The Questionnaire is designed to be used by supervisors in evaluating and understanding financial conglomerates. By analysing the information contained in the Questionnaire, the user can obtain an overall picture of the financial conglomerate's organisational and management structure, risk profile, internal controls and can discover conditions or issues that might require further analysis and investigation. The Questionnaire is not designed to replace on-site examinations or investigations but to supplement supervisory practices. It can function as a starting point for discussion with conglomerate management and/or other supervisors of the conglomerate in supervising the conglomerate consistent with its risk profile. The Questionnaire can also be useful as a part of a conglomerate's own internal assessment process.

A thorough understanding of the three broad categories included in the Questionnaire and their interrelationships and limitations is essential in order to use the Questionnaire effectively. As a general rule, information obtained in response to the Questionnaire should be reviewed with the conglomerate's management to ensure its accuracy prior to analysis.

This User Guide does not present detailed in-depth instructions on completing or analysing the information obtained in the Questionnaire. Rather, it attempts to explain the experiences of the Task Force members and users might find the following examples helpful while completing the Questionnaire:

• It has often been revealing to pose the same questions to the senior management levels and to the business levels to see what similarities and differences emerge.

• It has been revealing to compare the results of discussions on the broad business strategy and organisation to the conglomerate's view of its principal risks and how they are managed.

• The Questionnaire asks the conglomerate for its principal risks. The supervisors might want to ask the conglomerate about the risks it does not mention. A partial list of major risks commonly found at financial conglomerates includes: credit, liquidity, operational, interest rate, foreign exchange, strategic, legal, reputational, market, insurance (underwriting, reinsurance and asset-liability management), compliance, information systems and settlement.

B. Definitions of Terms

Financial Conglomerate is a conglomerate whose primary business is financial and whose regulated entities engage to a significant extent in at least two of the activities of banking, insurance and securities.

Corporate Legal Structure refers to the legal framework of a financial conglomerate's organisation of entities that make up the conglomerate. This can include such entities as licensed commercial banks, licensed banking subsidiaries, licensed insurance subsidiaries, unsupervised or unregulated entities, etc.

Business Activities Structure refers to the way a financial conglomerate organises and operates the primary business activities in which it is engaged. For example, a conglomerate may be organised along business lines such as Foreign Exchange, Retail Banking, Corporate Lending, Life Insurance, Investment Advisory and other types of related activities.

Regulatory and Supervisory Structure refers to the body of supervisors and regulators which are charged with supervising any and all legal entities comprising the financial conglomerate, i.e., the banking, insurance, and/or securities supervisor and regulator in the countries where such entities operate.

Management Structure refers to the form of direct supervision and oversight exercised by management on the conglomerate. It is the individualised approach adopted by the financial conglomerate to conduct its business. The management structure of most conglomerates falls into one of three categories (or a combination thereof): Corporate Legal (legal entity basis), Business Line (product/service basis), or Geographic (region, country, municipality).

Corporate Controls Functions are the risk measurement, monitoring and control systems of a conglomerate and include internal and external audit, financial control, compliance, human resources, and information technology. Together, they comprise the Control Environment, the functions within the conglomerate charged with ensuring that actions of the conglomerate are prudent and compliant, and in line with the risk taking appetite approved by the Board of Directors.

Risk refers to the likelihood that expected or unexpected events will have a negative impact on the financial conglomerate. Risk categories will vary by conglomerate, but generally fall into one of two broad categories: financial risk (credit, market, liquidity, actuarial, reinsurance, etc.) and non-financial risk (operations, transaction, reputation, legal, compliance, etc.).

Risk Profile refers to an assessment of the level of risk-taking activity in light of the existing risk management framework.

C. Technical Information

The wide variety of structures and systems of financial conglomerates and the uniqueness of their business requires that supervisors determine on a case-by-case basis the information that should be available. Supervisors need to obtain information that allows them to assess and monitor how effectively a financial conglomerate is identifying, managing, and controlling its risks and to recognise any incipient problems. The Questionnaire is a starting point in this process.

