Changes in board audit committee, audit department’s structure, management and staffing; and
(d) Actual or planned changes to audit plan and compliance to the plans.
(a) Board/audit committee minutes and related internal/external audit packages and information
submitted to the board/audit committee; and
(b) A small sample of internal audit work papers. The sample should focus on high-growth or high-
risk areas, and any new products or services offered by the bank. Communicate any significant
weaknesses identified by audit to the examiners assigned to review other functional areas for
follow-up as appropriate.
3. Assessment on compliance with laws and other prudential requirements. Findings should be
communicated to the examiners reviewing Management.
4. If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the
above information raises substantive issues, the examiner should expand the activity’s scope to
include additional objectives or procedures, as appropriate. If this review does not result in any
significant changes or issues, conclude the audit and internal controls review.
The examination will include a sample of internal audit work papers, representing a cross-section of the
bank’s functions, activities and bank-assigned internal audit ratings. The sample should focus on high-
growth, substantive, or high-risk areas, and any new products or services offered by the bank.
Procedures:
1. At the beginning of examination, hold discussions with appropriate management covering the
following:
(a) Most recent external audit engagement letter and other written communications between the bank
and the external auditor;
(b) Internal and external audit reports issued since the last examination including management
letters;
(c) Current year internal and external audit plan/schedule and status reports;
(d) Management’s responses to internal and external audit reports issued since the last examination;
(e) Detailed listing of duties/responsibilities of internal auditor;
(f) Resumes of audit staff including educational and work background professional certifications,
and recent developmental training;
(g) Audit committee minutes or excerpts of board minutes applicable to audits since the last
examination and audit packages and information submitted to the audit committee or board;
(h) In the event the bank has been allowed by NBE to outsource internal audit services, obtain and
review outsourcing contracts/agreements/reports, etc.
3. Discuss with the examiners responsible for completing other areas any significant audit findings that
require follow-up.
4. In consultation with the EIC and examiners assigned other areas, identify and select an appropriate
160
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
sample of internal audit work papers for validation purposes. Consider having other examiners review
the internal audit work papers associated with those activities.
Note: in most situations, a work paper review of the procedures and testing performed by the internal
auditor should be sufficient in scope to substantiate conclusions about the quality and reliability of the
audit work. Audit procedures should not be re-performed.
Objective 2: Determine the quality of audit committee oversight of the bank’s audit programs
1. Obtain audit-related information from the examiner assigned to review board minutes. Review and
discuss with management, as appropriate, audit committee minutes or summaries and audit
information packages to determine whether:
a. Internal and external audit plans, policies, and programs, including any changes/updates and
selection/termination of external auditors or outsourced internal audit vendors, are
periodically reviewed and approved by the board of directors or its audit committee;
b. The board audit committee meets regularly with internal auditor, receives sufficient
information and reports to effectively monitor the audit and ensure that internal and external
auditors are independent and objective in their findings;
c. The board audit committee monitors, tracks, and, when necessary, provides discipline to
ensure that management properly addresses control weaknesses noted by internal or external
auditors and examiners;
d. Audit findings and management’s responses are reported directly to the board audit
committee;
e. The board audit committee retains auditors who are fully qualified to audit the kinds of
activities in which the bank is engaged. They work with internal and external auditors to
ensure that the bank has comprehensive audit coverage to meet the risks and demands posed
by its current and planned activities;
f. The board audit committee periodically evaluates the operations of the internal audit
function, including outsourced internal audit activities (if any), and has significant input into
the performance evaluation of the internal auditor or outsourced internal audit vendor; and
161
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
2. Determine the competence and independence of the internal audit staff. Consider:
3. In case where internal audit services have been outsourced, review outsourcing arrangement contracts
or engagement letter and determine whether they adequately address the roles and responsibilities of
the bank and the internal audit outsourcing vendor. Determine whether:
4. The arrangement maintains or enhances the quality of internal audit and internal control.
5. Key bank employees and the vendor clearly understands the lines of communication and how the
bank will address internal control or other problems noted by the vendor;
6. The board and management perform sufficient due diligence to verify the vendor’s competence and
objectivity before entering into the outsourcing arrangement. The bank has an adequate process for
periodically reviewing the vendor’s performance effectively throughout the life of the arrangement.
2. If a statutory audit was performed, determine what type of opinion was issued (unqualified or
qualified).
3. Determine whether the external audit program is appropriate given the bank’s size, the nature and
extent of its activities and operations, and its risk profile.
a. The organizational structure of the bank (e.g. centralized or decentralized authorities and
responsibilities, and reporting relationships);
162
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
a. The effectiveness of the system to identify, measure, monitor, and control the risks;
b. The responsiveness of the system to changing risk conditions; and
c. The competency, knowledge, and skills of personnel.
