1. Capital adequacy

Principle 6: Banking supervisors must set prudent and appropriate minimum capital adequacy requirements for all banks. Such requirements should reflect the risks that the banks undertake, and must define the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, these requirements must not be less than those established in the Basle Capital Accord and its amendments.

Equity capital serves several purposes: it provides a permanent source of revenue for the shareholders and funding for the bank; it is available to bear risk and absorb losses; it provides a base for further growth; and it gives the shareholders reason to ensure that the bank is managed in a safe and sound manner. Minimum capital adequacy ratios are necessary to reduce the risk of loss to depositors, creditors and other stakeholders of the bank and to help supervisors pursue the overall stability of the banking industry. Supervisors must set prudent and appropriate minimum capital adequacy requirements and encourage banks to operate with capital in excess of the minimum. Supervisors should consider requiring higher than minimum capital ratios when it appears appropriate due to the particular risk profile of the bank or if there are uncertainties regarding the asset quality, risk concentrations or other adverse characteristics of a bank's financial condition. If a bank's ratio falls below the minimum, banking supervisors should ensure that it has realistic plans to restore the minimum in a timely fashion. Supervisors should also consider whether additional restrictions are needed in such cases.

In 1988, the member countries of the Basle Committee on Banking Supervision agreed to a method of ensuring a bank's capital adequacy. Many other countries have adopted the Capital Accord or something very close to it. The Accord addresses two important elements of a bank's activities: (1) different levels of credit risk inherent in its balance sheet and (2) off-balance sheet activities, which can represent a significant risk exposure.

The Accord defines what types of capital are acceptable for supervisory purposes and stresses the need for adequate levels of "core capital" (in the accord this capital is referred to as tier one capital) consisting of permanent shareholders' equity and disclosed reserves that are created or maintained by appropriations of retained earnings or other surplus (e.g. share premiums, retained profit, general reserves and reserves required by law). Disclosed reserves also include general funds that meet the following criteria: (1) allocations to the funds must be made out of post-tax retained earnings or out of pre-tax earnings adjusted for all potential tax liabilities; (2) the funds and movements into or out of them must be disclosed separately in the bank's published accounts; (3) the funds must be available to a bank to meet losses; and (4) losses cannot be charged directly to the funds but must be taken through the profit and loss account. The Accord also acknowledges other forms of supplementary capital (referred to as tier two capital), such as other forms of reserves and hybrid capital instruments that should be included within a system of capital measurement.

The Accord assigns risk weights to on- and off-balance sheet exposures according to broad categories of relative riskiness. The framework of weights has been kept as simple as possible with only five weights being used: 0, 10, 20, 50 and 100%.

The Accord sets minimum capital ratio requirements for internationally active banks of 4% tier one capital and 8% total (tier one plus tier two) capital in relation to risk-weighted assets. These requirements are applied to banks on a consolidated basis. It must be stressed that these ratios are considered a minimum standard and many supervisors require higher ratios or apply stricter definitions of capital or higher risk weights than set out in the Accord.

2. Credit risk management

1. Credit-granting standards and credit monitoring process

   Principle 7: An essential part of any supervisory system is the evaluation of a bank's policies, practices and procedures related to the granting of loans and making of investments and the ongoing management of the loan and investment portfolios.

   Supervisors need to ensure that the credit and investment function at individual banks is objective and grounded in sound principles. The maintenance of prudent written lending policies, loan approval and administration procedures, and appropriate loan documentation are essential to a bank's management of the lending function. Lending and investment activities should be based on prudent underwriting standards that are approved by the bank's board of directors and clearly communicated to the bank's lending officers and staff. It is also critical for supervisors to determine the extent to which the institution makes its credit decisions free of conflicting interests and inappropriate pressure from outside parties.

   Banks must also have a well-developed process for ongoing monitoring of credit relationships, including the financial condition of borrowers. A key element of any management information system should be a data base that provides essential details on the condition of the loan portfolio, including internal loan grading and classifications.

2. Assessment of asset quality and adequacy of loan loss provisions and reserves

   Principle 8: Banking supervisors must be satisfied that banks establish and adhere to adequate policies, practices and procedures for evaluating the quality of assets and the adequacy of loan loss provisions and loan loss reserves.

   Supervisors should assess a bank's policies regarding the periodic review of individual credits, asset classification and provisioning. They should be satisfied that these policies are being reviewed regularly and implemented consistently. Supervisors should also ensure that banks have a process in place for overseeing problem credits and collecting past due loans. When the level of problem credits at a bank is of concern to the supervisors, they should require the bank to strengthen its lending practices, credit-granting standards, and overall financial strength.