The following constitutes examples of the types of information supervisors may wish to have access to (the types of information fall into the three broad categories and parallel the structure of the Conglomerate Questionnaire).

Organisational structure, Corporate governance and Management oversight

• An organisational chart or other descriptive material that depicts
  1. the supervised entity and any material holding companies, subsidiaries, or affiliates, with indications of which legal entities take or bear substantial risk,
  2. the business line organisation structure, with the supervised entity's place in the business line(s), the location of relevant business line management, and
  3. the supervisors of any material holding companies, subsidiaries, or affiliates.

• A chart depicting the management structure of the conglomerate, descriptions of the responsibilities of different types of managers (e.g., legal entity, corporate, business line, etc.) within the conglomerate, the relationship among managers and important types of interaction.

• A description of the roles and responsibilities of the conglomerate's board of directors, the composition of the board, and the roles and responsibilities of the board of the supervised legal entity, and its composition.

• The level and distribution of capital among the material legal entities of the conglomerate, the conglomerate's approach to capital allocation on an economic and on a regulatory basis, and whether the conglomerate is in compliance with its capital requirements in all regulated legal entities.

• Financial information on the supervised entity and its ultimate holding company, if applicable, including balance sheets (as of the most recent fiscal quarter and financial year-end) and income statements (for the most recent year-to-date period and financial year end), and consolidated balance sheets and income statements, where available.

• A description of the nature of the conglomerate's intra-group and related affiliate transactions and exposures, and indications of the volume of such transactions and the size of material intra-group financial exposures.

The intra-group information allows the supervisor to evaluate the channels through which the holding company, subsidiaries and affiliates of a regulated legal entity can influence the financial health of that legal entity. These channels include arrangements such as servicing agreements. Supervisors can also discuss with management factors affecting legal entity booking decisions and thus the size and nature of intra-group exposures, as well as how such transactions are monitored, and what limits or other controls on exposure are in place among legal entities within a financial conglomerate.

Risk Management

• A description of the conglomerate's broad business strategy, and the conglomerate's view of its principal risks; for each principal risk, a description of the approach to measuring, managing and controlling that risk, the organisation of risk management personnel and their reporting lines, limit structures or other risk control mechanisms in the regulated entity, and, where relevant, the role of stress testing or contingency planning in managing risk at the business line, legal entity or groupwide level.

Organisational information and discussions with management should clarify responsibilities in the risk management area and help the supervisor identify relevant risk management personnel to answer questions. Supervisors may also seek information about the limit structure or other measures to control risk-taking and the use and level of reserving or provisioning, such as the credit loss reserve at banks or the technical provisions at insurance companies. The conglomerate's approach to administering limits (e.g., the willingness of management to permit limit exceptions) or managing reserves/technical provisions is critical to understand the intended restraints on risk-taking at the firm-wide level and within the supervised legal entity.

• Policies and procedures of the conglomerate addressing the introduction of new products or business lines.

• A description of the approach to managing the liquidity and funding profile of the supervised entity, including the liquidity of the material assets, the nature and stability of the entity's current funding sources and the availability of alternative funding; large payables, including securities payables, aggregate insurance claims payments, and out-of-the-money over-the-counter derivative and foreign exchange contracts; and other significant cash and securities needs associated with exchange activities or clearing and settlement, as well as the conglomerate's approach to managing significant clearing and settlement arrangements through or for other firms.

Control Environment

• The conglomerate's significant accounting policies and actuarial policies (where relevant), the role(s) of any internal or external actuaries.

• A description of the roles, responsibilities and organisation of the financial control and compliance functions.

• A description of the roles, responsibilities, organisation and allocation of responsibilities between centralised and decentralised elements of the internal audit area and the role of external audit.

