Basel II in Jersey: Quarterly Reporting and Pillar 2 · BASEL II IN JERSEY 2 Aggregation 20 The challenge process and sign off of the ICAAP 20 Use of the ICAAP within the bank 21

Basel II in Jersey: Quarterly Reporting and

Pillar 2

Comprising an overview of the Commission’s quarterly reporting requirements and Pillar 2 assessments.

ISSUED AUGUST 2007

BASEL II IN JERSEY 1

CONTENTS

Section 1: Executive Summary 3 Overview 3 What is proposed and why? 4 Who will be affected? 5

Section 2: Basel II Reporting 6 Subsidiary reporting - requirements 6 Subsidiary reporting - frequency 6 Subsidiary reporting – transitional arrangements 7 Branch reporting - requirements 7 Branch reporting - frequency 8 Branch reporting – transitional arrangements 8

Section 3: Pillar 2 and the ICAAP 9 The Commission’s general approach to Pillar 2 9 The ICAAP requirement 9 Guidance on the ICAAP 10 The supervisory review and evaluation process (“SREP”) 11 Transitional arrangements 12

Appendix A: ICAAP: Risk Guidance Notes 13 Overview 13 Credit risk, market risk and operational risk 14 Residual risk 14 Counterparty credit risk 14 Underestimation of credit, market or operational risk in Pillar 1 15 Strategic risk 16 Concentration risk 16 Liquidity risk 17 Reputational risk 17 Interest rate risk in the banking book 18 Pension risk 18 Other risks 18

Appendix B: ICAAP Submission – A format that may be used by banks 19 Executive summary 19 Background 19 Capital adequacy 19 Key sensitivities and future scenarios 20


Aggregation 20 The challenge process and sign off of the ICAAP 20 Use of the ICAAP within the bank 21

SCHEDULE 1: Revised Prudential reporting Requirements 22

Section 1: General Completion Notes 24 Completion 24 Subsidiary Prudential Returns - Consolidation 24 Management responsibilities 24 Year end return 24 Sections of the Prudential Return 25 Which modules should be submitted? 26 General rules to follow in completing the Prudential Return 27 Specific rules to follow in completing the Prudential Return 27 Certification 27 Enquiries 27

Appendix A: Zone A&B Countries 28


SECTION 1: EXECUTIVE SUMMARY

OVERVIEW 1.1 In 1988 the Basel Committee on Banking Supervision (“BCBS”) issued a capital

requirements framework, documented in a paper entitled “International Convergence of Capital Measurement and Capital Standards”. This document set out a template for capital adequacy in banks and has become known as “Basel I”. The framework required banks to maintain capital commensurate with their level of exposure to credit risk, with some minimal rules relating to certain aspects of market risk. In 1997 it was revised to incorporate more fully market risks, recognising that trading book activity posed risks that were not adequately captured in the original Basel I.

1.2 In recent years, the BCBS has worked to fully update Basel I. Its aim was to develop a framework that would: • Further strengthen the soundness and stability of the international banking system; • Closer align regulatory capital requirements with economic capital needs; and • Maintain sufficient consistency such that capital adequacy regulation would not be

a significant source of competitive inequality amongst internationally active banks.

1.3 In particular, this has meant an overhaul of the credit risk framework and the introduction for the first time of an operational risk framework. The new framework is documented in a paper also entitled “International Convergence of Capital Measurement and Capital Standards” with the subtitle “A Revised Framework”. This was most recently updated in November 2005 and is referred to within the rest of this document as “Basel II”.

1.4 Basel II comprises three Pillars, with Pillar 1 setting out minimum capital requirements in a manner analogous to Basel I. Pillar 2 sets out the supervisory review process and Pillar 3 establishes measures to make better use of market discipline. Pillar 3, as stated in Basel II, applies only at the top consolidated level of a banking group. All banks incorporated in Jersey are subsidiaries of overseas banking groups and the Commission therefore considers that disclosure requirements under Pillar 3 are not directly applicable to locally incorporated banks. There is therefore no intention at this stage of setting additional general disclosure requirements.

1.5 Pillar 1 contains a number of options for calculating banks’ minimum regulatory capital charges for Credit Risk, Operational Risk and Market Risk. These options range from relatively simple methodologies to more complex approaches that utilise banks’ own quantitative risk assessments. In providing a wide range of approaches, Basel II introduces regulatory capital requirements that capture risks more fully and are sensitive to the differing complexity of international banks.


1.6 Pillar 2 sets out a framework that both banks and supervisors should follow in the assessment of: • The wider risks that each bank faces; • The extent to which these are mitigated; and • The level of additional capital, if any, that should be held to adequately cushion that

net position. This is not established in terms of detailed prescription, but in terms of relatively high-level concepts.

1.7 The BCBS has produced a number of papers on the principles of managing various risk categories, which the Commission commends to all banks.

1.8 The Commission outlined its approach regarding Pillar 1 in its consultation paper “Basel II in Jersey: Local Implementation Issues”, issued in August 2006. Since then, further implementation papers have been published, some issued in conjunction with the Isle of Man Financial Supervision Commission (“IOMFSC”) and the Guernsey Financial Services Commission (GFSC”), setting out various aspects of the new prudential reporting process.

1.9 The Commission outlined some elements of its approach regarding Pillar 2 in its consultation paper “Basel II in Jersey: Local Implementation Issues”, issued in August 2006. Also, “High level principles on Pillar 2 and revision of supervisory returns” was issued in June 2007, in conjunction with the IOMFSC and GFSC. The latter set out an overview of the Pillar 2 processes but did not cover all aspects.