4. Assess the bank’s accounting, information, and communication systems. As appropriate, determine
whether:
a. MIS identifies and captures relevant internal and external information in a timely manner;
b. Systems ensure accountability for assets and liabilities;
c. Information systems ensure effective communication of positions and activities; and
d. Business resumption and contingency planning for information systems are adequate.
Objective 6: Assess the bank’s compliance prudential requirements. Findings should be communicated to
the examiner reviewing Management.
163
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
identify the extent of problems and determine their effect on bank operations. Consider expanding
procedures if any of the following issues are identified:
2. If warranted, develop action plans to address audit or control deficiencies before conducting
the exit meeting. Consider management’s ability to correct the bank’s fundamental
problems.
3. Use the results of the foregoing procedures and any other applicable examination findings to
compose appropriate comments for inclusion in the report of examination.
4. Incorporate the results of the above assessments into the relevant risk ratings. Emphasis
should specifically be made on operational risk ratings.
5. In consultation with the EIC and other examiners, identify and communicate to other
examiners as appropriate any conclusions and findings from the audit and internal controls
review that are relevant to other areas being reviewed.
6. Communicate conclusions regarding the quality of audit and the system of internal controls
to the EIC or examiner responsible for consolidating conclusions from the “Management”
Section.
Complete this section’s objectives to assign the management raring. In assigning the rating, examiner
should consult with the EIC and other appropriate examiners. When assigning the management rating,
examiners should take into consideration rating factors outlined in the CAMEL Rating Guidelines
(Appendix XXVIII)
CORE ASSESSMENT
MINIMUM SCOPE CORE ASSESSMENT
Objective: Determine the management component rating, and consider the potential impact of these
findings on the bank’s risk assessment.
Procedures:
1. At the beginning of the examination, hold discussions with appropriate management covering actual or
planned changes in:
164
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
2. Follow up on significant management audit issues identified by the examiner reviewing the bank’s
Audit and Internal Control section.
4. Communicate with examiners reviewing other areas to assess level of compliance with the following:
(a) NBE Establishment Proclamation No. 591/08 and Banking Business Proclamation No. 592/08 on
issues not specifically covered in other areas of liquidity, asset quality, capital, market risk, audit
and internal control;
(b) NBE Directives No. SBB: 3-4/95; 9-10/95; 12-13/96; 19/96; 21/96; 24/99; 26-27/01; 29-31/02;
35-37/04; 38-40/06; 43/08; 44/08; 45/08; and
(c) Other relevant laws like those related to labor, tax, etc.
If the bank’s activities, risk profile, or risk controls have changed significantly, or if review of the above
information raises substantive issues, the examiner should expand the activity’s scope to include additional
objectives or procedures, as appropriate. If this review does not result in any significant changes or issues,
conclude the management review.
STANDARD CORE ASSESSMENT
2. Review the supervisory information to identify any problems that require follow-up in this area.
3. Discuss with the examiner responsible for completing the audit and internal control section of the core
assessment whether there are any significant audit findings that require follow-up.
165
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
5. Update the list of directors and executive officers in work papers, as appropriate.
1. At the beginning of the examination, discuss with senior management and other members of
management, as appropriate:
2. Review, as appropriate, the minutes of board and committee meetings held since the last examination.
Identify:
a. Areas of significant risk in the bank that are not being reported appropriately to the board or
its committees;
b. Potential or actual violations of law, regulations or policies. Report any violations of laws,
regulations, and policies to the EIC;
c. Actual or planned changes in bank operations or strategy and whether these were approved as
part of the bank’s strategic planning process;
d. Individuals or factions exercising control over the bank;
e. Directors who are involved in the management of the bank, and the degree of their
involvement;
f. Changes in the bylaws or articles of association;
g. Directors who do not regularly attend board or committee meetings. Determine:
3. After reviewing board minutes, provide examiners of other areas with any significant information
obtained about those areas. Consider having the examiner responsible for other areas review minutes
of any committee that oversee it.
4. Review how the board and management select and retain competent staff. Consider as appropriate:
a. Requirements for annual performance reviews of senior management and other staff;
b. Length of vacancies in key positions;
c. Reasonableness of employment contracts;
d. Compensation programs; and
e. Recruitment methods.
5. Review the bank’s vulnerability to self-dealing and the level of compliance with established laws,
regulations, and policies regarding insider transactions and activities.
6. Review pending or threatened litigation with management to determine whether litigation has a
166
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
7. Review the relationship (financial or operational) between the bank and its related organizations.
Determine whether the transitions between the bank and its related organizations are legal and conform
to proper accounting standards and regulatory requirements. Consider the impact on Earnings and
Capital.
8. Review how management plans for new products and services. Consider whether the bank performs
feasibility analysis covering:
a. Financial projections;
b. Risk analysis; and
c. Legal opinions.
