On-site Examination Policy in Fiscal 2001
(Tentative translation)
April 3, 2001
Bank of Japan
I. On-site Examination of Financial Institutions in Fiscal 2000
A. Overview
The Bank of Japan conducted on-site examinations in fiscal 2000 with the view of sufficiently fulfilling the following functions: (i) monitoring the business conditions and asset quality of individual correspondent financial institutions, (ii) identifying risks in the overall financial system and analyzing the mechanisms through which such risks materialize, and (iii) applying the above information to the overall activities of the Bank.
Based on the focal points of last year's issue of this paper published on March 28, 2000, (i) the Bank assessed the financial strength of financial institutions, and (ii) conducted "risk-focused" on-site examinations that placed emphasis on a preemptive approach to prevent a deterioration in the financial strength of those institutions. Moreover, (iii) it conducted targeted examinations related to payment and settlement risk management to assess readiness for the introduction of a new real-time gross settlement system (RTGS, which started in the beginning of 2001) to BOJ-NET, the Bank's online system for the settlement of funds and Japanese government securities. Also, (iv) it conducted targeted examinations in the area of information security risk management, reflecting the increasing reliance of financial services on computer systems and the growing use of the Internet and other open network architectures.
To alleviate the burden on examined institutions, the Bank flexibly set cycles and scope of the examinations in accordance with their financial strength and risk management capability.
| Type of financial institution | Number |
|---|---|
| Banks | 31 |
| Shinkin banks | 59 |
| Others (including securities companies and Japanese branches of foreign banks) | 21 |
In addition, the Bank conducted targeted examinations on 24 financial institutions, focusing on payment and settlement risk management, market risk management, readiness for the introduction of the new RTGS system, and information security risk management.
B. Main findings regarding the focal points of the fiscal 2000 on-site examination policy
1. Financial strength of financial institutions and their credit risk management
In addition to verifying the adequacy of the self-assessment of assets and the loan-loss provisions and write-offs based on such assessment, and reviewing the appropriateness of recognition of deferred tax assets, the Bank assessed the impact of the introduction of mark-to-market accounting. It also examined the progress in the introduction and utilization of a credit rating system as well as the effectiveness of the framework of basic credit risk management. It was found that:
- Some financial institutions had problems in terms of the content of in-house manuals regarding self-assessment, loan-loss provisions and write-offs or the practical application of manuals to individual loans.
- With respect to recognition of deferred tax assets, some financial institutions estimated future taxable income based on somewhat optimistic premises.
- The Bank saw progress regarding the establishment of credit risk management procedures. More financial institutions had implemented and sophisticated credit rating systems, and started to quantify credit risk. However, with respect to practically applying the results of quantification to credit operations, many financial institutions still left unsettled such issues as the consistency of these results with business operations, and the collection of data related to the probability of default.
2. Market risk and liquidity risk management
Against the background of the growing importance of market risk management together with the more extensive use of mark-to-market accounting for financial products, the Bank focused on whether risk management systems were consistent with the scope of business and risk profiles.
- Some financial institutions, which were actively involved in bond investments due to weak financing demand in their business territory, did not adequately recognize the increase in market risk because they were slow to establish market risk management systems, such as the quantitative recognition of risk, and checking systems by business units other than those responsible for investments.
- Some other institutions purchased high-risk, high-return bonds structured by hybrid financial products without adequate recognition of the risks involved.
- Most financial institutions properly managed liquidity risk management systems in place, but some did not have clearly defined contingency plans or did not adequately verify the availability of funding measures in case of an emergency.
3. Operational risk management
With respect to operational risk management at financial institutions, since back-office operations are becoming more concentrated, the Bank conducted examinations with an emphasis on risk management systems at head offices and operation centers. Regarding computer system risk, with the expansion of financial services through the Internet, the Bank published a paper (in April 2000) on the importance of information security for financial institutions and countermeasures. It conducted targeted examinations related to information security management systems at seven financial institutions actively developing such operations (during other examinations, it also examined computer system risk management when necessary).