1.10 The Commission issued a consultation paper on the management and reporting of liquidity in November 2006. As set out in its recent letter to Managing Directors/Branch Managers of banks on the enactment of the provisions of that paper, the Commission intends to revise its liquidity reporting requirements in accordance with the consultation paper proposals at the same time as it moves to Basel II reporting.

WHAT IS PROPOSED AND WHY? 1.11 This paper is intended to:

• Provide an overview of the Commission’s revised prudential reporting requirements under Basel II;

• Detail the transitional period, including: o Commencement of Basel II reporting; o Parallel reporting requirements; and o Cessation of current Basel I reporting.

• Provide an overview of Pillar 2; • Provide further guidance on the internal capital adequacy assessment process

(“ICAAP”), including: o Which risks should be considered; o The assessment of certain of those risks; and o Communication of the ICAAP to the Commission.


• Provide an explanation of how the Commission will use the ICAAP in its assessment of Pillar 2; and

• Provide an outline of the initial phase of Pillar 2, including: o The timetable for the receipt of ICAAP submissions and the assessment process;

and o The process for addressing deficiencies in initial ICAAPs, including the late

submission of these.

WHO WILL BE AFFECTED? 1.12 Registered deposit takers will be affected differently, depending on whether they are

subsidiaries or branches.

1.13 Subsidiaries will be impacted by all of the Commission’s proposals, including its detailed requirements regarding Pillar 1 and Pillar 2 and the revisions to reporting requirements.

1.14 Branches will only be directly impacted by the revision to the Commission’s reporting requirements.

1.15 Branches will be impacted by the implementation of Basel II in their home jurisdictions. The Commission does not impose capital requirements on branches, as the home regulator has primary responsibility for ensuring the overall capital adequacy of the whole legal entity.


SECTION 2: BASEL II REPORTING

SUBSIDIARY REPORTING - REQUIREMENTS 2.1 Subsidiaries will be required to complete the relevant modules in accordance with the

guidance notes issued by the Commission. The relevant modules are, for most banks, determined by (1) whether a bank has a trading book or not and (2) whether it uses the standardised approach to credit risk (“SAC”) or simplified standardised approach to credit risk (“SSA”).

NO TRADING BOOK TRADING BOOK

SSA SAC SSA SAC

Core Data Core Data Core Data Core Data

SSA SAC SSA SAC

Operational Risk Operational Risk Operational Risk Operational Risk

Market Risk Market Risk Market Risk Market Risk

Trading Book Risk Trading Book Risk

Other Prudential Reporting




Modules:

Liquidity Liquidity Liquidity Liquidity

2.2 Certain banks may have agreed with the Commission the use of advanced approaches for one or more Pillar 1 risk categories. These banks will have bespoke reporting arrangements for these approaches but will still be required to submit the relevant modules from the above. These will be confirmed with the banks concerned.

2.3 Further detail is provided in the schedule to this paper, which will be added as Schedule 2 to the Codes of Practice for Deposit-taking Business in due course.

SUBSIDIARY REPORTING - FREQUENCY 2.4 The Commission requires that subsidiaries submit a solo return for every quarter end. An

additional consolidated return is required for the return that coincides with the reporting bank’s financial year-end.

2.5 Further detail is provided in the schedule to this paper.


SUBSIDIARY REPORTING – TRANSITIONAL ARRANGEMENTS 2.6 The Commission requires all banks to submit their prudential returns for December 2007

using the current, Basel I, reporting system in accordance with the established timescale of 20 working days.

2.7 A partial Basel II return should also be submitted based on the reporting bank’s position as at 31 December 2007. The return should comprise the following modules only:

BANK CREDIT APPROACH SSA SAC

Core Data Core Data

SSA SAC

Operational Risk Operational Risk

Modules:

Market Risk Market Risk

2.8 This return must be submitted by 15 March 2008 – this allows approximately 30 working days from the latest date for the submission of the Basel I prudential return.

2.9 For the March 2008 quarter end, a full Basel II prudential return should be submitted within the normal 20 working days deadline.

2.10 A return using the current, Basel I, reporting system is also required as at 31 March 2008. However, this may be submitted up to 31 May 2008.

2.11 After this date, only Basel II reporting is required, except that banks that have chosen to pursue any advanced approach must provide an additional return using the Basel I system in order that capital floors may be monitored. Excepting the return for March 2008, which may be delayed as detailed above, this must be submitted within the same 20 working day deadline as for the ongoing Basel II return.

BRANCH REPORTING - REQUIREMENTS 2.12 Branches will be required to complete the relevant modules in accordance with the

guidance notes issued by the Commission. The relevant modules are:

Branch Core Data

Market Risk

Other Branch Prudential Reporting

Modules:

Liquidity

2.13 Further detail is provided in the schedule to this paper, which will be added as Schedule 2 to the Codes of Practice for Deposit-taking Business by 1/1/2008.


BRANCH REPORTING - FREQUENCY 2.14 The Commission requires that branches submit a return for every quarter end. An

additional return is required to coincide with the reporting bank’s financial year-end if this does not fall on a quarter end date.

2.15 Further detail is provided in the schedule to this paper.

BRANCH REPORTING – TRANSITIONAL ARRANGEMENTS 2.16 The Commission requires all branches to submit their prudential returns for March and

June 2008 using the current, Basel I, reporting system in accordance with the usual timescale of 20 working days.