Objective 3: Determine the quality of risk management systems
1. After completing the above procedures, consult with other appropriate examiners to make preliminary
judgments on the adequacy of risk management systems. Consider whether:
a. Board and Management recognize weaknesses and understand existing or emerging risks;
b. The board establishes, communicates, and controls risk limits through policies;
c. Management measures risk in an accurate and timely manner; and
d. Management accurately and appropriately monitors established risk levels.
2. In consultation with other examiners, determine whether findings from other areas (e.g. quantity of
risk, quality of risk management practices, direction of risk, or composite risk) affect the management
conclusion. Comment as necessary.
Objective 4: Determine the level of compliance with legal and regulatory requirements.
Communicate with examiners reviewing other areas to assess level of compliance with the following:
(a) NBE Establishment Proclamation No. 591/08 and Banking Business Proclamation No. 592/08 on
issues not specifically covered in other areas of liquidity, asset quality, capital, market risk, audit and
internal control;
(b) NBE Directives No. SBB: 3-4/95; 9-10/95; 12-13/96; 19/96; 21/96; 24/99; 26-27/01; 29-31/02; 35-
37/04; 38-40/06; 43/08; 44/08; 45/08; and
(c) Other relevant laws like those related to labor, tax, etc.
Objective 5: Conclude the management review
1. In consultation with the EIC and other examiners, identify and communicate to other examiners as
appropriate any conclusions and findings from the management review that are relevant to other areas
being reviewed.
2. Use the results of the foregoing procedure, the conclusions on the quality of audit and the system of
internal controls, bank’s risk profile, other CAMEL components and any other applicable examination
findings to compose appropriate comments for the report of examination.
CONCLUSION OF EXAMINATION
Conclusion:
167
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
To conclude the supervisory cycle, examiners will meet all objectives under this section, regardless of the
bank’s risk designation.
2. Using the assessments made on the four individual risks, the EIC should establish the bank’s overall
risk rating.
Objective 2: Determine and update the bank’s CAMEL ratings.
1. Draw and record conclusions on each CAMEL component rating.
2. Using conclusions made in each of the CAMEL component, determine the bank’s composite rating.
Objective 3: Finalize the examination.
1. Prepare the draft Report of Examination (ROE) as per format prescribed in Appendix XXX.
2. Perform a final technical check to make sure that the report is accurate and acceptable. The check
should ensure that:
3. EIC should ensure that team leaders for each risk categories members submit their findings in a
standard template as per RBS ROE.
5. If there is any critical issue which needs immediate supervisory attention, the EIC should inform
banking supervision management before the exit meeting to develop a strategy for addressing the
problem.
6. Hold an on-site exit meeting with bank’s management to discuss examination findings:
7. Update the draft report and send it to quality assurance committee for quality assurance.
8. Incorporate the quality assurance comments and get comments of banking supervision management on
the draft report.
10. Forward the final report with the transmittal letter to management for signatures.
11. Distribute the report to the Chairperson of the bank, with copies to the bank’s Chief Executive Officer,
the Governor and banking supervision management or process management, as the case may be.
Objective 4: Presentation of the ROE to the board of directors.
1. Prepare for the board meeting by:
168
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Preparing materials such as power point summaries, graphs, etc for the meeting; and
Drafting responses to expected questions and comments.
2. Deputy Director is to present to the board of the bank report of examination. However, presentation
may be delegated to EIC if necessary.
The date and location of the meeting and the names of attendees;
Major items discussed; and
A brief summary of the directors’ reactions to NBE presentation.
Objective 3: Follow up and monitoring.
1. After completion of an examination including presentation of the report to the board or directors, the
Desk Officer of that bank should make follow-up on implementation of examination instructions and
recommendations.
2. The Desk Officer should maintain an on-going list of issues to be followed up with bank’s
management within a specified timeframe including ensuring that the bank submits the progress report
every quarter. The results should be incorporated in the institutional profile.