   When guarantees or collateral are provided, the bank should have a mechanism in place for continually assessing the strength of these guarantees and appraising the worth of the collateral. Supervisors should also ensure that banks properly record and hold adequate capital against off-balance sheet exposures when they retain contingent risks.

3. Concentrations of risk and large exposures

   Principle 9: Banking supervisors must be satisfied that banks have management information systems that enable management to identify concentrations within the portfolio and supervisors must set prudential limits to restrict bank exposures to single borrowers or groups of related borrowers.

   Banking supervisors must set prudential limits to restrict bank exposures to single borrowers, groups of related borrowers and other significant risk concentrations. These limits are usually expressed in terms of a percentage of bank capital and, although they vary, 25% of capital is typically the most that a bank or banking group may extend to a private sector non-bank borrower or a group of closely related borrowers without specific supervisory approval. It is recognised that newly-established or very small banks may face practical limits on their ability to diversify, necessitating higher levels of capital to reflect the resultant risk.

   Supervisors should monitor the bank's handling of concentrations of risk and may require that banks report to them any such exposures exceeding a specified limit (e.g., 10% of capital) or exposures to large borrowers as determined by the supervisors. In some countries, the aggregate of such large exposures is also subject to limits.

4. Connected lending

   Principle 10: In order to prevent abuses arising from connected lending, banking supervisors must have in place requirements that banks lend to related companies and individuals on an arm's-length basis, that such extensions of credit are effectively monitored, and that other appropriate steps are taken to control or mitigate the risks.

   Banking supervisors must be able to prevent abuses arising from connected and related party lending. This will require ensuring that such lending is conducted only on an arm's-length basis and that the amount of credit extended is monitored. These controls are most easily implemented by requiring that the terms and conditions of such credits not be more favourable than credit extended to non-related borrowers under similar circumstances and by imposing strict limits on such lending. Supervisors should have the authority, in appropriate circumstances, to go further and establish absolute limits on categories of such loans, to deduct such lending from capital when assessing capital adequacy, or to require collateralisation of such loans. Transactions with related parties that pose special risks to the bank should be subject to the approval of the bank's board of directors, reported to the supervisors, or prohibited altogether. Supervising banking organisations on a consolidated basis can in some circumstances identify and reduce problems arising from connected lending.

   Supervisors should also have the authority to make discretionary judgements about the existence of connections between the bank and other parties. This is especially necessary in those instances where the bank and related parties have taken measures to conceal such connections.

5. Country and transfer risk

   Principle 11: Banking supervisors must be satisfied that banks have adequate policies and procedures for identifying, monitoring and controlling country risk and transfer risk in their international lending and investment activities, and for maintaining appropriate reserves against such risks.

3. Market risk management

Principle 12: Banking supervisors must be satisfied that banks have in place systems that accurately measure, monitor and adequately control market risks; supervisors should have powers to impose specific limits and/or a specific capital charge on market risk exposures, if warranted.

Banking supervisors must determine that banks accurately measure and adequately control market risks. Where material, it is appropriate to provide an explicit capital cushion for the price risks to which banks are exposed, particularly those arising from their trading activities. Introducing the discipline that capital requirements impose can be an important further step in strengthening the soundness and stability of financial markets. There should also be well-structured quantitative and qualitative standards for the risk management process related to market risk. Banking supervisors should also ensure that bank management has set appropriate limits and implemented adequate internal controls for their foreign exchange business.

4. Other risk management

Principle 13: Banking supervisors must be satisfied that banks have in place a comprehensive risk management process (including appropriate board and senior management oversight) to identify, measure, monitor and control all other material risks and, where appropriate, to hold capital against these risks.

Risk management standards are a necessary element of banking supervision, and increasingly important as financial instruments and risk measurement techniques become more complex. Moreover, the effect of new technologies on financial markets both permits and requires many banks to monitor their portfolios daily and adjust risk exposures rapidly in response to market and customer needs. In this environment, management, investors, and supervisors need information about a bank's exposures that is correct, informative, and provided on a timely basis. Supervisors can contribute to this process by promoting and enforcing sound policies in banks, and requiring procedures that ensure the necessary information is available.

1. Interest rate risk

   Supervisors should monitor the way in which banks control interest rate risk including effective board and senior management oversight, adequate risk management policies and procedures, risk measurement and monitoring systems, and comprehensive controls. In addition, supervisors should receive sufficient and timely information from banks in order to evaluate the level of interest rate risk. This information should take appropriate account of the range of maturities and currencies in each bank's portfolio, as well as other relevant factors such as the distinction between trading and non-trading activities.