2.17 The Commission will also require a Basel II return based on the reporting bank’s position as at 30 June 2008.

2.18 This return must be submitted by 15 August 2008 – this allows 30 working days from the latest date for the submission of the Basel I prudential return.

2.19 For the September 2008 quarter end, a full Basel II prudential return should be submitted within the 20 working days deadline.

2.20 A return using the current, Basel I, reporting system is also required as at 30 September 2008. However, this may be submitted up to a revised deadline of 30 November 2008.

2.21 After this date, only Basel II reporting is required.


SECTION 3: PILLAR 2 AND THE ICAAP

THE COMMISSION’S GENERAL APPROACH TO PILLAR 2 3.1 Pillar 2, as described in the Basel II framework, concerns the “supervisory review

process”. Basel II states: • “The supervisory review process recognises the responsibility of bank management in

developing an internal capital assessment process and setting capital targets that are commensurate with the bank’s risk profile and control environment. In the Framework, bank management continues to bear responsibility for ensuring that the bank has adequate capital to support its risks beyond the core minimum requirements.

• Supervisors are expected to evaluate how well banks are assessing their capital needs relative to their risks and to intervene, where appropriate. This interaction is intended to foster an active dialogue between banks and supervisors such that when deficiencies are identified, prompt and decisive action can be taken to reduce risk or restore capital. Accordingly, supervisors may wish to adopt an approach to focus more intensely on those banks with risk profiles or operational experience that warrant such attention.”

3.2 The Commission does not view this as a new responsibility for either it or registered persons but instead as a development of existing functions. The main specific developments are that: • Banks will be required to carry out their own Internal Capital Adequacy Assessment

Process (“ICAAP”) and linked ICAAP submission; • The Commission will review each ICAAP submission and will:

o Agree a minimum Risk Asset Ratio for the bank that will either be equal to or exceed the Commission’s general minimum Risk Asset Ratio (10%); and

o Agree with the bank any other steps to be taken. This might include changes to risk management processes, specific additional capital requirements or the introduction of risk mitigation steps.

THE ICAAP REQUIREMENT 3.3 The ICAAP is the process that a bank uses to assess its capital adequacy. The ICAAP

submission to the Commission is the provision by the bank to the Commission of documentation describing that process.

3.4 The Commission recognises the benefits of retaining flexibility in the methods to be used in assessing capital adequacy and does not propose any level of prescription in either this or the reporting format.

3.5 Registered persons bear the primary responsibility for ensuring the adequacy of their capital to support all risks incurred. The Commission’s review of the ICAAP in no way detracts from, or replaces, this responsibility.


3.6 The five main features of a rigorous ICAAP are as follows: • Board and senior management oversight; • Sound capital assessment; • Comprehensive assessment of risks; • Monitoring and reporting; and • Internal control and mitigation review.

GUIDANCE ON THE ICAAP 3.7 The Commission issued “High level principles on Pillar 2 and revision of supervisory

returns” in conjunction with the IOMFSC and GFSC in June 2007. The following expands on the guidance within that paper.

3.8 The Commission requires that all subsidiaries implement Basel II from 1/1/2008. As part of the implementation, banks must submit an ICAAP for review.

3.9 A bank is expected to review its ICAAP at least annually. If there is no material change to the risk profile of a bank, confirmation of this to the Commission annually following the submission of the initial ICAAP will be sufficient. Where a bank’s risk profile has changed to a material extent during the year, the Commission will require a revised ICAAP to be submitted.

3.10 The Commission does not wish to be prescriptive over the format under which an ICAAP may be submitted. However, it is clear that some banks would like guidance on the general shape an ICAAP should take and on the assessment of key risks.

3.11 Appendix A to this paper sets out some additional guidance on the assessment of key risks. This guidance is not prescriptive and the Commission is aware that not all elements or risks will apply to every bank.

3.12 The Commission welcomes dialogue on aspects of the ICAAP. This could include seeking the Commission’s view of the completed ICAAP, or indeed any part or risk category, before it is formally submitted. This does not in any way detract from the responsibility of the board and senior management to ensure that the ICAAP is complete and correct.

3.13 Banks’ business and risk profiles differ and the ICAAP should be proportionate to the size, nature and complexity of a bank’s business. The Commission considers that the format shown in appendix B to this paper may be convenient for banks as it covers most of the matters which typically would be reviewed by the Commission. However, other formats may be acceptable. Appendix B mirrors the format published earlier in the joint paper “High level principles on Pillar 2 and revision of supervisory returns”.


THE SUPERVISORY REVIEW AND EVALUATION PROCESS (“SREP”) 3.14 The Commission will follow these general principles in its approach to its SREP:

• The Commission will be as transparent as possible. Where the Commission sets a capital requirement higher than the minimum level, it will explain the rationale for this to the bank;

• Pillar 2 does not necessarily mean an automatic capital add-on: o The Commission views its minimum risk asset ratio (“RAR”) level of 10% as

representing the minimum RAR that will be the outcome of the review process for any bank ;

o The stated minimum RAR will be that applicable after consideration of both Pillars 1 and 2.

