BANK LICENSING,

SUPERVISION & SURVEILLANCE

GUIDELINE No. 2 - 2006/BSD

RISK-BASED SUPERVISION
POLICY FRAMEWORK
OUR VISION
To become the financial cornerstone around which Zimbabwe’s economic fortunes and developmental
aspirations are anchored.

OUR MISSION
The pursuit of the Bank’s vision will express itself through leadership in the formulation, implementation
and monitoring of policies and action plans for fighting inflation, stabilization of the internal and external
value of Zimbabwe’s currency and of the financial system in a manner that gives pride of achievement to
Zimbabweans across the board.

OUR VALUES

1. Fairness and equality in employment opportunities;

2. Openness without offence;
3. Honesty, integrity and uprightness;
4. Transparency in whatever we do in the name of the Bank;
5. Commitment to teamwork and cooperation;
6. Learning organisation;
7. Respect for one another without discrimination;
8. Helpfulness and approachable;
9. Clients and customer focused;
10. Involvement and commitment;
11. Decisiveness, action and results oriented;
12. Accountability;
13. Professionalism;
14. Success-driven;
15. Time conscious;
16. Respect for the environment.

1
TABLE OF CONTENTS
1 INTRODUCTION ........................................................................................................... 3

2 UNDERSTANDING RISK-BASED SUPERVISION ..................................................... 3

3 CONCEPTUAL OVERVIEW OF THE RISK-BASED SUPERVISION

FRAMEWORK ............................................................................................................... 5

4 BENEFITS OF AND RATIONALE OF RISK-BASED SUPERVISION ........................ 9

5 RISK CATEGORIES AND DEFINITIONS .................................................................. 12

6 A GENERIC RISK MANAGEMENT FRAMEWORK ................................................. 15

7 EVALUATION OF RISK MANAGEMENT SYSTEMS ............................................... 16

8 UNDERSTANDING THE INSTITUTION – STEP 1 .................................................... 19

9 ASSESSING THE INSTITUTION’S RISK – STEP 2 ................................................... 24

10 PLANNING/SCHEDULING SUPERVISORY WORK – STEP 3 ................................. 41

11 DEFINING EXAMINATION ACTIVITIES – STEP 4 .................................................. 45

12 PERFORMING ON-SITE EXAMINATION – STEP 5 ................................................. 49

13 CONDUCTING OFF-SITE EXAMINATION – STEP 6 .............................................. 64

APPENDIX 1 – RISK EVALUATION FACTORS ................................................................. 80

APPENDIX 2 – OMEGA BANKING CORPORATION INSTITUTIONAL PROFILE ......... 87

APPENDIX 3 – RISK MATRIX ............................................................................................ 119

APPENDIX 4 – RISK ASSESSMENT NARRATIVE ........................................................... 121

APPENDIX 5 – SUPERVISORY PLAN ............................................................................... 127

APPENDIX 6 – EXAMINATION SCOPE MEMORANDUM ............................................. 132

APPENDIX 7 – EXAMINATION REPORT FORMAT ........................................................ 139

APPENDIX 8 – OMEGA BANKING CORPORATION REPORT

OF EXAMINATION ............................................................................................................. 141

ACKNOWLEDGEMENTS .................................................................................................. 174

BANK LICENSING, SUPERVISION & SURVEILLANCE’S CORE FUNCTIONS .......... 175

2
1 INTRODUCTION
1.1 This policy framework sets out the Reserve Bank of Zimbabwe’s risk-based approach to
supervision of banking institutions and banking groups under its regulatory and supervisory
jurisdiction. The policy framework is also applicable to such non-resident banking groups in
respect of which the Reserve Bank of Zimbabwe (hereafter “Reserve Bank” / “the Bank” /
“RBZ”) is the designated Lead Supervisor for consolidated supervision purposes.

1.2 The objective of this framework is to explain and provide guidance on the risk-based supervisory
methodologies, policies, procedures and practices espoused by the Bank Licensing, Supervision
& Surveillance division (BLSS) in its fulfillment of the Reserve Bank’s statutory responsibility of
maintaining financial stability.

1.3 Contemporary regulatory practice has recognized risk-based supervision, rather than one-size-
fits-all regulation, as an international standard for effective supervision of financial institutions.
Risk-based supervision has been endorsed by multilateral agencies such as the World Bank and
International Monetary Fund; most supervisory authorities across the world; and embodied in
the Basel Committee on Banking Supervision’s New Capital Framework, popularly called Basel
II.

1.4 In line with international best practice, the Reserve Bank has revamped its supervisory policies,
procedures and practices in order to provide a dynamic, efficient, structured and risk-oriented
prudential supervision framework.

2 UNDERSTANDING RISK-BASED SUPERVISION

2.1 Risk-based supervision is a structured, forward-looking process designed to identify key risk
factors to which individual financial institutions and the entire industry1 are exposed; assess the
risk management policies and practices that are used to mitigate risk; and focus supervisory
resources (including examination time) based on the risk characteristics of the institutions.

2.2 The process is said to be “structured” because it systematically considers all key functional
activities (business lines or operational areas) of a banking institution and, within each key functional
area, evaluates the level, quality of management, and direction of risk.

2.3 Risk-based supervision entails moving away from a rigid rules-based style of regulation to one
more reliant on the supervisor’s discretion and professional judgment. It provides bank examiners
with flexibility to focus on areas exhibiting material current and potential risks. Activities posing
the highest risk receive most scrutiny. Supervisory attention thus remains properly focused on
institutions exhibiting serious weaknesses or adverse trends.

2.4 Full adoption of risk-based supervision will positively influence developments in the banking
sector. Conventional wisdom dictates that risk is inherent in the business of banking and other
forms of financial intermediation. A risk-based supervision system largely depends on sound risk
management practices and internal controls including: adequate board oversight; management
and staff expertise; sound policies and procedures; prudent risk limits and sound internal controls.

1
The principles of risk-based supervision are also applicable to the supervision of non-bank financial institutions
such as insurance companies, pension and provident funds, etc.

3
2.5 One of the primary objectives of risk-based supervision is identification of weaknesses in risk
management before the deficiencies adversely affect a banking institution’s earnings and capital.
A risk-based supervision system focuses on validating management’s ability to identify, measure,
monitor and control risk. Risk-based supervision thus encourages banks to continuously improve
management of risk and allocation of capital. The development of risk based supervision has also
facilitated the use of sophisticated internal models as provided for in Basel II.

2.6 The condition of a banking institution is a dynamic process, and arguable is fluid if not fragile. As
such, in a risk-focused supervision framework, on-site and off-site examination efforts are on a
continuum. On one end, supervisory concerns identified via the off-site analysis “early warning
system” could trigger an on-site examination to enable the Reserve Bank to gain first hand
knowledge of the situation. On the other end, serious deficiencies identified during on-site
examinations should be subject to off-site monitoring in between on-site examinations. The
functional structure of BLSS facilitates in-depth service delivery.

2.7 Risk-based supervision is consistent with Bank Licensing, Supervision and Surveillance’s mission
“To promote and maintain the safety and soundness of the financial system through proactive and
rigorous regulation and supervision in line with international best practice.” It provides a dynamic,
structured and risk-oriented prudential supervision framework.

4
3 CONCEPTUAL OVERVIEW OF THE RISK-BASED
SUPERVISION FRAMEWORK
3.1 The risk-focused supervision framework has six key steps, each with specific deliverables, as
illustrated in the diagram below:

Risk-Based Supervision Conceptual Framework

(a) Understanding the Institution – Step 1

3.2 The first step in risk-based supervision is to develop an understanding of the institution’s unique
characteristics or risk profile. An Institutional Profile is prepared to demonstrate the institution’s
current condition.

3.3 The institutional profile provides a concise portrait of an institution’s structure and activities,
functional business lines, nature and level of risk. It also highlights outstanding past supervisory
findings and future prospects.

5
3.4 The information used to construct an institutional profile is gathered from various sources ranging
from discussions with management, supervisory early warning systems, off-site or on-site
examination reports, and market intelligence. The institutional profile should be updated continuously
to keep track of significant developments that occur in-between on-site examination cycles.

(b) Assessing the Institution’s Risk – Step 2

3.5 Under a risk-focused examination framework, examiners are required to make rigorous risk
assessments to ensure effective identification of the strengths and vulnerabilities of an institution.
Risk assessment focuses supervisory effort on those risks posing the most severe challenge to the
safety and soundness of a bank.

3.6 The risk assessment consists of two documents, namely a Risk Matrix and a Risk Assessment
Narrative. A Risk Matrix identifies, in a tabular format, the type, level, management, and direction
of risks inherent in a bank; and forms the basis on which the on-site examinations may be conducted.
A Risk Assessment Narrative describes in a concise manner the type and level of inherent risks in
the banking institution’s activities, the adequacy of risk management controls in place, and the
trend of the risk.

3.7 An example of a summarised Risk Matrix is tabulated below:

3.8 Risk assessment provides a solid foundation upon which subsequent on-site examination
procedures are determined.

(c) Planning / Scheduling Supervisory Work – Step 3

3.9 A Supervisory Plan is developed following the risk assessment of a banking institution. It provides
a bridge between the supervisory concerns identified through the risk assessment process and
the supervisory activities to be conducted. A good plan should demonstrate that the supervisory
concerns identified in the risk matrix and risk assessment narrative as well as the deficiencies
noted in the previous examination are being, or will be addressed.

3.10 To be effective, planning requires an initial statement of objectives and identification of related
strategies for them to be achieved. Supervisory plans should incorporate a schedule of off-site
and on-site activities to be undertaken for the given planning horizon. Generally, a supervisory
plan may be developed yearly and reviewed at least half yearly to reflect new risk trends.

6
3.11 The plan should itemise examination activities per different areas / activities of a bank to be
evaluated, including scope of the review (full or limited), the objectives, and other supervisory
concerns regarding those areas. It should be institution specific based on an analysis of factors
such as the bank’s current condition, results of operations, and the economic environment.

(d) Defining Examination Activities – Step 4

3.12 Following the development of a supervisory plan, details of the on-site examination activities are
defined in the Examination Scope Memorandum (ESM). The purpose of the ESM is to
communicate the reasons for the examination; specific objectives and activities to be evaluated;
the scope of the particular examination; the examination procedures to be used; and delineate
staffing needs and timeframes for given activities, in accordance with a banking institution’s size,
complexity, and risk profile.

3.13 In other words, the ESM provides a detailed roadmap to the examination team regarding objectives
of the examination, procedures to be followed, and the resource requirements.

3.14 A bank by bank customized Entry Letter is used to formally advise banking institutions about on-
site examination informational requirements based on the size, complexity and risk profile of the
bank.

(e) Performing On-site Examination – Step 5

3.15 The Reserve Bank uses the CAMELS2 rating system to assess the condition of banking institutions
on an individual basis (Solo Supervision). For Consolidated Supervision purposes, the RFI(C)D3
rating system has been adopted to evaluate the condition of banking groups.

3.16 At the start of each examination, an Examination Entrance Meeting should be held to formally
commission the exercise, indicate scope of the examination, and to highlight supervisory concerns
raised in previous examinations.

3.17 The actual examination procedures used will vary from institution to institution depending on size,
complexity, and risk profile of a particular bank. The examination team should perform procedures
tailored to fit the risk assessment done, supervisory plan and the ESM. Focus should also be
placed on management’s ability to adequately identify, measure, monitor and control risks.

3.18 The examination team will follow a three-tier reporting system to discuss all major issues that will
be included in the final Examination Report. Examination findings will initially be presented to the
functional head; secondly to senior management in an Exit Meeting; and the bank’s board of
directors.

3.19 The report (containing both qualitative and quantitative factors) should be objective, lucid, concise
and communicate supervisory concerns and recommendations that correlate to the risk profile of
the banking institution. The bank would be given two weeks in which to acknowledge receipt,
study, and review the final report.

2
CAMELS is an acronym for Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and
Sensitivity to Market Risk.
3
RFI(C)D stands for Risk Management, Financial Condition, Impact, Composite Rating, and Depository/
Banking Institution.

7
(f) On going Off-site Supervision – Step 6

3.20 Various Off-site Surveillance reports are generated on a periodic basis using quantitative and
qualitative information submitted through regular prudential returns and other sources of reliable
information.

3.21 The main reports are Quarterly Off-site Analysis reports based on the CAMELS and RFI(C)D
rating systems; quarterly Board Reports; quarterly Status of the Banking Sector Report; half-
yearly Financial Stability Report; and a Weekly Status Report.

3.22 The Bank also makes use of Early Warning Systems, Stress Testing and Prompt Corrective
Action programs to detect areas of supervisory concern and take pre-emptive action.

3.23 After the on-site examination, the Institutional Profile, Risk Assessment Narrative, Risk Matrix,
and Supervisory Plan should be updated to reflect any significant examination findings or post
examination actions (e.g. Corrective Orders). This step is critical in ensuring that the risk-focused
documentation encompasses all substantive on-site examination findings.

3.24 It is imperative that a Portfolio Leader or Head of Section maintains continuous contact with
banks and the market in general, formally and informally, to gather information about the condition
of the banking institutions under their portfolio.

8
4 BENEFITS AND RATIONALE OF RISK-BASED
SUPERVISION
4.1 Risk-based supervision provides a number of benefits to supervisors as well as to the banking
institutions, including the following:
i. enhances banking institutions’ ability to identify, measure, manage, and control risks as
well as correct deficiencies;
ii. encourages frequent, open communications between banking institutions and bank
examiners;
iii. enhanced surveillance effort, in which the monitoring of new developments and strategic
changes at a given institution are conducted throughout the examination cycle;
iv. less examination time spent on banking institutions’ premises as preliminary analysis is
done off-site;
v. greater emphasis on supervision of banking institutions and areas exhibiting highest risk or
adverse trends;
vi. improved quality of working papers necessary to support examiners’ analysis and
conclusions; and
vii. customised examination reports.

4.2 We elaborate, hereunder, some of the anticipated benefits.

(a) Enhances Banking Institutions’ Ability to Manage Risk and Take Corrective Action

4.3 Risk-based supervision places strong emphasis on understanding and assessing the adequacy of
risk management systems that are in place at a particular banking institution to identify, measure,
monitor and control risk in an appropriate and timely manner. This analytical framework is found
on qualitative and quantitative assessment of a bank’s risk profile with a view to the tailor-making
of examination procedures to the character, size, complexity and risk profile of the institution
examined.

4.4 Ongoing knowledge of significant developments and strategic changes occurring at supervised
entities between examination cycles, as well as ability to establish the underlying causes of any
adverse developments in financial indicators are essential.

(b) Less Examination Time Spent On Banking Institution Premises

4.5 As a lot of emphasis is placed on the planning phase of the examination, bank examiners may
request some preliminary information and perform an initial analysis off-site. This allows the
examiners to use on-site time more efficiently in discussing issues with management and evaluating
the banking institution’s control structure and operating environment.

4.6 The amount of time spent on-site will vary based on the preliminary information available and the
examiners’ familiarity with the banking institution.

9
(c) Enhanced Emphasis On Improved Communication

4.7 Prudential Meetings are an integral part of the risk-focused supervision process, and may take
place at various stages of the process as illustrated in the diagram below:

Framework for Prudential Meetings

4.8 It is therefore imperative that meetings should be held with bank management, internal and external
auditors, board chairpersons, chairpersons of selected board committees, risk managers, heads
of compliance and heads of key functional areas such as treasury.

4.9 Such meetings enable examiners to gain a better understanding of the institution’s business strategy,
the risks a bank faces, quality of risk management, and progress made in addressing deficiencies
identified in previous examinations.

4.10 Prudential meetings give bank management the opportunity to share additional insight regarding a
bank’s operations. Banks will also benefit from the improved focus on areas of greatest risk, and
established dialogue regarding areas of supervisory concern in their individual institutions.

(d) Greater Emphasis On Supervision Where Appropriate

4.11 Examiners will be performing on-site examinations less frequently in banking institutions whose
risk profile is low. Effective off-site monitoring becomes vital in the supervisory process. BLSS

10
 may hold prudential meetings with bank management based on results of (quarterly) off-site
analyses, stress testing, and early warning systems. The frequency of such meetings would depend
on the composite CAMELS rating of a given banking institution.

4.12 As a general guide, the minimum benchmarks for the conduct of prudential meetings and on-site
examinations are as follows:

4.13 For institutions assigned overall CAMELS ratings of “1” or “2”, the frequency of scheduled
prudential meetings and/or examinations may remain low provided the following criteria are met:
a) Stable management – management team and board of directors have not significantly
changed since the last examination.
b) No change of control – the institution has not experienced a significant change in
ownership or a change in control since the last examination.
c) No significant changes in the risk profile – there are no adverse conditions that might
materially affect the condition of the banking institutions from on-site and/or off-site
examinations.
d) Not a new banking institution – this excludes banking institution with less than three
years operating experience.
e) No significant new business lines since the last examination.

4.14 Supervisors and banking institutions both have the right to request for unscheduled prudential
meetings if reasonably required.

(e) Customised Examination Reports

4.15 Under risk-based supervision, examination reports focus on matters of significant supervisory
concern in order to communicate the examiners’ analyses, conclusions, and recommendations.

4.16 Risk-based supervision does not replace the CAMELS rating system. The bank’s current condition
will still be summarised and reported using the CAMELS rating system, with all components
disclosed, but the report’s focus will be on significant risk areas.

11
5 RISK CATEGORIES AND DEFINITIONS
5.1 Risk-based supervision assesses the appropriateness, adequacy, and efficacy of a bank’s risk
management systems. All supervisory plans and examination activities are based on a bank’ risk
profile. The responsibility for effective risk management still lies with a bank’s board and
management,as a bank’s first line of defence. The mandate of a bank examiner is not to prohibit
appropriate risk-taking, but to ensure effective risk management. Examiners also pay attention to
the adequacy of capital vis-à-vis the risk profile.

5.2 To accomplish effective risk-based supervision, it is imperative for bank examiners to identify
and measure risk using common definitions and evaluation factors. Common definitions and
standards facilitate effective communication between examiners and bank management regarding
the basis of supervisory ratings, concerns, and actions. Common definitions and evaluation factors
enhance quality and consistency of the supervision process.

Definition of Risk…
5.3 From a prudential supervision perspective, risk is a potential that events expected or unanticipated,
may have an adverse effect on a banking institution’s net worth (capital), earnings, set goals
and objectives. The Reserve Bank therefore assesses banking risks by their impact on the
bank’s earnings, capital as well as set goals/objectives. Quantitative and qualitative aspects are
used.

5.4 Mathematically, risk may be quantified by the variance of returns, standard deviation, value at
risk, expected loss tail, copulas, etc.

5.5 The diagram below illustrates some of the theoretical measures.

Source: Guhe and Kesting (2004, p7)

12
Types of Risk…

5.6 Banking business by nature involves risk taking. The Reserve Bank has identified and defined
eight categories of risk for the purpose of risk-based supervision (of banking institutions). These
are: Credit, Liquidity, Interest Rate, Foreign Exchange, Operational, Legal & Compliance,
Strategic, and Reputation risks. It should be noted that these categories are not mutually exclusive,
and any activity may expose a bank to multiple risks.

Credit Risk…
5.7 Credit risk is the current and prospective risk to earnings or capital arising from an obligator’s
failure to meet terms of any contract with a bank or otherwise fail to perform as agreed.

5.8 Credit risk is found in all activities where success depends on counterparty, issuer, or borrower
performance.

Liquidity Risk…

5.9 Liquidity risk is the current and prospective risk to earnings or capital arising from a banking
institution’s inability to meet its obligations when they fall due, without incurring material costs or
unacceptable losses. Liquidity risk includes the inability to manage funding sources, including
unplanned decreases or changes (referred to as “funding liquidity risk”). Liquidity risk also arises
from a banking institution’s failure to recognise or address changes in market conditions that
affect its ability to liquidate assets quickly at minimal loss in value because of inadequate market
depth or market disruptions (“market liquidity risk”).

Interest Rate Risk…

5.10 Interest rate risk is the risk that changes in interest rates will negatively impact on a banking
institution’s income and net-worth. Interest rate risk arises from (1) differences between the
timing of rate changes and the timing of cash flows (repricing risk); (2) changing rate relationships
among different yield curves affecting banking institutions’ activities (basis risk); (3) changing rate
relationships across the spectrum of maturities (yield curve risk); and (4) interest-related options
embedded in banking institutions’ products (optional risk).

Foreign Exchange Risk…

5.11 Foreign exchange risk is the current or prospective risk to earnings and capital arising from
adverse movements in currency exchange rates.

Operational Risk…

5.12 Operational risk is the direct or indirect loss arising from inadequate or failed internal processes,
people, and systems or from external events such as unforeseen catastrophes. It covers potential
risk from fraud or errors, processing disruptions, control breaches or failure, information system
weaknesses, etc.

13
Legal & Compliance Risk…

5.13 Legal and compliance risk is the current and prospective risk to earnings or capital arising from
violations of, or non conformance with laws, rules, regulations, prescribed practices, internal
policies and procedures, or ethical standards. Compliance risk exposes the banking institution to
fines, civil money penalties, payment of damages and the voiding of contracts, leading to diminished
reputation, limited opportunities, and reduced clientele base.

5.14 Legal and compliance risk goes beyond failure to comply with banking laws. It encompasses all
laws as well as prudent ethical standards, contractual obligations, exposure to litigation, and
relationship with regulators. It can blend into operational risk and legal risk as well.

Strategic Risk…

5.15 Strategic risk is the current and prospective risk to earnings or capital arising from adverse
business decisions, improper implementation of decisions or lack of responsiveness to industry
changes. This risk arises from the overall strategy of a bank. It includes the quality, achievability,
and implications of a bank’s corporate strategy. Strategic risk also involves an assessment of a
bank’s risk appetite, the compatibility of business strategies/goals and resources deployed to
accomplish them, and track record of implementation. Characteristics of a bank’s target market
going forward, products and services offered, as well as the impact of economic, technological,
regulatory changes are also considered.

Reputation Risk…

5.16 It is the risk of negative public opinion or perception leading to a loss of confidence and/or
severance of business relationships.

Institution Risk & Market Risk …

5.17 Although risk-based supervision identifies discrete classes of risks, in reality there are complex
interrelationships between bank risks.

5.18 The last four categories of risk (i.e. operational, legal & compliance, strategic, and reputation)
are sometimes referred to as “institution risks” as opposed to “market risks” (i.e. credit, liquidity,
interest rate, foreign exchange). Institution risks are difficult to evaluate accurately using financial
data. Emphasis is placed on qualitative assessment in terms of a bank’s risk management systems.

5.19 It should be noted that there is no one best way to classify or categorise risk. In some jurisdictions,
for instance, the distinction is between “business risks” and “control risks.” What is important is
for regulatory authorities to adopt frameworks that best suit their socio-economic environments
and apply the chosen framework consistently.

14
6 A GENERIC RISK MANAGEMENT FRAMEWORK
6.1 The board and management of each financial institution have the overall responsibility to establish
an effective risk management system with clearly articulated objectives and goals.

6.2 The Reserve Bank requires each banking institution to develop an appropriate risk management
system, tailored to its needs and circumstances. The adequacy and/or sophistication of risk
management systems should depend on the size and complexity of each banking institution. It
entails a proper understanding of the banking institution and its various activities.

6.3 Supervisory actions that would be taken will largely depend on the adequacy of a bank’s risk
management systems vis-à-vis its risk appetite. A bank’s risk management systems facilitate the
review.

6.4 All sound risk management programs regardless of their design, have several common
fundamentals. A typical risk management process should include: risk identification, risk
measurement, risk control and risk monitoring.

Risk Identification…

6.5 Proper risk identification focuses on recognising and understanding existing risks or risks that
may arise from new business initiatives. Risk identification should be a continuous process, and
should occur at both the micro (transaction) and macro (overall portfolio) levels. External events
and threats that might affect bank’s business objectives should be considered.

Risk Measurement…

6.6 A banking institution is required to have accurate and timely measurement of its risks in relation to
the probability of adverse consequences on its earnings, capital and business goals /objectives.
The sophistication of the risk measurement tools should reflect the complexity of the institution
and levels of risk assumed. A good system should have capacity to assess individual transactions,
overall portfolios, and enterprise-wide risk.

6.7 A banking institution should periodically verify the integrity of the measurement tools it uses via
back-testing. A good system should be able to measure risk parameters under normal and extreme
conditions (stress testing).

Risk Monitoring…
6.8 Banking institutions should monitor risk levels on a continuous basis to ensure that well timed
reviews of risk positions, exceptions and the standards established for the bank. Prompt
distribution of accurate and informative reports to appropriate management and staff is essential
to ensure business goals are met.

Risk Control…
6.9 A banking institution should establish and communicate control limits through policies, standards,
and procedures that define responsibility and authority. It is the duty of the board and senior
management to enforce compliance with risk controls put in place.

15
7 EVALUATION OF RISK MANAGEMENT SYSTEMS
7.1 The evaluation of the risk management systems should take into account adequacy of board and
senior management oversight, risk identification, measurement, monitoring, and control; banking
institution’s policies, procedures, and limits; and internal control systems and management
information systems (MIS).

Board and Senior Management Oversight …

7.2 Effective risk management calls for active board and senior management oversight. The board
has ultimate responsibility for the level of risk taken by a bank. In fulfilling this responsibility, the
board should take steps to develop appropriate risk management systems. The board should
approve the overall business strategies, significant policies of the bank, and ensure that competent
management is in place to run the affairs of the bank.

7.3 Qualified, competent managers and staff should perform as expected by a conscientious board.
They must understand the mission, values, policies, and processes of the bank. Senior management
is also responsible for establishing and communicating a strong awareness of, and need for,
effective internal controls.

Policies, Procedures and Limits …

7.4 Policies reflect the board’s intent and commitment in pursuing desired results. Effective management
requires written policies that a banking institution adheres to in practice. Policies set standards
and courses of action to pursue, implement, and enforce specific objectives. Good policies link
with, and reflect, a banking institution’s underlying mission, values, and principles. They also
clarify a bank’s risk tolerance. Banking institutions should have mechanisms in place to trigger a
review of policies in the event that activities or tolerances change.

7.5 Procedures govern how a banking institution will pursue its objectives and define how it will carry
out its daily activities. Good procedures demonstrate consistency with the underlying policies,
adequacy of internal control checks and balances.

7.6 Policies, procedures and limits provide for adequate identification, measurement, monitoring,
and control of risks posed by a banking institution’s activities. Policies and procedures should
clearly delineate accountability and lines of authority across a banking institution’s activities.

Internal Control Systems & Management Information

Systems (MIS) …

7.7 Adequate internal controls are critical to the safe and sound functioning of a banking institution in
general and to its risk management in particular. Internal control systems promote effective
operations, reliable financial and regulatory reporting, safeguard assets and help to ensure
compliance with laws and regulations as well as a banking institution’s own policies and procedures.
Bank management should implement reporting systems by which they communicate necessary
and sufficient information to the directors.

16
7.8 The system of internal controls should be appropriate to the type and level of risk posed by the
nature and scope of a banking institution’s activities.

7.9 A bank’s organisational structure and reporting lines should establish clear lines of authority and
responsibility for monitoring adherence to policies, procedures and limits. The official organisational
structure should reflect actual operating practices. Segregation of duties is a fundamental and
essential element of a sound risk management and internal control system.

7.10 The sophistication of MIS should be consistent with the complexity and diversity of a banking
institution’s operations. Appropriate management and board reports should be produced to support
risk monitoring activities.

7.11 Internal controls should be tested by an independent internal audit function which reports directly
either to the board or its designated committee.

Risk Assessment System (RAS) …

7.12 The Reserve Bank uses the Risk Assessment System (RAS) to provide a structured framework
for measuring and assessing risk. RAS is a method of identifying, evaluating, documenting, and
communicating assessment of the quantity of risk, the quality of risk management, and the direction
of risk at each bank. It takes both a current and a prospective view of the institution’s risk profile.

7.13 Examiners use RAS for all banking institutions. While banking institutions are not required to
adopt a similar process, examiners are expected to discuss RAS assessments with bank
management in order to reach a common understanding of the risk profile of the institution, upon
which regulatory activities will be based.

7.14 For each risk category, bank examiners make the following assessments:
(a) Quantity of risk - is the level or volume of risk that exists and is characterised as low,
moderate, or high.
(b) Quality of risk management - is how well risks are identified, measured, controlled,
and monitored and is characterised as strong, acceptable, or weak. Strong risk
management indicates that management effectively identifies and controls all major types
of risk posed by the relevant activity or function. Acceptable risk management indicates
that a bank’s risk management systems, although largely effective, may be lacking to some
degree. Weak risk management indicates that risk management systems are lacking in
important ways and therefore, are a cause for more than normal supervisory attention.
(c) Overall composite risk - is a summary judgment about the level of supervisory concern.
It is characterised as low, moderate, or high. Risk mitigants are taken into account in the
examiners’ assessment of overall composite risk. Overall composite risk is the residual
risk after taking into account aggregate inherent risk and aggregate risk management systems.
(d) Direction of risk - is the probable change in the bank’s risk profile over the next 12
months and is characterised as decreasing, stable, or increasing. Decreasing direction
indicates that the examiner anticipates, based on current information, that the aggregate
risk will decline over the next examination cycle. Increasing direction denotes anticipation
of higher risk over the examination cycle.

17
Relationship between RAS & CAMELS …

7.15 RAS and CAMELS are distinct yet closely related bank evaluation methods. Both provide
information about a bank’s overall soundness, financial and operational weaknesses or adverse
trends, problems, and risk management practices.

7.16 The major distinction is that RAS is the prospective nature whereas the CAMELS rating system
primarily provides a point-in-time assessment of an institution’s current performance and condition.
RAS reflects an examiner’s judgment about current and future quantity of risk, quality of risk
management, and direction of risk in each bank. RAS may influence the CAMELS component
rating.

7.17 The remainder of this policy framework discusses the various steps of risk-based supervision in
detail.

18
8 UNDERSTANDING THE INSTITUTION – STEP 1
8.1 The first step for a Risk-Based Supervision Approach is developing an understanding of the
institution.

Institutional Profile…

8.2 An institutional profile is prepared to demonstrate the institution’s current condition. It also
highlights key issues and outstanding past supervisory findings. Simply stated, the institutional
profile provides a concise portrait of an institution’s structure, activities/ functional business lines,
and level of risk.

8.3 An institutional profile is a dynamic document that supports the overall risk-focused examination
process and facilitates ongoing monitoring of a given institution. The institutional profile should be
updated continuously to capture matters of significance that occur between on-site examination
cycles.

8.4 Supervisors are alert to the fact that an institution’s condition and risk profile can change within a
short period of time as a result of both endogenous and exogenous factors.