169
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXVII
170
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
NB: Between information request letter and on-site examination there should be at least 24 days out of which:
APPENDIX: XXVIII
171
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXIX
172
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
B: LIQUIDITY RISK
RATIO FORMULA INTERPRETATION
Liquid assets to current This ratio is calculated by taking the This is intended to capture the
liabilities (liquid asset sum of all assets maturing within one liquidity mismatch of assets and
ratio) year divided by all liabilities with the liabilities, and provides an indication
same maturity period of the extend to which banks could
meet short term withdrawal of funds
without facing liquidity problems
Excess short term This ratio is calculated by taking the Measures the extent to which long
liabilities to long term short term liabilities minus short term term assets have been financed by
assets assets (excess short term liabilities) short term liabilities
divided by long term assets i.e. assets
with maturity of more than one year
Gross loans to total This is calculated by taking gross loans Measure the extent to which deposits
deposits divided by total deposits have financed loan portfolio which
are considered illiquid assets
C: MARKET RISK
A: CAPITAL ADEQUACY
RATIO FORMULA INTERPRETATION
Total Capital/TRWA+ This ratio is calculated by taking total This is intended to measure capital
173
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
OBSE capital divided by the sum of risk adequacy of a bank relative to risk
weighted assets and risk weighted off profile of a bank
balance sheet exposures
Absolute Total Capital This is available total capital of a bank This is intended to compare available
Amount total capital against the minimum
legal requirement
B: ASSET QUALITY
RATIO FORMULA INTERPRETATION
NPLs to Gross Loans This ratio is calculated by taking the This is intended to identify problems
value of non performing loans (all with asset quality in the loan
loans classified as substandard or portfolio. An increasing ratio may
worse) as the numerator and the total signal deterioration in the quality of
value of loan portfolio, (including credit portfolio hence increase in
NPLs and before the deduction of credit risk
specific loan loss provisions) as the
denominator
Large Exposures to This ratio is calculated by taking the This is intended to identify
Total Capital sum of all loans with outstanding vulnerabilities arising from the
balances of 10% or more of the bank’s concentration of credit risk. Large
total capital divided by total capital exposure refers to one or more credit
exposures to the same individual or
group that exceeded 10% of total
capital.
NPLs Net of This is calculated by taking the value of This is intended to compare the
Provisions to Total non performing loans less the value of potential impact on capital of Non-
Capital specific loan loss provisions as the performing Loans, net of provisions.
numerator and total capital as the It can provide an indication of the
denominator capacity of bank capital to withstand
NPL-related losses
C: EARNINGS
RATIO FORMULA INTERPRETATION
Return on Average This ratio is calculated by dividing net This is intended to measure bank
Assets income by the average value of total efficiency in using its assets
assets over the same period
Net Interest Income to This is calculated by taking total This is intended to measure bank
Average Interest interest income less total interest efficiency in using its interest bearing
Bearing Assets expense divided by the average of the assets
interest bearing assets
Non-Interest Expense This is calculated by operating This is intended to measure the size
to Gross Income expenses as the numerator, and gross of administrative expenses to gross
income as the denominator income
D: LIQUIDITY
RATIO FORMULA INTERPRETATION
Liquid Assets to This ratio is calculated by taking the This is intended to capture the
Current Liabilities sum of all assets maturing within one liquidity mismatch of assets and
year divided by all liabilities with the liabilities, and provides and
same maturity period indication of the extend to which
banks could meet short term
withdrawal of funds without facing
liquidity problems
Gross Loans to Total This is calculated by taking gross loans Measure the extent to which despots
Deposits divided by total deposits have financed loan portfolio which
are considered illiquid assets
174
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXX
Final CAMEL ratings are arrived at after assessment of both quantitative factors (detailed in A below) and
qualitative factors for each component (detailed under in B below). Initial ratings provided by the
quantitative factors are adjusted upwards or downwards as appropriate after considering the relevant
qualitative factors. Composite CAMEL rating is then assigned considering the definitions detailed in C
below.
NPLs to Gross Loans Large exposures to Total Capital NPLs net of Provisions
to Total Capital
40% 20% 40%
175
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
COMPONENT RATINGS
Early warning ratings will be used as preliminary ratings when assessing each CAMEL
component. Final rating for each component will be determined after taking into account other
evaluation factors as listed under each component.
Each of the component rating descriptions is divided into two sections: a list of the principal
evaluation factors that relate to that component; and a brief description of each numerical rating
for that component. Some of the evaluation factors are reiterated under one or more of the other
components to reinforce the interrelationship between components. The listing of evaluation
factors for each component rating is in no particular order of importance.
The capital adequacy of a bank is rated based upon, but not limited to, an assessment of the
following evaluation factors:
(a) The level and quality of capital and the overall financial condition of the bank;
(b) The ability of management to address emerging needs for additional capital;
176
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(c) The nature, trend, and volume of problem assets, and the adequacy of allowances for probable
losses and other valuation reserves;
(d) Balance sheet composition, including the nature and amount of intangible assets,
concentration risk, and risks associated with non-traditional activities;
(g) Prospects and plans for growth, as well as past experience in managing growth; and
Rating 1: Indicates a strong capital level relative to the bank’s risk profile.
Rating 2: Indicates a satisfactory capital level relative to the bank’s risk profile.
Rating 3: The rating indicates level of capital that does not fully support the bank’s risk
profile and therefore a need for improvement, even if the bank’s capital level
exceeds minimum regulatory and statutory requirements.
Rating 4: Indicates a deficient level of capital. In light of the bank’s risk profile, viability
of the bank may be threatened. Assistance from shareholders or other external
sources of financial support may be required.
Rating 5: Indicates a critically deficient level of capital such that the bank’s viability is
threatened. Immediate assistance from shareholders or other external sources of
financial support is required.