• The Commission will assess the ICAAP to establish whether the amount of capital identified by the ICAAP is sufficient to support the risks faced by the bank. The Commission may then require a RAR to be maintained at a higher level than the standard minimum. It may also require that specific risk elements are allowed for in the form of an additional risk weighted asset equivalent amount;

• The Commission will adopt a proportionate approach to its review. The intensity and depth of the review will take account of the nature, scale and complexity of individual banks, as well as the extent to which the bank’s risk profile has changed over the previous year;

• The review will normally be an annual process; • The Commission will, as part of the review, take account of any relevant

information obtained from off-site reviews, on-site examinations, prudential returns, meetings, media coverage and other research. In particular, the Commission will use its risk model evaluation process results and in particular the risk score in the following fashion: o Risk scores will be a factor in determining the intensity and depth of the review; o The Commission will consider how individual risk categories reflecting high risk

scores are addressed in the ICAAP; and o The overall risk score and, in particular, the scores relating to integrity, corporate

governance and internal controls, will be factors in determining the minimum risk asset ratio.

For example, if a bank’s ICAAP in itself warranted a minimum RAR of 10% then: o If its risk scores reflected a “Low” rating in these areas then the Commission

would normally agree a minimum RAR of 10%; o If its risk scores reflected a “Medium” rating then the Commission might

look to uplift this to between 10% and 11%; and o If its risk scores reflected a “High” rating then the Commission might look to

uplift this to 11% or more. • The ICAAP is the responsibility of the Board and Senior Management. The review

will not replicate the role of these parties;


• The Commission will review the corporate governance framework around the ICAAP and will pay particular attention to Board and Senior Management oversight and involvement, as well as responses to any issues raised by the Commission during the review. It will also consider the extent to which the internal capital assessment is used routinely within the bank for decision making purposes; and

• The Commission will seek to address risks that it considers to be inadequately mitigated. This may reflect a requirement for improvements in such mitigation, rather than necessarily involving an increase in capital. The Commission will always seek the bank’s agreement and input to any such proposals.

TRANSITIONAL ARRANGEMENTS 3.15 The Commission requires that all Jersey incorporated banks submit an ICAAP document

by 31 Jan 2008 at the latest.

3.16 The Commission will undertake to complete the review process for all ICAAP submissions within 3 months of submission.

3.17 During the period before the completion of its review, the Commission requires that all banks maintain an RAR in excess of 10%.

3.18 However, should a bank fail to submit an ICAAP document by the 31 January 2008 deadline, then the Commission will seek to understand the reasons and will seek agreement on appropriate corrective action, which may include an increase in the minimum RAR.


APPENDIX A: ICAAP: RISK GUIDANCE NOTES

OVERVIEW A.1 In general, there are four categories of risks that should be considered in a bank’s

ICAAP: • Category one: Risks covered by Pillar 1 capital requirements; • Category two: Risks not fully covered by Pillar 1 capital requirements; • Category three: Risks not covered by Pillar 1; and • Category four: External factors.

A.2 Categories one, two and three are mainly concerned with current risks and unexpected events or losses.

A.3 Category four considers the outcome of forward capital planning for the first three elements, in which stress-testing may play a key role.

A.4 Components of the four categories include, but are not limited to:

Category one Category three Category four Risks covered by Pillar 1 capital requirements

Risks not covered by Pillar 1 External factors

Credit Risk Strategic risk Business risk

Market Risk Concentration risk (earnings and costs)

Operational Risk Liquidity risk Strategy

Category two Reputation risk Economic environment Risks not fully covered by Pillar 1 capital requirements

Interest rate risk in the banking book

Regulatory Environment

Residual risk Settlement risk

Counterparty credit risk Underwriting risk

Securitisation risk Pension risk

Model risk Transfer risk

Underestimation of credit, market or operational risk in Pillar 1

Weaknesses in credit risk mitigation


A.5 The list of risks is not prescriptive – a bank must identify its key risks for itself. The table is solely an aid to assist in this process but guidance is given below on certain of these risks that should be considered if a risk is identified by a bank as a key risk.

A.6 In evaluating capital requirements for risks, banks should endeavour to be consistent. If economic capital modelling techniques are used then, for example, a default rate of 0.1% per annum might be used to tie in with the Basel II rules but, alternatively, the ICAAP could perhaps be based on a bank’s chosen default rate of 0.03% to reflect its desire to be AA rated. Where economic capital models are not used, the bank should still endeavour to articulate and conform to a single definition of how much capital is required to meet risks. As an example, it could look at realistic worst case outcomes.

CREDIT RISK, MARKET RISK AND OPERATIONAL RISK A.7 A bank may either use the Pillar 1 capital requirements or use economic capital

modelling to assess those risks covered by Pillar 1 capital. If the bank uses advanced models or economic capital models, the ICAAP should give an overview of these models, including the assumptions underlying them and, in the latter case, explain the key drivers.

RESIDUAL RISK A.8 Whilst banks use credit risk mitigation (“CRM”) techniques to reduce their credit risk,

these techniques may give rise to risks that may limit actual overall risk reduction. These additional risks are legal risk, documentation risk and liquidity risk. The Commission will expect banks to have in place appropriate written CRM policies and procedures in order to control these residual risks. Banks may be required to submit these policies and procedures to the Commission and must regularly review their appropriateness, effectiveness and implementation.

COUNTERPARTY CREDIT RISK A.9 Banks must have counterparty credit risk management policies, processes and systems

that are conceptually sound and implemented with integrity relative to the sophistication and complexity of a firm’s holdings of exposures that give rise to CCR. A sound counterparty credit risk management framework must include the identification, measurement, management, approval and internal reporting of CCR.