8.5 A comprehensive up-to-date institutional profile should be maintained for every supervised institution
and this is the responsibility of the examiner responsible for the institution. It is necessary for the
Senior Bank Examiner, Principal Bank Examiner, Chief Bank Examiner, and where possible, the
Senior Division Chief to subject Institutional Profiles to random checks to ensure consistence in
quality and completeness.

Sources of Information…

8.6 Information for compiling and updating institutional profiles should be collected from all reliable
sources to which the examiner has access. Formal sources will include on-site examination
reports, regular prudential and statutory returns, ad hoc returns, published financial results, external
ratings, formal meetings with the institution’s board and management, internal and external auditors,
and reports of and /or meetings with other supervisory/regulatory authorities such as the Stock
Exchange, Insurance Commission, ZIMRA etc.

8.7 Less formal and informal sources of information include media reports, informal meetings with
bank management and complaints filed against the institution.

8.8 Core Principle number 17 of the Basel Committee on Banking Supervision (Basel Committee)
requires bank examiners to have regular contact with bank management; and a thorough
understanding of the institution’s operations. The supervisor should require banks to notify the
RBZ of any substantive changes in their activities or any material adverse developments, including
breach of legal and prudential requirements.

8.9 There is need for the supervisor, based on the risk profile of individual banks, to have a programme
of regular meetings with senior management, board members, and heads of individual units to
discuss operational matters such as strategy, group structure, corporate governance, performance,
capital adequacy, liquidity, asset quality, risk management systems, etc.

19
CONTENTS OF THE INSTITUTIONAL PROFILE

8.10 The institutional profile provides a summary of the institution’s structure, present financial condition,
and its current and prospective risk profile, as well as highlights key issues and past supervisory
findings. The institutional profile contains information pertaining to the ownership, capital and
group structure (where applicable), branch network, staffing, corporate governance systems,
the institution’s business profile and strategy, risks and challenges facing the institution, regulatory
and any other ratings, and the condition and performance of the institution.

8.11 Detailed guidance on the contents of an institutional profile is discussed hereunder. Appendix 2
provides a complete institution profile for the hypothetical Omega Banking Corporation (OBC).

A. Overall Condition
8.12 Summarises the overall condition based on the level of supervisory concern, assessment of risk
management systems and adequacy of management oversight over the banking institution. Any
key issues/concerns relating to the strategies employed should also be highlighted.

B. Risk Assessment Summary

8.13 States the level of inherent risk, the adequacy of risk management systems, the overall composite
risk and the direction of overall composite risk.

Example of Summary Risk Assessment

C. Corporate Profile

C1 Background
8.14 Captures the history of the institution in brief covering among other things, date of establishment,
name changes (if any), mergers and acquisitions, conversions of banking licence.

C2 Shareholding Structure
8.15 Indicate names of shareholders, number of shares held and percentage shareholding over the
past three years. If the institution is owned by a holding or parent company, this is also shown in
the holding or parent company’s shareholding structure.

C3 Capital Structure
8.16 The institution’s capital components over the past three years should be presented in tabular
form.

20
 C4 Related Organisations
8.17 Present in tabular form, the institution’s subsidiaries, associates and any other related organization
showing the percentage shareholding in each.

C5 Vision/Mission/ Strategies
8.18 State the institution’s vision, mission, values and strategic goals and initiatives.

C6 Key Functional Lines

8.19 Identify the institution’s key functional lines and products offered under each line. Also include the
major support services such as Information Technology (IT).

C7 Risk Management Framework

8.20 Provide details of the risk management structures, systems and procedures used to manage the
various risks inherent in the institution’s operations. The roles and responsibilities of individuals
and departments involved in the risk management process should be clearly articulated. Board
and senior management reports, limits in place and IT Systems capabilities should be covered.

C8 Branch Network
8.21 Indicate number of branches, agencies and other points of representation and their respective
physical addresses.

C9 Staff Compliment
8.22 State the total number of employees, indicating managerial and non-managerial staff of the
institution. Where necessary, comment on the adequacy of the human capital particularly in key
operational areas, in respect of numbers, qualifications and skills.

C10 External Auditors and Lawyers

8.23 Show the names, addresses, telephone numbers and the auditor and attorney in charge.

C11 Board of Directors

8.24 Present in tabular form, the names, ages, qualifications, experience and other directorships of all
the board members.

C12 Senior Management

8.25 Present in tabular form, the names, ages, qualifications and experience of all the senior managers.

C13 Board Committees

8.26 State the compositions of the various board committees and their terms of reference. Comment
on any irregularities.

C14 Management Committees

8.27 State the compositions of the various management committees and their terms of reference.
Comment on any irregularities.

C15 Overview of Management

8.28 Comment on adequacy of board and management oversight in terms of:
a) the overall risk management framework;
b) policies and procedures in key risk areas;
c) internal control systems; and
d) strategic planning and policy formulation.

21
8.29 Also comment on the management information systems in terms of reliability and timely production
of financial and/ or regulatory reports.

C16 Top 10 Borrowers as at (latest Quarter)

8.30 Present in tabular form, the top ten borrowers showing the counterparty, limit, current balance,
maturity date, nature of exposure and security type.

C17 Top Ten Depositors as at (latest quarter)

8.31 Present in tabular form, the top ten depositors showing name of client, amount and type of
deposit.

C18 Industry Rankings as at (latest Quarter)

8.32 Present in tabular form, the institution’s position in relation to other institutions in the same sub-
sector. Show the total deposits, total loans and total assets by amount, percentage and market
share.

D Examination Results, Audit Findings & External Credit Rating

D1 Results of Past On-site Examinations

8.33 Present in tabular form, the results of the last three on-site examinations showing the respective
overall and CAMELS ratings.

D2 Significant Findings of Last On-site Examination

8.34 Summarise the significant findings of the latest on-site examination.

D3 External and Internal Audit Findings

8.35 Summarise the significant findings of the latest external and internal audits, and highlights of prudential
meetings with auditors.

D4 External Credit Rating

8.36 Indicate the latest ratings obtained by the institution, the rating date and the name of the rating
company.

E. Off-site Analysis as at (latest quarter)

8.37 Provide a summary of the overall condition of the institution based on the latest quarterly financial
returns, and comment on the following:
E1 Capital Adequacy
E2 Asset Quality
E3 Management
E4 Earnings
E5 Liquidity and Funds Management
E6 Sensitivity to Market Risk

F. Non-Compliance with Regulatory and Supervisory Requirements

8.38 Comment on the institution’s compliance with banking rules, regulations and directives issued by
RBZ. State any violations noted.

22
G. Environmental Considerations

8.39 Identify and state any external environmental factors, which may have an impact on the operations
and condition of the institution, for example, property, debt and equity markets, and economic
conditions.

H. Financial Stability and Stress Testing Assessment

H1 Stress Testing Results

8.40 State the assumptions and results of stress tests conducted by BLSS and the institution itself.

H2 Financial Stability Considerations

8.41 Comment on the bank’s financial performance, brand strength, chances of failure and the contagion
effect on the financial system, in the event of failure.

H3 Future Prospects
8.42 Comment on the bank’s strategic initiatives/forecasts/projections for key performance areas,
budget projections, and/or new markets and products.

I. Attachments

8.43 The following attachments should be included as appendices to the institutional profile:

Appendix a) Key Ratios

Appendix b) Comparative Income Statement
Appendix c) Comparative Balance Sheet
Appendix d) Organisational Structure
Appendix e) External Credit Rating Report
Appendix f) Annual Report

23
9 ASSESSING THE INSTITUTION’S RISK – STEP 2
9.1 The second step in the risk-based supervision framework, Assessing the Institution’s Risk, is
designed to develop a comprehensive risk profile of the institution. The purpose of the risk
assessment exercise is to identify the type, level, management and direction of all significant risks
affecting a banking institution, or inherent in a banking institution’s activities. The risk assessment
consists of two documents, namely a Risk Matrix and a Risk Assessment Narrative.

9.2 The main objective of a risk matrix is to present, in a tabular format, the type, level, management,
and direction of risk inherent in a banking institution; and forms the basis on which the supervisory
plan is built, and on-site examinations activities are determined. A risk assessment narrative describes
in a concise manner the type and level of inherent risks in banking institution’s activities, the
adequacy of risk management controls in place, the trend of the risk, and the impact of external
risk factors.

9.3 The risk assessment process highlights both the strengths and vulnerabilities of the institution and
provides the foundation for determining the supervisory activities to be conducted.

Phases in Risk Assessment …

9.4 The risk assessment exercise can be effectively accomplished via adoption of a four phase
approach as illustrated by the diagram below:

Phases in Risk Assessment

24
Phase One – Gathering Information

9.5 During phase one sufficient information must be gathered to understand the institution’s business
activities and risk management systems. One or more on-site visitations may be conducted to
the banking institution to obtain additional information or to clarify information already received.

Phase Two – Defining Functional Areas

9.6 In phase two the key business activities or functional areas of a banking institution, and the
relative significance of the activities should be properly identified. These activities present various
combinations and concentrations of risks, depending on the nature and scope of the particular
activity. Certain functional activities (e.g. lending) should be broken down to the extent possible
according to the banking institution’s own internal classification and reporting arrangements, e.g.
corporate banking, retail, etc.

9.7 Activities, and their significance, can also be identified by reviewing information generated by the
institution, and this includes the balance sheet, off-balance-sheet reports, the income statement,
or any other report that is prepared for the institution’s board of directors and senior management,
to monitor performance.

9.8 A detailed income statement, for instance may be particularly informative because significant
activities and their relative importance to the institution’s revenue and net income are reflected in
this statement.

9.9 In addition to financial factors, information on strategic plans, new and possible management
changes need to be considered. Industry segmentation and the position the institution occupies
within its markets should also be considered. The competitive climate in which the institutions
operate is very important and should be assessed in the identification of significant activities.

Phase Three – Completing the Risk Matrix

9.10 Phase three, Completing the Risk Matrix, consist of eight stages or dimensions namely:
i. determine the quantity or level of inherent risk in each functional area or activity;
ii. assess adequacy of risk management systems to manage risks per functional area;
iii. determine the functional composite risk profile for each functional area;
iv. determine the aggregate inherent risk rating for each inherent risk across the institution;
v. assess the adequacy of aggregate risk management systems for each inherent risk across
the institution (per risk management system and aggregate basis);
vi. assess the overall composite risk for each inherent risk across the institution;
vii. determine direction of overall composite risk per inherent risk across the institution; and
viii. determine the entire institution’s overall inherent risk, overall risk management sytems,
overall composite risk, and direction of overall composite risk.

25
Stage 1 – Determine Quantity of Risk …

9.11 An assessment of the level of inherent risk in each functional area takes into account several
factors including the frequency of occurrence, probability of occurrence and or severity of impact.
The level or quantity of inherent risk per functional area may be assessed as “high”, “moderate”,
or “low”. Qualitative and quantitative factors should be considered.

9.12 Partly inspired by statistical theory, the level of inherent risk measures the probability or chance
of an adverse impact on a banking institution’s capital or earnings from potential future events
within the functional activity. No regard to the adequacy and quality of risk management systems
in place is made when assessing level of inherent risk. In all cases an assessment of the degree of
potential loss in relation to earnings and capital must be considered. Consideration should be
made of the banking institution’s type of activities vis-à-vis the inherent risk in terms of significance
or proportion.

High Inherent Risk …

9.13 Generally, an assessment of high inherent risk would reflect a higher than average probability of
potential loss. High inherent risk exists when the functional area is significant in the bank, positions
are large in relation to the banking institution’s resources, the volume of transactions is high, or
where the nature of the functional area is more complex than normal.

Moderate Inherent Risk …

9.14 Moderate inherent risk exists where positions are average in relation to the institution’s resources
or to its peer group, where the volume of transactions is average, and where the activity is more
typical or traditional. Thus, while the activity potentially could result in a loss to the organisation,
the loss could be absorbed by the organisation in the normal course of business. The probability
of an adverse impact on a bank’s capital or earnings is average.

Low Inherent Risk …

9.15 Low inherent risk exists where the volume, size, or nature of the activity is such that even if the
internal controls have weaknesses, the risk of loss is remote or, if a loss were to occur, it would
have little negative impact on the institution’s overall financial condition. In statistical terms, an
assessment of low inherent risk reflects a lower than average probability of an adverse impact on
a banking institution’s capital or earnings.

9.16 It is important to note that the assessment of the quantity of risk management is made without
considering the risk management processes and controls. Bank examiners should be thoroughly
familiar with the factors that are taken into account when evaluating different categories of inherent
risks.

9.17 Appendix 1 – Risk Evaluation Factors provides some of the risk indicators taken into account
when assessing risk in various aspects of a banking institution.

Stage 2 – Assess Adequacy of Risk Management …

9.18 The second stage in phase three is the assessment of quality and adequacy of risk management
for significant functional areas or activities. The adequacy of risk management systems for identified
activities is determined by considering the following key elements:
(a) active board and senior management oversight;

26
 (b) adequate policies, procedures and limits for managing business activities;
(c) adequate risk management, monitoring and management reporting systems; and
(d) comprehensive internal controls including an effective internal audit function.

9.19 The quality and adequacy of risk management systems should be characterised as “strong”,
“acceptable”, or “weak” depending on the availability, completeness, suitability, and compliance
with/of the risk management systems implemented in the banking institution.

9.20 Some indicators of Strong, Acceptable and Weak risk management systems are as follows:

Strong Risk Management Systems …

(a) Management effectively identifies, measures, monitors and controls all types of risk posed
by the relevant functional area, or per inherent risk.
(b) The board and senior management are active participants in managing risk and ensure
appropriate policies and limits are put in place.
(c) Board fully understands, reviews and approves all policies and procedures.
(d) The policies comprehensively define the bank’s risk tolerance, responsibilities and
accountabilities are effectively communicated.
(e) Internal controls and audits are comprehensive and appropriate to the size and activities
of the banking institution.
(f) Few exceptions to established policies and procedures of which none would lead to
significant loss of earnings or capital.
(g) Policies and limits are effectively supported by risk measurement, monitoring and control
procedures and management information systems which are timely, accurate, complete
and reliable.

Acceptable Risk Management Systems …

(a) Overall, board and senior management oversight, policies and limits, risk monitoring
procedures and MIS are considered effective in maintaining a safe and sound banking
institution.
(b) Management of risk is largely effective but lacking to some modest degree. Risks are
generally being controlled in a manner that does not require more than normal supervisory
attention.
(c) Reflects an ability to cope successfully with existing and foreseeable exposure that may
arise in carrying out the institution’s business plan.
(d) While the institution may have some minor risk management weaknesses, these have been
recognized and are being addressed.
(e) Management satisfactorily identifies measures, monitors and manages risk including risk
diversification.
(f) Policies satisfactorily define risk tolerance, responsibilities and accountabilities.
(g) Management information systems at various levels are generally adequate.

Weak Risk Management Systems …

(a) Risk management systems are inadequate or inappropriate given the size, complexity and
risk profile of the banking institution.
(b) Bank personnel lack knowledge on risk management and are inexperienced.
(c) Risk management systems are weak in important ways and cause for more than normal
supervisory concern.
(d) The policies do not adequately define risk tolerance, responsibilities and accountabilities.

27
 (e) Management is unable to identify or monitor risk; or do not implement timely and appropriate
actions in response to changing conditions.
(f) Weak internal controls and audit function as well as failure to adhere to written policies
and procedures.
(g) Management information systems at various levels exhibit significant weaknesses and may
not consolidate total exposures.
(h) The deficiencies could have adverse effects on the safety and soundness of the banking
institution.

Stage 3 – Determine Functional Composite Risk …

9.21 The third stage is an assessment of the functional composite risk profile for each significant
activity. This is determined by balancing the overall level of inherent risk of the activity with the
overall strength of risk management systems for that activity.

9.22 Functional composite risk is a summary judgment about the level of supervisory concern about a
bank. It incorporates judgments about the quantity of risk and the quality of risk management.
Functional composite risk is characterised as low, moderate, or high.

9.23 Risk mitigants may be taken into account. For example, loans may be determined to have high
risk, however, the probability and the magnitude of possible loss may be reduced by having very
conservative underwriting standards, effective credit administration, strong internal loan review,
and a good early warning system. Consequently, after accounting for these mitigating factors, the
overall risk profile and level of supervisory concern associated with the activity may be moderate.

Stage 4 – Determine Aggregate Inherent Risk …

9.24 Aggregate inherent risk assessments provide overall risk ratings across the entire bank per given
category of inherent risk. Each category of inherent risk may be rated as low, moderate or high.
In assessing aggregate inherent risk, all functional areas that constitute the bank are not necessarily
given equal weighting as relative importance or significance of proportion is taken into account.

9.25 Further guidance on the assessment of each of the inherent risks may be gleaned from Appendix
1 – Risk Evaluation Factors, and the BLSS Examination Manual.

9.26 A brief summary of indicators is provided below for illustration purposes:

Low Credit Risk …

(a) Current or prospective loss of earnings or capital is minimal, i.e. there is lower than average
probability of adverse impact.
(b) Credits constitute an insignificant proportion of the bank.
(c) Portfolio and repayment sources are well-diversified.
(d) Portfolio growth presents no concerns.
(e) The portfolio’s return is adequate to justify the risk being assumed.
(f) There are minimal complex facility structures.
(g) Low level of past due and/or non-performing loans (NPLs) relative to capital.
(h) Sound credit underwriting and monitoring standards.
(i) The volume of substantive exceptions or overrides to sound underwriting standards poses
minimal risk.
(j) Losses will be absorbed during normal course of business.

28
Moderate Credit Risk …
(a) Current or prospective exposure to loss of earnings or capital does not impact materially
on financial condition.
(b) There is an average probability of adverse impact on earnings or capital, but the losses
could be absorbed in the normal course of business.
(c) Credit related losses do not seriously deplete the bank’s current reserves or necessitate
large provisions relative to earnings.
(d) Exposures do not reflect significant concentration.
(e) Portfolio growth is in accordance with a reasonable plan.
(f) Exceptions to underwriting standards do not pose significant risk.
(g) Volume of NPLs does not pose undue risk to capital and can be resolved within the
normal course of business.

High Credit Risk …

(a) Current or prospective loss of earnings or capital is material.
(b) Credits constitute a significant proportion of the bank’s balance sheet or business activities.
(c) Excessive growth of the portfolio which is not matched by a growth in capital.
(d) Deteriorating macroeconomic conditions.
(e) High concentration of exposures and/or low grade customers.
(f) High levels of non-performing loans (NPLs).
(g) Portfolio return is inadequate to justify the risks being assumed.
(h) Large volume and extent of exceptions to, or violation of, board approved underwriting
standards.
(i) Poor underwriting and monitoring standards.
(j) Collection efforts do not facilitate timely collection.

Low Liquidity Risk …

(a) The bank is not vulnerable to funding difficulties should a material adverse change in
market perception occur.
(b) Earnings and capital exposure from the liquidity risk profile is negligible.
(c) Sources of deposits and borrowings are widely diversified, with no material concentrations.
(d) Ample funding sources and structural cash flow symmetry exist in all tenors.
(e) Stable deposits and a strong market acceptance of the bank’s name offers the bank a
competitive liability cost advantage.
(f) Reasonable alternatives to credit sensitive funding, if relied upon, have been identified by
management and can easily be implemented with no disruption in strategic lines of business.

Moderate Liquidity Risk …

(a) The bank is not excessively vulnerable to funding difficulties should a material adverse
change in market perception occur.
(b) Earnings or capital exposure from the liquidity risk profile is manageable.
(c) Sources of deposits and borrowings are reasonably diverse, but minor concentrations
may exist, and fund providers may be moderately credit sensitive.
(d) Sufficient funding sources and structural balance sheet and cash flow symmetry exist to
provide stable, cost effective liquidity in most environments, without significant disruption
in strategic lines of business.

29
High Liquidity Risk …
(a) The bank’s liquidity profile makes it vulnerable to funding difficulties should a material
adverse change occur.
(b) Significant concentrations of funding may exist, or there may be a significant volume of
providers that are highly credit sensitive.
(c) The bank may currently or potentially experience market resistance, which could impact
its ability to access needed funds at reasonable cost.
(d) There may be an increasing demand for liquidity with declining medium and long term
alternatives.
(e) Potential exposure to loss of earnings or capital due to high liability costs of unplanned
asset reduction may be substantial.
(f) Funding sources and balance sheet structures may currently result in or suggest potential
difficulty in sustaining long term liquidity on a cost effective basis.
(g) Liquidity needs may trigger the necessity for funding alternatives under a contingency
funding plan, including the sale of or disruption in a strategic line of busines

Low Interest Rate Risk …

a) Exposure reflects minimal repricing, basis, yield curve and optional risk.
b) No significant mismatches on longer-term positions exist.
c) The current or future volatility of earnings and capital is relatively insensitive to changes in
interest rates.
d) Interest rate movements will have minimal adverse impact on the earnings and capital of
the bank.

Moderate Interest Rate Risk …

a) Exposure reflects manageable repricing, basis, yield curve and options risk.
b) Mismatches on longer-term positions are managed.
c) The volatility in earnings and capital is not significantly affected by changes in interest
rates.
d) Interest rate movements will not have a significant adverse impact on the earnings and
capital of the bank.
e) The bank has access to a variety of risk management instruments and markets to close or
hedge positions at reasonable cost, given the size, tenor and complexity of open positions.

High Interest Rate Risk …

a) Exposure reflects significant repricing, basis, yield curve and options risk.
b) Significant mismatches on longer-term positions exist.
c) Current or future volatility of earnings and capital due to changes in interest rates is
substantial.
d) Interest rate movements could have a significant adverse impact on the earnings and capital
of the bank.
e) Exposures may be difficult or costly to close out or hedge due to size, complexity or
generally illiquid markets, tenors or products.

Low Foreign Exchange Risk …

a) Exposures to foreign currencies exist, but revaluations or translation adjustments will have
an immaterial impact on capital and earnings.
b) No significant mismatches on longer-term positions denominated in foreign currency exist.

30
Moderate Foreign Exchange Risk …
a) Exposures to foreign currencies exist, but revaluations or translation adjustments are not
expected to have an adverse impact on capital and earnings.
b) Mismatches on longer-term positions denominated in foreign currency are manageable.

High Foreign Exchange Risk …

a) Exposures to foreign currencies could produce revaluations or accounting translation
adjustments that will have a material adverse impact on capital and earnings.
b) Significant mismatches on longer-term positions denominated in foreign currency exist.

Low Operational Risk …

a) The volume and severity of operational, administrative, and accounting control exceptions
is negligible.
b) The volume of transaction processing, complexity of operations, and the state of systems
development expose the bank to negligible reputation risk and loss of earnings or capital.
c) The volume and complexity of products and services expose the bank to minimal risk
from fraud, errors, or processing disruptions.
d) The risk from planned strategic initiatives is minimal.

Moderate Operational Risk …

a) The volume of transaction processing, complexity of operations, and the state of systems
development expose the bank to increased reputation risk and loss of earnings or capital.
b) The volume and complexity of products and services increase risks from fraud, errors, or
processing disruptions.
c) Risk from planned strategic initiatives exists, but is manageable.

High Operational Risk …

a) The volume and severity of operational, administrative, and accounting control exceptions
is significant.
b) The level of transaction processing, complexity of operations, and the state of systems
development expose the bank to significant damage to reputation or loss of earnings and
capital.
c) The volume and complexity of products and services significantly increase potential risks
from fraud or error, processing disruptions, control failure or system development
weaknesses.
d) The risk is heightened by planned strategic initiatives (e.g. conversions, merger integration,
emerging products and technology).
e) External service providers are failing to provide and maintain performance standards that
meet the requirements of the bank.

Low Legal and Compliance Risk …

a) The nature and extent of business activities limit the company’s potential exposure to
violations or non-compliance.
b) The bank has few violations.
c) Violations will not impact reputation, value, earnings or business opportunities.
d) The bank’s history of complaints or litigation is good.

31
Moderate Legal and Compliance Risk …
a) The nature and extent of business activities may increase the potential exposure to violations
or non-compliance.
b) The bank may have violations outstanding, which are correctable in the normal course of
business without impacting on reputation, value, earnings or business opportunities.
c) The bank’s history of complaints or litigation is not a concern.

High Legal and Compliance Risk …

a) The nature and extent of business activities significantly increase the potential for serious
or frequent violations or non-compliance.
b) The bank may have substantive violations outstanding, which could impact on reputation,
value, earnings or business opportunities.
c) The bank may have a history of serious complaints or litigation.

Low Strategic Risk …

a) The impact of strategic decisions or external pressures is expected to nominally affect
image and value of the bank.
b) Exposure reflects strategic goals that are sound, and are very compatible with business
direction and a changing environment.
c) Strategic initiatives are well-conceived, supported by a business plan, and achievable.
d) Management has a successful record in accomplishing their stated strategic goals.
e) Initiatives are supported by sound due diligence and effective risk management systems.
f) Strategic decisions can be reversed with only negligible cost or difficulty.
g) Strategic goals and the corporate culture are effectively communicated and consistently
applied throughout the bank.

Moderate Strategic Risk …

a) The impact of strategic decisions or external pressures is not expected to significantly
affect image and value of the bank.
b) Exposure reflects strategic goals that, although aggressive, are compatible with the business
direction and responsive to changes in the environment.
c) Strategic initiatives are usually well conceived and supported by a business plan.
d) Management has a reasonable record of accomplishing their stated strategic goals.
e) Strategic decisions can be reversed without significant cost or difficulty. The quality of due
diligence and risk management is consistent with the strategic issues confronting the
organisation.
f) Strategic goals and the corporate culture are appropriately communicated and consistently
applied throughout the organisation.
g) Management information systems effectively support the bank’s strategic direction.

High Strategic Risk …

a) The impact of strategic decisions or external pressures is expected to adversely affect
image and value of the bank.
b) Strategic initiatives may be non-existent, overly aggressive, incompatible with the business
direction, or non-responsive to changes in the environment.
c) Strategic decisions may be difficult or costly to reverse.
d) Strategic goals may be non-existent, poorly defined, or fail to consider changes in the
business environment.

32
e) Strategic initiatives may be poorly conceived or inadequately supported by a business
plan.
f) Management does not consistently accomplish their stated strategic goals.
g) Less than effective risk management systems or a lack of adequate due diligence in the
case of new products and services, or acquisitions.
h) Strategic goals and the corporate culture may not be clearly communicated and consistently
applied throughout the organisation.
i) Management information systems may be insufficient to support the bank’s strategic
direction or address a changing environment.

Low Reputation Risk …

a) Vulnerability to changes in market and public perception is nominal due to the bank’s
favourable market and public perception.
b) The level of litigation, losses and customer complaints is minimal.
c) The potential exposure to franchise value is nominal relative to the number of accounts,
the volume of assets under management and the number of affected transactions.
d) Management anticipates and responds well to regulatory, market, or technological changes
that impact on the bank’s reputation.
e) Management is well versed in complex risks and has avoided conflicts of interest and
other legal or control breaches.
f) Management conscientiously observes privacy and confidentiality of client and customer
information.

Moderate Reputation Risk …

a) Administration procedures and processes are satisfactory.
b) Vulnerability to changes in market and public perception is not material given the low level
of litigation, losses and customer complaints.
c) The potential exposure is manageable and commensurate with the volume of business
conducted.
d) Management has a good record of self policing and correcting problems.

High Reputation Risk …

a) Vulnerability to changes in market and public perception is material in light of significant
litigation, large losses, or persistent customer dissatisfaction.
b) The potential exposure may be increased by the number of accounts, the volume of assets
under management, or the number of affected transactions.
c) Management does not anticipate or take timely or appropriate actions in response to
regulatory, market, and technological changes.
d) Weaknesses may be observed in one or more critical operational, administrative or
investment activities.
e) Management has either not initiated or has a poor record of corrective action to address
problems.
f) Poor administration, conflicts of interests and other legal or control breaches may be
evident.
g) Management has poor regard of privacy and confidentiality issues.

33
Stage 5 – Aggregate Risk Management Systems …

9.27 Stage 5 of completing the risk matrix calls for an assessment of the adequacy of risk management
systems per sub-component thereof, and on an aggregate basis for each inherent risk across the
institution. The Aggregate Risk Management Systems rating is obtained by balancing the respective
risk management sub-ratings for the particular inherent risk. Aggregate risk management systems
may be rated as strong, acceptable, or weak.

Stage 6 – Assess Overall Composite Risk …

9.28 The sixth stage in development of a risk matrix calls for an assessment of the Overall Composite
Risk profile per each inherent risk. This is accomplished by balancing the Aggregate Inherent
Risk rating with the Aggregate Risk Management Systems rating for each inherent risk. The
Overall Composite Risk may be characterised as “High”, “Moderate” or “Low”.

9.29 The table below provides guidance regarding the determination of the overall composite risk by
balancing the observed quantity of aggregate inherent risk with the perceived strength of the
related risk management systems.

Overall Composite Risk

9.30 A high overall composite risk generally would be assigned to an activity where the risk
management systems do not significantly mitigate the high aggregate inherent risk. An activity
could potentially result in a financial loss that would have a significant impact on the bank’s overall
condition, even in some cases where the risk management systems are considered strong.

9.31 A moderate overall composite risk generally would be assigned to an activity with moderate
aggregate inherent risk where the risk management systems appropriately mitigate the risk. For
a given low risk area, weak aggregate risk management systems may result in either a low or
moderate overall composite risk assessment. Alternatively, a strong risk management system
may reduce high aggregate risk so that any potential financial loss from the activity would have
only a moderate negative impact on the financial condition of the bank.

9.32 A low overall composite risk generally would be assigned to low inherent risk areas. Moderate
risk areas may be assigned a low overall composite risk where risk management systems are
strong.

34
Stage 7 – Determine Direction of Overall Composite Risk …

9.33 The seventh procedure in the completion of a risk matrix consists of determining the direction of
overall composite risk by each type of inherent risk across the institution. Direction of overall
composite risk is the probable change in the bank’s overall risk profile for each of the overall
composite ratings over the next 12 months and is characterised as decreasing, stable, or
increasing.

9.34 Decreasing direction indicates that the examiner anticipates, based on current information, that
the overall composite risk will decline over the next 12 months’ examination cycle. Such a scenario
reflects decreasing aggregate inherent risks and/or improving risk management systems.

9.35 Increasing direction denotes anticipation of higher risk over the examination cycle. This denotes
that inherent risks may be increasing and/or risk management systems are getting weaker.

9.36 If the inherent risks are stable and/or the risk management systems are unchanged, the direction
of the overall composite risk will be considered stable.