The asset quality of a bank is rated based upon, but not limited to, an assessment of the following
evaluation factors:
(a) The adequacy of underwriting standards, soundness of credit administration practices, and
appropriateness of risk identification practices;
(b) The level, distribution, severity, and trend of problem, classified, non-accrual, restructured,
delinquent, and non-performing assets for both on and off-balance sheet transactions;
(c) The adequacy of the allowance for probable losses and other asset valuation reserves;
(d) The credit risk arising from or reduced by off-balance sheet transactions, such as unfounded
commitments, commercial and standby letters of credit;
(e) The diversification and quality of the loan and investment portfolios;
(g) The adequacy of loan and investment policies, procedures, and practices;
(h) The ability of management to properly administer its assets, including the timely
identification and collection of problem assets;
(i) The adequacy of internal controls and management information systems; and
177
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Ratings
A brief description of each numerical rating for asset quality component is as follows:
Rating 1: Indicates strong asset quality and credit administration practices. Identified
weaknesses are minor in nature and risk exposure is modest in relation to capital
protection and management’s abilities. Asset quality in such banks is of minimal
supervisory concern.
Rating 2: Indicates satisfactory asset quality and credit administration practices. The level
and severity of classifications and other weaknesses warrant a limited level of
supervisory attention. Risk exposure is commensurate with capital protection
and management’s abilities.
Rating 3: Indicates that asset quality or credit administration practices are less than
satisfactory. Trends may be stable or indicate deterioration in asset quality or an
increase in risk exposure. The level and severity of classified assets, other
weaknesses, and risks require an elevated level of supervisory concern. There is
generally a need to improve credit administration and risk management
practices.
.
Rating 4: Is assigned to banks with deficient asset quality or credit administration
practices. The levels of risk and problem assets are significant, inadequately
controlled, and subject the bank to potential losses that, if left unchecked, may
threaten its viability.
Rating 5: Represents critically deficient asset quality or credit administration practices that
present an imminent threat to the bank’s viability.
3.3 Management
The capability and performance of management and the board of directors is rated based upon, but
not limited to, an assessment of the following evaluation factors:
(a) The level and quality of oversight and support of all bank activities by the board of directors
and management;
(b) The ability of the board of directors and management, in their respective roles, to plan for, and
respond to, risks that may arise from changing business conditions or the initiation of new
activities or products;
(c) The adequacy of, and conformance with, appropriate internal policies and controls addressing
the operations and risks of significant activities;
(d) The accuracy, timeliness, and effectiveness of management information and risk monitoring
systems appropriate for the bank’s size, complexity, and risk profile;
(e) The adequacy of audits and internal controls to: promote effective operations and reliable
financial and regulatory reporting; safeguard assets; and ensure compliance with laws,
regulations, and internal policies;
178
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(i) The extent that the board of directors and management are affected by, or susceptible to,
dominant influence or concentration of authority;
(l) The overall performance of the bank and its risk profile.
Ratings
Rating 1: Indicates strong performance by management and the board of directors and
strong risk management practices relative to the bank’s size, complexity, and
risk profile. All significant risks are consistently and effectively identified,
measured, monitored, and controlled. Management and the board have
demonstrated the ability to promptly and successfully address existing and
potential problems and risks.
Rating 2: Indicates satisfactory management and board performance and risk management
practices relative to the bank’s size, complexity, and risk profile. Minor
weaknesses may exist, but are not material to the safety and soundness of the
bank and are being addressed. In general, significant risks and problems are
effectively identified, measured, monitored, and controlled.
Rating 3: Indicates management and board performance that need improvement or risk
management practices that are less than satisfactory given the nature of the
bank’s activities. The capabilities of management or the board of directors may
be insufficient for the type, size or condition of the bank. Problems and
significant risks may be inadequately identified, measured, monitored, or
controlled.
.
Rating 4: Indicates deficient management and board performance or risk management
practices that are inadequate considering the nature of a bank’s activities. The
level of problems and risk exposure is excessive. Problems and significant risks
are inadequately identified, measured, monitored, or controlled and require
immediate action by the board and management to preserve the soundness of the
bank. Replacing or strengthening management or the board may be necessary.
3.4 Earnings
The rating of a bank’s earnings is based upon, but not limited to, an assessment of the following
evaluation factors:
179
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(b) The ability to provide for adequate capital through retained earnings;
(e) The adequacy of the budgeting systems, forecasting processes, and management information
systems in general;
(f) The adequacy of provisions to maintain the allowance for probable losses; and
(g) The earnings exposure to market risk such as interest rate and foreign exchange.
Ratings
Rating 1: Indicates earnings that are strong. Earnings are more than sufficient to support
operations and maintain adequate capital and allowance levels after
consideration is given to asset quality, growth, and other factors affecting the
quality quantity, and trend of earnings.