A.10 Banks’ risk management policies must take account of the market, liquidity, legal and operational risks that can be associated with CCR and, to the extent practicable, interrelationships among those risks. Banks should not undertake business with a counterparty without assessing its creditworthiness and must take due account of both settlement and pre-settlement credit risk. These risks must be managed as comprehensively as practicable at the counterparty level (aggregating counterparty exposures with other credit exposures) and at the bank-wide level.


A.11 A bank’s board of directors and senior management must be actively involved in the CCR control process and must regard this as an essential aspect of the business, to which adequate resources need to be devoted. Reports prepared on a firm’s exposures to CCR must be reviewed by a level of management with sufficient seniority and authority to enforce, when necessary, both reductions of positions taken by individual credit managers or traders and reductions in the firm’s overall CCR exposure.

A.12 The measurement of CCR must include both daily monitoring and intra-day monitoring of the usage of credit lines. The bank must measure current exposure gross and net of collateral held where such measures are appropriate and meaningful (e.g. OTC derivatives and margin lending). Banks must take account of large or concentrated positions, including concentrations by groups of related counterparties, by industry, by market and by customer investment strategies.

A.13 Banks must have a process in place for ensuring compliance with a documented set of internal policies, controls and procedures covering CCR management.

UNDERESTIMATION OF CREDIT, MARKET OR OPERATIONAL RISK IN PILLAR 1 A.14 The bank may be aware of particular circumstances that it believes would lead the

standardized approaches in particular to give rise to an underestimation of risk. Two examples are given here:

A.15 Credit risk relating to indicative facilities: • Some banks have adopted the practice of giving indicative credit facilities to clients

on an uncommitted basis. Such clients are often significant corporate customers. Commercially, a bank may not realistically be able to walk away from that relationship and the credit risk of such uncommitted facilities needs to be recognised. It is important to estimate the “realistic” exposure to the potential borrower (not just the contractual exposure) and reflect that as a credit risk against which there should be a capital charge.

A.16 Operational risk: • Gross income, used in the basic indicator and standardised approaches for

operational risk, is only a proxy for the scale of operational risk exposure of a bank and can, in some cases (e.g. for banks with low margins or profitability) underestimate the need to cover capital for operational risk. Drawing on the Basel Committee document on Sound Practices for the Management and Supervision of Operational Risk (February 2003), the bank should consider whether the capital requirement generated by the Pillar 1 calculation gives an adequate picture of the individual bank’s operational risk exposure, for example by comparison with the bank’s experience of operational losses. The Commission, in its review of this area, will make relevant peer comparisons.

• Banks that have identified specific operational risks, such as mis-selling, should consider whether these warrant additional capital or other risk mitigation. This is particularly relevant for banks registered to conduct other financial service business,


and should include consideration of the degree to which PII cover mitigates such risk arising from these activities.

• A bank facing a £6m lawsuit might not have provided for it in its accounts as it expects to win the case but might decide to set aside £5m in its ICAAP in case it loses, that figure being its estimated realistic worst case outcome.

STRATEGIC RISK A.17 Strategic risk is the current or prospective risk to earnings and capital arising from

changes in the business environment and from adverse business decisions, improper implementation of decisions or lack of responsiveness to changes in the business environment.

A.18 As such, it is a forward looking measure and, as a minimum, the bank should consider whether its current strategy will lead to increased capital requirements within the period considered and how these will be addressed.

CONCENTRATION RISK A.19 A risk concentration is any single exposure or group of related exposures with the

potential to produce losses large enough to threaten a bank’s financial health or ability to maintain its core operations. Risk concentrations are arguably the single greatest cause of major problems incurred by banks. Credit risk concentration arises both in direct exposures to obligors and through exposure to protection providers. Such concentrations are not addressed in the Pillar 1 capital charge for credit risk.

A.20 Banks should have in place effective internal policies, systems and controls to identify, measure, monitor and control their credit risk concentrations. They should explicitly consider the extent of their credit risk concentrations in their assessment of capital adequacy under Pillar 2. These policies should cover the different forms of credit risk concentrations to which a bank may be exposed. Such concentrations include: • A significant credit exposure to an individual counterparty or group of

counterparties. The Commission has long established requirements for such “Large Exposures”;

• Credit exposures to counterparties in the same economic sector or geographic region;

• Credit exposures to counterparties whose financial performance is dependent on the same activity or commodity; and

• Indirect credit exposures arising from a bank’s CRM activities (e.g. exposure to a single collateral type or to credit protection provided by a single counterparty).

A.21 A bank’s framework for managing credit risk concentrations should be clearly documented and should include definitions of the credit risk concentrations relevant to the bank and how these concentrations and their corresponding limits are calculated. Limits should normally be defined either in absolute terms or in relation to a bank’s capital.


A.22 A bank’s management should conduct periodic stress tests of its major risk concentrations and review the results of those tests to identify and respond to potential changes in market conditions that could adversely impact the bank’s performance.

A.23 A bank should ensure that, in respect of credit risk concentrations, it complies with the Basel Committee document Principles for the Management of Credit Risk (September 2000) and the more detailed guidance in the Appendix to that paper.

A.24 The Commission will assess the extent to which a bank considers its risk concentrations in its ICAAP and how they are managed. Such assessments should include reviews of the results of any stress tests carried out, either locally or at the group level. The Commission will validate the bank’s assessment and consider what action is necessary where the risks arising from a bank’s credit risk concentrations are not considered to be adequately addressed in the ICAAP.