Stage 8 – Determine Institution’s Overall Composite Risk …

9.37 The final stage in completion of a risk matrix is the determination of the entire institution’s overall
inherent risk, overall risk management systems, overall composite risk, and direction of overall
composite risk.

9.38 A bank’s overall inherent risk takes into account aggregate inherent risks across all risk
categories. Overall risk management systems consider all the aggregate risk management
systems across the institution. A bank’s overall composite risk rating is determined by balancing
the overall inherent risk and overall risk management sytems. Direction of overall composite
risk will be assigned to complete the process.

9.39 The eight stages involved in the completion of a risk matrix are illustrated below for the hypothetical
OMEGA Banking Corporation.

35
36
Phase Four – Preparation of the Risk Assessment Narrative

9.40 The Risk Assessment Narrative shows the overall level of risk by inherent risk category and
direction. It also analyses the business activities within each of the inherent risk categories and
evaluates qualitatively the effectiveness of risk management systems. The Risk Assessment
Narrative provides the background to how the overall risk profile for the banking institution has
been derived. The format and content of the Risk Assessment Narrative should be flexible and
tailored to the characteristics of the individual banking institution. In general the risk assessment
should incorporate the following:

a. an overall risk assessment of the banking institutions;

b. state the types of inherent risks, their level and direction;

c. identify all major functions, business lines and products from which significant risks emanate;

d. description of a banking institution’s risk management system; and

e. consider the relationship between the likelihood of an adverse event and its potential
impact on a banking institution.

9.41 The narrative will also contain a comment on the consolidated risk management system and the
internal and external audit function. The format for the risk assessment narrative is tabulated
below, while Appendix 4 provides a complete example of the same.

37
ILLUSTRATIVE FORMAT
FOR A RISK ASSESSMENT NARRATIVE

Banking Institution : ___________________________________________

Reporting Date : ___________________________________________

Internal Risk Assessment System

Assess the adequacy of the risk management systems of the banking institution (BI) in detail, especially
in the four key areas of:
* board and management oversight;
* policies, procedures and limits;
* risk management and monitoring; and
* MIS.

Overall Assessment

Overall Risk Rating :___________________ Date of Update:______________

Direction :___________________

Assess the overall risk rating and general trend of risk of the BI across all its functional areas. Also state
any future plans or prospects of the BI that might affect its risk profile in the near future.

Credit Risk

Credit Risk Rating :___________________ Date of Update:______________

Direction :___________________

Assess credit risk rating and trend across the functional areas in which credit risk is concentrated, e.g.:
* Lending activities
* Treasury activities

Analyse credit risk by sectors of concentration as well as the performance of the NPL portfolio,
comparing with previous periods.

Comment on the adequacy of the risk management systems in mitigating credit risk.

Operational Risk

Overall Risk Rating :_____________________ Date of Update:____________

Direction :_____________________

Assess operational risk and trend across the BI, especially in areas that are prone to high operational
risk, e.g.:
* Branch operations.
* Fraud.
Comment on the adequacy of the risk management systems in mitigating operational risk.

38
Liquidity Risk

Liquidity Risk Rating:______________________ Date of Update:___________

Direction :______________________

Assess liquidity risk and trend across the functional areas of the BI, especially in areas of:
* Asset-Liability Management.
* Inter-bank Borrowings.
* Depositor Structure.

Comment on the adequacy of risk management systems in addressing the liquidity risk of the BI.

Interest Rate Risk

Interest Risk Rating :______________________ Date of Update:___________

Direction :______________________

Assess the interest rate risk rating and the trend across the functional areas of activity in the BI especially
in areas of:
* Treasury (e.g. Investments, Derivatives)

Analyse the effects and trends of interest rates in areas in which the BI has significantly high interest rate
risk.

Comment on the adequacy of risk management systems in addressing the interest rate risk of the BI.

Foreign Exchange Risk

Foreign Exchange Risk Rating :_____________ Date of Update :_________

Direction :_____________

Assess the foreign exchange risk rating and the trend across the functional areas of activity in the BI
especially in areas of:
- Treasury (e.g. Investments, Derivatives)

Analyse the effects and trends of exchange rates in areas in which the BI has significantly high foreign
exchange risk.

Comment on the adequacy of risk management systems in addressing the foreign exchange risk of the
BI.

Legal and Compliance Risk

Overall Risk Rating :_____________________ Date of Update :__________

Direction :_____________________

Assess the legal and compliance risk rating and the trend across the overall BI.

39
Mention any cases of litigation that the BI has been involved in over the review period as well as any
ongoing litigation yet to be resolved.

Comment on the adequacy of the risk management systems in addressing the legal and compliance risk
of the BI.

Reputation Risk

Overall Risk Rating : _________________ Date of Update: _____________

Direction : _________________

Assess the reputation risk rating and the trend across the BI as a whole.

Mention any cases of adverse publicity that the BI has been involved in over the past period.

Comment on the adequacy of the risk management systems in addressing the reputation risk of the BI.

Strategic Risk

Overall Risk Rating : ________________ Date of Update: _____________

Direction : ________________

40
10 PLANNING/SCHEDULING SUPERVISORY WORK –
STEP 3
10.1 Bank examiners should develop and maintain a Supervisory Plan4 that is current and relevant to
a banking institution’s size, complexity and changing risk profile. Generally, a supervisory plan
may be developed yearly and reviewed at least half yearly to reflect new risk trends. A supervisory
plan provides a bridge between the supervisory concerns identified through risk assessment and
the supervisory activities to be conducted. It should incorporate a schedule of off-site and on-
site activities to be undertaken for the given planning horizon.

10.2 To be effective, planning requires an initial statement of objectives and identification of related
strategies for them to be achieved. A good plan should demonstrate that the supervisory concerns
identified in the risk matrix and risk assessment narrative as well as the deficiencies noted in the
previous examination are being, or will be addressed.

10.3 The plan should itemise examination activities per different areas / activities of a bank or group
(i.e. Head Office, Treasury, Subsidiary etc.) to be evaluated, including scope of the review (full
or limited), the objectives, and other supervisory concerns regarding those areas. It should be
institution specific based on an analysis of factors such as the bank’s current condition, results of
operations, and the economic environment.

BLSS Pre-examination Time Line…

10.4 The pre-examination planning effort may be accomplished using both on- and off-site data. It is
critical that this process begin far enough in advance of the examination to allow sufficient time to
request and review the information necessary to develop the scope of the examination.

10.5 As a general guide, the Reserve Bank, via the BLSS arranges for bank management to complete
and submit the Pre-Examination Questionnaire (PEQ) approximately 30 – 45 days in advance
of the examination.

10.6 The Examaner-In-Charge (EIC) should receive the required information within two (2) weeks
from dispatch of the PEQ. Review of the completed PEQ received from the subject bank generally
requires about four (4) days to complete.

10.7 Pre-examination on-site review of sensitive information should be finalised within (2) weeks
after receipt of the PEQ.

10.8 BLSS is required to hold pre-examination prudential meetings with senior management within
one (1) day from the pre-examination on-site review of sensitive bank information.

10.9 The EIC is required to submit the pre-examination plan, preliminary risk assessment, and an
examination scope memorandum to the Chief Bank Examiner (CBE) and Quality Assurance
Committee (QA) five (5) days from receipt of the PEQ.

4
There are two types of supervisory plans: a sector-wide plan and institution specific plans. The industry-wide
supervisory plan prioritises examination resources according to both the relative risk profiles of all banking institutions
on the market and their systemic importance. Institution specific plans are the subject of this section.

41
10.10 A tentative on-site examination plan should be submitted to the Senior Division Chief (SDC)
for approval one (1) day after review by the CBE and QA, and/or within three (3) days from
the pre-examination prudential meeting with bank management.

10.11 The on-site examination should be commissioned within two (2) weeks from receipt of the
PEQ.

10.12 Details of the pre-examination time line are summarized in the table below for easy reference.

Pre-examination Time Line

DATE REQUIRED ACTIVITY

Day 1 Dispatch Pre-Examination Questionnaire (PEQ)
Day 15 Receive completed PEQ from subject bank
Days 16 to 19 Review completed PEQ submitted by bank
Day 20 Submit pre-examination plan & preliminary assessment to
CBE & Quality Assurance (QA)
Day 22 Submit tentative plan, preliminary risk assessment and scope
memorandum to SDC
Day 23 Dispatch letter requesting prudential meeting to bank management
Day 25 Conduct pre-examination prudential meetings with bank management
Days 26 to 29 Conduct on-site review of sensitive information
Day 30 Commission on-site examination of the bank.

10.13 Exceptions to this general policy may include problem institutions or instances where an institution’s
condition is deteriorating rapidly.

10.14 Generally, examinations should be scheduled according to the approved supervisory strategy.
As a matter of policy, on-site examinations should be scheduled as per the following guidelines:
a. banking institutions rated “1” should have on-site examinations within two (2) year intervals;
b. banking institutions rated “2” have on-site examinations within 1½ year intervals;
c. banking institutions rated “3” should have on-site examinations on a 12 month interval;
and
d. banking institutions rated “4” and “5” should have on-site examinations on at most a 6
month interval.

10.15 The table below provides a template for the Supervisory Plan, while Appendix 5 provides a
complete example of the same.

42
ILLUSTRATIVE FORMAT
FOR A SUPERVISORY PLAN

43
44
11 DEFINING EXAMINATION ACTIVITIES – STEP 4
11.1 Prior to each on-site examination, the EIC has the responsibility to define the on-site examination
work. Once the risk assessment and examination planning processes are completed, an
Examination Scope Memorandum (ESM) should be prepared.

11.2 The purpose of the examination scope memorandum is to define details of the on-site examination
activities. It identifies the specific objectives and strategies of the examination and documents the
type and depth of review for specific areas of risk. It should provide a detailed road map to the
examination team and a central point of reference throughout the examination.

11.3 The examination scope memorandum should be tailored to the characteristics of each banking
institution. Therefore, it should vary with the size, complexity and risk profile of the bank; and
from examination to examination.

Contents of an Examination Scope Memorandum

11.4 The scope memorandum must be in writing and should address the following:
a. reasons and objectives of the examination;
b. summary of condition and risk profile of the institution using the CAMELS and the RAS
rating systems;
c. summary of pre-examination meetings outside the bank and any liaison with other divisions;
d. proposed preliminary scope and focus of the examination, i.e. summary of issues to be
investigated or areas to be targeted, and reasons why;
e. areas not included in the scope of the examination, and reasons why;
f. summary of examination procedures to be used/followed;
g. assessment of examination resource needs (i.e. team, work assignments and time budget);
and
h. attachments.

Reasons and Objectives of the Examination …

11.5 The examination scope memorandum should provide a statement of the objectives of the current
examination. Some examples include follow-ups on previous examinations; the bank may be due
for a routine inspection in terms of the supervisory policy; significant changes in management and
shareholding of the institution; and special investigations.

11.6 Generally, adverse matters should be specifically reviewed at the subsequent examination in
order to ensure that appropriate corrective action has been taken.

11.7 An assessment should be made to determine whether the institution has implemented formal risk
management and compliance programs. If it is evident that management oversight provided by
audit, compliance and risk management programs is sound, a reduction in examination scope
may be warranted.

Summary of the Institution’s Risk Profile …

11.8 The scope memorandum should include a brief preliminary assessment of the bank’s condition
and major risk areas that are associated with the bank’s activities. The condition of the institution
should be summarised, in tabular format, based the latest on-site and off-site ratings.

45
 Latest CAMELS Ratings

CAMELS Component On-site as at On-site as at Off-site as

30 March 2003 30 June 2004 30 June 2005
Capital Adequacy 2 2 4
Asset Quality 3 3 3
Management 3 3 3
Earnings & Provisions 1 3 4
Liquidity & Funds Management 2 3 4
Sensitivity to Market Risk 2 - -
Composite Rating 3 3 4

11.9 The scope memorandum should include a summary risk assessment, in tabular format, for each
category of inherent risks.

Latest RAS Ratings

Summary of the Pre-Examination Meeting…

11.10 The results of the pre-examination meeting should be summarized with particular emphasis on the
meeting results that affect examination coverage.

11.11 Pre-examination meetings enable the examiner to obtain management’s perspective about the
condition of the banking institution, economic conditions, internal and external audit programs,
and the risk management process. The meetings should be held close enough to the examination
to ensure that the information discussed remains relevant and usable for the examination.

11.12 Ideally, discussions with management should focus on changes to management; policies; strategic
direction; management information systems; board and management oversight; staff turnover;
key functional areas; key risk issues facing the bank and other significant activities occurring since
the last examination.

Determining Preliminary Scope of Examination …

11.13 As the scope of an examination will vary from year to year, and from banking institution to
banking institution, the examination scope memorandum should provide a statement of the key
issues to be reviewed. It should cover issues raised in the prior examination to monitor progress

46
 made in resolving them. A summary of the bank’s performance since the previous examination is
also useful. Some issues will be drawn from both the risk assessment and supervisory plan.

11.14 In determining the scope of examination, the following Matrix for the various functional areas will
assist:

Determining Scope of the Examination

11.15 The preliminary scope may also be adjusted, expanded, contracted or otherwise refined once
the on-site examination begins, as a result of additional information obtained from discussions
with management, review of policies and procedures, internal control reports, files and ledgers.

11.16 Examiners also utilise information submitted via the Pre-Examination Questionnaire (PEQ) in
planning examination procedures and resources and make any necessary changes in the preliminary
scope.

Summary of Examination Procedures …

11.17 The scope memorandum should outline the procedures to be performed in relation to the significant
areas to be reviewed during an examination. It should specifically detail issues to be investigated
or areas to be targeted during the examination process. For instance, the memorandum should
specify the anticipated loan coverage, and special facilities to be targeted.

11.18 Examination procedures may be eliminated or enhanced based on the risk assessment or the
adequacy of the audit and internal control environment. Sufficient coverage of a bank’s activities
by the bank’s auditing function, for instance, could result in the elimination of certain procedures
if the audit and internal control environments are deemed satisfactory.

Determine Resource Requirements …

11.19 Pre-examination planning affords the EIC an opportunity to assess examination resource
requirements (team composition, work assignments and time budget); make team participants
lodging arrangements; prepare a memorandum to team participants regarding their participation

47
 on the examination; and prepare a customised entry-letter to the bank being examined to
communicate the dates of the examination.

11.20 Particular emphasis should be placed on ensuring appropriate personnel are assigned to the high
risk areas identified in the bank’s risk assessment.

Factors to consider in Pre-Examination Planning …

11.21 Attain goals and objectives - The examination effort should be directed towards attaining the
supervisory goals and objectives. Examination objectives should be situational based on the
bank’s current condition and economic environment.

11.22 Plan for optimum productivity - The EIC should plan opportunities for meetings with examination
staff and banking institution personnel, arrange adequate workspace for the examination team,
and prioritise and schedule workflow.

11.23 Make assignments and monitor job - The EIC must determine the expertise necessary to
perform certain aspects of the examination and make assignments accordingly. When assigning
more than one individual to an assignment, a Team Leader should be appointed to ensure its
completion. Training and development needs should also be considered when making assignments.

11.24 Budget and monitor overall time - The EIC must consider the time budget when assigning
tasks. A useful tool for improved planning is a Resource Allocation Schedule organized according
to sections of the examination and budgeted timeframes. As the examination progresses, the time
budget may be modified.

11.25 Assign priorities - The EIC should assign priorities to each area. Ordinarily this can be
accomplished by assigning related areas to one team leader who subsequently coordinates the
work of others. Pooling examiner resources may help reduce burden and redundancies.

THE ENTRY LETTER

11.26 Prior to the start of an examination, bank management should be advised, by way of an Entry
Letter, of the dates, objectives, scope and information requirements in respect of the upcoming
examination. An entry letter directs bank management to provide specified information in respect
of the key examination areas.

11.27 In a risk-based supervision framework, an entry letter should be customised depending on the
risk profile of the particular banking institution, scope of the examination, and activities to be
performed. In other words, an entry letter should reflect the risk-based supervision objectives
and scope of the examination.

11.28 Examiners should take care to minimise regulatory burden associated with burdensome requests.
Entry letters should not request information already available to the regulatory authorities, say via
periodic statutory returns, unless, in cases where the information has changed since the previous
examination or inspection. Information that is not easily reproduced should be reviewed on-site
(e.g. policies and corporate minutes). Further, information requests that could easily and efficiently
be made orally during the on-site examination need not be called for in advance, unless it will
assist in planning the scope of the examination.

11.29 Examiners should allow management sufficient time to prepare the requested information, so
that documents will be available when the examination team arrives.

48
12 PERFORMING ON-SITE EXAMINATION – STEP 5
Examination Entrance Meetings…
12.1 At the beginning of each examination, an Examination Entrance Meeting should be held at the
bank’s premises between senior management of the bank and designated senior members of the
Bank Licensing, Supervision & Surveillance Division (BLSS). The purpose of the meeting will
be to formally commission the examination, indicate scope and focus of the examination, highlight
previous examination concerns; explain how examiners will conduct the examination; provide
details on the roles of the participating examiners; and answer any questions from the bank.

Examination Procedures …
12.2 Examination procedures should reflect the risk profile of each banking institution. The inspection
team should perform procedures tailored to fit the Risk Assessment prepared and the Scope
Memorandum. Further guidance would be found in the BLSS Examination Manual (forthcoming).

BANK RATING SYSTEMS

12.3 The Reserve Bank uses the CAMELS uniform bank rating system and the Risk Assessment
System (RAS) to determine the financial and general condition of a banking institution on an
individual basis (Solo Supervision). Consolidated Supervision uses, the RFI/C(D) rating system
to assess the condition of the group. Details of the RAS are provided in Section 7 of this framework.

CAMELS ASSESSMENT

12.4 A bank’s CAMELS Composite Rating integrates ratings assigned to the six key individual
components of the system, namely: Capital adequacy, Asset quality, Management capability,
Earnings quantity and quality, Liquidity adequacy, and Sensitivity to market risk. Composite and
component ratings range from “1” to “5”. All banking institutions are assigned CAMELS rating
whether they operate on a stand alone basis or as part of a banking group.

12.5 A bank rated “1” has the highest and best rating, and poses the least supervisory concern. A “5”
rating is the lowest and worst rating, indicating the most critically deficient level of performance
and inadequate risk management practices relative to the institution’s size, complexity and risk
profile. A “5” rated banking institution is at risk of failing and poses the greatest supervisory
concern. Detailed definitions of the composite ratings are discussed below:

Composite Rating “1”, “Strong” …

12.6 Banking institutions in this group are sound in every respect and generally have components rated
“1” or “2”. Any weaknesses are minor and can be handled in a routine manner by the board of
directors and management. These banking institutions are the most capable of withstanding the
vagaries of business conditions and are resistant to outside influences such as economic instability
in their trade area. These banking institutions are in substantial compliance with laws and
regulations. As a result, these financial institutions exhibit the strongest performance and risk
management practices relative to the institution’s size, complexity, and risk profile, and give no
cause for supervisory concern.

49
Composite Rating “2”, “Satisfactory” …
12.7 Banking institutions in this group are fundamentally sound. For a banking institution to receive this
rating, generally no component rating should be more than “3”. Only moderate weaknesses are
present and are well within the board of directors’ and management’s capabilities and willingness
to correct. These banking institutions are stable and are capable of withstanding business
fluctuations. These banking institutions are in substantial compliance with laws and regulations.
Overall risk management practices are satisfactory relative to the institution’s size, complexity,
and risk profile. There are no material supervisory concerns and, as a result, the supervisory
response is informal and limited.

Composite Rating “3”, “Fair” …

12.8 Banking institutions in this group exhibit some degree of supervisory concern in one or more of
the component areas. These banking institutions exhibit a combination of weaknesses that may
range from moderate to severe; however, the magnitude of the deficiencies generally will not
cause a component to be rated more severely than “4”. Management may lack the ability or
willingness to effectively address weaknesses within appropriate time frames. Banking institutions
in this group generally are less capable of withstanding business fluctuations and are more vulnerable
to outside influences than those institutions rated a composite “1” or “2”. Additionally, these
banking institutions may be in significant non-compliance with laws and regulations. Risk
management practices may be less than satisfactory relative to the institution’s size, complexity,
and risk profile. These banking institutions require more than normal supervision, which may
include formal or informal enforcement actions. Failure appears unlikely, given the overall strength
and financial capacity of these institutions.

Composite Rating “4”, “weak” …

12.9 Banking institutions in this group generally exhibit unsafe and unsound practices or conditions.
There are serious financial or managerial deficiencies that result in unsatisfactory performance.
The problems range from severe to critically deficient. The weaknesses and problems are not
being satisfactorily addressed or resolved by the board of directors and management. Banking
institutions in this group generally are not capable of withstanding business fluctuations. There
may be significant non-compliance with laws and regulations. Risk management practices are
generally unacceptable relative to the institution’s size, complexity, and risk profile. Close
supervisory attention is required, which means, in most cases, formal enforcement action is
necessary to address the problems. Institutions in this group pose a risk to the deposit insurance
fund. Failure is a distinct possibility if the problems and weaknesses are not satisfactorily addressed
and resolved.

Composite Rating “5”, “Critical” …

12.10 Banking institutions in this group exhibit extremely unsafe and unsound practices or conditions;
exhibit a critically deficient performance; often contain inadequate risk management practices
relative to the institution’s size, complexity, and risk profile; and are of the greatest supervisory
concern. The volume and severity of problems are beyond management’s ability or willingness to
control or correct. Immediate outside financial or other assistance is needed in order for the
financial institution to be viable. Ongoing supervisory attention is necessary. Institutions in this
group pose a significant risk to the deposit insurance fund and failure is highly probable.

50
Component Ratings …
12.11 A list of the principal evaluation factors that are taken into account in respect of each component,
is provided hereunder, in no particular order of importance. Definitions of each rating per
component are provided below under the section dealing with the format of the examination
report.

Capital Adequacy …
12.12 The capital adequacy of an institution is rated based upon, but not limited to, an assessment of the
following evaluation factors:
a. the level and quality of capital and the overall financial condition of the institution;
b. the ability of management to address emerging needs for additional capital;
c. the nature, trend, and volume of problem assets, and the adequacy of allowances for loan
and lease losses and other valuation reserves;
d. balance sheet composition, including the nature and amount of intangible assets, market
risk, concentration risk, and risks associated with non-traditional activities;
e. risk exposure represented by off-balance sheet activities;
f. the quality and strength of earnings, and the reasonableness of dividends;
g. prospects and plans for growth, as well as past experience in managing growth; and
h. access to capital markets and other sources of capital, including support provided by a
parent holding company.

Asset Quality …
12.13 The asset quality of a financial institution is rated based upon, but not limited to, an assessment of
the following evaluation factors:
a. the adequacy of underwriting standards, soundness of credit administration practices, and
appropriateness of risk identification practices;
b. the level, distribution, severity, and trend of problem, classified, non-accrual, restructured,
delinquent, and non-performing assets for both on- and off-balance sheet transactions;
c. the adequacy of the allowance for loan and lease losses and other asset valuation reserves;
d. the credit risk arising from or reduced by off-balance sheet transactions, such as unfunded
commitments, credit derivatives, commercial and standby letters of credit, and lines of
credit;
e. the diversification and quality of the loan and investment portfolios;
f. the extent of securities underwriting activities and exposure to counter-parties in trading
activities;
g. the existence of asset concentrations;
h. the adequacy of loan and investment policies, procedures, and practices;
i. the ability of management to properly administer its assets, including the timely identification
and collection of problem assets;
j. the adequacy of internal controls and management information systems; and
k. the volume and nature of credit documentation exceptions.

Management …
12.14 The capability and performance of management and the board of directors is rated based upon,
but not limited to, an assessment of the following evaluation factors:
a. the level and quality of oversight and support of all institution activities by the board of
directors and management;

51
 b. the ability of the board of directors and management, in their respective roles, to plan for,
and respond to, risks that may arise from changing business conditions or the initiation of
new activities or products;
c. the adequacies of, and conformance with, appropriate internal policies and controls
addressing the operations and risks of significant activities;
d. the accuracy, timeliness, and effectiveness of management information and risk monitoring
systems appropriate for the institution’s size, complexity, and risk profile;
e. the adequacy of audits and internal controls to: promote effective operations and reliable
financial and regulatory reporting; safeguard assets; and ensure compliance with laws,
regulations, and internal policies;
f. compliance with laws and regulations;
g. responsiveness to recommendations from auditors and supervisory authorities;
h. management depth and succession;
i. the extent that the board of directors and management is affected by, or susceptible to,
dominant influence or concentration of authority;
j. reasonableness of compensation policies and avoidance of self-dealing;
k. demonstrated willingness to serve the legitimate banking needs of the community; and
l. the overall performance of the institution and its risk profile.

Earnings …
12.15 The rating of an institution’s earnings is based upon, but not limited to, an assessment of the
following evaluation factors:
a. the level of earnings, including trends and stability;
b. the ability to provide for adequate capital through retained earnings;
c. the quality and sources of earnings;
d. the level of expenses in relation to operations;
e. the adequacy of the budgeting systems, forecasting processes, and MIS in general;
f. the adequacy of provisions to maintain the allowance for loan and lease losses and other
valuation allowance accounts; and
g. the earnings exposure to market risk such as interest rate, foreign exchange, and price
risks.

Liquidity …
12.16 Liquidity is rated based upon, but not limited to, an assessment of the following evaluation factors:
a. the adequacy of liquidity sources compared to present and future needs and the ability of
the institution to meet liquidity needs without adversely affecting its operations or condition;
b. the availability of assets readily convertible to cash without undue loss;
c. access to money markets and other sources of funding;
d. the level of diversification of funding sources, both on- and off-balance sheet;
e. the degree of reliance on short-term, volatile sources of funds, including borrowings and
brokered deposits, and lender of last resort facilities to fund longer term assets;
f. the trend and stability of deposits;
g. the ability to securitise and sell certain pools of assets; and
h. the capability of management to properly identify, measure, monitor, and control the
institution’s liquidity position, including the effectiveness of funds management strategies,
liquidity policies, management information systems, and contingency funding plans.

52
 Sensitivity to Market Risk …
12.17 Market risk is rated based upon, but not limited to, an assessment of the following evaluation
factors:
a. the sensitivity of the financial institution’s earnings or the economic value of capital to
adverse changes in interest rates, foreign exchange rates, commodity prices, or equity
prices;
b. the ability of management to identify, measure, monitor, and control exposure to market
risk given the institution’s size, complexity, and risk profile;
c. the nature and complexity of interest rate risk exposure arising from non-trading positions;
and
d. where appropriate, the nature and complexity of market risk exposure arising from trading
and foreign operations.

RFI/(C)D ASSESSMENT

12.18 Each Bank Holding Company (BHC) is assigned a composite rating on the basis of the RFI/
(C)D rating system; where; R is Risk Management, F stands for Financial Condition, I represent
Impact of non-banking entities on the depository subsidiaries institutions, C is the Composite
Rating, and D denotes a summary rating of banking institutions in the group. A suffix P is added
to the rating of D to indicate the presence and number of problem banks, e.g. 2P.

12.19 Rating of each of the above-mentioned components, except for I, is based on a scale of numerical
or descriptive scale of “1” to “5”.

Risk Management (R) …

12.20 Evaluation of Risk Management assesses the ability of a Bank Holding Company (BHC)’s
board and senior management, as appropriate for their respective positions, to identify, monitor,
and control risk.

12.21 The “R” rating underscores the importance of the control environment, taking into account the
complexity of the organization and the risks inherent in its activities.

12.22 The rating is supported by four sub-components, namely:

a. board and senior management oversight;
b. policies, procedures and limits;
c. risk monitoring and Management Information Systems; and
d. internal controls.

Financial Condition (F)…

12.23 Evaluation of the “F” component considers the consolidated organisation’s financial strength.

12.24 It focuses on the ability of the BHC’s resources to support the level of risk associated with
activities.

12.25 The sub-components of “F” are: Capital Adequacy, Asset Quality, Earnings and Liquidity, or
“CAEL” for short. The sub-components maybe evaluated on sectoral basis, prior to consolidation,
to take into account sectoral differences in standards.

53
Impact (I)…
12.26 The Impact Component (I) denotes the potential impact of non-bank entities on banking entities.
Examination staff is required to evaluate the degree to which current or potential issues within the
non-banking entities present a threat to the safety and soundness of the subsidiary banking
institution(s).

12.27 The evaluation should cover both the risk management practices and financial condition of the
non-banking entities; an analysis that will borrow heavily from the analysis of “R” and “F”
components. The rating focuses on the aggregate not individual impact.

12.28 The descriptive definitions of the numerical ratings for “I” are different from those of the other
components, and are as follows:
a. low likelihood of significant negative impact;
b. limited likelihood of significant negative impact;
c. moderate likelihood of significant negative impact;
d. considerable likelihood of significant negative impact; and
e. high likelihood of significant negative impact.

12.29 The Depository Institutions (D) Component is based on the weighted average CAMELS
composite ratings of banking institutions. It stands outside the composite rating although risk
management and financial factors are included in composite “R” and “F” ratings, which are then
factored into the composite rating. A problem bank identifier is added, denoted by “P”, to
identify the number of problem banks in a group (e g. 2P)

MANAGING AN EXAMINATION

12.30 Managing an examination is as important as planning it. The level and sophistication of management
methods and procedures varies depending on the activities to be performed and the size and
nature of the banking institution.

12.31 The EIC has a responsibility to ensure that supervisory objectives are met and activities are
completed timely. To accomplish these goals, the EIC must continually monitor the progress of
the examination and supervise, coordinate, and evaluate the work flow.

12.32 Some of the key elements the EIC should consider during the course of the examination are
discussed hereunder:
a. Communicate examination objectives – The EIC should ensure that examiners
understand the objectives of the examination and their assigned programs. It is also
important to avoid material deviations from the examination scope into unplanned activities.
Therefore, examiners should not vary from the scope or depth of the examination unless
the EIC determines that such procedures are necessary to address potential risks.
b. Ongoing communication between the EIC and team participants is critical to effective
examination management.
c. Monitor staff performance - Examiners’ performance should be monitored throughout
the examination to ensure objectives are being met according to schedule and to prevent
problems from developing. Early identification of work-related problems also allows
examiners the opportunity to correct mistakes and to immediately improve skills.