Rating 2: Indicates earnings that are satisfactory. Earnings are sufficient to support
operations and maintain adequate capital and allowance levels after
consideration is given to asset quality, growth, and other factors affecting the
quality, quantity, and trend of earnings. Earnings that are relatively static, or
even experiencing a slight decline, may receive a 2 rating provided the bank’s
level of earnings is adequate in view of the assessment factors listed above.
Rating 3: Indicates earnings that need to be improved. Earnings may not fully support
operations and provide for the accumulation of capital and allowance levels in
relation to the bank’s overall condition, growth, and other factors affecting the
quality, quantity, and trend of earnings.
.
Rating 4: Indicates earnings that are deficient. Earnings are insufficient to support
operations and maintain appropriate capital and allowance levels. Banks so rated
may be characterized by erratic fluctuations in net income or net interest margin,
the development of significant negative trends, nominal or unsustainable
earnings, intermittent losses, or a substantive drop in earnings from the previous
years.
Rating 5: Indicates earnings that are critically deficient. A bank with earnings rated 5 is
experiencing losses that represent a distinct threat to its viability through the
erosion of capital.
3.5 Liquidity
Liquidity is rated based upon, but not limited to, an assessment of the following evaluation factors:
(a) The adequacy of liquidity sources compared to present and future needs and the ability of the
bank to meet liquidity needs without adversely affecting its operations or condition;
(b) The availability of assets readily convertible to cash without undue loss;
180
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(d) The level of diversification of funding sources, both, on-and off-balance sheet;
(e) The degree of reliance on short-term, volatile sources of funds, including borrowings and time
deposits, to fund longer term assets;
(g) The capability of management to properly identify, measure monitor, and control the bank’s
liquidity position, including the effectiveness of funds management strategies, liquidity
policies, management information systems, and contingency funding plans.
Ratings
Rating 2: Indicates satisfactory liquidity levels and funds management practices. The bank
has access to sufficient sources of funds on acceptable terms to meet present and
anticipated liquidity needs. Modest weaknesses may be evident in funds
management practices.
C. COMPOSITE RATINGS
Composite ratings are based on a careful evaluation of a bank’s managerial, operational, financial,
and compliance performance. The five key components used to assess a bank’s financial condition
and operations are: Capital adequacy, Asset quality, Management capability, Earnings quantity
and quality and the Adequacy of liquidity. The rating scale ranges from 1 to 5 as defined below:
Composite 1
Banks in this group are sound in every respect and generally have components rated 1 or 2. Any
weaknesses are minor and can be handled in a routine manner by the board of directors and
management. These banks are the most capable of withstanding the vagaries of business
conditions and are resistant to outside influences such as economic instability in their trade area.
These banks are in substantial compliance with laws and regulations. As a result, these banks
exhibit the strongest performance and risk management practices relative to the bank’s size
complexity, and risk profile, and give no cause of supervisory concern.
Composite 2
181
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Banks in this group are fundamentally sound. For a bank to receive this rating, generally no
component rating should be more severe than 3. Only moderate weaknesses are present and are
well within the board of directors’ and management’s capabilities and willingness to correct.
These banks are stable and are capable of withstanding business fluctuations. These banks are in
substantial compliance with laws and regulations. Overall risk management practices are
satisfactory relative to the bank’s size, complexity, and risk profile. There are no material
supervisory concerns and, as a result, the supervisory response is informal and limited.
Composite 3
Banks in this group exhibit some degree of supervisory concern in one or more of the component
areas. These banks exhibit a combination of weaknesses that may range form moderate to severe;
however, the magnitude of the deficiencies generally will not cause a component to be rated more
severely than 4. Management may lack the ability or willingness to effectively address weaknesses
within appropriate time frames. Banks in this group generally are less capable of withstanding
business fluctuations and are more vulnerable to outside influences than those banks rated a
composite 1 or 2. Additionally, these banks may be in significant noncompliance with laws and
regulations. Risk management practices may be less than satisfactory relative to the bank’s size,
complexity, and risk profile. These banks require more than normal supervision, which may
include formal or informal enforcement actions. However, failure appears unlikely, given the
overall strength and financial capacity of these banks.
Composite 4
Banks in this group generally exhibit unsafe and unsound practices or conditions. Banks have one
or more of their components rated 5. There are serious financial or managerial deficiencies that
result in unsatisfactory performance. The problems range from severe to critically deficient. The
weaknesses and problems are not being satisfactorily addressed or resolved by the board of
directors and management. Banks in this group generally are not capable of withstanding business
fluctuations. There may be significant noncompliance with laws and regulations. Risk
management practices are generally unacceptable relative to the bank’s size, complexity, and risk
profile. Close supervisory attention is required, which means, in most cases, formal enforcement
action is necessary to address the problems. Failure is a distinct possibility if the problems and
weaknesses are not satisfactorily addressed and resolved.