LIQUIDITY RISK A.25 The Commission considers the following to be key to addressing liquidity risk:

• Measurement and monitoring of net funding requirements; • Assessment of how other risks (e.g. credit, market and operational risk) may impact

liquidity; • Regular review of underlying assumptions; • Adequate contingency planning, to cover both temporary and longer-term

disruptions; • Specific application of the above to all material currency exposure; and • Appropriate internal control processes.

A.26 The BCBS has issued a paper “Sound Practices for Managing Liquidity in Banking Organisations” (February 2000) that provides relevant guidance regarding liquidity risk. Banks should also consider and comply with the “Liquidity Management and Reporting” guidance notes issued by the Commission in May 2007.

REPUTATIONAL RISK A.27 Reputational risk (to financial institutions and to the jurisdictions from where they

operate) is clearly a significant risk to be captured under Pillar 2 and is one of the most important risks in offshore finance centres. The Commission expects banks to have assessed the reputational risk contained in its high risk accounts and relationships and, where appropriate, to have used a proxy (which might be the number or proportion of high risk accounts or relationships a bank has on its books) to generate a capital charge for reputational risk and/or provide evidence of measures in place to mitigate that reputational risk. An example of such measures could be robust and clear customer acceptance procedures and implemented processes with no “blind spots” (which includes inappropriate pooled accounts).


INTEREST RATE RISK IN THE BANKING BOOK A.28 The Commission will require a bank not holding capital commensurate with its level of

interest rate risk to either reduce its risk or to increase its capital or some combination of the two.

A.29 The Commission is of the view that, if the risk reported as part of the revised Basel II prudential return exceeds 5% of capital, this category should be specifically addressed within the ICAAP. Where that risk approaches 20% of capital, enhanced mitigation is likely to be required.

PENSION RISK A.30 Pension risk is the risk of pension funding arrangements not being adequate to meet

pension payment obligations. Subsidiaries with locally funded pension schemes will need to take account of their risks in this area, including both current and potential shortfalls, and the impact that these might have on their capital.

OTHER RISKS A.31 The risks described herein do not represent all possible risks that a bank might face.

These will vary from one firm to another, dependent upon such factors as the customer base, operational complexity, market activities and outsourced functions. It remains a bank’s responsibility to comprehensively identify, measure, control and adequately mitigate all risks of significance that it faces and to maintain sufficient capital to reflect that overall risk position.

A.32 Appendix 1 “Risk Management Controls” to the Deposit-taking Codes of Practice provides further relevant guidance and specific risk guidance is issued by the Commission from time to time. Banks are recommended to remain cognisant of all relevant “sound practice” papers issued by the BCBS on the management of risk.


APPENDIX B: ICAAP SUBMISSION – A FORMAT THAT MAY BE USED BY BANKS

Below is an outline of a suggested format showing the general areas and headings an ICAAP could take:-

XYZ Bank Ltd

EXECUTIVE SUMMARY The purpose of the Executive Summary is to present an overview of the ICAAP methodology and results. This overview would typically include:

• the purpose of the ICAAP; • the main findings of the ICAAP such as :-

- how much and what composition of capital the bank considers it should hold in addition to the Pillar 1 minimum capital requirement; and

- a description of the bank’s overall risk management processes, including comments on their adequacy;

• key financial commentary, including a summary of the bank’s balance sheet strength, strategy and likely future profitability;

• brief descriptions of the capital and dividend plan; • commentary on the bank’s most material risks, why the level of risk is considered

acceptable or, if it is not, what mitigating actions are planned; and • who has carried out the assessment, how it has been challenged, and who has

approved it.

BACKGROUND This section would cover the relevant organizational and historical financial data on the bank such as group structure, key data and trends. It would include any conclusions that can be drawn from trends which may have a material impact. It would also give a description of expected changes to the bank’s business strategy.

CAPITAL ADEQUACY This section would include a detailed review of the capital adequacy of the bank. It might start with a description of the risk appetite of the bank which would set the context for the ICAAP. Where economic capital models are used, details of the assumptions behind those models should be included. Where scenario analyses or other means are used, some description of how the severity of scenario has been chosen should be included.


The ICAAP should include:

• the date of the ICAAP calculations, together with consideration of any events

between this date and the date of submission which would materially impact the ICAAP calculation, together with their effects;

• details of, and rationale for, the time period over which assessments have been made;

• identification of the key risks faced; • for each risk, an explanation of how the risk has been assessed and any

quantitative results of that assessment; • an explanation of how the risks have been mitigated, including the relevant risk

management and control policies and processes; • a clear articulation of the bank’s risk appetite by risk type; • details of any restrictions on the ability to transfer capital into or out of the bank

and, • an analysis of significant movements in available capital and capital required since

the latest ICAAP and a comparison of the capital required under Pillar 1 calculations as compared with the overall capital requirement identified by the ICAAP.

KEY SENSITIVITIES AND FUTURE SCENARIOS This section would detail the sensitivity tests undertaken to key assumptions and factors that have a significant impact on the broader financial condition of the company. Material changes (past, present and future) in the financial risks to which the business is exposed would be explored and quantified as far as possible in this section.

Banks that have had advanced approaches (IRB/AMA or IMA) approved should note that this is in addition to any stress testing that might be undertaken for testing or supplementing advanced approach modelling assumptions.

AGGREGATION This section would describe how the results of the bank’s various separate risk assessments are brought together and an overall view taken on capital adequacy. This requires a methodology to be used to quantify the amount of capital required to support individual risks in order to arrive at a total figure for capital required.