III. Conglomerate Questionnaire

I. Organisational Structure, Corporate Governance And Management Oversight

A. Legal Structure and General Information

1. What information is available within the conglomerate on the legal corporate and business line structures (including any information on regional or geographic structures)? How well do public disclosures (e.g., annual reports, public financial statements, etc.) capture the legal and business line structures of the conglomerate?

2. What factors influence the overall approach to corporate legal structure? How closely is the conglomerate's business line structure aligned with its corporate legal structure? If not closely aligned, what factors influenced the "divergent" structure?

3. What is the conglomerate's strategy with respect to corporate legal structure? What does management feel is/would be the optimal structure? What impediments exist that prevent management from implementing the optimal structure?

4. Which legal entities are regulated and by whom? Who is responsible for coordinating regulatory relationships? How is this achieved in practice? How does management view the regulatory structure(s) within which it must operate?

B. Management Structure

1. What information is available on the management structure of the conglomerate? To what level of management/employee is this information disseminated? How does management ensure that reporting lines are clear?

2. What is the overall management structure of the conglomerate? How closely does this structure align with business lines and/or corporate legal entities? What is the strategy in having this structure? What factors influenced the decision to adopt such a structure? What factors would cause management to reconsider its current management structure?

C. Corporate Governance and Management Oversight

1. How is the conglomerate managed and controlled -- on a global basis, on a regional, country or business line basis, or some combination of these? How does the conglomerate manage businesses that cut across geographic and legal boundaries?

2. What responsibilities do different types of managers (e.g., legal entity, corporate, business line, etc.) have within the conglomerate and how do these managers interact? For those conglomerates with regional or geographic managers, who reports to these managers?

3. What roles and responsibilities does the conglomerate's board of directors have? What is the composition of the board (e.g., outside directors)? What roles and responsibilities do the boards of legal entities have? What is the composition of these boards?

4. What are the major incentives provided to management to meet the organisation's goals and objectives? What are the major disincentives to management actions that impede meeting the organisation's goals and objectives?

5. What is the conglomerate's approach to staff recruitment and development? How are the conglomerate's objectives (business or otherwise) communicated to staff? How are strategic business and individual goals developed and monitored?

6. What is the conglomerate's strategy with respect to compensation? How is the conglomerate's compensation strategy developed and implemented? How do the conglomerate's business objectives and compensation methodology interact?

D. Capital Resources

1. What information is available on the allocation of capital on an economic and regulatory basis? What management information reports are produced on capital-related issues such as using assets to collateralise exposure to more than one liability and substantial double leverage?

2. What is the conglomerate's capital and capital allocation strategy? Where is capital held within the conglomerate and why is it held there? What factors affect the allocation of capital across the conglomerate (e.g., regulatory, risk factors, etc.)? How are decisions made on capital allocation? When regulators require capital in certain legal entities, how does this affect the consolidated conglomerate?

3. How are capital decisions affected by the legal entity and business line structures?

4. What restrictions are placed on the instruments available to the conglomerate for raising capital and what is the nature of the restrictions? What are the impediments to flows of capital among legal entities? To what extent, if any, are some legal entities able to raise capital on more favourable terms than others?

E. Intra-group and Related Entity Transactions and Financial Exposures

1. What information is available on the range of intra-group and related entity transactions and exposures? What kinds of management information reports are produced? How frequently are these reports produced?

2. What is the conglomerate's overall strategy with respect to intra-group transactions and exposures? What kinds of intra-group/related entity transactions or other arrangements are used (e.g., servicing agreements, back-to-back transactions, etc.)? How are intra-group and related entity exposures and transactions monitored?

3. What is the volume of intra-group/related entity transactions? the level of financial exposure? Does the conglomerate have limit structures in place for such transactions or exposures? What is the level of financial exposure to entities that are not wholly owned(<100%)? Does the conglomerate have limit structures in place for transactions and exposures to entities that are not 100% owned?

4. What factors affect legal entity booking decisions?