54
 d. Monitor the examination - Monitoring the examination’s progress allows early
adjustments to the scope, staffing, and completion date, as necessary. BLSS senior
management should be advised if examination scope adjustments are necessary.
e. Training and evaluating examiners - Examiners may frequently need guidance,
depending on their experience and ability. The EIC should encourage questions and ensure
that someone is available to provide guidance.
f. Communicate effectively – The EIC should also maintain effective communication with
BLSS, Senior Management and the banking institution, regarding the examination’s
progress.
g. Complete work papers - Prepare, file, index, and review working papers to facilitate
efficient preparation of the examination report.
h. Out-brief examiners - The out-briefing process is critical to the conclusion of the on-
site examination effort. As the field work draws to a close, the EIC must have a complete
understanding of the work performed and issues identified by each team member. Ideally,
the EIC will monitor all team members’ activities during the examination hence the out-
briefing may be minimal. The out-briefing should provide an orderly transfer of examination
materials, such as working papers, reference material, time sheets, etc., from the participant
to the EIC or the EIC’s designee. The EIC should also be informed of any additional
items requested during the examination that should be added to the pre-examination request
list for the next examination.

WORKING PAPERS

12.33 Working papers should be prepared for every area reviewed during the examination in order to
document examination procedures and support conclusions. They must provide sufficient
documentation for a reviewer to understand what was done, why it was done, and how conclusions
were reached. Objectives, findings, risks associated with deficiencies, conclusion and
recommendations should be clearly outlined in working papers.

12.34 The working papers for each area should contain only essential information that supports
conclusions, violations of law or regulations, or any applicable corrective actions. The working
papers should also clarify what needs to be done about the conclusions, either by the banking
institution concerned or the examiner.

12.35 The EIC should review all examination-related working papers prior to leaving the examination
to ensure that examination findings are accurate and well documented. The review should ensure
that the overall quality of working papers is consistent with BLSS standards.

12.36 Working papers should support examination findings and be subjected to peer review and quality
validation by the Team Leader, Examiner-in-Charge, Head of Division and/or Quality Assurance
Committee.

12.37 Working papers are the property of BLSS and should not be released to external parties without
prior authorisation. Therefore, examiners must secure working papers at all times. Examiners in
addition must maintain control over all sensitive examination-related information on their portable
computers. Following the completion of the examination, examiners and staff should promptly
remove examination-related information from their portable computers.

55
12.38 If working papers are electronic, they should be stored and/or shared in a manner that protects
the confidentially of the documents.

12.39 The templates for various working papers used by bank examiners during on-site examinations
are provided in the BLSS Examination Manual.

POST EXAMINATION TIME LINE

12.40 BLSS employs the following time line to ensure effective and prompt scheduling of its post on-
site examination activities:
a. Three (3) days after last day of examination the EIC should submit the provisional report
of examination to the Chief Bank Examiner or Senior Division Chief for approval.
b. Five (5) days after last day of on-site examination submit report to Quality Assurance
Committee for review and approval.
c. Eight (8) days after last day of on-site examination hold exit meeting with bank.
d. Two (2) days after exit meeting submit report to the Deputy Governor / Governor for
consideration and approval.
e. One (1) day after approval by the Governor submit draft report to the board of directors
of the bank.
f. Fourteen (14) days after release of final report receive Acknowledgement Form signed
by directors of the bank.
g. Two (2) months after release of final report, receive responses to recommendations arising
from the report and, depending on the condition of the bank, follow-up.

The salient features of the Post Examination Time Line are tabulated below for easy reference.

Post Examination Timeline

DATE ACTIVITY REQUIRED
Day 1 End of on-site Examination
Day 3 Submission of provisional report to the Chief Bank Examiner
or Senior Division Chief
Day 5 Onward submission of the provisional report to Quality Assurance
Committee for review and approval
Day 8 Exit meetings to be held with the institution
Day 10 Submission of the report to the Deputy Governor or Governor
for consideration and approval
One day after approval After the Governor’s approval, submit draft report to the board
by the Governor of directors of the institution
14 days after release Receipt of Acknowledge Form signed by directors of the institution
of final report after release of final report

60 days after release Receipt of responses to recommendations arising from the report
of final report depending on the condition of the institution, follow-up after release of
the final report

56
PRESENTATION OF EXAMINATION FINDINGS

12.41 The examination team should follow a three-tier reporting system, whereby examination findings
will be presented to the functional head; senior management in an exit meeting; and the bank’s
board of directors.

12.42 Procedurally, sectional reports must be prepared, discussed and signed by the bank’s line
management. Each area examined should have a report signed by the bank management and at
least two members of the assigned examination team. Subsequently, an exit meeting with
management must be held to discuss all major issues that will be included in the final report of
examination.

EXAMINATION REPORT

12.43 An Examination Report is the Reserve Bank’s primary vehicle for communicating examination
findings in writing to a bank’s board of directors. The report should define the objectives and
focus of the examination, state conclusions, and identify any significant problems, corrective
action, and timeframes for corrective action.

12.44 The objectives of a Report of Examination are:

a. to inform the board and management of the examiners’assessment of the banking institution’s
condition, risks, and adequacy of risk management systems;
b. recommend to the banking institution’s management on the corrective measures which
need to be taken and timeframes for corrective action; and
c. serve as a permanent record of evaluation of the overall condition of a banking institution
to be used for future reference.

12.45 A Report of Examination should be objective, lucid, concise and communicate supervisory
concerns and recommendations that correlate to the risk profile of the banking institution.
Supervisory ratings should be disclosed and they should reflect the adequacy of the risk management
systems/structures in light of the quantity and types of risks identified. The Examination Report
should contain both qualitative and quantitative factors.

12.46 Appendix 7 provides a template for a risk-based supervision report of examination. Excerpts of
the imaginary Omega Banking Corporation’s Examination Report in Appendix 8 provide further
practical guidance.

12.47 The examination report comprises three mutually reinforcing sections, namely: Executive Summary,
Core Assessment, and the Supplementary Sections.

12.48 The Executive Summary section provides the Institutional Overview; Objectives and Scope of
Examination; Overall Condition; Matters Requiring Attention; CAMELS ratings and results of
the Risk Assessment.

12.49 An institutional overview considers the bank’s shareholding, areas of supervisory concerns as
well as an assessment of the bank’s potential impact on the entire financial system in the event of
distress. Significance of a banking institution and its potential impact on the fincial system is
appraised quantitatively by rank and market share in terms of total assets, total loans and advances,

57
 and total deposits. Banking institutions with a market share of ten percent and above in any
category are considered as high impact institutions; between five and ten percent, medium impact
institutions; and below five percent, low impact institutions.

12.50 A bank’s overall risk rating should be tabulated in terms of both the RAS and the CAMELS
ratings. The RAS rating should comprise of a brief commentary on a bank’s overall composite
risk and its direction, and supportive commentary on the level of inherent risk and the quality of
risk management systems.

12.51 The CAMELS rating in the executive summary comprise of a table of comparative component
ratings, a brief commentary on rating differentials, and basis for current ratings.

12.52 For avoidance of doubt, risk-based supervision does not replace the CAMELS rating system.
The bank’s current condition will still be summarized and reported using the CAMELS rating
system, with all components disclosed, but the report’s focus will be on significant risk areas.
CAMELS components not subject of the current on-site examination are assigned ratings
based on results of off-site analysis and/or prudential meetings with bank officials.

12.53 Under risk-based supervision, the bulk of the examination report should however focus on
matters of significant supervisory concern in order to communicate the examiners’ analysis,
conclusions, and recommendations.

12.54 The Matters Requiring Attention sub-section itemises corrective actions required to address
supervisory concerns, and priority of their implementation.

12.55 The Core Assessment section consists of a detailed Risk Management Review (using RAS)
and a CAMELS assessment. The section starts with the Risk Management Review in order to
underscore the primacy of risk management.

12.56 Examiners should ensure that there is no duplication in their comments on the various inherent
risks in the CAMELS write-up, as well as the Risk Assessment write-up.

12.57 The CAMELS write-up should cover the macro aspects of the inherent risks. The RAS write-
up should include the micro aspects of the various inherent risks. A RAS assessment focuses on
the overall risk rating, direction of composite risk and rationale, the level and quality of risk
management systems.

12.58 An evaluation of CAMELS components should provide a brief description of the examiners’
significant finding(s); where necessary state the impact or risk of the finding(s) to the banking
institution’s operations; and recommendations.

12.59 The report should indicate management’s response to the examiners’ findings and
recommendations. Additional examiners’ comments are required in the event management of the
banking institution rebuts or disagrees with the examiners’ comments and/or recommendations.
The examiners’ additional comments indicate the Reserve Bank’s position on the matter raised
so that all parties are aware of and adhere to the final decision.

58
12.60 Appropriate writing style should be used in compiling the report. The report should reflect the
risk profile of the banking institution. Ideally stress tests results should be analyzed under the
appropriate “CAELS” component, and not in a separate section.

12.61 Examiners are also expected to comment on the prospects of the institution under consideration.

12.62 The Supplementary Section provides schedules, tables, and other reports which support findings
and conclusions of the examination. A comparative balance sheet, comparative income statement,
and a statement of changes in capital structure are also dealt with in this section.

12.63 Analysis of Changes in Capital Structure is mandatory if: (i) the bank has a financial subsidiary;
or (ii) there is a change in the capital category as a result of the examination; or (iii) the ratios
supporting the capital category in the examination are not derived from the bank’s statutory
return as of the same date. Exception (iii) could occur if the examination ratios were calculated at
a date other than a quarter end, or, if calculated at quarter-end, the numbers were adjusted/
changed from those filed in the return.

12.64 Loan Write-up Summaries, if any, should indicate the name of the client, exposure and
classification. A description of facility terms, value of collateral, current status, weaknesses,
management action should be provided.

QUALITY ASSURANCE

12.65 The Reserve Bank has a Quality Assurance process, within BLSS in particular, and the Bank in
general, that is designed to ensure consistent, high quality banking supervision, and conformity to
international best practice. BLSS Quality Assurance programs incorporate both ongoing quality
control processes, which ensure that work products are in compliance with established procedures
and policies, and an after-the-fact review of material to assess the effectiveness of policies and
procedures. The latter process should not amount to a re-examination of the bank.

12.66 Quality Assurance covers all aspects of banking supervision on a continuous basis, and may
provide a basis for changes in policies. All key reports are subjected to a formal review as shown
overleaf.

12.67 The Quality Assurance process ensures that the supervisory process is administered in a fair and
equitable manner. In other words similar findings are treated similarly.

12.68 Disagreements which arise between examiners and the bank during the supervisory process
should be resolved fairly and expeditiously, in an amicable manner.

12.69 Where disputes cannot be resolved, an appeal maybe made to RBZ senior management, on
merit, and not as an avenue to frivolous negotiation of ratings.

59
Name of Report
………………………………........................................……………..

Prepared By ….......................................………Checked By…….......…............……..

Approved By……...................………...

60
EXIT MEETING WITH MANAGEMENT

12.71 At the completion of each examination, BLSS will meet bank management to discuss examination
findings, conclusions, and recommendations based upon the CAMELS and Risk Assessment of
the institution; discuss potential courses of action to address deficiencies; and to obtain
management’s commitment, including timeframes, to any recommended corrective action(s).

12.72 The EIC arranges the exit meeting and prepares an agenda. The agenda should include the main
issues contained in the draft examination report. All potential attendees should be informed of the
meeting time and location well before the meeting date.

12.73 Prior to conducting an exit meeting, the EIC should discuss, or ensure discussion of all sectional
reports, with lower and mid-level management of the banking institution. Attendants should
include at least two examiners, one of them being the Team Leader responsible for examination
of the function in question. Each functional area examined should have a report signed by the
bank management and at least two members of the examination team.

12.74 The examiner-in-charge should review all the draft sectional reports before they are presented
to functional management for discussions. Further, the EIC should research any disagreements
arising from sectional meetings before the exit meeting to validate the examination concerns and
to build additional support where needed.

12.75 Above all, the EIC should, prior to the exit meeting, discuss the significant examination findings
with appropriate Reserve Bank senior management to ensure that BLSS policy is consistently
applied, and that Reserve Bank senior management supports the examiners’ conclusions and
corrective actions as necessary and appropriate.

12.76 The draft report may also be presented to the BLSS Quality Assurance team before being
discussed with bank management.

BOARD MEETING

12.77 A meeting with the bank’s Board of Directors would be held after each on-site examination.
Meetings with the board are an important part of the supervisory process, and should be conducted
with the utmost professionalism. The board meeting also serves as a good forum for board
members to ask questions or comment on various issues.

12.78 Generally, at meetings with directors, examiners discuss BLSS objectives and methodologies;
strategic issues and growth of the bank; risks facing the bank and matters of supervisory concerns;
the bank’s success or failure in correcting deficiencies identified in previous examinations; the
impact of failing to correct deficiencies; corrective action to be taken; what the bank is doing well
and industry issues affecting the bank.

12.79 Prior to presentation of examination findings to a banking institution’s board of directors, Reserve
Bank senior management should be advised via a memorandum providing dates when examination
was conducted; details of the exit meeting with management; overall CAMELS assessment
(narrative and comparative table of ratings); summary table of results of Risk Assessments; matters
requiring attention and recommendations. A copy of the complete examination report should also
be attached.

61
12.80 The presentation to the board requires mandatory attendance of the board Chairperson and
Chief Executive Officer, as well as a board quorum. The board meeting would be the last meeting
to discuss examination findings before the final report is produced.

12.81 All significant issues to be included in the final report should be discussed at this meeting. If there
are any recent developments or the bank has carried out corrective action after the completion of
the examination, the examination team should verify the new developments as soon as possible
before finalising the report.

12.82 The report should be finalised within two weeks after the discussion of the report with the board
of directors. The bank would be given two weeks in which to acknowledge receipt, study, and
review the final report. The final report should be signed for acknowledgement by each and
every one of the board members.

PROMPT CORRECTIVE ACTION PROGRAMS

12.83 Despite the best efforts of authorities to properly license, supervise and regulate banking
institutions, the potential for problem banks always exists, hence the importance of a well defined
policy framework for timely and effective supervision of problem banks.

12.84 The Reserve Bank has put in place a framework for Prompt Corrective Actions (PCAs) whose
primary role is to ensure early recognition of problems in banking institutions and to ensure that
there is effective supervision and monitoring of troubled banks.

12.85 PCAs programs are automatic rules that serve to contain regulatory forbearance and are meant
to lead to expeditious supervisory action at least cost to depositors, creditors and the economy.
The system of PCAs is based on pre-structured early intervention rules, as opposed to examiners’
discretion, and will be used as part of both the on-site and off-site supervision.

12.86 PCAs are also designed to achieve a number of objectives, including the following:
a. facilitate prompt corrective actions on weak banking institutions;
b. strengthen the banking system and promote sound banking practices;
c. develop permanent solutions for troubled banking institutions; and
d. maintain financial stability and promote economic development and growth.

12.87 Banks will be grouped into different categories based on their financial and general condition, as
depicted by CAMELS and Risk Assessment composite and component ratings. An appropriate
strategy (e.g. informal agreement to correct weaknesses, formal corrective order, merger/sale,
capital demand, closure and liquidation etc.) will then be applied, depending on the severity of
the problems or deficiencies.

12.88 Details of the supervisory benchmarks, and the respective mandatory PCAs are provided in the
revised Reserve Bank “Troubled & Insolvent Bank Policy”.

12.89 In all cases, the Reserve Bank will require involvement of boards of directors and senior
management, and, where necessary, principal shareholders, in developing and implementing
appropriate corrective action programs for a troubled banking institution.

62
12.90 Progressively harsher corrective measures will be used and may culminate in mandatory closure
and liquidation of troubled, insolvent, or imminently insolvent banks whose deficiencies cannot
be resolved within a defined period.

12.91 In certain cases, monetary penalties will be levied in terms of the Banking Act as read with the
Banking Regulations to achieve a remedial purpose; and to provide a deterrent to future
misconduct. If the Reserve Bank determines that criminal proceedings as provided under the Act
are necessary to achieve results, recommendations will be made to law enforcement agencies for
prosecution of the bank, any one or more of its employees, officers, directors or shareholders,
or any other responsible person(s).

12.92 A Civil Penalties Framework may also be deployed once finalised.

63
13 CONDUCTING OFF-SITE EXAMINATION – STEP 6
13.1 The Reserve Bank places great emphasis on developing and implementing sophisticated, up-to-
date, in accordance with international standards, off-site analysis to achieve “continuous supervision”
and on-going risk-assessment of banking institutions.

13.2 The off-site function provides for periodic analyses of individual financial institutions and the
banking sector’s financial condition, performance, and risk management practices on the basis of
quantitative and qualitative information furnished by reporting institutions through the medium of
standardised statutory returns. Apart from prudential returns other sources of information include
internal management reports and published financial information.

Benefits of Off-site Analysis …

13.3 Off-site monitoring surveillance renders a number of advantages to the supervisory process,
including the following:
a. off-site surveillance provides a basis for evaluating the condition of banking institutions in-
between on-site examinations. This helps in early identification of problems so that prompt
corrective action can be taken;
b. off-site surveillance is less costly than on-site supervision in terms of time and resource
commitments. It contributes to a more efficient use of resources as on-site inspections are
prioritised to high risk entities and/or activities;
c. off-site monitoring allows for peer review and assessment of the banking sector as a
whole;
d. off-site surveillance facilitates monitoring of compliance with corrective actions; and
e. off-site monitoring provides valuable input in formulation of economic policies, given the
relationship between financial sector soundness and macroeconomic policy.

13.4 The similarities and differences between off-site and on-site surveillance are summarised in the
tabled below:

64
13.5 It should be emphasised that off-site monitoring is employed as a supplement and not a substitute
to on-site examinations. Both approaches have their own advantages and disadvantages.

Off-site Surveillance Tools and Methodologies …

13.6 The individual Off-site Surveillance tools used to detect areas of supervisory concern include
CAMELS and RAS Assessments; Early Warning Systems; Stress Testing Methodologies; Prompt
Corrective Action programs; and Prudential Meetings.

13.7 The major outputs of Off-site Surveillance are Quarterly Off-site Analysis reports based on the
CAMELS and Risk Assessment systems; quarterly Board Reports; quarterly Status of the Banking
Sector Reports; half-yearly Financial Stability Reports (forthcoming); ad-hoc Troubled Banking
Institutions Reports; and a weekly Status Reports.

65
 Quarterly Off-site Analysis Process

QUARTERLY OFF-SITE ANALYSIS

13.8 The framework for off-site analysis comprises of a number of stages involving data collection;
preliminary analysis and validation; detailed analysis and report writing.

13.9 The table above provides an overview of some of the processes involved, and their respective
results. Details of the off-site analysis framework are briefly discussed hereunder:

Stage One: Data Collection …

13.10 The Reserve Bank has powers to collect prudential data on a routine reporting and ad-hoc
basis. Some of the returns are required to be completed on both a solo and consolidated basis.
A list of some of the returns, including frequency of submission, and circumstances under which
they are required is tabulated below:

66
 Periodic Returns

13.11 Regular statutory returns; e.g. Return of Financial Condition & Performance (Form BSD1),
and Consolidated Return of Financial Condition & Performance (Form CS1), are sub-divided
into a number of schedules, and cover information on assets and liabilities, profit and loss, off-
balance sheet items, capital adequacy, liquidity, large exposures, loan classification, foreign exchange
position, market and operational risk.

13.12 The accuracy of the information and the quality of information technology (IT) systems used to
produce prudential records is subject to a mandatory, formal annual IT Certification by a bank’s
external auditors, and may be verified by direct Computer-Based Auditing during Reserve Bank
on-site examinations.

13.13 All banking institutions are required to submit prudential reports and returns within specified
timeframes as delays may result in industry-wide distortions (e.g. in the computation financial
ratios).

13.14 It is incumbent upon the examiner to ensure that all the requisite returns are received from banks
by due date and in the prescribed manner and format. Where necessary appropriate action
should be taken to enforce compliance or co-operation from the bank.

Stage Two: Preliminary Analysis and Validation …

13.15 Once all the information is available, the next stage involves automated (IT-assisted) processing
of data from all reporting banking institutions and preliminary aggregation of results, including
calculation of all the basic ratios for the evaluation of a bank’s condition.

13.16 It is important for data to be input accurately and to be checked for large variances before use.
Validity and quality edits are performed to verify the integrity of data in the system.

67
13.17 Validity edits are performed first to ensure that numbers add right. The examiners have to fix
the errors by proof-reading their keying and/or by calling the institution to get corrected data.
Items that appear on more than one schedule are cross-checked to ensure that those numbers
reconcile. Where the cross referenced figures do not reconcile, this is indicative of an error.

13.18 Quality edits consist of comparison of the values for an item between reporting periods i.e. the
current reporting period and the last period. Unexplained large variances should be verified and
the basis sought from the respective bank.

Stage 3: Detailed Analysis and Report Writing …

13.19 This step involves compiling the report. The report should flow logically clearly showing the
bank’s condition and performance over the period under review. If it is the financial year end,
undertake an annual analysis and give an overall description of the institution. Concise reports
(one to two pages) are required.

13.20 Appropriate writing style should be used in compiling the report. The examiner should bring
out the main point in the first line of the paragraph and provide adequate support comments
which should provide sufficient facts to justify the ratings assigned. For instance, strong performance
will signify performance well above or significantly better than peer average, and/or regulatory
minima.

13.21 The examiner should address all appropriate factors/related factors for each component rating
using adequate written comments which are grammatically correct, clearly written and well
organised.

13.22 The actual report should focus on material changes. Emphasis should be placed on issues
rather than ratios. For example, it’s no use indicating that specific provisions rose by 50%
without putting the issue into perspective and indicating the factors.

13.23 The examiner should consider the level of ratios when evaluating component ratings by comparing
ratios to available benchmarks e.g. peer group and regulatory minima.

13.24 Identification of meaningful trends since the last examination and determination of the direction
of the trend will also be crucial in making an assessment of the condition of the institution. The
examiner should be able to identify why (cause) a level is high or low or a trend is up or down.
Any comments made should address the analytical reasons for change.

13.25 The examiner should review the gross dollar volume and determine if the volume is significant,
or abnormal. Ratios based on insignificant dollar amounts should not be given undue emphasis.

13.26 Management intentions are essential in establishing the strategic intent of the institution thus
examiners, where necessary, should include material comments on any known management
intentions. Examiners should also comment on the prospects of the institution under consideration.

13.27 In concluding the report, an examiner must indicate the supervisory action required based on
the analysis.

13.28 The examiner should also indicate the results of any stress tests carried out on the institution as
well as analyse them and the potential impact on the institution. If any projections or assumptions
are made by examiners, then these should be summarised.

68
Quarterly Off-site Analysis Report Format …
13.30 The Reserve Bank uses the CAMELS rating system (for solo supervision), Risk Assessment
System, and the RFI/C (D) Bank Holding Company rating system (used for consolidated
supervision) to evaluate the safety and soundness of banking institutions. Details of the CAMELS,
RAS, and RFI/C (D) have already been discussed in sections covering on-site examination.

13.31 The quarterly off-site report should make use of analytical reviews and results of econometric
models. Analytical reviews are a combination of financial ratios, derived from quarterly bank
balance sheets and income statements.

13.32 When undertaking analytical reviews, supervisors draw on their experience to weigh the information
content of these ratios. Econometric models also combine information from bank financial ratios
but relies more on statistical tests rather than human judgment to summarise bank condition. To
improve the quality of analysis and decisions, models should not be used mechanically.

13.33 The structure of a typical Quarterly Off-site Analysis Report, as tabulated below, includes an
indication of the overall condition; market share, ranking and significant developments; supervisory
actions in place or pending; current supervisory strategy; assessment of CAMELS factors and
stress testing; compliance to supervisory actions; matters requiring attention; and recommendations
for follow-up.

69
 OFF-SITE ANALYSIS REPORT FORMAT

[Face cover]

[Table of Ratios ]

1. OVERALL CONDITION ...................................................................................

2. MARKET SHARE, RANKING & SIGNIFICANT DEVELOPMENTS ........

3. SUPERVISORY ACTIONS IN PLACE OR PENDING ...................................

4. CURRENT SUPERVISORY STRATEGY .........................................................

5. ASSESSMENT OF CAMELS FACTORS & STRESS TESTING ...................

5.1 Capital Adequacy .............................................................................................
5.2 Asset Quality ....................................................................................................
5.3 Management and Corporate Governance ..........................................................
5.4 Earnings ............................................................................................................
5.5 Liquidity and Funds Management .....................................................................
5.6 Sensitivity to Market Risk ................................................................................

6. COMPLIANCE TO SUPERVISORY ACTIONS ..............................................

6.1 Type of Action ..................................................................................................
6.2 Major Provisions ..............................................................................................
6.3 Compliance Status ............................................................................................

7. MATTERS REQUIRING ATTENTION ...........................................................

8. RECOMMENDATIONS FOR FOLLOW-UP ...................................................

13.34 The overall condition should encompass the overall composite CAMELS rating of the bank.
Discussion of the CAMELS components should take into account the respective stress testing
results per component (and respective market share where applicable) over and above the usual
evaluation factors. In addition to discussion of issues, trends, causes, impact, and prospects,
reference should also be made to supervisory and internal benchmarks. See Table of Key
Indicators below for guidance. Supervisory concerns should be in line with the risk profile of the
institution.

13.35 As discussed before, key reports are subjected to a formal review.

70
Table of Selected Key Indicators

71
PRUDENTIAL MEETINGS

13.36 In a risk-based supervision framework, bank examiners may hold a number of prudential meetings
with banking institutions to get an insight into their risk management systems; financial condition
and performance; business prospects; and matters of concern. The frequency of prudential meetings
varies among banking institutions depending on their CAMELS and Risk Assessment ratings,
track record, internal and external environmental factors.

13.37 As a matter of policy, prudential meetings should be scheduled as per the following guidelines:
a. banking institutions rated "1" should have one prudential meeting per year;
b. banking institutions rated "2" should have prudential meetings twice a year; and
c. banking institutions rated "3" to "5" should have quarterly prudential meetings.

CO-OPERATION WITH INTERNAL AND EXTERNAL AUDITORS

13.38 The Reserve Bank requires banking institutions to maintain a proper internal audit function as
part of an effective system of internal controls. Banking institutions are also required to establish
a board audit committee to oversee the operations of the internal audit function, which should
have independent reporting lines.

13.39 The Reserve Bank also expects external auditors to share any adverse findings of audits with
bank examiners. A copy of the management latter should be submitted directly to the Reserve
Bank at the conclusion of every audit.

13.40 Each banking institution is expected to publish audited financial statements within ninety days
from the end of each financial year. External auditors are also expected to certify the authenticity
of informational databases maintained by financial institutions on an annual basis.

EARLY WARNING SYSTEMS

13.41 Many off-site analysis systems and tools are readily described as "early warning systems." Early
warning systems help to identify problem banks for early intervention, and are also useful in
scheduling and prioritising examinations. In any early warning system the quality of data and
depth of analysis are very important in order to draw the right conclusions. Back testing of
models also helps to improve the quality of early warning systems deployed.

13.42 The Reserve Bank's early warning system makes use of macro-prudential indicators, in the form
of the IMF Financial Soundness Indicators (FSIs), over and above the usual CAMELS indicators.
FSIs are sub-divided into the Core Set, which is mandatory, and the Encouraged Set which can
be used at the discretion of national regulatory authorities.

13.43 The table overleaf summarises the FSIs adopted, or on the verge of being adopted by the
Reserve Bank in its off-site analysis of banking institutions. BLSS will use off-site analysis as a
pre-emptive tool to identify weak institutions.

72
Financial Soundness Indicators

73
13.44 The Off-site Analysis Reports will henceforth incorporate variables listed on the FSIs Core Set
and the Encouraged Set.

13.45 Results of early warning systems, just like those of economic models should not be used
mechanically but subjected to qualitative evaluation. It must be noted that some early warning
systems are just "warning lamps" at best due to time lags between the data delivery and the
period the data actually cover. Data quality may depend on submissions from the banks.

PRE-EMPTIVE STRATEGIES

13.46 The paradigm shift to enhanced risk-based supervision will be complimented by an array of pre-
emptive and market stabilisation strategies. The pre-emptive strategies will focus on financial
stability, stress testing, early warning systems, and prompt corrective action programs.

Financial Stability Reports…

13.47 The challenge to maintain financial stability is an on-going process which should not be limited to
the banking sector activities alone.

13.48 The Reserve Bank will publish Financial Stability Reports (FSRs) bi-annually. The objective is
to assess the condition of the Zimbabwean financial system, taking into account significant
developments in the financial sector and the greater economy, as well as international developments
with a bearing on financial stability as follows: international and domestic macroeconomic
environment; financial sector structure and condition; developments in the non-bank financial
sector and real sector; local and international regulatory developments.

Stress Testing Framework…

13.49 The Reserve Bank now employs a number of stress testing methodologies to assess the ability of
individual banks and the entire financial sector to withstand shocks. Stress testing methodologies
are deployed as part of the arsenal in use to assess stability of the financial sector. Stress testing
measures financial system's ability to withstand shocks.

13.50 The Reserve Bank uses stress testing models that encompass several risk factors such as interest
rate, exchange rate, credit, liquidity, and operational risk shocks. The major objective is
to assess impact of shocks on a bank's (i) earnings [income effect] and (ii) capital [economic
value of equity].

13.51 Conceptually, stress testing maybe conducted by the supervisors or the individual banking
institutions using uni-variate and/or multi-variate models.

Stress Testing Dimensions

Uni-variate Stress testing Multi-variate Stress testing

Bank Level XXX XXX
Industry Level XXX XXX
13.52 Multi-variate stress tests involve a wide range of economic shocks. They are useful for assessing
financial sector resilience and models. Bank level stress tests have the disadvantage of being
difficult to compare as they are based on different methodologies. As a result the development of
standard reporting format becomes difficult where reliance is placed on bank level stress tests.

74
13.53 With effect from 31 December 2006, the Reserve Bank's stress testing methodologies are
carried out assuming three different hypothetical scenarios as follows:
a. Minor Level Shocks: These represent small shocks to the risk factors. The level for
different risk factors can, however, vary;
b. Moderate Level Shocks: It envisages medium level of shocks and the level is defined in
each risk factor separately; and
c. Major Level Shocks: It involves big shocks to all the risk factors and is also defined
separately for each risk factor.

13.54 The major objective is to assess impact of shocks on a bank's earnings (income effect) and
capital (economic value of equity).

13.55 The Reserve Bank uses various forms of stress testing models including:
a. Sensitivity Analysis;
b. Scenario Analysis; and
c. Interbank Contagion Models

13.56 Simple sensitivity analysis measures the change in the value of a portfolio from shocks of various
degrees to different independent risk factors while the underlying relationships among the risk
factors are not considered. For example, the shock might be the adverse movement of interest
rate by 10 percentage points and 20 percentage points. Its impact will be measured only on the
dependent variable e.g. capital or earnings.