THE CHALLENGE PROCESS AND SIGN OFF OF THE ICAAP This section would describe the extent of challenge and testing of the ICAAP that has taken place. It would include the testing and control processes applied to the ICAAP calculations, the board review and sign off procedures.


Details of the reliance placed on group ICAAPs or any external suppliers/consultants would also be detailed here e.g. for generating economic scenarios.

USE OF THE ICAAP WITHIN THE BANK This would demonstrate the extent to which capital management is embedded within the bank, including the extent and use of capital modelling or scenario analysis and stress testing within the bank's capital management policy, e.g. in setting pricing. This would also include a statement of how the submitted ICAAP would be reflected in the bank’s capital management policy.


SCHEDULE 1: REVISED PRUDENTIAL REPORTING REQUIREMENTS

EFFECTIVE Q1 2008 - COMPLETION GUIDANCE

Issued August 2007

N.B. this will form Schedule 2 to the “Codes of Practice for Deposit-taking Business” from 1/1/2008. This is subject to consultation (CP No 3 2007 “Amendments Proposed to Codes of Practice Relating to Four Financial Sectors”) and all references herein refer to that version. A draft copy is available on the Commission’s website at:

www.jerseyfsc.org/the_commission/general_information/consultation_papers/consultation_papers.asp


CONTENTS Section 1 General Completion Notes 24

Completion 24 Subsidiary Prudential Returns - Consolidation 24 Management responsibilities 24 Year end return 24 Sections of the Prudential Return 25 Which modules should be submitted? 26 General rules to follow in completing the Prudential Return 27 Specific rules to follow in completing the Prudential Return 27 Certification 27 Enquiries 27

Appendix A Zone A&B Countries 28


SECTION 1: GENERAL COMPLETION NOTES

COMPLETION 1.1 The banking prudential reporting return (“prudential return”) must be submitted to the

Jersey Financial Services Commission (the “Commission”) in accordance with Sections 6.2.3 and 6.3.3 of the Codes of Practice for Deposit-taking Business (the “Codes”).

1.2 It is to be completed on a quarterly basis as at 31 March, 30 June, 30 September and 31 December by each Jersey deposit taker registered under the Banking Business (Jersey) Law 1991 (each “registered person”).

1.3 The prudential return should be submitted using the secure electronic submission process, followed by a hard copy printout of the return, a signed certificate and a hard copy note commenting on material changes and unusual items.

1.4 The prudential return should be submitted to the Commission on or before the 20th working day after the reporting date. The Commission would normally expect that the accompanying paperwork would arrive within 5 further working days. If the registered person foresees or experiences a delay that will result in a late submission, it must notify the Commission immediately.

SUBSIDIARY PRUDENTIAL RETURNS - CONSOLIDATION 1.5 A solo return must be completed every quarter i.e. on an individual company basis,

recording investments in subsidiaries as the amount invested, which will be deducted from regulatory capital.

1.6 An additional consolidated return will normally only be required where the reporting bank has a material subsidiary that: • Is a registered bank in Jersey or in any other jurisdiction; or • Is a financial services business (as defined in the Financial Services (Jersey) Law

1998) that is not incorporated in Jersey. In such circumstances, a consolidated return should be provided together with the solo return that coincides with the reporting bank’s financial year-end. If the reporting bank is uncertain as to whether it is required to complete an additional consolidated return then it should contact the Commission.

MANAGEMENT RESPONSIBILITIES 1.7 The Commission views the accurate and timely submission of reports as an indication of

effective management control of the registered person. Conversely, failure to report accurately within the time allowed, or to handle unforeseen events that delay reporting, may be viewed as an indication of poor management control.

YEAR END RETURN 1.8 The Commission recognises that the year end of some registered persons may not

coincide with the quarter end dates. In these cases, subject to the prior agreement of the


Commission, an additional prudential return will be required as at the registered person’s year end, which should be submitted within 20 working days of that date.

1.9 The prudential return that coincides with the registered person’s year end must be certified by its external auditor. A certified hard copy is due within three months of the year end.

1.10 For a Jersey incorporated subsidiary, the completion and submission of the prudential return to the Commission does not affect the requirement to submit “true and fair” audited accounts to the Commission within three months of the year end. The annual certified hard copy of the prudential return must therefore be accompanied by: • A schedule prepared by the auditor of any differences between the prudential

return submitted and the records of the registered person; and • A reconciliation between the balance sheet statement in the certified hard copy of

the prudential return and the published accounts, as required by Section 6.2.4 of the Codes.

1.11 Branches are not required to produce published accounts for the Jersey operation alone. The certified prudential return need only therefore be accompanied by a schedule prepared by the auditor of any differences between the return submitted by the bank and the records of the registered person, as required by section 6.3.4 of the Codes.

SECTIONS OF THE PRUDENTIAL RETURN 1.12 The Prudential Return is broken down into modules covering the following:

MODULE BRANCH / SUBSIDIARY

CONTENTS IDENTIFIER(S)

Core Data Subsidiary Balance Sheet, P&L, Capital and RAR. JFSC.Basel II.M1SUB

Simplified Standardised Approach to Credit Risk (“SSA”)

Subsidiary Calculation of Credit Risk RWA. JFSC.Basel II.M2SSA

Standardised Approach to Credit Risk (“SAC”)

Subsidiary Calculation of Credit Risk RWA. JFSC.Basel II.M2SAC

Operational Risk Subsidiary Calculation of Operational Risk RWA. JFSC.Basel II.M3S

Market Risk Subsidiary Calculation of Market Risk RWA and Market Risk disclosure requirements.