Composite 5
Banks in this group exhibit extremely unsafe and unsound practices or conditions; exhibit a
critically deficient performance; often contain inadequate risk management practices relative to
the bank’s size, complexity, and risk profile; and are of the greatest supervisory concern. The
volume and severity of problems are beyond management’s ability or willingness to control or
correct. Immediate outside financial or other assistance is needed in order for the bank to be
viable. Ongoing supervisory attention is necessary. Banks in this group pose a significant risk and
failure is highly probable.
182
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXXI
183
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Exposure to placements with other banks (local 2 The appropriateness of management’s response 2
and foreign) to deficiencies identified in policies,
procedures, personnel and control systems.
Policies, procedures and limits: 2
The consistency of the policies with the bank’s 2
overall strategic direction and tolerance limits
Policies should provide guidance on all aspects 2
of risk management function
The appropriateness of policies that establish 1
risk limits or positions and whether the bank
requires periodic review.
Policies address target market, level of 1
diversification, acceptable collateral
Criteria for granting credit facilities. e.g. 1
Purpose of credit, repayment history, etc
Credit evaluation process, administration, and 2
documentation
Approval limits including authority for 2
approving exceptions
Concentration limits on single 2
borrowers/counterparty, group of connected
borrowers/counterparty, products, industry, etc
Strategy on credit pricing is in place 2
Roles and responsibilities of staff in 2
origination and management of credit
Guidance on management of problem loans 2
Guidance on internal rating system 2
Adequacy and appropriateness of credit 2
policies, procedures and limits
Risk Measurement, Monitoring and MIS 3
Adequate and reliable credit analysis including 2
syndicated loans
A system of identifying related borrowers 2
Clear audit trail documenting approval process 2
Criteria for renewing and/or change of terms 2
and conditions of existing credits
184
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
185
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
2. LIQUIDITY RISK
QUANTITY OF RISK (QR) QUALITY OF RISK MANAGEMENT (QRM)
FACTORS Low Moderate High SCORE FACTORS SCORE
Liquid assets to current liabilities (liquid asset ratio) Above 20%-40% Below 1 Board & Management Oversight:
40% 20%
Excess short term liabilities to long term assets Below 0%-20% Above 3 Board approval of liquidity risk strategy and
0% 20% policies
Gross loans to total deposits Below 70%-80% Above 1 Review of strategy and policies at least
70% 80% annually
Quality of personnel and their responsibilities
Others: JUDGEMENTAL 2 Monitoring liquidity risk profile through
reviewing various reports
Level of maturity gap Board outlines content & frequency of reports
Asset & OBSE growth funded by volatile large deposits Management effectively implements
strategies and policies through developing
procedures and practices
The capacity to access additional unsecured market funding (in a normal and in a distressed Establishment of internal controls-lines of
environment) accountability and authority
Any borrowing form NBE (discount window) Timely dissemination of policies, procedures
and other information to individuals involved
The presence of off-balance-sheet items which could result in cash flows to or from the Oversee implementation and maintenance of
balance sheet MIS & other systems for managing the risk
Change in interest rate (refer to interest rate risk factors) Identification and approval of policy
exceptions by the board
Relationship of volume and trends in liquid assets compared with volume and trends of Policies, Procedures and Limits:
liabilities
The loyalty and stability of the customer base Policies should address strategies on
composition of assets and liabilities,
diversification of funding sources how to
manage liquidity in different currencies,
dealing with liquidity disruptions, etc.
Status in the inter-bank market (net borrower or net lender) The consistency of the liquidity policy with
the bank’s overall strategic direction and
tolerance limits
186
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
How external sources of liquidity view the bank’s current and projected: Asset quality, Whether the policy establishes appropriate
earnings, and capital and reputation risk, or other credit-sensitive factors that could influence responsibilities and accountability at every
customer behavior level
Impact of the parent company’s and affiliate’s current and projected: asset quality, earnings, Adequacy of procedures for communicating
capital, & liquidity; reputation risk, strategic risk, or other factors that could influence policies and expectations to appropriate
customer behavior. personnel (starting with the asset-liability
committee (ALCO) or similar committee)
The impact of the external market environment including : relative cost of funds, economic Appropriateness of Liquidity risk
conditions, including job growth, migration, industry concentrations, competition, etc. management tools including limits and the
appropriateness of liquidity guidelines that
establish risk limits or positions and whether
periodic review is required.
Contingency plan for handling liquidity crises
under normal and abnormal circumstances
Policies should provide guidance on all
aspects of risk management function
Risk Measurement, Monitoring and MIS 0.75
187
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
188
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
3. Market Risk
189
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
190
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Internal Controls 2
191
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
192
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
193
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
4. OPERATIONAL RISK
194
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
195
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXXII
3.0 Assessments
3.1 Risk Assessment
3.1.1 Significant Activities and Related Risks
3.1.2 Effectiveness of the RMCF
3.1.3 Adequacy of Capital and Profitability
3.1.4 Composite Risk Rating
5.0 Appendices
196
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
APPENDIX: XXXIII
1.0 Background Information: The Background Information section contains the Institutional
Overview, Scope of Examination and Exit Meeting sub-sections.