13.57 Scenario analysis encompasses the situation where a change in one risk factor affects a number
of other risk factors or there is a simultaneous move in a group of risk factors. Scenarios can be
designed to encompass both movements in a group of risk factors and the changes in the underlying
relationships between these variables (for example correlations and volatilities). Stress testing
can be based on historical scenarios, a backward looking approach, hypothetical scenario, or a
forward-looking approach.

13.58 Extreme value/maximum shock scenario measures the change in the risk factor in the worst-case
scenario, i.e. the level of shock which entirely wipes out the capital.

Stress Testing Interest Rate Risk …

13.59 The Reserve Bank will periodically advise banking institutions of interest rate shocks to be used
under three different scenarios, namely minor, moderate and major level shocks. The level of
shocks will depend on the prevailing economic fundamentals.

13.60 On the international arena, the Basel Committee has recommended a standard 2% interest
shock (scenario 2), or a rate equivalent to 99 percentile (or 1 percentile) using five year data.
Financial Stability Assessment Programs (FSAP) use shocks between 0.5% and 3%. Low
inflation countries usually adopt standard shocks of 1%, 2% and 5% for the three scenarios.

Stress Testing Exchange rate shock …

13.61 From time to time banking institutions will be advised of the applicable shocks to be adopted
given the underlying economic fundamentals.

13.62 Internationally the Derivatives Policy Group assumes at least a 6% depreciation for major world
currencies and 20% for other currencies. FSAP missions often assume between depreciations
between 5% and 15%. The Basel Committee uses exchange rate swings of 8% to calculate
capital charges.

75
 Stress Testing Credit shock …
13.63 The stress tests for credit risk assess the impact of an increase in the level of non-performing
loans of the banking institution. This involves three types of shocks:
a. The first one deals with the increase in the level of non-performing loans (NPLs) and the
respective provisioning.
b. The second one deals with the negative shift in the NPLs categories and the increase in
respective provisioning required.
c. The third deals with the fall in the forced sale value (FSV) of mortgaged collateral.

13.64 The market will be advised periodically of the applicable shocks.

Stress Testing Liquidity Risk …

13.65 Liquidity shocks comes in two types: name-specific and a market-wide liquidity crisis. The latter
is also known as bank-to-bank contagion of liquidity stress. Under a name-specific crisis an
institution should survive a 5 days liquidity crisis without Lender of Last Resort (LOLR) facilities.

13.66 Under market-wide crisis, it is important to account for correlations between liquidity shocks
and other shocks that may indirectly affect liquidity, such as interest rate and exchange rate
shocks. Various shocks may be applied to the bank's liquid assets depending on market conditions.

Stress Testing Operational Risk …

13.67 Banking institutions will be required to report on a new measure of operational risk, called Cost
of Operational Risk (COOR5).

Early Warning Systems …

13.68 Early warning systems will continue to be used to identify problem banks for early intervention;
and prioritising on-site examinations.

13.69 The diagram below provides an example of stress testing results:

5
One way of defining the Cost of Operational Risk (COOR) is :
COOR = Operational Losses + Costs Associated with administering the Operation Risk Function +
Insurance Costs-Recoveries From Insurance and Income from Other Activities.

76
 Stress Testing
XYZ Bank Ltd
For the half year ended …………..2005

77
Other Stress Testing Models Under Consideration …
13.70 The Reserve Bank is in the process of developing additional econometric models to assess
financial stability, including:
a. Probit (simple and stepwise versions);
b. Logit (simple and stepwise versions);
c. Contagion models; and
d. Merton models

13.71 Logit and Probit models are econometric models that are used to model the probability of an
institution failing. The inputs into the models are major financial soundness indicators of a given
institution and the model outputs are the corresponding failure probabilities of the given institution.

13.72 The main differences in the models are the distributional assumptions of the sources of randomness
in the models:
a. The Probit model assumes that the residuals are normally distributed and develops a
probability function based on the standard normal distribution; and
b. The Logit model assumes a logistic distribution which differs from that of the normal
distribution in the tails of the distribution. Logit models are currently standard among off-
site analysis models, both in their practical application by regulators and in the academic
literature.

13.73 The Merton model is also used to measure the probability of an institution failing within a given
time frame. The distributional assumptions and the stochastic dynamics underlying this model are
different from both the Logit and the Probit models and the model brings in a different dimension
in the off-site analysis toolkit.

13.74 There are essentially three steps in determining the probability of failure using the Merton model:
a. Estimate asset values, and the asset volatility of the institution. The distress barrier
is found by adding the short term liabilities and half the long term liabilities adjusted for
interest due within the period under consideration.
b. Calculate the distance to default, and this is done by using the asset values, volatility
and the current values of the liabilities; and
c. Calculate the probability of failure from the distance to default. This can be calculated
in two ways, (i) using empirical scale of default probabilities or (ii) using a function,
parameters of which are estimated empirically.

13.75 Interbank Contagion Stress testing complements the standard set of stress tests by measuring
the risk that the failure of a bank or a group of banks will trigger the failure of other banks within
the system.

13.76 There are two basic types of inter-bank stress tests:

a. The pure inter-bank stress test, answers the question of whether the failure of any bank
(or group of banks) would bring down other banks in the system. It identifies banks that
are potential sources of systemic risk.
b. The integrated inter-bank stress test, where the banking system is first subjected to
macro shocks which could trigger a failure of a bank or a group of banks. The inter-bank
stress test is run to assess the impact of additional failures through inter-bank exposures,
as in the pure inter-bank stress test.

78
13.77 The key element of inter-bank contagion stress test calculations is a matrix of bilateral inter-bank
exposures;

13.78 The cells of the matrix contain the gross bilateral inter-bank exposures between banks, defined
as all uncollateralized lending from one bank to another, covering all on- and off-balance sheet
exposures. Each row in the matrix corresponds to a bank and the cells in the row give its gross
inter-bank exposure to every other bank in the inter-bank market, as depicted by each column.

79
APPENDIX 1 – RISK EVALUATION FACTORS

80
81
82
83
84
85
86
 APPENDIX 2 –

OMEGA BANKING CORPORATION

INSTITUTIONAL PROFILE

87
 STRICTLY CONFIDENTIAL

OMEGA BANKING CORPORATION LIMITED

INSTITUTIONAL PROFILE
Contact Details

Head Office: OBC House

59 Bank Avenue
P.O. Box 555
Galaxia
Tel No. 912345
Fax No. 912456

Contact Person: Mrs. V. King (Company Secretary)

e-mail address: vking @obc.com

Chairman: Mr. L. Johnson

Cell: 0242222222

Chief Executive Officer: Mr. J. Lionel

Cell: 0241111111

Date Operations
Commenced in Galaxia: 1980

Lawyers: Richard & Lucy Legal Practitioners

External Auditors: Simeons Chartered Accountants

30 June 2006

Prepared by ...................................... Date ............................................

Reviewed by ........... ……………….. Date ..........................…………..

Approved by ........... ……………….. Date ..........................…………..

88
TABLE OF CONTENTS
A. OVERALL CONDITION ........................................................................................... 90
B. RISK ASSESSMENT SUMMARY ........................................................................... 90
C. CORPORATE PROFILE ........................................................................................... 90
C.1 BACKGROUND................................................................................................ 90
C.2 SHAREHOLDING STRUCTURE ...................................................................... 91
C.3 CAPITAL STRUCTURE .................................................................................... 91
C.4 RELATED ORGANIZATIONS .......................................................................... 92
C.5 VISION/MISSION/STRATEGIES ..................................................................... 92
C.6 KEY FUNCTIONAL LINES.............................................................................. 92
C.7 RISK MANAGEMENT FRAMEWORK ........................................................... 96
C.8 BRANCH NETWORK .................................................................................... 101
C.9 STAFF COMPLIMENT ................................................................................... 101
C.10 EXTERNAL AUDITORS AND LAWYERS ..................................................... 101
C.11 BOARD OF DIRECTORS ............................................................................... 101
C.12 SENIOR MANAGEMENT .............................................................................. 103
C.13 BOARD COMMITTEES.................................................................................. 103
C.14 MANAGEMENT COMMITTEES… ............................................................... 106
C.15 OVERVIEW OF MANAGEMENT .................................................................. 108
C.16 TOP TEN BORROWERS AS AT 30 JUNE 2006 ............................................. 108
C.17 TOP TEN DEPOSITORS AS AT 30 JUNE 2006 ............................................. 109
C.18 INDUSTRY RANKINGS AS AT 30 JUNE 2006 ............................................. 109

D. EXAMINATION RESULTS, AUDIT FINDINGS AND EXTERNAL

CREDIT RATING .................................................................................................... 109
D.1 RESULTS OF PAST ON-SITE EXAMINATIONS ......................................... 109
D.2 SIGNIFICANT FINDINGS OF THE LAST ON-SITE EXAMINATION ....... 109
D.3 EXTERNAL AUDIT AND INTERNAL AUDIT FINDINGS ............................. 110
D.4 EXTERNAL CREDIT RATING ......................................................................... 111

E. OFF-SITE ANALYSIS AS AT 30 JUNE 2006 .......................................................... 111

E.1 SUPERVISORY CONCERNS .......................................................................... 112

F. NON-COMPLIANCE WITH REGULATORY AND

SUPERVISORY REQUIREMENTS ........................................................................ 112

G. ENVIRONMENTAL CONSIDERATIONS ............................................................ 113

H. FINANCIAL STABILITY AND STRESS TESTING ASSESSMENT ................... 113

H.1 STRESS TESTING RESULTS AS AT 30 JUNE 2006 ....................................... 113
H.2 FINANCIAL STABILITY CONSIDERATIONS............................................... 113
H.3 FUTURE PROSPECTS ..................................................................................... 114

I. ATTACHMENTS ....................................................................................................... 114

89
A. OVERALL CONDITION
A.1 The overall composite risk of Omega Banking Corporation (hereafter referred to as the bank/the
institution/OBC) is high, and the direction of risk is increasing. The bank’s risk management
systems are weak and its policies and procedures are inadequate.

A.2 Board and senior management oversight is considered inadequate as management has failed to
address liquidity and profitability challenges faced by the bank since 2003 when it almost collapsed
as a result of a huge exposure to the now defunct Nexus Investment Company.

A.3 The bank’s market share in terms of deposits decreased from 5.20% in June 2005 to 1.62% as
at 30 June 2006 as a result of the liquidity and profitability challenges faced by the bank since
2003 which made deposit mobilisation difficult for the institution.

B. RISK ASSESSMENT SUMMARY

C. CORPORATE PROFILE
C.1 BACKGROUND
i. OBC is 100% owned by OBC Holdings Limited which is based in Galaxia and listed on
the Galaxia Stock Exchange.
ii. OBC Bank had total assets of about Peso10.93 trillion as at 30 June 2006.
iii. OBC Bank has fifteen branches and eight ATMs countrywide.

90
 OBC HOLDINGS GROUP STRUCTURE

C.2 SHAREHOLDING STRUCTURE

i. OBC Limited is owned 100% by OBC Holdings Limited, a company listed on the Galaxia Stock
Exchange. The table below shows OBC Holdings shareholding structure as at 30 June 2006.

Name of Shareholder No. of shares held %

Galaxy National Pension Fund 24,620,000 24.62
Platinum Nominees 20,310,000 20.31
Venus Shipping Company (Private) Limited 17,120,000 17.12
Mercury Industrial Company 15,250,000 15.25
SolarGold Authority Pension Fund 9,700,000 9.70
Other 13,000,000 13.00
Total 100,000,000 100.00

C.3 CAPITAL STRUCTURE

i) The bank is under-capitalised and the core capital structure is as follows:
ITEM Jun-05 Mar-06 June 2006
(Peso b) (Peso b) (Peso b)
Ordinary Paid-Up Share Capital 0.11 0.11 0.12
Irredeemable Preference Shares - -
Share Premium 2.85 2.86 5.76
Retained Earnings - Prior Years 2.70 481.60 481.60
Retained Earnings - Current Year -14.07 -95.23 -338.89
Other Reserves 0 80.43 148.59
Total -8.41 308.91 297.17

91
C.4 RELATED ORGANIZATIONS

Organisation Shareholding (%)

OBC Asset Management (Pvt) Ltd 100%
OBC Stock Brokers 65%
OBC Nominees 100%
OBC Trust Company 80%

C.5 VISION/MISSION/STRATEGIES

i) Vision
• To become the leading financial service provider in Galaxia.

ii) Mission
• Maximise stakeholder value through innovative strategies centered on effective and efficient
employment of resources and excellent service delivery.

iii) Values
• Honesty, integrity and uprightness
• Maximising stakeholder value
• Transparency in whatever we do in the name of the bank
• Commitment to teamwork and cooperation
• Respect for one another without discrimination
• Clients and customer focused
• Accountability
• Professionalism

iv) Strategic Goals and Initiatives

• To provide excellent service and ensure customer satisfaction.
• Sustained growth and profitability.
• To take advantage of technological advancement for enhancement of efficiency.

C.6 KEY FUNCTIONAL LINES

i) The key functional lines of the institution are divided into:
• Corporate and International Banking which includes -Corporate Finance, Leasing and
Agri-Business;
• Retail Banking; and
• Treasury.

ii) These functional lines are supported by the following support services:
• Risk Management;
• Finance;
• Marketing;
• Human Resources;
• Information Technology;
• Legal and Corporate Governance; and
• Internal Audit.

92
Retail Banking…

iii) The bank offers retail banking services through its network of 15 branches in Galaxia. The
branch managers report to the Head of Retail Banking.

iv) The bank offers the following products through retail banking:
• ATMs;
• Current and Savings Accounts;
• Time Deposits;
• Trade Finance Products;
• Loans and Overdrafts;
• Electronic Banking Products;
• Foreign Currency Accounts;
• Visa; and
• Safe Custody.

Corporate and International Banking…

v) The corporate banking division consists of account relationship managers who are in charge of
servicing large corporate and institutional clients. The main products offered by the division are:
• Loans and Overdrafts;
• Bankers Acceptances (Borrowing);
• Foreign Currency Accounts;
• Import and Export Financing;
• Letters of Credit and Letters of Guarantee;
• Call and Current Accounts;
• Project Finance;
• New Share Issues and Rights Issues; and
• Agricultural Loans and Overdrafts.

Treasury Operations…

vi) The Treasury division offers the following products:

• Negotiable Certificates of Deposits (NCDs);
• Notice Deposits;
• Money Market Investment Products;
• Dealing in foreign currency;
• Forward Rate Agreements (FRAs);
• Bankers Acceptances (BAs);
• Treasury Bills (TBs); and
• Correspondent Banking.

Risk Management and Operations…

vii) The bank has a centralised Risk Management Department which is responsible for the management
of all risks. The department reports to ALCO on the management of market and liquidity risk.
The Risk Management department functionally reports to the Board Risk Management Committee
and administratively to the Managing Director.

93
Centralised Operations…

viii) The division has four units namely: Item processing (for branches in Luxia, Annexa and Fauna),
reconciliations, centralized ledgers and treasury operations. Treasury operations is a treasury
back office function. All units report to Heads of Departments who then report to the Operations
Director.

ix) The following activities are done in item processing:

• Processing of outward and inward clearing cheques;
• Processing of payroll instructions from corporate clients;
• Imaging of cheque vouchers; and
• Generation of clients’ statements.

x) The activities of the Centralised Ledgers are highlighted below:

• Scanning and capturing signatures and mandates;
• Technical validation of vouchers;
• Effect stop payment instructions from all branches;
• Archiving vouchers;
• Processing inward unpaid vouchers; and
• Effect call-back and tick-back checks.

xi) Centralised Reconciliations carries out reconciliations for all bank suspense accounts i.e. both
Nostro and local currency accounts. However, reconciliations are done manually in Excel, by
officers, checked by the Head of Department and reviewed by the Operations Director. Any
outstanding issues on suspense accounts are referred to the Executive Risk Committee comprising
of Heads of Departments.

Finance and Administration Division…

xii) The Finance & Administration division is under the Head of Finance & Administration who
reports to the Chief Finance Officer. The division has a staff compliment of fifteen (15). There are
three distinctive units under Finance and Administration and these are:

xiii) The Finance Unit - this is involved in financial control and management accounting.

xiv) The Salaries and Payroll Unit - which is involved in the processing of salaries and other benefits
for all the employees in the bank.

xv) The Administration Unit - responsible for the daily in house management of the institution.

Legal and Compliance Department…

xvi) The legal function of the bank is carried out by the Head of Legal and Compliance, with the
assistance of external lawyers.

xvii) Compliance issues are a departmental operational issue and the Compliance Officer’s primary
role is to monitor effectiveness.

94
xviii) The department has put in place monitoring tools in the form of two registers. One is a register of
every compliance issue whilst the other is a tick-off register specifying what each department is
supposed to do. Each department has an individual responsible for monitoring compliance.
Depending on the level of risk involved, this can be the sole duty or just one of the duties of the
individual concerned.

xix) On a quarterly basis the board receives two separate reports on compliance issues for the bank
and the holding company.

xx) The compliance function is audited by the bank’s Internal Audit as required by the Corporate
Governance Guideline.

xxi) All new product proposals are scrutinised by the Business Development Committee and are also
signed off by the Legal and Compliance department.

xxii) Training in compliance issues is part of initial and routine on the job training for all bank employees.
External sources of training are sought for specialised needs such as those to do with money
laundering and exchange control, which are often provided by the Central Bank.

Internal Audit Division…

xxiii) The head of Internal Audit reports functionally to the Audit Committee Chairman, and
administratively to the Managing Director. In the absence of the Managing Director, Audit reports
to the Chief Financial Officer.

xxiv) The division currently has seven staff members. The role of Internal Audit is to assist management
in the execution of their responsibilities through the following activities:
• reviewing reliability and integrity of financial and operating information and the means
used to identify, measure, classify and report such information;
• monitoring the process of risk management and corporate governance;
• assessing the existence of and compliance with systems of internal control;
• assisting in improving the effectiveness and efficiency of corporate activities; and
• reviewing the means of safeguarding corporate assets.

xxv) The department’s functions are guided by the Audit Charter which sets the role, authority and
responsibilities of the internal audit department. Further, the charter outlines the approach, scope,
reporting lines, independence and objectivity, rights of the department and obligations of business
heads to ensure that audit discharges its duties well. The department also has an audit manual
which details the procedures to be followed in conducting audits.

95
C.7 RISK MANAGEMENT FRAMEWORK
Credit Risk Management…

i) The bank has put in place a comprehensive credit policy which has been approved by the Board
Loans Review Committee. The credit policy sets out the policies for the conduct of credit facilities
in the following units:
• Corporate Banking;
• Treasury; and
• Retail Banking.

ii) In addition to the credit policy, a Corporate Banking procedure manual is also in place which
details the credit analysis and facilities application, credit administration, product activities, security,
undertakings, opening of new accounts, returns and bank reports produced.

iii) To manage credit risk, the institution has the following controls in place:
• independent Credit Compliance Unit chaired by the Head of Risk which checks for
anomalies on a daily basis;
• produces excess reports;
• produces facility letters and ensures that covenants are being respected; and
• receives periodic returns from each portfolio manager.

iv) Documentation relating to the credit approval granting process is handled by the risk management
department. Lending units receive communication via email on their respective portfolios. The
approved application is signed by the approving committee and a copy of the approval is kept by
the business unit. Risk management department also verifies terms as per facility letters against
actual conditions on disbursements.

v) To ensure effective credit risk management the bank has put in place four credit committees with
different approval limits. The Risk Management Committee has an approval limit of up to Peso300
billion. This committee comprises of the Head of Risk and head of the functional area generating
the credit file. Head of Risk has the final say in this committee. Risk management is also responsible
for provisioning, grading and sectorial analysis as well as securities administration. The onus to
check compliance with facility conditions lies with the risk management function. Credit classification
is done manually by scoring.

vi) The Executive Credit Committee has a limit of up to Peso900 billion. The committee comprises
of the Risk Management Committee as well as the Managing Director and Financial Director.
The Board Credit Committee lends out amounts in excess of Peso900 billion. This committee is
comprised of the Executive Credit Committee and two specific non executive directors.

vii) Further, the bank has set up an independent Loans Review Committee which sits quarterly and is
provided with a board pack containing sectorial spread, grading, progress on recoveries and
provisions. The committee approves grading and makes recommendations on the portfolios. In
terms of composition, the committee has three non- executive directors and the director of
corporate banking as members.

96
viii) The bank has set a Recoveries Unit, which reports to the Head of Risk. The decision to migrate
a loan to Recoveries can be made by the business unit or risk department, through the use of
early warning indicators.

Credit origination and approval

ix) The bank’s Corporate Banking division is mainly responsible for credit origination. The division,
through relationship managers or analysts, does an initial evaluation process where they visit the
client and produce a call report, summarising the issues discussed.

x) The call report is then submitted to the respective portfolio manager who then forwards to the
Head of Corporate Banking. If the head is satisfied that the client has potential repeat business,
the analyst will prepare a detailed credit appraisal to be forwarded to the Risk Management
Division, after approval by the Head of Corporate Banking. The credit appraisal will be discussed
by the Risk Management Committee, Executive Credit Committee or the Board Credit Committee
depending on the loan amount.

xi) During the credit appraisal process the analyst is required to collect all relevant information from
the client, which includes but is not limited to:
• audited financial statements for the past three years;
• latest management accounts;
• projected income statements and balance sheet;
• age analysis of debtors and creditors;
• progress report on the performance of the company and the customer’s prospects for the
coming year;
• changes in management and shareholding structure if any; and
• details of other borrowings, type of facility, utilisation and security offered.

xii) The approval process takes a maximum of two weeks, which is also part of the bank’s competitive
advantage.

Operational Risk…

i) The bank has put in place an Operational Risk Policy Manual, which comprehensively covers all
key controls in business processes. The manual identifies the role of business units and departments
and the role of the internal audit department in reviewing implementation and adherence to the
manual.

ii) Further, the Risk Management Division has also identified key risk indicators, which indicate the
level of risk in a particular area of a business or function. The key risk indicators are generally
split into elements i.e. generic (which will usually be common across a whole business or function)
and business or departmental specific (which are usually customised by the unit in consultation
with Risk and Audit). An Operational Risk Report is also produced for the individual business
units on a monthly basis and discussed in the Risk Management Committee meetings.

iii) The bank manages operational risk with emphasis being placed on transaction risk. In this regard
the bank has identified areas where operational risk is considered high. Further, at branch level,
there are also Operations Managers to manage operational risk. Treasury Back Office reports to

97
 the Risk Management division to ensure independence. It processes front office deals, manages
counterparty limits and dealer limits. It is also responsible for RTGS management as well as
balancing suspense accounts.

iv) The bank does reconciliations resulting in monthly reports on anomalies in suspense accounts. All
entries to suspense accounts have a given life span, which if exceeded, will be highlighted. The
monthly exception report is discussed by Risk and heads of the respective business units.

v) The Processing Centre runs the cheque clearing system for the bank and is managed by the
Cheque Processing System which is a standalone system from Mysis and is also responsible for
debiting of client accounts. The bank also has a centralised Ledger Unit, which verifies signatures
electronically. The unit is responsible for tick-back of printouts and call-back on large cheques.
It is also responsible for unpaying cheques.

Liquidity Risk…

i) The bank has put in place a comprehensive treasury risk management policy, ALCO, investment,
market risk policy, and foreign risk policy.

ii) The liquidity policy is designed to ensure that the bank maintains a consistent flow of funds and
that all its obligations are met at reasonable cost. The policy covers sources of the bank’s liquidity,
liquid assets, borrowing capacity, liquidity maintenance plan, liquidity monitoring plan and
quantitative targets. However, the contingency plan does not have action plans in the event of a
crisis.

iii) The risk department reports to ALCO on the management of market and liquidity risk.

iv) The ALCO among other things ensures that:

• there is ongoing prudential management of the banks liquidity in accordance with the
policy on liquidity risk;
• the provision of standby funding facilities is kept within prudent levels; and
• assets and liabilities management.

v) The ALCO recommends to the board; policies, guidelines and procedures under which the bank
manages balance sheet growth, deposits, advances and investments, foreign exchange activities
and positions.

Liquidity risk measuring and monitoring

vi) The bank uses the following measurement tools to measure and monitor liquidity risk:
• maturity gap analysis;
• daily cash flow summary;
• daily cash-flow forecasting; and
• stress testing.

vii) In addition, to the abovementioned measurement tools the following quantitative targets are
adhered to:
• liquid assets to total assets ratio = 80% minimum

98
 • advances to deposit ratio = 20% maximum
• wholesale borrowings to liquid assets = 35% maximum
• overnight borrowings to total assets = 10% maximum

Contingency Liquidity plan

viii) The Head of Treasury ensures that a contingency plan for liquidity management is in place detailing
the course of action to be followed in the event of a run on deposits. However, the bank does not
have a contingency liquidity plan to be followed during a liquidity crisis.

Interest Rate Risk Management …

i) The Head of Risk is responsible for the management of interest rate risk and works closely with
the Head of Treasury to ensure that risk issues for the bank are addressed. The bank uses the
Mysis System for treasury operations. The MIS produces maturity gap analysis, interest rate
spreads, marked-to market portfolio, interest margin analysis, scenario analysis and stress testing
for ALCO and the Risk Management department.

Interest rate risk measurement and monitoring

ii) The following risk measurement methods are used:

• repricing gap analysis;
• interest rate spreads;
• marked-to-market portfolio position;
• interest margin analysis;
• scenario analysis and stress testing; and
• Value at Risk (VaR i.e. through the parametric method or variance covariance approach,
historical simulation and monte carlo method).

Foreign Exchange Risk Management …

i) The bank has put in place an adequate foreign currency risk management framework. The
framework ensures that funding requirements are adequately met at all times. The Treasury function
is divided into two units, namely local money market and foreign exchange desk.

ii) Foreign currency liquidity risk is managed in the same way as the local money market liquidity
risk. Reports such as the liquidity gap analysis and asset and liabilities schedules are produced.

iii) Imports and exports documentation are done according to the Exchange Control guidelines
issued from time to time.

Compliance and Regulatory Risk Management…

i) The Legal and Compliance Unit manages all the compliance related issues and handles matters
pending litigation and always liaise with external lawyers if need be.

ii) Each business unit has an individual responsible for monitoring compliance issues on a daily
basis. All personnel involved in compliance risk management must have acquainted themselves
with the Compliance Manual and other directives from the regulators as and when they come.

99
iii) Compliance risk is measured within the business units through the assigned persons, who are well
versed with the business unit’s operations and should be of appropriate seniority. They are
responsible for checking, recording, reviewing transactions, reporting findings, as well as escalating
any exceptions. Any tests carried out should be done timeously and test documents should contain
sufficient detail.

iv) Compliance issues are part of initial and routine on-the-job training for all bank employees.
External sources of training are engaged for specialised needs such as those to do with Money
Laundering and Exchange Control.

v) The Legal and Compliance Unit is responsible for signing off any new product developments
after the necessary authority is sought from the regulators. The main thrust being to ensure a
credible working relationship with the regulators and the other market players.

vi) The unit is the conduit between the organisation and the regulators which ensures that there is a
proper flow of accurate information between the two ends. The same information is cascaded
down to the respective departments. This ensures that compliance and regulatory risk is minimised.

Information Technology Systems…

i) The bank has two committees that manage information technology i.e. IT Steering Committee,
which oversees the definition, acquisition, implementation and maintenance of systems and
infrastructure and the Product Development Committee that takes part in the development of
banking products.

ii) The bank has put in place an Information Security Policy which ensures acceptable use of computer
resources and integrity of the bank’s information assets. In addition, there is a comprehensive
Disaster Recovery Plan. However, there is no formal IT risk management framework in place
and risk assessments are done on an ad-hoc basis.

iii) However, there has been an interface problem between the two systems Mysis (the core banking
system) and CompuBank (the reporting system) thereby affecting the accuracy of balance sheet
figures.

100
C.8 BRANCH NETWORK
Number of branches…

i) OBC Bank Limited has a network of fifteen (15) branches in the main business centers of Galaxia.

C.9 STAFF COMPLIMENT

i) As at 30 June 2006, the bank had a total of 300 employees, 100 being managerial and 200 non-
managerial employees. The table below compares the institutions staffing levels with its peers:

A Bank B Bank C Bank D Bank E Bank F Bank OBC

Managerial 150 140 75 215 128 67 100
Non Managerial 400 380 120 530 450 250 200
Total 550 520 195 745 578 317 300

ii) In terms of staffing levels, the bank is the sixth largest employer, whereas it is the fifth largest in
terms of asset base.

C.10 EXTERNAL AUDITORS AND LAWYERS

i) External Auditors Simeons Chartered Accountants
Blue House
Partner-in-Charge: Mr. R. Smith 20 Crescent
Annexa
Telephone: 9022222

ii) Lawyers/Attorney Richard & Lucy

Yellow House
45 Greenville Avenue
Annexa
Telephone: 953222

C.11 BOARD OF DIRECTORS

i) The composition of the board of directors complies with the Guideline No. 1-2004/ BSD:
Corporate Governance. The board has eight (8) directors constituted as follows:

Mr. L. Johnson - Independent Non-Executive Chairman

Mr. J. Lionel - Managing Director
Dr. Z. Buffalo - Chief Financial Officer
Mrs. A. Kudu - Independent Non-Executive
Mr. J. Hunter - Independent Non-Executive
Mr. A Fox - Independent Non-Executive
Mr. A. Benz - Executive Director
Mrs. B. Tiger - Independent Non-Executive

101
ii) The board is well diversified in terms of experience, qualifications and age as follows:

102
C.12 SENIOR MANAGEMENT

i) Managerial skills and competences are adequate to efficiently run banking operations and the
mix is as follows:

C.13 BOARD COMMITTEES

i) The bank has five board committees, that is, the Board Audit Committee, Board Credit
Committee, Loans Review Committee, Remuneration Committee, and the Board Risk
Management Committee.

Board Audit Committee…

i) All members of the committee are independent non-executive directors and are as follows:
B. Tiger (Chairman) - Independent Non Executive Director
A. Fox - Independent Non Executive Director
L. Kudu - Independent Non Executive Director

103
ii) The quorum is two members.

iii) The following officials attend meetings by invitation:

Managing Director - Mr. J. Lionel
Chief Financial Officer - Mr. Z. Buffalo
Head of IT - Mr. R. Rolex
Head of Retail Banking – Ms. J. Toyota
Head of Operations – Mrs. G. Merc
Compliance Officer - Mr. B. Vincent
Head of Internal Audit – Mrs. G. Delma
External auditors – R. Smith (Partner in Charge - Simeons Chartered Accountants)
Head of Risk - Mr. K. Benz
Head of Corporate Banking - Mr. S. Pelma.