2. Liquidity management

   The purpose of liquidity management is to ensure that the bank is able to meet fully its contractual commitments. Crucial elements of strong liquidity management include good management information systems, central liquidity control, analysis of net funding requirements under alternative scenarios, diversification of funding sources, and contingency planning. Supervisors should expect banks to manage their assets, liabilities and off-balance sheet contracts with a view to maintaining adequate liquidity. Banks should have a diversified funding base, both in terms of sources of funds and the maturity breakdown of the liabilities. They should also maintain an adequate level of liquid assets.

3. Operational risk

   Supervisors should ensure that senior management puts in place effective internal control and auditing procedures; also, that they have policies for managing or mitigating operational risk (e.g., through insurance or contingency planning). Supervisors should determine that banks have adequate and well-tested business resumption plans for all major systems, with remote site facilities, to protect against such events.

5. Internal controls

Principle 14. Banking supervisors must determine that banks have in place internal controls that are adequate for the nature and scale of their business. These should include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding its assets; and appropriate independent internal or external audit and compliance functions to test adherence to these controls as well as applicable laws and regulations.

Principle 15. Banking supervisors must determine that banks have adequate policies, practices and procedures in place, including strict "know-your-customer" rules, that promote high ethical and professional standards in the financial sector and prevent the bank being used, intentionally or unintentionally, by criminal elements.

The purpose of internal controls is to ensure that the business of a bank is conducted in a prudent manner in accordance with policies and strategies established by the bank's board of directors; that transactions are only entered into with appropriate authority; that assets are safeguarded and liabilities controlled; that accounting and other records provide complete, accurate and timely information; and that management is able to identify, assess, manage and control the risks of the business.

There are four primary areas of internal controls:

• organisational structures (definitions of duties and responsibilities, discretionary limits for loan approval, and decision-making procedures);

• accounting procedures (reconciliation of accounts, control lists, periodic trial balances, etc.);

• the "four eyes" principle (segregation of various functions, cross-checking, dual control of assets, double signatures, etc.); and

• physical control over assets and investments.

These controls must be supplemented by an effective audit function that independently evaluates the adequacy, operational effectiveness and efficiency of the control systems within an organisation. Consequently, the internal auditor must have an appropriate status within the bank and adequate reporting lines designed to safeguard his or her independence. The external audit can provide a cross-check on the effectiveness of this process. Banking supervisors must be satisfied that effective policies and practices are followed and that management takes appropriate corrective action in response to internal control weaknesses identified by internal and external auditors.

Banks are subject to a wide array of banking and non-banking laws and regulations and must have in place adequate policies and procedures to ensure compliance. Otherwise, violations of established requirements can damage the reputation of the bank and expose it to penalties. In extreme cases, this damage could threaten the bank's solvency. Compliance failures also indicate that the bank is not being managed with the integrity and skill expected of a banking organisation. Larger banks in particular should have independent compliance functions and banking supervisors should determine that such functions are operating effectively.

Public confidence in banks can be undermined, and bank reputations damaged, as a result of association (even if inadvertent) with drug traders and other criminals. Consequently, while banking supervisors are not generally responsible for the criminal prosecution of money laundering offences or the ongoing anti-money laundering efforts in their countries, they have a role in ensuring that banks have procedures in place, including strict "know-your-customer" policies, to avoid association or involvement with drug traders and other criminals, as well as in the general promotion of high ethical and professional standards in the financial sector. Specifically, supervisors should encourage the adoption of those recommendations of the Financial Action Task Force on Money Laundering (FATF) that apply to financial institutions. These relate to customer identification and record-keeping, increased diligence by financial institutions in detecting and reporting suspicious transactions, and measures to deal with countries with insufficient or no anti-money laundering measures.

The occurrence of fraud in banks, or involving them, is also of concern to banking supervisors for three reasons. On a large scale it may threaten the solvency of banks and the integrity and soundness of the financial system. Second, it may be indicative of weak internal controls that will require supervisory attention. And thirdly, there are potential reputational and confidence implications which may also spread from a particular institution to the system. For these reasons, banks should have established lines of communication, both within the management chain and within an internal security or guardian function independent of management, for reporting problems. Employees should be required to report suspicious or troubling behaviour to a superior or to internal security. Moreover, banks should be required to report suspicious activities and significant incidents of fraud to the supervisors. It is not necessarily the role of supervisors to investigate fraud in banks, and the skills required to do so are specialised, but supervisors do need to ensure that appropriate authorities have been alerted. They need to be able to consider and, if necessary, act to prevent effects on other banks and to maintain an awareness of the types of fraudulent activity that are being undertaken or attempted in order to ensure that banks have controls capable of countering them.