JFSC.Basel II.M4SAM

Trading Book Risk Subsidiary Calculation of Trading Book RWA. JFSC.Basel II.M5TB


Subsidiary Other prudential disclosures, including Large Exposures, provisions and analysis of deposits.

JFSC.Basel II.M6OTH


MODULE BRANCH / SUBSIDIARY

CONTENTS IDENTIFIER(S)

Liquidity Subsidiary Maturity ladder, behavioural adjustments, limits and large deposits.

JFSC.Basel II.M7 Liquidity

Branch Core Data Branch Balance Sheet and P&L. JFSC.Basel II.M1 BRANCH

Branch Market Risk Branch Market Risk disclosure requirements. JFSC.Basel II.M5 BRANCH


Branch Other prudential disclosures, including the top 10 largest credit exposures, provisions and analysis of deposits.

JFSC.Basel II.M6 BRANCH

Branch Liquidity Branch Maturity ladder and large deposits JFSC.Basel II.M7 Branch Liquidity

WHICH MODULES SHOULD BE SUBMITTED? 1.13 The Commission may vary its requirements in individual cases, principally to allow for

the use of approaches other than those detailed in these modules. However, unless informed otherwise, banks should complete the following modules:

SUBSIDIARY

NO TRADING BOOK TRADING BOOK

BANK CATEGORY

SSA SAC SSA SAC

BRANCH

Core Data Core Data Core Data Core Data Branch Core Data

SSA SAC SSA SAC

Operational Risk

Operational Risk

Operational Risk

Operational Risk

Market Risk Market Risk Market Risk Market Risk Market Risk

Trading Book Risk

Trading Book Risk






Modules:

Liquidity Liquidity Liquidity Liquidity Liquidity


GENERAL RULES TO FOLLOW IN COMPLETING THE PRUDENTIAL RETURN 1.14 Cells where data should be entered are clearly indicated to the user within the

spreadsheet, as white areas within the tables.

1.15 Agreement should be sought from the Commission as to which subsidiaries should be consolidated in the consolidated return.

1.16 The prudential return must be completed in Sterling. Registered persons who account in a currency other than Sterling should convert all values to Sterling and state on the form the accounting currency and the exchange rate used. The rate used should be the mid-market rate obtained at close of business on the reporting date. ISO 4217 three letter codes should be used to designate the accounting currency; for example, GBP for Pounds Sterling, USD for US Dollars etc.

1.17 All amounts should be entered in thousands: i.e. an entry of 1 on the sheet equates to £1,000.

1.18 Figures entered on the Prudential Return should be entered as rounded off to the nearest integer (no decimal places), unless the completion guidance for a module specifies otherwise. For example, an amount of £499.99 should be entered as “0” and an amount of £3,500 should be entered as “4”.

1.19 Debit balances should not be set-off against credit balances unless a legally enforceable specific netting agreement is in place between the registered person and its counterparty or customer.

SPECIFIC RULES TO FOLLOW IN COMPLETING THE PRUDENTIAL RETURN 1.20 Completion guidance notes are available for each module. This schedule and the relevant

completion guidance notes must be read and complied with by the reporting bank.

1.21 Abbreviations are in general specified within each module but, for every module, “Zone A” and “Zone B” have the meanings given in Appendix A.

CERTIFICATION 1.22 Registered persons must complete and submit a certification statement. The certificate

must be signed as follows: • For Subsidiaries: the certificate should be signed by two directors of the company.

Where only one director is available, a statement signed by one director and the most senior local executive is acceptable; or

• For Branches: the certificate should be signed by the branch manager or, in his absence, his deputy. The annual certified prudential return should also be signed by the senior officer approved by the Commission under Section 11(2)(a) of the Banking Business (General Provisions) (Jersey) Order 2002.

1.23 The certificate must also be signed by the person preparing the prudential return.

ENQUIRIES 1.24 All enquiries regarding the completion of the prudential return, or the interpretation of

these definitions, should be made in the first instance to the relevant Supervision Manager at the Commission.


APPENDIX A: ZONE A&B COUNTRIES

A.1 “Zone A” includes: • Any EEA State; • All other countries which are full members of the OECD; and • Those countries which have concluded special lending arrangements with the

International Monetary Fund (IMF) associated with the Fund's general arrangements to borrow, except that:

• Any country falling within the above which reschedules its external sovereign debt is precluded from Zone A for a period of five years.

A.2 “Zone B” comprises all countries not in Zone A.

A.3 The Channel Islands, Gibraltar, Bermuda and the Isle of Man should also be regarded as being within Zone A. A bank should discuss with the Commission the appropriate treatment of dependencies of Zone A countries, where applicable.

A.4 Gibraltar and Bermuda are included as territories within the UK’s membership of the OECD. Consequently, a claim on either government should be treated as a claim on a Zone A public sector entity and a claim on a bank incorporated in Gibraltar or Bermuda should be treated as a claim on a Zone A bank.

A.5 For the purpose of determining whether a bank is in Zone A or B, the place of incorporation is the relevant factor to be considered rather than the location of a branch. The term “bank” also covers building societies.

Documents

Basel II in Jersey: Quarterly Reporting and Pillar 2 · BASEL II IN JERSEY 2 Aggregation 20 The challenge process and sign off of the ICAAP 20 Use of the ICAAP within the bank 21