Terms of Reference
The committee meets regularly with the company’s internal and external auditors and executive
management:
i) to review the adequacy of and compliance with the company’s accounting, auditing, internal and
external statutory reporting procedures;
ii) to review the internal control system of the bank;
iii) to make recommendations to the Board on the appointment of the external auditors, the audit
fees and any question of resignation or dismissal of the external auditor which may arise;
iv) to ascertain the independence of the external auditor and report to the Board thereon;
v) to discuss with the external auditor the nature and scope of the audit, co-ordination where more
than one auditor is engaged, any problems or reservations arising from the audit and any matters
which the external auditor wishes to discuss;
vi) to conduct a post-audit review which shall include a review of any correspondence from the
external auditor and to report to the Board thereon;
vii) to review the half-year and annual financial statements of the bank before submission to the
Board focusing particularly on:
• any changes in accounting policies and practices;
• major judgmental areas;
• significant adjustments arising from the audit; and
• the going concern assumption.

viii) to review any findings of internal investigations that it considers significant and to report thereon
to the board;
ix) to review the policies and procedures in effect for the appointment of Directors, Managers and
Consultants;
x) when the internal audit function exist, to report on whether that function is resourced adequately
and has appropriate standing within the Bank and to review its audit programme and reports; and
xi) to monitor compliance with the laws and regulations applicable to banking institutions and report
to the Board of Directors thereon.

104
Board Credit Committee…

i) Composition of the committee is as follows:

Mr. A. Fox (Chairperson) - Independent Non Executive Director
Mrs. B. Tiger - Independent Non-Executive Director
Mr. L. Johnson - Independent Non Executive Director
Mr. A. Benz - Executive Director

ii) The quorum shall be three members.

Terms of Reference

i) The board credit committee, chaired by a non-executive director, meets regularly to review the
bank’s loan book for compliance with the board’s lending policies and for the adequacy of
provisions for doubtful debts. The members are independent of the lending process as per
regulatory requirements.

ii) Ensures that the loan portfolio and lending functions conform to the bank’s lending policy which
was adopted and approved by the Board.

iii) Ensures that the Executive Management and the Board of Directors are adequately informed
regarding portfolio risk.

iv) Ensures that problem accounts are timeously identified and classified.

v) Ensures the adequacy of provisions for doubtful debts.

vi) Ensures that non-performing accounts are written off in a timely manner.

Remuneration Committee…

i) The Committee is appointed by the Board and comprises of at least two non-executive directors.
The Board shall appoint the Chairman of the Committee.

ii) The committee is currently constituted as follows:

Mr. J. Hunter - Chairperson, Independent Non-Executive Director
Mr. A. Fox - Independent Non-Exe. Director
Mr. J. Lionel - Managing Director

Terms of Reference

iii) This committee sets the remuneration of the senior management of the bank and approves guidelines
for the bank’s annual pay reviews. The quorum is two members.

iv) The Committee will review recruitment policy to ensure that the most appropriate people are
being recruited at all levels.

105
v) The Committee reviews the way in which people are enabled to develop the range of skills and
experience, which the company will need to achieve its strategic plan. The development process
should be such that the departure of key people at any level of the organisation can be coped
with.

Board Risk Management Committee…

i) The committee consists of the following members:

J. Hunter (Chairman) - Independent Non Executive Director
A. Fox - Independent Non Executive Director
Z. Kudu - Independent Non Executive Director

Terms of Reference

i) The committee reviews the Executive Management Committee’s (EXCO) reports detailing, the
adequacy and overall effectiveness of the company’s risk management function and its
implementation by management, and reports on internal control and any recommendations, and
confirm that appropriate action has been taken.

ii) The committee reviews the risk philosophy, strategy and policies recommended by EXCO and
consider reports by EXCO.

iii) The committee ensures compliance with policies, and with the overall risk profile of the company.
Risk in the widest sense includes market risk, credit risk, liquidity risk, operational risk and
compliance risk.

iv) The committee recommends corrective measures where existing and potential exposures are
identified in the above risk spheres.

v) The committee reviews the adequacy of insurance coverage.

vi) The committee monitors procedures to deal with and review the disclosure of information to
clients.

C.14 MANAGEMENT COMMITTEES

i) The bank has put in place the following committees: Management Credit Committee,
Executive Committee, Asset and Liabilities Committee.

Management Credit Committee…

Mr. Z. Buffalo (Chairperson) - Chief Financial Officer
Mr. J. Lionel - Managing Director
Mr. S. Pelma - Head of Corporate Banking
Mr. F. Ford - Head of Treasury
Mr. R. Snail - Company Secretary

106
Terms of Reference

i) Consider and approve deserving credit applications for amounts not exceeding an amount of
Peso900 billion.

ii) Ensure that its approvals in terms of authority herein delegated to it by the Board are documented
and take account of, and comply with, the various levels of credit quality, exposure limits and
credit risk management policies and procedures as may be determined by Board Credit Committee.

iii) Take such steps as are necessary to ensure the effective management of credit risk and individual
credit portfolios in accordance with policies and procedures determined by Board Credit
Committee, including:
• reviewing portfolio trends and provisioning;
• monitoring problem exposures;
• reviewing large exposures;
• ensuring appropriate pricing of credits, regard being had to the risk associated with the
credit granted ; and
• ensuring that all extensions of credit are done at an arms-length basis.

iv) Have overall accountability and authority for ensuring the effective management, in accordance
with applicable credit risk management policies and procedures, of any potential loss to the bank
as a result of counter-party default in lending transactions, whether in the form of loans and
advances, the advancement of securities and contracts to support customer obligations or any
potential loss as a result of trading activities.

v) Monitor compliance with the Central Bank’s regulations and other applicable laws regarding the
prudent management of credit exposures.

vi) Ensure compliance with such directives as the Board may give to ensure compliance with such
credit risk management policies and procedures as may, from time to time, be determined by the
Board Credit Committee.

vii) Generally ensure that, in respect of credit matters, there exists a climate of discipline and control
and that, as a result, the opportunity for bank losses, whether arising from fraud or any other act
or omission, are in strict conformance with the bank’s determined risk appetite.

Executive Management Committee (EXCO)…

i) The committee consists of the following members:

• Mr. J. Lionel (Chairperson);
• Mr. Z. Buffalo;
• Mrs. G. Merc;
• Mr. S. Pelma;
• Mr. R. Rolex;
• Mr. F. Lexus ; and
• Mr. K. Mazda.

107
Terms of Reference
i) Formulating strategies and policies of the company.

ii) Managing all the business and affairs of the company.

iii) Prioritizing the allocation of capital and technical and human resources of the Bank.

iv) Establishing the best management practices and functional standards.

v) Senior management appointments and monitoring the performance of senior management.

vi) Interfacing, on an on-going basis, with the regulators and shareholders on key policy decisions.

Asset and Liability Committee…

i) The committee consists of the following members:
• Mr. J. Lionel (Chairperson);
• Mr. Z. Buffalo;
• Mr. F. Ford;
• Mrs. J. Toyota; and
• Mr. A. Benz.

Terms of Reference
ii) The purpose of the Asset and Liability Committee is to recommend to the board, policies and
guidelines under which the bank will manage the matters regarding balance sheet growth, deposits
and investments, foreign exchange activities, market risk, liquidity risk and in so doing protect the
bank’s earnings, capital base and reputation.

C.15 OVERVIEW OF MANAGEMENT

i) Board and management oversight is considered weak in terms of the overall risk management
framework. Policies and procedures in key risk areas are inadequate. Internal control systems
are weak and do not provide the necessary checks and balances. Management information
systems are not reliable in the production of timely financial/regulatory reports.

C.16 TOP TEN BORROWERS AS AT 30 JUNE 2006

Counterparty Total Limit(Pesos) On-Bal Sheet Amt Maturity Nature Of
Date Exposure
Y Limited 300,000,000,000.00 500,780,221,100.00 Overdraft
Z Limited 189,830,966,514.40 189,830,966,514.40 Overdraft
Mercury Investments 150,004,145,497.20 150,004,145,497.20 Overdraft
Mrs. Benz 100,001,000,000.00 100,001,000,000.00 26.05.2006 BAs
V Limited 7,829,785,263.20 7,829,785,263.20 25.06.2007 BAs
U. Limited 7,084,664,817.20 7,084,664,817.20 Overdraft
T Limited 6,328,077,410.80 6,328,077,410.80 BA Loan
S. limited 4,833,263,305.20 4,833,263,305.20 BA Loan
R. Limited 4,830,544,418.40 4,830,544,418.40 Guarantees
Q. Limited 4,421,322,350.80 4,421,322,350.80 BA
Total 75,163,769,577.20 975,943,990,677.20

108
C.17 TOP TEN DEPOSITORS AS AT 30 JUNE 2006

Name of Client Amount Pesos Type of Deposit

P Limited 300,899,696,040.00 Time
O limited 270,344,877,616.00 Time
N Limited 210,516,058,256.00 Time
M Limited 200,128,851,012.00 Time
L limited 180,389,929,284.00 Time
K Limited 176,596,851,444.00 Time
G Limited 175,927,594,444.00 Time
H Limited 175,578,526,624.00 Time
J Limited 165,548,343,984.00 Time
Z Limited 155,149,789,192.00 Time
Total 2,011,080,517,896.00

i) Deposit concentration risk is moderate as evidenced by a 26.48% ratio of top ten deposits to
total deposits as at 30 June 2006.

C.18 INDUSTRY RANKINGS AS AT 30 JUNE 2006

Classification Amount Market Share Ranking

Total deposits Peso3.12 trillion 1.62% 15
Total loans Peso1.17 trillion 5.24% 6
Total assets Peso10.93 trillion 6.05% 5

D. EXAMINATION RESULTS, AUDIT FINDINGS AND

EXTERNAL CREDIT RATING
D.1 RESULTS OF PAST ON-SITE EXAMINATIONS

Exam Date Capital Asset Quality Management Earnings Liquidity Overall Rating
30/06/05 4 3 3 4 4 4

D.2 SIGNIFICANT FINDINGS OF THE PREVIOUS ON-SITE

EXAMINATION
i) The bank’s overall condition was rated “4” i.e. weak as at 30 June 2005.

ii) OBC was inadequately capitalised with Tier 1 and Capital Adequacy ratios of 5.7% and 3.8%,
respectively. The capital was mainly depleted by losses and there is a threat from asset quality as
adversely classified loans constituted 30.51% of the total loan book as at 30 June 2005.

iii) Risk management was considered weak on the basis of inadequate board and senior management
oversight, an ineffective Risk Management Division and inappropriate policies and procedure
manuals.

109
iv) Internal controls were rated weak. It was noted that the bank had internal control weaknesses in
Treasury and branches as follows:
• some junior dealers were dealing without approved dealer limits;
• stop payments were not being done as per laid down procedures;
• branches did not have business continuity plans;
• there was no power back up in some of the branches;
• cash vaults/ strong rooms had no fire detectors;
• inadequate security at branch premises due to absence of surveillance cameras; and
• absence of money laundering guidelines.

v) Liquidity position was weak with a declining deposit base and sound liquidity risk management
practices.

D.3 EXTERNAL AUDIT AND INTERNAL AUDIT FINDINGS

External Audit Findings…
i) The fieldwork for external audits carried out by Simeons Chartered Accountants for the year
ending 31 December 2005 was completed and a meeting with the bank’s Audit Committee was
also conducted to discuss the audit findings. The major findings by the external auditors are:
• OBC Bank has been making losses over the past three years.
• The institution faces some threat from the following risks:
o credit risk as reflected by increase in the ratio of non-performing loans to total loans,
lack of independence between credit sanctioning and loans review;
o liquidity risk as evidenced by wide mismatch in assets and liabilities in the 0-30 days
time band;
o operational risk in the form of access and processing weaknesses; and
o compliance risk with respect to tax requirements.
• The institution takes too long to respond to external audit reports.
• There is a significant concentration risk on the loan book to the manufacturing sector.
• The bank has an exposure to Y. Limited through five loans advanced to its subsidiaries.
• There is a significant deposit concentration on the top twenty depositors, the majority of
whom are wholesale clients.
• There is a difference in interpretation of loan loss provisions between the Banking
Regulations and the Accounting Standards.
• The auditors highlighted that the bank’s financial condition was deteriorating.

Internal Audit Findings…

i) Key Findings for the Quarter ended 31 March 2006

a) Credit: Some personal accounts were being opened without adequate information, and
loan draw-downs were being effected before perfection of security.
b) Physical Security: Some branches had no surveillance monitoring systems.
c) Reconciliations: Branch and ATM cash holdings were not balancing with the General
Ledger balances.
a) Legal and Corporate Governance Unit: There was no formal induction program for
new directors.
b) Procurement and Stores
• Records were not being maintained for assets received, leases and service
agreements.
• There was no policy on disposal of obsolete assets.

110
D.4 EXTERNAL CREDIT RATING

i) The rating was done in 31 December 2005 by Planet Credit Rating Agency and the bank obtained
the following ratings:
• Short term rating: CCC-
• Long term rating: CC-

ii) The ratings were based on the following:

• inadequate capitalisation and a continued decline in profits; and
• persistent liquidity challenges.

E. OFF-SITE ANALYSIS AS AT 30 JUNE 2006

i) The overall CAMELS rating of OBC Limited as at 30 June 2006 was “5” i.e. critical, a
downgrade from “4” i.e. weak rating in the previous quarter on account of reasons discussed
below.

ii) Capital adequacy of the bank was rated “5” i.e. critical. The bank is critically undercapitalised
with capital adequacy and tier 1 ratios of 3.20% and 2.08% respectively. The bank’s net capital
of Peso 297.17 billion is below the minimum capital requirement of Peso500 billion. The plan to
recapitalise through retained earnings is not feasible since the institution has been making losses
for the past three years.

iii) Asset quality was rated “4” i.e. weak. The bank’s asset quality has been continuously deteriorating
as evidenced by the rise in the level of adversely classified loans to total loans ratio from 30.51%
as at 30 June 2005 to 41.8% as at 30 June 2006. The high level of non-performing loans is
mainly attributed to five connected non-performing and unsecured exposures of Peso500.78
billion. In the event of default, the bank’s capital of Peso 297.17 billion is likely to be completely
wiped out. The bank’s loan book is highly concentrated in the manufacturing sector which
constitutes 40.23% of the total loan book. Adverse developments in that sector will negatively
affect the quality of these loans.

iv) Management was rated “5” i.e. critical. Board and senior management oversight over critical
challenges being faced by the bank is considered inadequate. Management has failed to address
liquidity and profitability challenges since 2003 when the bank almost collapsed as a result of a
huge exposure to the now defunct Nexus Investment Company.

v) Earnings were rated “5” i.e. critical. The bank’s earnings position reflects inadequate capacity
to fund present and future operations. The bank reported a net loss of Peso160.38 billion for the
six months to June 2006. The bank’s income is skewed towards interest income on money
market investments, a position which is not sustainable and is subject to market volatility.

vi) Liquidity and Funds Management was rated “4” i.e. weak. There are huge negative funding
gaps in the 0-30 day time band amounting to Peso1.64 trillion as at 30 June 2006, which are
impacting negatively on the short term liquidity position. The bank continues to rely on costly
inter-bank and lender of last resort facilities.

111
vii) Sensitivity to market risk was rated ‘4’ i.e. weak. The bank’s assets are mainly funded by
short term interest rate sensitive liabilities thus exposing the bank to interest rate risk given the
prevailing trend of rising interest rates. An increase in interest rates will have a negative impact on
the interest income and economic value of equity.

E.1 SUPERVISORY CONCERNS

i) The bank should rationalise the shareholding of Venus Shipping Company and Mercury Industrial
Company which are above the limit of 10% for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.

ii) The bank should immediately raise additional capital to ensure that its capital adequacy ratio
complies with the minimum capital adequacy ratio of 10%.

iii) The five connected loans, which currently constitute 168.52% of capital base should be regularized
to a limit of 75% as per the provisions of the Banking Regulations, Statutory Instrument 10/1999.

iv) Management should devise strategies to steer the bank out of the current loss making position.

F. NON-COMPLIANCE WITH REGULATORY AND

SUPERVISORY REQUIREMENTS
i) The bank is not compliant with banking rules, regulations and directives issued by the Central
Bank in the following cases:
• The shareholding structure is irregular as two non-financial institutional shareholders Venus
Shipping Company and Mercury Industrial Company have shareholdings of 17.12% and
15.25% respectively, which are above the 10% limit for non-financial institutions as
stipulated under Section 1 (7) of the Galaxia Banking Regulations.
• The bank is not in compliance with the prudential minimum capital requirement of 10% as
its capital adequacy ratio was 3.20% as at 30 June 2006.The exposure to five connected
loans, which constitutes 168.52% of the bank’s capital, is in excess of the 75% prudential
lending limit as prescribed by the Banking Regulations S.I. 10 of 1999.
• The composition of the Loans Review Committee is in violation of Section 5 (2) of the
Galaxia Banking Regulations. An executive director Mr. A. Benz is a member of both the
Board Credit Committee and the Loans Review Committee.
• The bank has been executing foreign exchange transactions without Central Bank approval.
For example, the bank invested Euro 2 million on 26 April 2006 on behalf of Leopard
Travel Company, without exchange control approval.

112
G. ENVIRONMENTAL CONSIDERATIONS
i) The institution’s operations may be adversely affected by the increasing inflation and interest
rates. A combination of rising inflation and interest rate levels is likely to reduce loans and
advances as corporate institutions may reduce their borrowing requirements. Default risk is
likely to increase as borrowers who are under siege from unfavourable economic environment
find it challenging to meet their loan repayment obligations. Consequently, the levels of provisions
for doubtful debts may be revised upwards which will eat in the institution’s bottom line.

H. FINANCIAL STABILITY AND STRESS TESTING

ASSESSMENT
H.1 STRESS TESTING RESULTS AS AT 30 JUNE 2006

Assumptions…
i) The model assumes that each variable will change while holding the other parameters
constant i.e. when interest rates change, exchange rates are held constant.
ii) Wholesale deposits will reprice faster than assets.
iii) Loans and other assets will be repaid in terms of their contractual agreements.
iv) Balance sheet structure will remain unchanged.
v) The table below shows the impact of interest rate changes on the bank’s capital and net
income at various levels of shocks as per the Central Bank model using the above
assumptions.

Interest Income at Economic Value of

Risk Equity at Risk
Interest income Capital Capital at risk Capital
Rate Shock at risk adequacy at risk adequacy
(%) (Peso bn) (%) (Peso bn) (%)
100 (631.04) (2.00) (635.81) (2.04)
50 (299.01) 0.73 (317.90) 0.58
20 (119.60) 2.21 (127.16) 2.15
-20 119.60 4.19 127.16 4.25
-50 299.01 5.67 317.90 5.82
-100 631.04 8.37 635.81 8.44

vi) Given that assets were mainly funded by short-term wholesale deposits and inter-bank borrowings,
a worst case scenario of 100% increase in interest rates would reduce the bank’s net income and
capital by Peso631.04 billion and Peso635.81billion respectively.

H.2 FINANCIAL STABILITY CONSIDERATIONS

i) Given the bank’s previous financial performance and liquidity challenges, probabilities of failure
still exist. However, in the event of failure, the impact due to contagion effect may not be severe
given that the bank’s total deposits as at 30 June 2006, accounted for only 1.62% of the banking
sector’s total deposits and the bank is ranked fifteenth and fifth respectively in terms of total
deposits and total asset base.

113
H.3 FUTURE PROSPECTS

i) The performance of the bank is set to deteriorate further given that stress tests results indicate
that the bank will be critically undercapitalised in the event of an increase in interest rate risk
which is the major risk in the bank.

I. ATTACHMENTS
Appendix (a) Key Ratios

Appendix (b) Comparative Balance Sheet

Appendix (c) Comparative Income Statement

Appendix (d) Functional Structure

114
APPENDIX (A) - KEY RATIOS

115
APPENDIX (B)COMPARATIVE BALANCE SHEETS

116
APPENDIX (C) COMPARATIVE INCOME STATEMENTS

117
APPENDIX (D) FUNCTIONAL STRUCTURE

118
APPENDIX 3 – RISK MATRIX

119
120
APPENDIX 4 – RISK ASSESSMENT NARRATIVE

121
OMEGA BANKING CORPORATION
RISK ASSESSMENT NARRATIVE

Overall Risk Rating : High Date of Update: 30.06.2006

Direction : Increasing

i) OBC’s overall composite risk is high and risk direction is increasing.

ii) The level of overall inherent risk is rated high and the quality of overall risk management systems
is considered weak.

iii) The overall composite strategic, credit, liquidity, interest rate and operational risks are considered
high.

iv) Legal and compliance and reputation risks are rated moderate, with low risk being noted for
foreign exchange risk.

Credit Risk Rating : High Date of Update: 30.06.2006

Direction : Increasing

i) The overall composite credit risk is high and the direction is increasing.

v) The bank had a high level of adversely classified loans amounting to Peso734.78 billion, and
constituting 41.8% of its total loan book as at 30 June 2006.

vi) The non-performing and unsecured five connected loans of Peso500.78 billion constitute 168.52%
of capital as at 30 June 2006 which is above the prudential lending limit of 75% and has the
potential of wiping out the bank’s capital. In addition there is no firm repayment plan for these
loans.

vii) There was under-provisioning for adversely classified loans.

viii) A number of related party loans were written off without the approval of the Board Credit
Committee. Loans to Venus Shipping Company amounting to Peso100 billion were written off in
December 2005 without board approval.

ix) The quality of credit risk management systems is weak.

x) Decision making on the approval of some related party loans is centralised on one individual, the
Head of corporate banking. This is against the bank’s credit policy which stipulates that any
loans to related parties should be sanctioned by the Board Credit Committee. For example,
facilities to Mrs. Benz and Mercury Investment Company amounting to Peso250 billion were
sanctioned by the Head of Retail Banking.

xi) There is no evidence that security was obtained and perfected as required by the respective
facility letters in the case of Lolita Industries, Pluto Coal Merchants, Casio (Private) Limited,
Sharp Farming (Private) Limited and Kudu Trucking Services.

122
 Liquidity Risk Rating : High Date of Update: 30.06. 2006
Direction : Increasing

i) Liquidity risk is high and the direction is increasing.

ii) The bank has been relying on expensive borrowings from the lender of last resort and inter-bank
market to cover its positions. For the month of June 2006, the bank borrowed a total of Peso3.56
trillion from the Central Bank and Peso1.16 trillion from the inter-bank market.

iii) The bank had cumulative negative funding gaps as at 30 June 2006 of Peso1.64 trillion, Peso565.53
billion and Peso215.16 billion in the 0-30 day, 0-90 day and 0-365 day time bands respectively.

iv) The bank’s funding structure is skewed towards volatile and market sensitive wholesale deposits
which accounted for 66.96% of total deposits as at 30 June 2006. This is in contrast with the
core funding structure of commercial banks which relies largely on cheaper retail deposits.

v) The bank’s liquidity challenges have been worsened by funding non-performing loans of
Peso734.78 billion as at 30 June 2006.

vi) The quality of liquidity risk management is rated weak.

vii) Liquidity Management Committee meetings were not being held weekly as stipulated in the terms
of reference. The last meeting was held on 3 February 2006.

viii) The bank does not have a Contingency Liquidity Plan.

ix) Deliberations during ALCO meetings are mainly centred on the short-term trading strategies
rather than on long-term strategies for addressing persistent liquidity challenges.

x) There is no management information system to produce liquidity gap reports. The examination
noted some casting errors in weekly liquidity gap reports prepared since 10 March 2006 which
resulted in the size of the overall liquidity gap being underestimated.

xi) The bank does not make use of internal benchmarks to monitor liquidity risk such as liquidity
cumulative limits, loans to deposits limits, and deposit concentration limits.

xii) The bank is not conducting stress testing on liquidity positions to assess its vulnerability to liquidity
risk.

Interest Rate Risk Rating : High Date of Update: 30.06.2006

Direction : Increasing

i) The bank’s interest rate risk is high and the risk direction is increasing.

ii) The bank had a net liability interest rate sensitive book of Peso1.35 trillion (18.11% of total
assets) over three months and of Peso267.60 billion (3.58% of total assets) over 12 months as
at 30 June 2006. Given the general increase in interest rates there is a high probability that the
bank’s earnings will be eroded if interest rates rise.

123
iii) The quality of interest rate risk management systems is weak.

iv) The quality of deliberations at board and ALCO meetings is weak as there is minimal coverage of
interest rate risk issues. There are no strategies in place to manage the bank’s exposure to
interest rate risk.

v) The market risk management policy does not explicitly cover all sources of interest rate risk viz
yield curve risk, basis risk, re-pricing risk and option risk.

vi) The bank’s market risk policy does not have stop loss limits on earnings and economic value of
equity at risk. The absence of limits on earnings and capital at risk therefore implies that interest
rate risk is not being effectively measured, monitored and controlled.

vii) There is no analysis being carried out to show the impact of changes in interest rates on net
interest income and economic value of equity.

viii) The bank does not conduct stress testing analyses to assess the bank’s vulnerability to interest
rate risk.

Foreign Exchange Risk Rating : Low Date of Update: 30.06. 2006

Direction : Stable

i) Foreign exchange rate risk is low and the direction stable.

ii) The level of inherent foreign exchange risk is low due to the low level of foreign exchange
transactions.

iii) The quality of foreign exchange rate risk management systems is acceptable.

iv) The policies and procedures are considered inadequate as they do not specify the tools and
techniques to be used in managing foreign exchange rate risk.

Reputation Risk Rating : Moderate Date of Update: 30.06.2006

Direction : Stable

i) Reputation risk is moderate and the risk direction is stable.

ii) The bank’s reputation was negatively affected by the exposure to the collapsed Nexus Investment
Company in 2003 which currently makes deposit mobilisation difficult as investors are still
concerned about the security of their funds if placed with the bank.

iii) The bank’s market share in terms of total deposits has not significantly improved since 2003.
This is indicative of the continuing negative perception of the institution.

iv) The quality of reputation risk management systems is weak.

v) The bank has not devised meaningful strategies to improve its market and public perception.

124
vi) The bank does not have a corporate communication policy which covers procedures for internal
and external communication.

Strategic Risk Rating : High Date of Update: 30.06.2006

Direction : Increasing

i) Strategic risk is high and the direction of the risk is increasing.

ii) The bank has been operating on a draft corporate strategic plan since inception. The plan does
not have clearly defined objectives, how these will be attained and their specific time frames.

iii) The bank’s performance remains subdued with a cumulative loss of Peso338.89 billion for the
six months to 30 June 2006 and a capital adequacy ratio of 3.20% as at 30 June 2006, well
below the prudential minimum capital adequacy ratio of 10%.

iv) The exposure to the now defunct Nexus Investment Company affected the perception of the
institution in the market and hence its difficulties in raising enough cheap deposits to address
liquidity challenges.

v) The quality of strategic risk management systems is weak.

vi) The board and senior management have failed to come up with appropriate long term strategies
to address the bank’s liquidity and profitability challenges.

vii) Management has failed to reposition the bank after its near collapse in 2003 as evident in the
persistent liquidity and profitability challenges.

Operational Risk Rating : High Date of Update: 30.06.2006

Direction : Increasing

i) Operational risk is high and the direction of the risk is increasing.

ii) The bank is exposed to operational risk as a result of the following internal control weaknesses:

iii) There is no documentary evidence that hardware maintenance is carried out in line with vendor
requirements increasing the possibility of lapses in the maintenance cycle. This increases the risk
of equipment failure.

iv) The bank does not have a disaster recovery site that serves as a back-up of electronic data.

v) There is a high staff turnover in the Centralised Operations, with a total of 26 resignations during
2005. Staff exodus disrupts business continuity.

vi) Some dormant accounts were being held for more than a year in breach of the bank’s policy
which requires such accounts to be closed after a year.

vii) Branch overnight cash holding limits were being constantly exceeded. This was prevalent at five
branches in Luxia and three branches in Annexa. This exposes the bank to financial loss in the
event of theft as the excess cash is uninsured.

125
viii) The core banking system, Mysis, cannot process high value transactions or maintain balances
above Peso100 billion. This renders the monitoring of system limits ineffective.

ix) The quality of operational risk management systems is weak.

x) The procedure manuals for centralised operations and compliance risk management are yet to be
adopted and approved by the board.

xi) There are system interface challenges between the reporting system, CompuBank, and the core
banking system Mysis. The balances reported by the two systems are different and have to be
reconciled manually thereby increasing the risk of human errors.

xii) The bank does not have a telephone recording system in the Treasury department. The bank may
find it difficult to settle disputes arising from telephonically confirmed deals.

xiii) There is no asset and liability management system and reports pertaining to liquidity and interest
rate risk management are being produced manually. This exposes the bank to human error.

xiv) Most of the business units are not submitting operational risk management returns, such as Key
Control Standards and Key Risk Indicators to the risk department.

Legal & Compliance Risk Rating : Moderate Date of Update: 30.06.2006

Direction : Stable

i) Legal and Compliance risk is moderate and direction is stable.

ii) The shareholding structure is irregular as two non-financial institutional shareholders Venus Shipping
Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.

iii) The bank is not in compliance with the prudential minimum capital adequacy ratio of 10% as its
ratio was 3.20% as at 30 June 2006.The exposure to five connected loans, which constitutes
168.52% of the bank’s capital, is in excess of the 75% prudential lending limit as prescribed by
the Banking Regulations S.I. 10 of 1999.

iv) The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director Mr. A. Benz is a member of both the Board Credit
Committee and the Loans Review Committee.

v) The bank has been executing foreign exchange transactions without Central Bank approval. For
example, the bank invested Euro 2 million on 26 April 2006 on behalf of Leopard Travel Company,
without exchange control approval.

vi) The quality of legal and compliance risk management systems is weak.

vii) The institution does not have a formal compliance risk management framework. There are no
documents that enable the institution to assess compliance risk.

viii) Weekly compliance reviews were last conducted on 20 December 2005, and no monthly and
quarterly reviews have been done since the beginning of 2006. This heightens the bank’s exposure
to compliance risk.

126
APPENDIX 5 – SUPERVISORY PLAN

127
 STRICTLY CONFIDENTIAL

OMEGA BANKING CORPORATION LIMITED

SUPERVISORY PLAN

30 JUNE 2006

Prepared by ……………….. Date …............………..

Reviewed by……………….. Date ……….............…..

Approved by……………….. Date…...............………..

128
Banking Institution Omega Banking Corporation Limited
Reporting Date 30 June 2006

A. Supervisory Concerns

1. Treasury Activities

1.1. Inherent risks in treasury activities namely interest rate, reputation, strategic and liquidity risks are
considered moderate while operational risk is considered high.

