Checklist for Risk Management
(Revised 1998 Edition)
November 1998
Bank of Japan
Bank Supervision Department
I. Objectives of the Checklist
The Bank Supervision Department of the Bank of Japan initially compiled the Checklist for Risk Management (hereafter referred to as the Checklist) in December 1987. To provide examiners with guidance in reviewing the adequacy of risk management at individual banks during on-site examinations, the Bank completely revised the Checklist in May 1996, and it was distributed to financial institutions under the Bank's supervision as well as to various other financial institutions in the belief that it could serve as a reference as they undertake initiatives to check and strengthen their risk management systems.
Over the two years since the last revision, major revisions of institutional systems have been undertaken in Japan reflecting drastic changes in the financial and social environment, and in order to deal with the deterioration in business performance of Japanese financial institutions. Furthermore, consensus has been reached and various reports have been released relating to risk management in the international arena such as that of the Basle Committee on Banking Supervision, against the background of steady progress in financial deregulation and refinement of risk management skills.
Meanwhile, as part of the review of its bank supervision functions accompanying the enactment of the Bank of Japan Law of 1997, the Bank Supervision Department revised and expanded the 1996 edition of the Checklist for Risk Management, and distributed the revised 1998 edition of the Checklist to financial institutions under the Bank's supervision and various other financial institutions on June 19. With a view to securing transparency of bank supervision, the revised 1998 edition of the Checklist has been made generally available as much of it should be useful to nondepository financial institutions not directly subject to the Checklist (securities companies, tanshi companies, etc.), depository financial institutions not under the Bank's supervision (some shinkin banks, credit cooperatives, agricultural cooperatives, labor credit associations, etc.) and nonfinancial business firms.
II. Major Features of the Revised 1998 Edition
The new edition of the Checklist for Risk Management has been revised and expanded to reflect developments in the financial conditions and institutional reforms in Japan since the previous revision (May 1996), as well as international discussions regarding risk management. In compiling this edition, the Bank also considered and applied experience gained using the previous editions of the Checklist and opinions and comments gathered from financial institutions under the Bank's supervision.
The overall framework in the new edition is unchanged from the 1996 edition. The Checklist is categorized by type of operation (I. Management and Internal Controls, II. Lending Operations, III. Market Operations and Asset and Liability Management [ALM], and IV. Business Operations and Electronic Data Processing [EDP]). The sample questions for examining the progress in risk management of financial institutions under each checkpoint are organized starting from basic matters and progressing to technical details. Like its predecessor, the revised 1998 edition includes some items which even banks with advanced risk management skills require more time to achieve. The Checklist is therefore not a minimum standard by which all banks must abide; rather, it is meant to be used flexibly by as many financial institutions as possible as a guideline for their business operations.
Concretely, items related to legal compliance have been largely expanded in Section I (Management and Internal Controls) to include important points such as whether the management fully recognizes the importance of legal compliance and takes the lead in establishing compliance awareness within the financial institution, and whether there is a systematic framework with concrete procedures for implementing legal compliance and whether it functions adequately. In its revision of Section I, the Bank considered and included the aims set forth in the "Framework for the Evaluation of the Internal Control Systems" released by the Basle Committee on Banking Supervision. In Section II (Lending Operations), a new item regarding financial institutions' self-assessment of assets has been added in response to the introduction of the self-assessment system. Necessary amendments have been made in Section III (Market Operations and ALM) to deal with the inclusion of the trading account, with due consideration given to the "Principles for the Management of Interest Rate Risk" released by the Basle Committee on Banking Supervision.
III. Application of the Checklist in the Bank's Examinations of Risk Management
The Bank's examinations review both the strength of financial institutions and their risk management ability, which prevents the emergence of losses and sustains their soundness. The Checklist for Risk Management is used as a handbook by examiners when assessing the risk management capability of financial institutions. Simultaneously, with a view to smoothly carrying out our on-site examination of risk management and to have a sufficient exchange of opinions with the subject financial institution, the Bank requests the institutions concerned to evaluate their abilities using the Checklist at each examination.
Needless to say, financial institutions must take the initiative in establishing their own risk management system based on their own judgment, hence the actual system will differ according to the individual institution's management strategy and business performance. In this sense, the Bank does not intend to apply the Checklist uniformly to all financial institutions, but will utilize it giving full consideration to the situation of each bank.
Index of the Checklist
I. Management and Internal Controls
A. Management Policy
1. Soundness and clarity of management policy
2. Permeability of risk management policy
B. Internal Controls
1. Organization, delegation of authority, and reporting system
2. Staff recruitment and training
3. Internal audit
C. Profit/Loss Management and Risk Management of Affiliated Companies
1. Profit/loss management
2. Risk management of affiliated companies
D. Compliance and Disclosure
1. Establishment of a framework for compliance
2. Disclosure and accounting process
E. Contingency Plan
1. Compilation and understanding of a contingency plan
II. Lending Operations
A. General
1. Role of management
2. Self-assessment of assets and appropriate calculation of the amount of write-offs and provisioning
3. Integrated management credit risk
4. Loan discipline
5. Staff training and education
B. Domestic Credit Administration
1. Credit approval
2. Usage of funds
3. Follow-up
4. System support
5. Management of substandard borrowers
6. Collateral and guarantee
C. Overseas Credit Administration
1. Credit approval
2. Follow-up
3. Collateral and guarantee
4. Country risk
III. Market Operations and ALM
A. General
1. Role of management
2. Risk management system
3. Market practices and transactions
4. Establishment of other frameworks
B. Trading (Not Limited to Transactions on the Specified Transaction Account)
1. Management system
2. Market risk management
3. Management of credit risk accompanying market transactions
C. Securities Investment (Non-Trading Account)
1. Risk management system
2. Market risk management
3. Credit risk management
D. Fund Management (Both Yen and Foreign Currencies)
1. Risk management system
2. Liquidity risk management
E. ALM
1. Identification of interest rate risk
2. Operation of ALM system
3. ALM operations
IV. Business Operations and EDP
A. General
1. Role of management
B. Business Operations
1. Organization and system
2. Control of cash and important keys
3. Authorization for exceptional transactions
4. Other operations
C. EDP Risk (Including High-Priority Distributed [Client/Server] Systems and PC Systems Not Linked to the Networks [Stand-Alone PCs])
1. Organization and systems
2. Crime and disaster prevention measures, and backup system
3. System planning and development
4. Management of operations
5. Measures to prevent illegal use