2.0 Executive Summary: The Executive Summary section contains Examination Conclusions
regarding Risk and CAMEL Ratings, Supervisory Concerns and Recommendations.
3.0 Assessments: Assessments Section contains Risk Assessment, and CAMEL analysis.
4.0 Other Supervisory Matters: This section includes analysis of those issues that were not
discussed in the previous sections such as introduction of new products, branch expansion,
mergers and acquisitions, etc.
This sub-section should include the following: Ownership, status of the bank, branch network,
date of license and incorporation, major changes in the bank since previous examination.
This sub-section is used to provide statement of reliance placed on the work of internal and
external auditors and other relevant parties, list areas reviewed during the examination and briefly
describe the extent of those reviews. At minimum, the following should be addressed: date of
examination (commencement and conclusion), the type of examination (full-scope, targeted), and
areas of focus based on the results of risk assessment.
Examination Conclusions
197
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
Examiner should report the overall risk and CAMEL rating in a tabular form for current and two
previous examinations.
Examiner should briefly comment on the overall quantity of risks and the quality of risk
management and overall composite risk rating and the direction of risks over the next 12 months.
Examiner should also comment on the highest risk for the bank, its rating and the reasons thereof.
Examiner should briefly comment on the composite CAMEL rating and provide ratings of
individual CAMEL components. Examiner should also comment on the components which have
received unsatisfactory ratings and reasons thereof.
In this section, examiner should list major supervisory concerns and recommendations to address
all weaknesses observed. Recommendations should be specific, time bound and listed in order of
importance.
Examiner should report the overall risk rating and individual risk ratings in a tabular form (Risk
Matrix)
Examiner should provide summary of significant activities and related risks identified; an
assessment of the effectiveness of the RMCF; an assessment of adequacy of capital and the
profitability of the bank; and composite risk rating for the next 12 months. Examiner should also
provide reasons for his/her conclusions regarding the quantity of each type of risk, the quality of
risk management and the direction of a particular risk. Significant issues or concerns are also
indicated here.
Examiner should report the rating of CAMEL components in a tabular form for current and two
previous examinations.
(B) Examiner should comment on the individual CAMEL components ratings and reasons thereof. At
minimum, examiners should provide the following information in each component report:
198
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(a) Adequacy of underwriting standards, soundness of credit administration practices, and appropriateness
of risk identification practices;
(b) The level, distribution, severity, and trend of problem, classified, non-accrual, restructured, delinquent,
and non-performing assets for both on and off-balance sheet transactions;
(c) The adequacy of the allowance for probable losses and other asset valuation reserves;
(d) The credit risk arising from or reduced by off-balance sheet transactions, such as unfounded
commitments, commercial and standby letters of credit;
(e) The diversification and quality of the loan and investment portfolios;
(g) The adequacy of loan and investment policies, procedures, and practices;
(h) The ability of management to properly administer its assets, including the timely identification and
collection of problem assets;
(i) The adequacy of internal controls and management information systems; and
3.2.3 Management
i) Board Oversight;
ii) Senior Management;
iii) Risk Management;
iv) Internal Audit;
v) Compliance; and
vi) Information and Communication.
3.2.4 Earnings
(b) Quality and structure of earnings, adequacy of provisions for probable losses;
(d) Vulnerability to outstanding items, types of activities with high risks, and unconventional sources of
income;
199
Bank Supervision Directorate August 2009
National Bank of Ethiopia Risk Based Supervision Manual
(e) Control over income and expenses including variance analysis of budget vs. actual;
(g) Timely adjustments to the balance-sheet to ensure accurate booking of income and expense;
(h) Impact of possible claims to the bank arising from litigations; and
(i) Income/expense items that should be adjusted in accordance with the results of the examination.
3.2.5 Liquidity
(a) Trends, levels and sources of liquid assets (i.e. those assets that can be easily converted to cash);
(d) Stability of attracted funds with regard to the bank’s level of vulnerability to expensive and unstable
funding sources (inter-bank funds, etc);
(e) Management’s ability and competence to adequately determine, measure, monitor and control the
bank’s liquidity position;
(f) Adequacy of management information systems, contingency planning and compliance with liquidity
requirements including timely and adequate decision making in the funds management areas; and
This section includes analysis of those issues that were not discussed in the previous sections such as:
Section V: Appendices
Appendices section contains various information to support examination observations and conclusions. The
information include comparative balance sheets, comparative income statements, capital analysis, asset
classification, credit concentration, assets with documentation exceptions, list of shareholders, board of
directors and senior management and any other relevant information.
200
Bank Supervision Directorate August 2009