1.2. The need to review adequacy of risk management systems and internal controls to mitigate the
above risks is of utmost importance.

1.3. The bank is failing to raise liquidity to fund its negative gaps due to negative perception.

1.4. Due to its inability to raise funds from the interbank market, the bank has been funding its gaps
through high cost overnight accommodation from the Central Bank.

1.5. An adverse macro-economic environment which is characterised by volatile and increasing interest
rates has also heightened the bank’s exposure to interest rate risk.

1.6. Internal control weaknesses were noted in the processing of foreign payments.

2. Branch Operations

2.1. Operational risk in the branches is considered high and is expected to increase in the next twelve
months.

2.2. The following weaknesses were noted by the Internal Audit Department:
a) Frontline staff members were authorising their transactions in Mysis without the involvement
of a supervisor or manager.
b) The asset register was not being reconciled with computer records.
c) Not all revenue due to the bank was being recovered from the bank’s products and
services, which attract charges.
d) Cheque-books and cheque guarantee cards were not being retrieved from customers
when closing accounts. Some of these customers continued using these cheque-books
thereby exposing the bank to risk.

3. Centralized Operations

3.1. Operational risk is considered high in Centralized Operations. The bank experienced a number
of attempted frauds in this area.

3.2. The number of suspense accounts in place is considered high for the size of operations and
reconciliations for these accounts are done manually thereby increasing the risk of human errors.

3.3. Other issues of supervisory concern noted by both Internal and External Auditors include failure
to produce audit trail and exception reports after amendments, inadequacy of the Disaster
Recovery site and absence of documented business continuity processes.

129
4. Information Technology (I.T)

4.1. Operational risk in I.T is considered high.

4.2. The bank continued to experience problems in producing reliable and accurate computer generated
financial information from its IT systems.

4.3. Access controls to the IT system are weak, as was highlighted by Internal Audit.

4.4. The bank still faces problems in the interface between Mysis and CompuBank with respect to
balance sheet accounts e.g. CompuBank fails to update changes in account status from debit to
credit.

5. Legal and Compliance

5.1. Legal and Compliance risk is considered high.

5.2. The shareholding structure is irregular as two non-financial institutional shareholders Venus Shipping
Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.

5.3. The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director Mr. A. Benz is a member of both the Board Credit
Committee and the Loans Review Committee.

B. Supervisory Strategies and Activities to be Conducted

Off-Site Surveillance

Comments: OBC bank is subject to continuous off-site surveillance through quarterly CAMELS
assessment and evaluation of stress test results. In addition, interactions with the management and
auditors to gather information and obtain a better understanding of OBC Bank was undertaken:

No. Activity Objective/Scope of Examination Period Remarks

1. Meeting with To obtain an overview of OBC Bank’s Quarterly Last meeting
management financial condition and future prospects 23/06/06
as well as to discuss the results of the
quarterly off-site analysis.
2. Meeting with To discuss the results of quarterly Quarterly Last meeting
Internal Auditors off-site analysis and other issues of 26/06/06
concern to the internal auditors.
3. Meeting with To discuss the results of quarterly Quarterly Last meeting
External Auditors off-site analysis and any other issues 30/06/06
of external auditors’ and regulatory
concern.
4. Quarterly off-site To carry out an evaluation of the bank Quarterly Last meeting
analysis in terms of the CAMELS assessment 30/06/06
and stress testing.

130
B. Supervisory Strategies and Activities to be Conducted...
On-Site Examination

Comments: To enable the supervisory concerns to be adequately addressed, full and limited
scope on-site examinations should be performed across functional lines with moderate to high composite
risks. All issues of supervisory concern discussed under Section A above will be targeted. The proposed
on-site examination program for OBC Bank Limited is as follows:

No. Activity Objective/Scope of Examination Remarks

1. Treasury Activities Full scope: Last examined
· To focus on interest rate, foreign exchange 30/06/05 (full scope)
and liquidity risk as well as risk management
systems and internal controls.
· There is a need to ascertain strategies for
managing reputation risk.
· To follow up on internal and external audit
findings.

2. Branch Operations Full scope: Last examined

· To focus on operational risk management 30/06/05
systems and internal controls in branches.
· To follow up on internal audit findings.

3. Centralized Full scope: Last examined

Operations · To focus on internal controls and risk 30/06/05
management systems over activities in
centralized operations.
· To follow up on internal audit
recommendations.

4. Information Full scope: Last examined

Technology · To focus on risk management systems in place 30/06/05
for Information Technology as well as the
operational adequacy of the various systems
in use.
· Integration between the Mysis and CompuBank
systems.
· To follow up on audit recommendations.

5. Legal, compliance Limited scope: Last examined

and corporate · To check compliance with laws and regulations. 30/06/05
governance issues

131
APPENDIX 6 – EXAMINATION SCOPE MEMORANDUM

132
 STRICTLY CONFIDENTIAL

OBC BANK LIMITED

EXAMINATION SCOPE MEMORANDUM

30 JUNE 2006

Prepared by ……………….. Date …............………..

Reviewed by……………….. Date ……….............…..

Approved by……………….. Date…...............………..

133
EXAMINATION SCOPE MEMORANDUM
1 RATINGS

1.1 CAMELS Ratings

On-site as at Off-site as
30 June 2005 30 June 2006
Capital 4 5
Asset Quality 3 4
Management 3 5
Earnings & Provisions 4 5
Liquidity & Funds Management 4 4
Sensitivity to Market Risk - 4
Overall 4 5

1.2 Planet Credit Rating Agency rating: CCC- Short term rating
CC- Long term rating

2 REASONS FOR EXAMINATION

2.1 The examination will focus on functional areas which were rated moderate to high composite
risks, following pre-examination prudential meetings held with management of the institution.

2.2 Follow ups on issues highlighted by internal and external auditors, such as IT challenges, liquidity
challenges and operational risk in branches.

3 SUMMARY OF OBC BANK LIMITED RISK PROFILE

134
4 OBJECTIVES
4.1 The objectives of this examination is to focus on risk areas rated moderate and high as indicated
in the above risk matrix. The examination will aim to evaluate the risk management and internal
control systems in the following functions:
a) treasury operations with emphasis on liquidity risk, interest rate risk and operational risk
in the foreign exchange transactions;
b) corporate banking with focus on credit risk emanating from five connected non-performing
loans;
c) emphasis will also be placed on strategic risk in the overall operations of the bank;
d) information technology;
e) centralised operations; and
f) branch operations.

5 SUMMARY OF PRE-EXAMINATION MEETINGS

Meeting with Management…
5.1 A pre-examination meeting was held with senior management on 23 June 2006 to discuss key
risks facing the bank and risk mitigants in place. The following were the highlights of the meeting:
a) The current loan book is in excess of Peso1.75 trillion of which 40.23% comprise of
loans to the manufacturing sector. The bank’s asset quality has been continuously
deteriorating as shown by the rise in the adversely classified loans to total loans ratio from
30.15% as at 30 June 2005 to 41.8% as at 30 June 2006.
b) There are concerns over the liquidity challenges facing the bank since 2003 when it almost
collapsed as a result of a huge exposure to the now defunct Nexus Investment Company.

Meeting with External Auditors…

A meeting with the bank’s External Auditors (Simeons Chartered Accountants) was held on 30
June 2006 and the following issues were highlighted:
a) OBC Bank has been making losses over the past three years.
b) The institution faces some threat from the following risks:
i. credit risk as reflected by increase in the ratio of non-performing loans to total loans,
lack of independence between credit sanctioning and loans review;
ii. liquidity risk as evidenced by wide mismatch in assets and liabilities in the 0-30 days
time band;
iii. operational risk in the form of access and processing weaknesses; and
iv. compliance risk with respect to tax requirements.
c) There is a significant concentration risk on the loan book to the manufacturing sector.
d) The bank has an exposure to Y. Limited through five loans advanced to its subsidiaries.
e) There is a significant deposit concentration on the top twenty depositors, the majority of
whom are wholesale clients.
f) There is a difference in interpretation of loan loss provisions between the Banking
Regulations and the Accounting Standards.

135
6 EXAMINATION SCOPE AND FOCUS
The examination will focus on the following key functional activities:

6.1 Treasury Activities

The examination will focus on liquidity risk, interest rate risk, foreign exchange risk and operational
risk and the adequacy of the risk management systems and internal controls to mitigate these
risks.

Liquidity Risk…
a) Liquidity risk is considered high and increasing. The examination will focus on liquidity risk
management and internal controls in the Treasury Department, as well as strategies in place to
address the liquidity challenges.
b) The review will focus on:
i. the adequacy of board and senior management oversight on liquidity issues;
ii. policies and strategies for managing liquidity risk in respect to their adequacy in identifying,
measuring, monitoring and control of the risk;
iii. risk management tools and techniques (including benchmarks) to identify, measure , monitor
and control liquidity risk;
iv. the stability and diversification of deposits including the volume, composition, growth trends;
v. stress-testing done by the bank and reasonableness of assumptions underlying the stress
tests; and
vi. contingency liquidity plan and the reasonableness of the assumptions underlying the
contingent liquidity plan.

Interest Rate Risk…

a) Interest rate risk is considered high in the Local Money Market section.
b) The examination will focus on:
i. the adequacy of board and senior management oversight on interest rate risk management
issues;
ii. the adequacy of policies and procedures for managing interest rate risk;
iii. risk management tools and techniques used to manage interest rate risk;
iv. the adequacy of the various benchmarks and limits used to manage interest rate risk;
v. the adequacy of the bank’s funding strategy and its ability to withstand changes in interest
rates caused by external factors;
vi. repricing mismatches of rate sensitive assets and liabilities over the short and long-term
horizon; and
vii. stress test models for interest rate risk used by the bank and the reasonableness of underlying
assumptions of the models.

Operational Risk…
a) The operational risk was considered high.
b) The review will focus on the volume, type and complexity of transactions, products and services
offered by both local money market and foreign exchange desks.
c) Internal controls in back and front offices.
d) Adequacy of policies and procedures in mitigating operational risk.

136
6.2 Branch Operations
a) The examination will focus on risk management and internal control structures and processes to
determine the level of operational risk emanating from branch operations.

6.3 Centralized Operations

a) The examination will focus on risk management and internal controls in the Centralised Operations.
Particular attention will be paid to:
• reconciliations of suspense accounts;
• disaster recovery and business continuity processes; and
• adequacy of the bank’s strategy with respect to payment of Service Level Agreement fees
and upgrading of the systems in the unit to ensure maximum benefit and continued support
from the providers.
b) Internal and external auditors noted that the division’s most challenges are system related and
consequently the responsiveness of management to audit findings will also be examined.

6.4 Information Technology

a) Operational risk in Information Technology (IT) function is considered high. This is further
accentuated by weak internal controls noted in the IT function. The examination will seek to
determine the adequacy and relevancy of the existing IT strategy vis-à-vis current technologies
and capacities.
b) There are challenges in the interface between the Mysis and CompuBank in respect of the balance
sheet figures as well as the in the extraction of information using MIS.
c) There is need to look at the results of the data integrity checks and to verify remedies, if any.
d) Further, the examination should also review self risk assessments to determine regularity as well
as the bank’s response to issues emanating from self assessments.
e) The effectiveness of IT internal audit function and management’s responsiveness to audit
recommendations.
f) In addition, the review will focus on the compatibility of different systems used across the bank,
extent of integration and systems stability.
g) Review of back-up and continuity plan, including test of recovery sites, disaster continuity program
tests and anti-virus checks.

6.5 Legal, Compliance and Reputation issues

a) The shareholding structure is irregular as two non-financial institutional shareholders Venus Shipping
Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.
b) Compliance with the prudential minimum capital adequacy ratio of 10%.
c) The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director Mr. A. Benz is a member of both the Board Credit
Committee and the Loans Review Committee.

137
EXAMINATION RESOURCE NEEDS

138
APPENDIX 7 – EXAMINATION REPORT FORMAT

139
 ON-SITE ANALYSIS REPORT FORMAT
[Face cover]

SECTION A: EXECUTIVE SUMMARY ....................................................

1. Institutional Overview ..................................................................................
2. Objectives & Scope of Examination .............................................................
3. Overall Rating ..............................................................................................
4. Risk Rating ..................................................................................................
5. CAMELS Rating ..........................................................................................
6. Matters Requiring Attention ...........................................................................
SECTION B: CORE ASSESSMENT ..........................................................
7. Risk Management Review ............................................................................
8. Management ................................................................................................
9. Capital Adequacy ........................................................................................
10. Asset Quality ..............................................................................................
11. Earnings ......................................................................................................
12. Liquidity & Funds Management ..................................................................
13. Sensitivity to Market Risk ...........................................................................
SECTION C: SUPPLEMENTARY SECTION ............................................
APPENDIX (i) – SUMMARY OF KEY RATIOS ........................................
APPENDIX (ii) - COMPARATIVE BALANCE SHEET ............................
APPENDIX (iii) COMPARATIVE INCOME STATEMENT .....................
SECTION D: SIGNATURES OF DIRECTORS .........................................

140
APPENDIX 8 – OMEGA BANKING CORPORATION
REPORT OF EXAMINATION

141
 BANK SUPERVISION

THIS REPORT OF EXAMINATION IS STRICTLY CONFIDENTIAL

This report is a final report of examination. The information contained in this preliminary report is
based on the books and records of the examined bank, statements made to the examiners by
management, officers, and employees of the bank, and information obtained from other sources
believed to be reliable.

In making this review, it should be remembered that while an examination includes some audit tests
and procedures, it is not the same as an audit, and this report is not an audit report. Signing this
report does not necessarily mean agreeing with the findings therein but that one has read and is
aware of the findings.

This report is the property of the Central Bank of Galaxia and is furnished to the examined bank for its
confidential use. Under no circumstances shall the bank or any of its directors, or employees disclose
or make public in any manner the report or any portion thereof. If a subpoena or other legal process
is received calling for production of this report, the Senior Division Chief, Bank Supervision of the
Central Bank of Galaxia must be notified immediately, and the person(s) who requested a copy of this
report should be advised to contact the Senior Division Chief.

OMEGA BANKING CORPORATION LIMITED

Name of Examined Institution

Exam Start Date Exam End Date

3 July 2006 11 July 2006

………………………… Date: ................................

Mrs. Z. Matterazi
Senior Bank Examiner

………………………… Date: ................................

Mr. I. King
Chief Bank Examiner

………………………… Date: ................................

Mr. T. Owen
Senior Division Chief
Bank Supervision

142
TABLE OF CONTENTS

SECTION A: EXECUTIVE SUMMARY ............................................................... 144

1. INSTITUTIONAL OVERVIEW ....................................................................... 144
2. OBJECTIVES & SCOPE OF EXAMINATION ............................................... 144
3. OVERALL RATING ......................................................................................... 145
4. RISK RATING .................................................................................................. 145
5. CAMELS RATING ........................................................................................... 148
6. MATTERS REQUIRING ATTENTION ............................................................ 149

SECTION B: CORE ASSESSMENT ..................................................................... 151

7. RISK MANAGEMENT REVIEW .................................................................... 152
8. MANAGEMENT .............................................................................................. 157
9. CAPITAL ADEQUACY ................................................................................... 159
10. ASSET QUALITY ............................................................................................ 161
11. EARNINGS ...................................................................................................... 163
12. LIQUIDITY & FUNDS MANAGEMENT ....................................................... 164
13. SENSITIVITY TO MARKET RISK ................................................................. 166

SECTION C: SUPPLEMENTARY SECTION ....................................................... 167

APPENDIX (I) RISK MATRIX .................................................................................. 168
APPENDIX (II) – SUMMARY OF KEY RATIOS ..................................................... 169
APPENDIX (III) COMPARATIVE INCOME STATEMENTS .................................. 170
APPENDIX (IV) COMPARATIVE BALANCE SHEETS .......................................... 171

SECTION D: SIGNATURES OF DIRECTORS .................................................... 172

143
SECTION A: EXECUTIVE SUMMARY
1 INSTITUTIONAL OVERVIEW

1.1 Omega Banking Corporation Limited (“the bank”, “the institution” or “OBC Limited”) was
established in April 1980 as a commercial bank.

1.2 OBC Limited is owned 100% by OBC Holdings Limited, a company listed on the Galaxia Stock
Exchange. The table below shows the shareholding structure as at 30 June 2006.

Name of Shareholder No. of shares held %

Galaxy National Pension Fund 24,620,000 24.62
Platinum Nominees 20,310,000 20.31
Venus Shipping Company (Private) Limited 17,120,000 17.12
Mercury Industrial Company 15,250,000 15.25
SolarGold Authority Pension Fund 9,700,000 9.70
Other 13,000,000 13.00
Total 100,000,000 100.00

1.3 The previous full scope on-site examination was conducted in June 2005.

1.4 The bank has a total of fifteen branches, seven in Luxia, five in Annexa and three in Fauna.

1.5 Out of the 17 commercial banks operating in Galaxia, OBC Limited had a market share of
1.62% in terms of total deposits, 6.05% in terms of total assets and 5.24% in terms of loans and
advances as at 30 June 2006. The comparative trends in the bank’s market share are depicted
below:

2 OBJECTIVES & SCOPE OF EXAMINATION

2.1 The Central Bank of Galaxia (“Central Bank”) conducted an examination of OBC Limited from
3 July 2006 to 11 July 2006, utilising data as at 30 June 2006.

2.2 The objective of the examination was to assess the condition of the bank using the CAMELS
rating model and Risk Assessment System (RAS). In addition, the examination also evaluated
management’s responsiveness to internal and external audit findings. The bank was also due for
a routine on-site examination.

144
2.3 On the basis of preliminary risk assessment (Risk Matrix and Risk Assessment Narrative), it was
noted that the overall composite risk in all risk categories was high except for foreign exchange
and reputation risk.

2.4 As a result, the examination focused on the following areas:

a) Treasury Operations;
b) Centralized Operations;
c) Branch Operations;
d) Corporate and International Banking;
e) Information Technology;
f) Corporate Governance, Legal and Compliance; and
g) Earnings.

3 OVERALL RATING
a. The following is a summary of the ratings assigned to the bank.

Examination Ratings Previous full scope Current Examination

Examination30 June 2005 30 June 2006
Overall Risk Rating* N/A High
CAMELS Rating 4 5**

*Risk rating of this bank commenced in 2006.

**Composite “5”
This category is reserved for institutions with an extremely high immediate or near term
probability of failure. The volume and severity of weaknesses or unsafe and unsound
conditions are so critical as to require urgent aid from stockholders or other public or
private sources of financial assistance. In the absence of urgent and decisive corrective
measures, these situations will likely result in failure and involve the disbursement of
insurance funds to insured depositors, or some form of emergency assistance, merger or
acquisition.

4 RISK RATING

4.1 The overall composite risk in OBC Limited is considered high and the direction increasing. The
level of overall inherent risk is rated high and the quality of overall risk management systems is
considered weak.

145
4.2 The bank’s risk profile is summarised in the matrix below:

KEY
Level of Inherent Risk
Low – reflects a lower than average probability of an adverse impact on a banking institution’s capital and earnings.
Losses in a functional area with low inherent risk would have little negative impact on the banking institution’s overall
financial condition.
Moderate – could reasonably be expected to result in a loss which could be absorbed by a banking institution in the
normal course of business.
High – reflects a higher than average probability of potential loss. High inherent risk could reasonably be expected to
result in a significant and harmful loss to the banking institution.

Adequacy of Risk Management Systems

Weak – risk management systems are inadequate or inappropriate given the size, complexity and risk profile of the
banking institution. Institution’s risk management systems are lacking in important ways and therefore a cause of more
than normal supervisory attention. The internal control systems will be lacking in important aspects particularly as
indicated by continued control exceptions or by the failure to adhere to written policies and procedures.
Acceptable – management of risk is largely effective but lacking to some modest degree. While the institution might be
having some minor risk management weaknesses, these have been recognised and are being addressed. Management
information systems are generally adequate.
Strong – management effectively identifies and controls all types of risk posed by the relevant functional areas or per
inherent risk. The board and senior management are active participants in managing risk and ensure appropriate polices
and limits are put in place. The policies comprehensively define the bank’s risk tolerance, responsibilities and
accountabilities are effectively communicated.

Overall Composite Risk

Low Risk – would be assigned to low inherent risk areas. Moderate risk areas may be assigned a low composite risk where
internal controls and risk management systems are strong and effectively mitigate much of the risk.
Moderate Risk – risk management systems appropriately mitigate inherent risk. For a given low risk area, significant
weaknesses in the risk management systems may result in a moderate composite risk assessment. On the other hand, a
strong risk management system may reduce the risk so that any potential financial loss from the activity would have only
a moderate negative impact on the financial condition of the organisation.
High Risk – risk management systems do not significantly mitigate the high inherent risk. Thus the activity could
potentially result in a financial loss that would have a significant impact on the bank’s overall condition, even in some
cases where the systems are considered strong.

Direction of Overall Composite

Increasing- based on the current information, composite risk is expected to increase in the next twelve months.
Decreasing – based on current information, composite risk is expected to decrease in the next twelve months.
Stable- based on the current information, composite risk is expected to be stable in the next twelve months.

146
4.3 The overall composite strategic risk is considered high due to a high level of inherent risk and
weak risk management systems. The institution has been operating with a draft strategic plan
since inception. Management has failed to address liquidity, capitalisation and profitability
challenges.

4.4 The overall composite credit risk is considered high on account of a high level of inherent risk
and weak risk management systems. The bank’s weak loan monitoring procedures contributed
towards unacceptably high levels of non-performing loans which have the potential of wiping out
the bank’s capital.

4.5 The overall composite liquidity risk is rated high as a result of a high level of inherent risk and
weak risk management systems. The institution relies on volatile wholesale deposits and expensive
borrowings from the lender of last resort and inter-bank market to cover its huge negative funding
gaps.

4.6 The overall composite interest rate risk is rated high due to a high level of inherent risk and
weak risk management systems. The bank has a high net liability sensitive book, which exposes
the institution to interest rate risk in light of the current high interest rate environment. The bank is
not analysing the impact of changes in interest rates on net interest income and economic value of
equity.

4.7 The overall composite foreign exchange rate risk is considered low on account of a low level
of inherent risk and acceptable risk management systems. The bank’s foreign exchange
transactions are minimal. The policies and procedures do not specify the tools and techniques to
be used in managing foreign exchange risk.

4.8 The overall composite operational risk is considered high as a result of a high level of inherent
risk and weak risk management systems. Information technology related risks are not being
monitored as required in terms of the bank’s operational risk management policy. There are no
policies and procedures for centralised operations. There are weaknesses in internal controls
and management information systems are inadequate.

4.9 The overall composite legal and compliance risk is rated moderate on account of a moderate
level of inherent risk and weak risk management systems. The shareholding structure is irregular
as two non-financial institutional shareholders own more than the stipulated 10% limit. The
institution is not in compliance with the prudential minimum capital adequacy ratio of 10% and the
prudential lending limit of 75% of capital.

4.10 The overall composite reputation risk is rated moderate as a result of a moderate level of
inherent risk and weak risk management systems. The bank’s market share of deposits has
deteriorated since December 2005. The risk management department does not report on reputation
risk issues faced by the bank.

147
5 CAMELS RATING

Component Composite Capital Asset Management Earnings Liquidity Sensitivity to

Rating Adequacy Quality Market Risk
Current Exam
30/06/2006 5 5 4 5 5 4 4
Prior Exam
30/06/2005 4 4 3 3 4 4 -

5.1 As indicated above, the composite CAMELS rating of OBC Limited as at 30 June 2006 was
“5” i.e. critical, a downgrade from “4” i.e. weak rating in the previous on-site examination of
2005, on account of reasons discussed below:

Capital…
5.2 Capital adequacy of the bank was rated “5” i.e. critical due to the following:
a. The bank’s capital adequacy ratio of 3.20%, tier 1 ratio of 2.08% and leverage ratio
of 1.89% as at 30 June 2006 indicate that the institution is critically undercapitalised;
b. The bank has an exposure to adversely classified loans of Peso 734.78 billion that
constitutes 41.8% of the total loan book. In the event of default, the bank’s capital of
Peso 297.17 billion is likely to be completely wiped out.
c. The plan to recapitalise through retained earnings is not feasible since the institution has
been making losses for the past three years.

Asset Quality…
5.3 Asset quality was rated “4” i.e. weak on account of the following:
a) Continual deterioration of the bank’s asset quality as evidenced by the rise in the level of
adversely classified loans to total loans ratio from 30.51% as at 30 June 2005 to 41.8%
as at 30 June 2006. The high level of non-performing loans is mainly attributed to five
connected non-performing and unsecured exposures of Peso500.78 billion.
b) The five connected loans to Y Limited account for 28.49% of the total loan book, and
168.52% of capital base, which is in violation of prudential lending limit of 75%.
c) The bank’s loan portfolio is highly concentrated in the manufacturing sector which constitutes
40.23% of the total loan book. Adverse developments in that sector will negatively affect
the quality of these loans.
d) Improper classification and under provisioning for non-performing loans which resulted in
a provisioning shortfall of Peso178.51 billion.

Management…
5.4 Management was rated “5” i.e. critical on the basis of:
a) Board and senior management oversight over critical challenges being faced by the bank
is considered inadequate. Management has failed to address liquidity and profitability
challenges since 2003 when the bank almost collapsed as a result of a huge exposure to
the now defunct Nexus Investment Company.
b) The bank has been operating with a draft corporate strategic plan since inception.
c) Management Information Systems were considered inadequate with respect to the
reporting requirements of the bank.
d) Management has not addressed some issues raised in the 2004 internal and external audit
reports.

148
 e) The exposure of Peso500.78 billion to five connected loans constitutes 168.52% of the
bank’s capital, in violation of the 75% prudential lending limit.
f) The composition of the Loans Review Committee is in violation of Section 5 (2) of the
Galaxia Banking Regulations. One executive director (Mr. A. Benz), is a member of both
the Loans Review Committee and the Board Credit Committee.

Earnings…
5.5 Earnings were rated “5” i.e. critical on the basis of:
a) Management and board oversight on strategic issues relating to earnings was considered
weak as there are no strategies in place to turn around the bank’s negative earnings position.
b) The bank’s income is skewed towards interest income on money market investments, a
position which is not sustainable and is subject to market volatility.
c) The bank’s earnings position reflects inadequate capacity to fund present and future
operations. The bank reported a net loss of Peso95.26 billion for the five months to May
2006 which deteriorated to Peso160.38 billion for the period to 30 June 2006. Losses
incurred in the six months to 30 June 2006 are further exacerbated by a provisioning
shortfall of Peso178.51 billion, resulting in a net loss of Peso338.89 billion.

Liquidity and Funds Management…

5.6 Liquidity and Funds Management was rated “4” i.e. weak as a result of the following:
a. inadequate risk management tools to identify, measure, monitor and control liquidity risk.
Liquidity benchmarks are not being tracked and stress testing of liquidity positions is not
being done;
b. huge negative funding gaps in the 0-30 day time band amounting to Peso1.64 trillion as at
30 June 2006, which are impacting negatively on the short term liquidity position;
c. continuous reliance on costly inter-bank and lender of last resort facilities;
d. the bank does not have a Contingency Liquidity Plan;
e. the Liquidity Management Committee is supposed to meet on a weekly basis according
to its terms of reference, however the last meeting was held on 3 February 2006; and
f. management information systems are inadequate to manage liquidity risk.

Sensitivity to Market Risk…

5.7 Sensitivity to market risk was rated ‘4’ i.e. weak on the basis of the following:
a) the market risk policy does not have tolerance limits for interest rate and foreign exchange
risk;
b) assets are mainly funded by short term interest rate sensitive liabilities thus exposing the
bank to interest rate risk given the prevailing trend of rising interest rates;
c) no quantitative analysis is carried out on the impact of changes in interest rates on net
interest income and economic value of equity; and
d) the market risk policy is not comprehensive as it does not have stop loss limits on earnings
and economic value of equity at risk.

6 MATTERS REQUIRING ATTENTION

Capital…
6.1 The bank should rationalise the shareholding of Venus Shipping Company and Mercury Industrial
Company which are above the limit of 10% for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.

149
6.2 The bank should immediately raise additional capital to ensure that its capital adequacy ratio
complies with the minimum capital adequacy ratio of 10%.

Asset Quality…
6.3 The bank should immediately downgrade five connected loans of Peso500.78 billion from
substandard to doubtful category, and the resultant additional provisioning requirements should
be effected.

6.4 The five connected loans to Y Limited, which currently constitute 168.52% of the capital base
should be regularised to a limit of 75% as per the provisions of the Banking Regulations, Statutory
Instrument 10/1999.

Management…
6.5 The bank’s corporate strategic plan should be adopted and approved by the board of directors.

6.6 There is need to enhance the reports sent to the board, which currently lack depth in terms of
addressing the bank’s challenges.

6.7 The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. There is a need to ensure independence of the loans review function from
the credit granting process.

6.8 Management should timeously address issues raised by auditors, some of which were raised in
2004. In addition, inadequacies in the interface between Mysis and CompuBank which have
been outstanding since 2003 require management’s attention.

Earnings…
6.9 Management should devise strategies to steer the bank out of the current loss making position.

6.10 The bank’s earnings position has been weakened by high funding costs. Management should
therefore employ strategies to mobilize cheap retail deposits.

Liquidity & Funds Management…

6.11 There should be strategies in place to limit reliance on costly inter-bank and lender of last resort
borrowings to cover the bank’s negative funding gaps.

6.12 Management should expedite the formulation of a Contingency Liquidity Plan.

6.13 The Liquidity Management Committee should meet weekly in accordance with its terms of
reference.

6.14 Management should expedite the implementation of a treasury system to facilitate monitoring
liquidity positions and production of liquidity reports both for management and for ALCO in a
timely and accurate manner.

Sensitivity to Market Risk…

6.15 The board should ensure that the level of market risk accepted by the bank is maintained at
prudent levels and is supported by adequate capital.

6.16 The market risk policy should incorporate limits on earnings at risk and economic value of capital
at risk.

6.17 The bank’s market risk profile should be consistent with the bank’s overall strategies.

150
SECTION B: CORE ASSESSMENT

151
7 RISK MANAGEMENT REVIEW
Risk Management review is an assessment of the financial institution’s risk profile, i.e.; the types and levels of its
inherent risks, the quality of risk management over such risks and the resulting composite risk rating. Basic elements of
a sound risk management system comprise of; active board and senior management oversight, adequate policies, procedures
and limits, adequate risk monitoring and management information system and adequate internal controls. In assessing the
level of inherent risk, concentration is on understanding and identifying the key risk drivers for each risk category.
Assessment of the quality of risk management is guided by the risk management framework with the key components of
board and management oversight, adequate policies, procedures and limits, internal controls and management information
systems. The assessment of composite risk heavily depends on the quantity of inherent risk and adequacy of risk
management systems. The direction of risk should guide board, management and supervisors to devote more time and
resources to those areas where the direction is increasing.

Overall Risk Rating…

7.1 The overall composite risk in OBC Limited is considered high and the direction increasing. The
level of overall inherent risk is rated high and the quality of overall risk management systems is
considered weak.

Strategic Risk...
7.2 The overall composite strategic risk is considered high and the direction is increasing.

7.3 The level of inherent strategic risk is rated high on account of several factors.

7.4 The bank has been operating on a draft corporate strategic plan since inception. The plan does
not have clearly defined objectives, how these will be attained and their specific time frames.

7.5 The bank’s performance remains subdued with a cumulative loss of Peso338.89 billion for the
six months to 30 June 2006, with a capital adequacy ratio of 3.20% as at 30 June 2006, well
below the prudential minimum capital adequacy ratio of 10%.

7.6 The exposure to the now defunct Nexus Investment Company affected the perception of the
institution in the market and hence its difficulties in raising enough cheap deposits to address
liquidity challenges.

7.7 The quality of strategic risk management systems is weak.

7.8 The board and senior management have failed to come up with appropriate long term strategies
to address the bank’s liquidity and profitability challenges.

7.9 Management has failed to reposition the bank after its near collapse in 2003 as evident in the
persistent liquidity and profitability challenges.

Credit Risk…
7.10 The overall composite credit risk is rated high and the direction is increasing.

7.11 The level of inherent credit risk is considered high.

7.12 The bank had a high level of adversely classified loans amounting to Peso734.78 billion, and
constituting 41.8% of its total loan book as at 30 June 2006.

152
7.13 The non-performing and unsecured five connected loans to Y Limited of Peso500.78 billion
constitute 168.52% of capital as at 30 June 2006 which is above the prudential lending limit of
75% and has the potential of wiping out the bank’s capital. In addition, there is no firm repayment
plan for these loans.

7.14 There was under-provisioning for adversely classified loans.

7.15 A number of related party loans were written off without approval of the Board Credit Committee.
Loans to Venus Shipping Company amounting to Peso100 billion were written off in December
2005 without board approval.

7.16 The quality of credit risk management systems is weak.

7.17 Decision making on the approval of some related party loans is centralised on one individual, the
executive director for corporate banking. This is against the bank’s credit policy which stipulates
that any loans to related parties should be sanctioned by the Board Credit Committee. For
example, facilities to Mrs. Benz and Mercury Investment Company amounting to Peso250 billion
were sanctioned by the corporate banking director.

7.18 There is no evidence that security was obtained and perfected as required by the respective
facility letters in the case of Lolita Industries, Pluto Coal Merchants, Casio (Private) Limited,
Sharp Farming (Private) Limited and Kudu Trucking Services.

Liquidity Risk…

7.19 The overall composite liquidity risk is high and the direction is increasing.

7.20 The level of inherent liquidity risk is high.

7.21 The bank has been relying on expensive borrowings from the lender of last resort and inter-bank
market to cover its positions. For the month of June 2006, the bank borrowed a total of Peso3.56
trillion from the Central Bank and Peso1.16 trillion from the inter-bank market.

7.22 The bank had cumulative negative funding gaps as at 30 June 2006 of Peso1.64 trillion, Peso565.53
billion and Peso215.16 billion in the 0-30 day, 0-90 day and 0-365 day time bands respectively.

7.23 The bank’s funding structure is skewed towards volatile and market sensitive wholesale deposits
which accounted for 66.96% of total deposits as at 30 June 2006. This is in contrast with the
core funding structure of commercial banks which relies largely on cheaper retail deposits.

7.24 The bank’s liquidity challenges have been worsened by funding non-performing loans of
Peso734.78 billion as at 30 June 2006.

7.25 The quality of liquidity risk management is rated weak.

7.26 Liquidity Management Committee meetings were not being held weekly as stipulated in the terms
of reference. The last meeting was held on 3 February 2006.

153
7.27 The bank does not have a Contingency Liquidity Plan.

7.28 Deliberations during ALCO meetings are mainly centred on the short-term trading strategies
rather than on long-term strategies for addressing persistent liquidity challenges.

7.29 There is no management information system to produce liquidity gap reports. The examination
noted some casting errors in weekly liquidity gap reports prepared since 10 March 2006 which
resulted in the size of the overall liquidity gap being underestimated.

7.30 The bank does not make use of internal benchmarks to monitor liquidity risk such as liquidity
cumulative limits, loans to deposits limits, and deposit concentration limits.

7.31 The bank is not conducting stress testing on liquidity positions to assess its vulnerability to liquidity
risk.

Interest Rate Risk…

7.32 Overall composite interest rate risk is rated high and the direction is increasing.

7.33 The level of inherent interest rate risk is high.

7.34 The bank had a net liability interest rate sensitive book of Peso1.35 trillion (18.11% of total
assets) over three months and of Peso267.60 billion (3.58% of total assets) over 12 months as
at 30 June 2006. Given the general increase in interest rates there is a high probability that the
bank’s earnings will be eroded if interest rates rise.

7.35 The quality of interest rate risk management systems is weak.

7.36 The quality of deliberations at board and ALCO meetings is weak as there is minimal coverage of
interest rate risk issues. There are no strategies in place to manage the bank’s exposure to
interest rate risk.

7.37 The market risk management policy does not explicitly cover all sources of interest rate risk viz
yield curve risk, basis risk, re-pricing risk and optional risk.

7.38 The bank’s market risk policy does not have stop loss limits on earnings and economic value of
equity at risk. The absence of limits on earnings and capital at risk therefore implies that interest
rate risk is not being effectively measured, monitored and controlled.

7.39 There is no analysis being carried out to show the impact of changes in interest rates on net
interest income and economic value of equity.

7.40 The bank does not conduct stress testing analyses to assess the bank’s vulnerability to interest
rate risk.

Foreign Exchange Risk…

7.41 Overall composite foreign exchange risk is rated low and the direction is stable.

154
7.42 The level of inherent foreign exchange risk is low due to the low level of foreign exchange
transactions.

7.43 The quality of foreign exchange risk management systems is acceptable.

7.44 The policies and procedures are considered inadequate as they do not specify the tools and
techniques to be used in managing foreign exchange risk.

Operational Risk…

7.45 The overall composite operational risk is rated high and the direction is increasing.

7.46 The level of inherent operational risk is considered high.

7.47 The bank is exposed to operational risk as a result of the following internal control weaknesses:

7.47.1There is no documentary evidence that hardware maintenance is carried out in line with vendor
requirements increasing the possibility of lapses in the maintenance cycle. This increases the risk
of equipment failure.

7.47.2The bank does not have a disaster recovery site that serves as a back-up of electronic data.

7.47.3There is a high staff turnover in the Centralised Operations, with a total of 26 resignations during
2005. Staff exodus disrupts business continuity.

7.47.4Some dormant accounts were being held for more than a year in breach of the bank’s policy
which requires such accounts to be closed after a year.

7.47.5 Branch overnight cash holding limits were being constantly exceeded. This was prevalent at five
branches in Luxia and three branches in Annexa. This exposes the bank to financial loss in the
event of theft as the excess cash is uninsured.

7.47.6The core banking system, Mysis, cannot process high value transactions or maintain balances
above Peso100 billion. This renders the monitoring of system limits ineffective.

7.48 The quality of operational risk management systems is weak.

7.49 The procedure manuals for centralised operations and compliance risk management are yet to be
adopted and approved by the board.

7.50 There are system interface challenges between the reporting system, CompuBank, and the core
banking system Mysis. The balances reported by the two systems are different and have to be
reconciled manually thereby increasing the risk of human errors.

7.51 The bank does not have a telephone recording system in the Treasury department. The bank may
find it difficult to settle disputes arising from telephonically confirmed deals.

7.52 There is no asset and liability management system and reports pertaining to liquidity and interest
rate risk management are being produced manually. This exposes the bank to human error.

7.53 Most of the business units are not submitting operational risk management returns, such as Key
Control Standards and Key Risk Indicators to the risk department.

155
Legal and Compliance Risk…

7.54 The overall composite risk is moderate and the direction is stable.

7.55 The level of inherent legal and compliance risk is moderate.

7.56 The shareholding structure is irregular as two non-financial institutional shareholders Venus
Shipping Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.

7.57 The bank is not in compliance with the prudential minimum capital adequacy ratio of 10% as its
capital adequacy ratio was 3.20% as at 30 June 2006.The exposure to five connected loans to
Y Limited, which constitutes 168.52% of the bank’s capital, is in excess of the 75% prudential
lending limit as prescribed by the Banking Regulations S.I. 10 of 1999.

7.58 The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director, Mr. A. Benz, is a member of both the Board Credit
Committee and the Loans Review Committee.

7.59 The bank has been executing foreign exchange transactions without Central Bank approval. For
example, the bank invested Euro 2 million on 26 April 2006 on behalf of Leopard Travel Company,
without exchange control approval.

7.60 The quality of legal and compliance risk management systems is weak.

7.61 The institution does not have a formal compliance risk management framework. There are no
documents that enable the institution to assess compliance risk.

7.62 Weekly compliance reviews were last conducted on 20 December 2005, and no monthly and
quarterly reviews have been done since the beginning of 2006. This heightens the bank’s exposure
to compliance risk.

Reputation Risk…

7.63 The overall composite risk is moderate and the direction is stable.

7.64 The level of inherent reputation risk is moderate.

7.65 The bank’s reputation was negatively affected by the exposure to the collapsed Nexus Investment
Company in 2003 which currently makes deposit mobilisation difficult as investors are still
concerned about the security of their funds if placed with the bank.

7.66 The bank’s market share in terms of total deposits has not significantly improved since 2005.
This is indicative of the continuing negative perception of the institution.

7.67 The quality of reputation risk management systems is weak.

7.68 The bank has not devised meaningful strategies to improve its market and public perception.

7.69 The bank does not have a corporate communication policy which covers procedures for internal
and external communication.

156
8 MANAGEMENT
Management is evaluated against all factors necessary to operate the bank in a safe, sound manner and in accordance with
acceptable practices. Consideration is given to technical competence, leadership, and administrative ability; compliance
with regulations and guidelines; ability to plan and respond to changing circumstances; effectiveness of management
information systems; adequacy of and compliance with internal policies; responsiveness to recommendations from
auditors and supervisory authorities; tendencies towards self dealing; demonstrated willingness to serve the legitimate
banking needs of the community; and management depth and succession. In addition, consideration is given to the extent
that management is affected by or susceptible to dominant influences or concentrations of authority.

8.1 Management was rated "5" i.e. critical.

8.2 Board and senior management oversight over critical challenges being faced by the bank is
considered inadequate. Management has failed to address liquidity and profitability challenges
since 2003 when the bank almost collapsed as a result of a huge exposure to the now defunct
Nexus Investment Company.

8.3 The bank has been operating with a draft corporate strategic plan since inception. The plan does
not have clearly defined objectives, how these will be attained and their specific time frames. This
is a clear indication that the board of directors is not involved in charting the strategic direction of
the bank, which thus limits its oversight on the operations of the bank.

8.4 Reports sent to the board lack depth in terms of assisting directors make decisions to address the
bank's capital, earnings and liquidity challenges. Deliberations at board meetings do not reflect
the gravity of the challenges.

8.5 The institution has failed to comply with the 75% prudential lending limits as prescribed by the
Banking Regulations Statutory Instrument 10 of 1999 as the exposure to five connected loans to
Y Limited, which constitute 168.52% of the bank's capital, is in excess of that limit.

8.6 Mr. A. Benz, an executive director, is a member of both the Board Credit Committee and the
Loans Review Committee in violation of Section 5 (2) of the Galaxia Banking Regulations.

8.7 The shareholdings of Venus Shipping Company and Mercury Industrial Company are above the
limit of 10% for non-financial institutions as stipulated under Section 1 (7) of the Galaxia Banking
Regulations.

8.8 Management Information Systems were considered inadequate with respect to the reporting
requirements of the bank. The examination noted that the balances produced by Mysis and
CompuBank are different due to inadequacies in the interface between the two systems. This
challenge has been outstanding since 2003 and may result in inappropriate decisions being made
due to management's reliance on inaccurate information.

8.9 The bank has been executing foreign currency transactions without exchange control approval.

8.10 The bank is exposed to a number of internal control weaknesses. The credit policy and the back
office procedure manuals have not been reviewed since January 2000, despite fundamental
changes in the macroeconomic environment. It was also noted that the bank was not making use
of limits and benchmarks as stated in the treasury policies. Absence of adequate operational
policies limits management's capacity to manage operational risk.

157
8.11 Management's responsiveness to recommendations from internal auditors is considered
inadequate. Management has not fully addressed some of the issues raised in the 2004 internal
audit reports. Major issues raised in Information Technology included employees having multiple
accounts on the Mysis System, dormant user accounts, user accounts for employees who have
resigned from the bank, and permitting a single user to be the imputer and authorizer.

158
9 CAPITAL ADEQUACY

Capital adequacy is evaluated in relation to supervisory guidelines; overall financial condition; the nature, trend, and
volume of marginal and sub-quality assets; intangibles; off-balance sheet activities, and earnings; balance sheet composition,
interest rate risk, concentration risk, and non traditional activity risk, growth trends and prospects; and the strength of
management. Additional consideration is given to retention of earnings and overall interest-rate risk in light of capital
needs; reasonableness of dividends; access to external sources of capital and other appropriate sources of financial
assistance; and plans for maintaining adequate capital and for correcting deficiencies.

9.1 Capital adequacy of the bank was rated "5" i.e. critical.

9.2 The bank's capital adequacy ratio of 3.20%, tier 1 ratio of 2.08% and leverage ratio of 1.89%
as at 30 June 2006 are below the prudential minimum ratios and indicate that the institution is
critically undercapitalised and is relying on borrowings to fund asset growth.

9.3 The bank reported a loss of Peso160.38 billion for the six month period ended 30 June 2006.
This however, deteriorated to Peso338.89 billion after factoring a provisioning shortfall of
Peso178.51 billion. This consequently depleted the bank's net capital base of Peso297.17 billion
to Peso118.66 billion. Therefore the bank's plan to recapitalise through retained earnings is not
feasible in light of these losses.

9.4 The bank is highly exposed to concentration risk as the three largest exposures amounting to
Peso839.01 billion, are three times the net capital base. The five connected exposures to Y
Limited amounting to Peso500.78 billion and constituting 28.49% of the total loan book were
reclassified doubtful. In the event of default, the bank's capital base will be completely eroded.

9.5 The amounts owing to the Central Bank constituted 32.57% of the total balance sheet as at 30
June 2006. This shows that the bank is relying on lender of last resort facilities for its funding.
Given the punitive interest rates of such facilities, the bank is likely to continue incurring huge
losses and ultimately erode its capital base.

9.6 In order to meet the minimum capital adequacy ratio of 10%, the institution needs to inject
Peso631.49 billion immediately.

Stress Testing Results…

9.7 The bank's capital is highly susceptible to concentration risk. If the three largest exposures default,
the capital adequacy ratio will decline to negative 7.94%.

9.8 Further stress testing results established that the bank's capital adequacy ratio is exposed to
combined credit, interest rate, foreign exchange shocks as indicated below:

Shock Level Performing loans Devaluation Interest rate Combined

50% 50% 50% %
Capital adequacy ratio
before shock 3.20% 3.20% 3.20% 3.20%
Increase in provisions Peso224.39 b - - -
Impact on earnings -
profit/(loss) (Peso224.39 b) - (Peso662.07 b) -
Resultant CAR (1.83%) 5.74% (11.62)% (11.76%)

159
9.9 Given the current balance sheet structure, a combined shock of 50% of performing loans becoming
non-performing loans, 50% depreciation of the Peso and increase in interest rates by 50 percentage
points indicates that the capital adequacy ratio would significantly decline from the current 3.20%
to negative 11.76%.

160
10 ASSET QUALITY

Asset Quality is evaluated in relation to the level, distribution, trend and severity of asset classifications; the level,
composition, and trend of past due, non-accrual, and non-performing loans; the adequacy of provision for bad debts; and
the demonstrated ability to administer and collect problem credits and the general economic environment. In addition, the
quality of investments, the adequacy of investment policies, trading account activities, as well as the volumes associated
with off-balance sheet items, are assessed. Also considered are any unusual concentrations of credits; investments and
transfer risk, trend and volume of assets listed for special mention; criticised or classified loans to insiders or their related
interests; volume and quality of participation; and the effectiveness of lending policies and credit administration procedures.

10.1 Asset quality was rated "4" i.e. weak.

10.2 Asset quality was considered weak with high level of adversely classified loans constituting 41.80%
of the bank's total loan book of Peso1.76 trillion as at 30 June 2006.

10.3 The high level of adversely classified loans is largely attributed to a non-performing and unsecured
exposure to five connected borrowers amounting to Peso500.78 billion. As at 30 June 2006, this
exposure constituted 28.49% of the bank's total loans, and 168.52% of the bank's capital base,
which is in violation of the prudential lending limit of 75% prescribed under the Banking Regulations,
Statutory Instrument 10/1999.

10.4 The examination covered 70% of the total loan book and established the following classifications
as at 30 June 2006:

30-Jun-06 % of total
Category 31-Dec-05 31-Mar-06 (Peso billion) loan book
Pass 63.25% 30.27% 350.70 19.95%
Special Mention 22.00% 55.91% 672.36 38.25%
Sub-standard 3.06% 8.48% 73.00 4.15%
Doubtful 6.67% 4.36% 602.78 34.29%
Loss 5.02% 0.98% 59.00 3.36%
Total 100.00% 100.00% 1,757.84 100.00%

10.5 Loans with significant risk (i.e. classified doubtful to loss) aggregated Peso661.78 billion and
constituted 37.65% of the total loan book. The exposure to five connected loans constituted the
bulk of loans with significant risk, and there is no repayment plan for these loans. For the remainder
loans in this category, repayment is no longer from primary sources but secondary sources (i.e.
pledged security).

10.6 The special mention category of 38.25% largely consists of loans to the manufacturing sector.
The loans are generally performing and adequately secured. Proportion of loans in special mention
decreased from 55.91% to 38.25% as a result of the migration of five connected loans from
special mention to the doubtful category.

10.7 The bank is not properly classifying its loan book as per the provisions of Banking Regulations,
Statutory Instrument 10/1999. The bank had classified the five connected loans as substandard,
when in fact they are in the doubtful category, as they are not performing, capital has not been
repaid since the loan was advanced in February 2004, and payments up to October 2005 were
insufficient to cover the interest obligation. From November 2005 onwards, no repayments in
respect of capital and interest were made.

161
10.8 As a result of the reclassification of the five connected loans, the examination determined a
provisioning shortfall of Peso178.51 billion as at 30 June 2006.

10.9 While the bank is in the process of securing a holding company guarantee for the five connected
loans, this exposure heightens liquidity risk as the bank is largely funding its assets using expensive
inter-bank and lender of last resort facilities as discussed earlier.

10.10 Concentration risk was considered high. The institution's exposure to the five connected loans
constituted 168.52% of the bank's capital base, and 28.49% of the bank's total loan book. If the
five connected loans remain delinquent, they have the potential to impact negatively on the banks
solvency and going concern, by eroding the bank's capital base of Peso297.17 billion.

10.11 Sectorial concentration risk was also high. The bank has a high concentration of loans to the
manufacturing sector, which constituted 40.23% of the loan portfolio as at 30 June 2006. The
manufacturing loans are however, performing and adequately provided for.

10.12 Credit underwriting standards are not adhered to as decision making on the approval of loans to
related parties is centralised on the executive director for corporate banking. This has contributed
to significant loans to related parties being written off.

10.13 The bank did not perfect security as required in the facility letters as detailed below:

Client Outstanding Security

Lolita Industries • Limited Guarantee for Peso30 billion
by Lolita Holdings
Pluto Coal Merchants • NGCB for Peso15 billion.
• Second mortgage bond of Peso 10 billion
over a commercial property in Annexa.
Casio (Private) Limited • First surety bond of 10 billion over a
residential property in Luxia.
• Directors' Unlimited guarantees.
.
Stress Testing Results…

10.14 The examination established that the bank is vulnerable to deterioration in asset quality depicted
by the stress testing results below:

10.15 The stress testing results for migration of performing loans to non- performing loans reflect that
capital adequacy ratio will become negative given a 25% movement due to the extra provisions
of Peso142.25 billion.

162
11 EARNINGS
Earnings are evaluated in relation to the ability to support present and future operations, cover losses, and provide for
adequate capital. The level and trend of profits/losses, the quality and composition of net income, the strength of net
interest margin, the vulnerability to changes in economic conditions and rate scenarios are considered. Consideration is
also given to the adequacy of provisions to loan losses, compliance with proper accounting procedures, and the extent to
which extraordinary items, securities transactions, premises sale/leasebacks, tax effects and other nonrecurring transactions
contribute to net income.

11.1 The bank's earnings were rated "5" i.e. critical.

11.2 The bank's earnings position reflects inadequate capacity to fund present and future operations.
The bank reported a net loss of Peso95.26 billion in May 2006 which worsened to Peso160.38
billion in June 2006. Losses incurred in the month of June 2006 are further exacerbated by a
provisioning shortfall of Peso178.51 billion, resulting in a net loss of Peso338.89 billion.

11.3 Under the circumstances, the bank will have to rely on equity injection by shareholders rather
than organic growth to satisfy regulatory capital requirements.

11.4 The examination established that there is inadequate board and management oversight over the
bank's operations. It was noted that deliberations at the bank's board meetings pay scant attention
to strategic issues that relate to improvement of the bank's earnings position.

11.5 The table below summarises the bank's key earnings indicators:

11.6 The bank's return on assets (ROA) and return on equity (ROE) were generally negative since
2003. This was due to negative returns attributable to high funding costs on inter-bank borrowings
and overnight accommodation from the central bank.

11.7 Cumulative funding by way of inter-bank borrowings and overnight accommodation amounted
to Peso1.16 trillion and Peso3.56 trillion respectively, against a balance sheet of Peso10.93
trillion as at 30 June 2006.

11.8 The examination noted that the non-performing five connected loans to Y Limited which constitute
28.49% of total loan book are on a non-accrual basis and are therefore not contributing to the
bank's income.

11.9 The changes to the bank's accounting policies and procedures have not been reviewed by the
board since 1999, which indicates inadequate board oversight over the accounting policies.

163
12 LIQUIDITY & FUNDS MANAGEMENT

Liquidity and funds management are evaluated in relation to the overall effectiveness of asset and liability management,
degree of deposit concentration, existence and adequacy of contingent funding plans, and general economic environment.
Consideration is given to the composition and stability of deposits; the availability of funds and the degree and trend of
reliance on short-term, volatile sources of funds, the nature, trend, and volume of off-balance sheet activities; and interest
rate risk management.

12.1 Liquidity and funds management was rated "4" i.e. weak.

12.2 The bank has experienced liquidity challenges since the year 2003. These challenges have not
been resolved as the bank continues to fund its operations using expensive inter-bank and lender
of last resort facilities as it has been failing to raise cheap retail deposits because of the continuing
negative perception in the market.

12.3 There is no indication of a clear long term strategy from monthly ALCO deliberations on how the
bank intends to address the persistent liquidity challenges.

12.4 ALCO meetings do not review the bank's profitability on a monthly basis against budgets as
stated in the ALCO terms of reference.

12.5 Liquidity Management Committee meetings are not being held weekly as stipulated in the terms
of reference. The last meeting was held on 3 February 2006. This limits management oversight
over liquidity issues.

12.6 A review of board minutes revealed that there were no deliberations on the funding structure of
the bank which is relying on costly sources of funds such as Central Bank accommodation and
borrowings from the inter-bank market.

12.7 The bank does not have a Contingency Liquidity Plan. There is thus no road map on the procedures
to be taken in the event of a liquidity crisis.

12.8 The bank does not have a management information system for liquidity risk management. The
bank has been producing gap reports manually, making them prone to errors and manipulation
and do not provide an audit trail.

12.9 The bank is relying on wholesale deposits, which constitute 66.96% of total deposits valued at
Peso7.59 trillion as at 30 June 2006. Wholesale funds are volatile and therefore pose greater
liquidity risk to a banking institution.

12.10 Due to the volatility of the wholesale deposits, the bank has had to borrow overnight from the
Central Bank and the inter-bank market to cover its negative position. The cumulative monthly
borrowings from the Central Bank as at 30 June 2006 are shown in the table below:

164
 Central Bank Borrowings
Month in 2006 Amount (Peso bn) Rate (%) No. of Days
January 306.93 50 5
February 1,497.20 50 20
March 560.50 50 10
April 784.36 50 13
May 1,752.29 50 22
June 3,563.98 50 19

12.11 The bank's top twenty depositors amounted to Peso3.95 trillion constituting 52.04 % of total
deposits as at 30 June 2006. The deposits are short-term (mainly 7 days) and therefore expose
the bank to liquidity risk in view of the volatile market conditions.

12.12 The monthly liquidity gap report for six months ended 30 June 2006 is shown below:

Liquidity Gap in Peso (billions)

Month 0-30 Days 0-90 Days 0-180 Days 0-364 Days 0-728 Days 728 Days+
Jan -530.409 -455.62 -65.67 391.38 543.4 543.4
Feb -594.583 -484.231 -14.256 330.099 467.236 469.15
March -992.629 -969.947 -385.055 1.298 144.353 146.949
April -771.65 -746.504 37.763 304.612 451.946 455.488
May -1,780.11 -1,135.11 -374.924 98.043 306.944 310.486
June -1,644.42 -565.532 -449.372 -215.16 -35.101 -31.823

12.13 The negative gap in the 0-30 day time band arose from the purchase of 720 day Bankers'
Acceptances worth Peso4.50 trillion at face value using short term liabilities.

12.14 The bank is also funding non performing loans which amounted to Peso734.78 billion as at 30
June 2006. This has heightened the bank's liquidity challenges.

12.15 The bank is not conducting stress testing on liquidity positions to assess its vulnerability to liquidity
risk.

165
13 SENSITIVITY TO MARKET RISK

Sensitivity to market risk reflects the degree to which changes in interest rates, foreign exchange rates, commodity prices,
or equity prices can adversely affect earnings or the economic value of capital; the ability of management to identify,
measure, monitor, and control exposures to market risk given the bank's size, complexity, and risk profile; the nature and
complexity of interest rate risk exposure arising from non-trading positions; and, where appropriate, the nature and
complexity of interest rate risk arising from trading and foreign operations.

13.1 Sensitivity to market risk was rated '4' i.e. weak.

13.2 Board and senior management oversight on interest rate risk and foreign exchange risk is inadequate
on account of:
13.2.1the market risk policy does not have stop loss limits on earnings and economic value of
equity at risk; and
13.2.2no quantitative analysis is carried out on the impact of changes in interest rates on the
bank's net income and economic value of equity.

13.3 Policies and procedures for foreign exchange risk management are deficient as they do not
specify the tools and techniques for managing foreign exchange risk.

13.4 The bank is exposed to high repricing risk as reflected by a huge net liability sensitive book of
Peso1.35 trillion and Peso267.60 billion over three months and 12 months respectively as at 30
June 2006.

13.5 Given that assets were mainly funded by short-term wholesale deposits and inter-bank borrowings,
a worst case scenario of 100% increase in interest rates would reduce the bank's net income and
capital by Peso631.04 billion and Peso635.81billion respectively.

13.6 The table below shows the impact of interest rate changes on the bank's capital and net income
at various levels of shocks as per the Central Bank model using the underlying assumptions.
• Wholesale deposits will reprice faster than assets
• Loans and other assets will be repaid in terms of their contractual agreements
• Balance sheet structure will remain unchanged.

166
SECTION III: SUPPLEMENTARY SECTION

167
 14 APPENDIX 1 – DETAILED RISK MATRIX

168
15. APPENDIX 11 - SUMMARY OF KEY RATIOS

169
16. APPENDIX 111 - INCOME STATEMTENTS

170
17. APPENDIX 1V - COMPARATIVE BALANCE SHEETS

171
SECTION IV: SIGNATURES OF DIRECTORS

172
ACKNOWLEDGEMENT FORM
To the Senior Division Chief, Bank Supervision,
Central Bank of Galaxia:

We, the undersigned members of the Board of Directors of Omega Banking Corporation, do hereby
certify and acknowledge by affixing our signatures below that each of us has personally read, reviewed,
and is familiar with the Report of Examination conducted from 3 July 2006, to 11 July 2006. (Signing
this form does not mean that you agree with information or conclusions embodied in the report, but only
you have received, read, and are familiar with the contents of the report).

................................... .................................
(Name of Director) (Signature of Director)

................................... ....................................
(Name of Director) (Signature of Director)

.................................. ...................................
(Name of Director) Signature of Director)

............................... ..................................
(Name of Director) (Signature of Director)

.................................. .....................................
(Name of Director) (Signature of Director)

......................................... ........................................
(Name of Director) (Signature of Director)

................................... ........................................
(Name of Director) (Signature of Director)

....................................... ........................................
(Name of Director) (Signature of Director)

173
ACKNOWLEDGEMENTS
1. Comptroller of the Currency Administrator of National Banks(OCC), “Large Bank Supervision
Handbook”, May 2001].

2. Hong Kong Monetary Authority, “Risk-based Supervisory Approach”, October 2001.

3. Federal Reserve System, “Framework for Risk-Focused Supervision of Large Complex

Institutions”, August 1997

4. Office of Thrift Supervision, “Holding Companies Handbook”, July 2004.

5. Bank Negara Malaysia, “Risk-Based Supervision Framework”, [no date].

174
BANK LICENSING, SUPERVISION & SURVEILLANCE’S
CORE FUNCTIONS
a) Licensing and de-licensing of banking and non-banking financial institutions.

b) Conduct On-site and Off-site supervision (and investigations) of banking and non-bank
institutions on a Solo as well as on a Consolidated basis.

c) Enhancing framework and perfecting the practice of Risk-Based Supervision and Consolidated
Supervision.

d) Enhance framework for Financial Stability, Early Warning Systems, Stress Testing, and
Problem Bank Resolution.

e) Monitoring compliance with laws and regulations; and enforcing quality assurance in the
supervisory process.

f) Conduct research and improve risk management practices within Reserve Bank of Zimbabwe
and the market.

g) Fostering co-operation and effective liaison with other regulatory authorities on the domestic
and international arena.

Our motto: In God we trust, others we verify.

175
NOTES

176