- There were some cases where headquarter instructions to branches and internal audit procedures lagged. In particular, some financial institutions where back-office operations were outsourced to affiliates or other companies did not monitor those companies' operations appropriately.
- Some financial institutions did not take sufficient measures against specific risks attaching to open network systems and did not manage IDs and passwords properly. Other institutions did not conduct any risk analysis based on the security policies which they had formulated. There were also cases where internal and external audits did not function effectively.
4. Payment and settlement risk management
From the perspective of ensuring the stability of settlement systems, the Bank continued to examine the payment and settlement risk management of individual financial institutions. This was done as part of full-scope examinations with particular emphasis on readiness for the introduction of the new RTGS system and related risk management, as well as conducting targeted examinations on 15 financial institutions, mainly those with large settlement volume. Based on its findings, the Bank compiled a list of areas where improvements would be made, and sent copies to correspondent financial institutions.
- At some financial institutions, there was room for the better management of their current deposit accounts with the Bank and also Japanese government securities. Other institutions were required to improve the management of intra-day credits to customers. There were also cases where contingency plans needed to be prepared against computer system failures, etc.
II. Focal Points of On-site Examination in Fiscal 2001
In Japan's financial system, progress has been made in such areas as the strengthening of the capital bases of financial institutions through the procurement of public and private funds, the disposition of failed financial institutions, and the growing trend of mergers and consolidations of financial institutions. These developments have contributed to stabilizing the system.
However, with respect to the bad loans held by financial institutions, despite the disposal of these loans to a significant extent in recent years, the total outstanding amount has not decreased so much since a considerable amount of bad loans has newly emerged. With the protection of the entire amount of deposits of financial institutions ending at the end of fiscal 2001, it is crucial that individual financial institutions take appropriate actions and present views regarding this problem, in accordance with their respective situation, thus promoting the soundness of overall financial functions.
Amidst the background of advances in deregulation and revolution in information and communications technology, the business scope and managerial structures of financial institutions are undergoing a major transformation, and the risks they face are becoming more complicated and diverse. In order to obtain new business opportunities and improve profitability, it is increasingly important that Japan's financial institutions establish management systems covering these various risks.
Payment and settlement risk management and liquidity risk management will probably become even more important issues for the management of financial institutions. The new RTGS system, an important infrastructure for reducing the overall risk of settlement systems, was put in place at the start of 2001, and is expected to prompt each financial institution to further strengthen its own payment and settlement risk management, thereby leading to an improvement in Japan's settlement systems. Also, with the ending of the protection of the entire amount of deposits at the end of fiscal 2001, it will become even more important for each financial institution to properly manage its own financial investments and funding.
Recognizing the above issues and taking into account actual conditions as well as the future business development of correspondent financial institutions, the Bank will conduct on-site examinations, placing emphasis on the points below with respect to financial strength and the management of various types of risks.
In conducting examinations, the Bank will endeavor to alleviate the burden on examined institutions and to make examinations efficient. In this regard, the Bank will try to flexibly set the cycles, scope, and schedules of examinations according to the specific problems of examined institutions. When it is necessary to assess the situation related to specific risks, the Bank intends to make active use of targeted examinations as part of its flexible approach to on-site examinations.
Focal points of on-site examination
1. Financial strength of financial institutions and their credit risk management
- In view of the current situation regarding the bad loan problem, the Bank will focus on the financial strength of financial institutions, including assessment of capital adequacy and possibility of a rise in new bad loans. Furthermore, taking into account the credit risk profile of each financial institution, the Bank will discuss with them how to measure and control credit risk.
- The Bank will examine whether the credit risk management system of each financial institution functions effectively. One of the points to be reviewed is whether credit ratings serve to identify overall credit risk. The appropriateness of rating methods, and the effectiveness of credit review units and other internal checking functions will be given due attention. Also, the application of both expected loss calculations and portfolio analysis using rating methods to loan operations will be reviewed. Based on these examinations, the Bank hopes to promote understanding on the part of financial institutions as to how to use such methods.
2. Market risk management
- It is necessary to continue to take precautions regarding the market-related risk management of financial institutions. The Bank intends to fully examine the establishment and observance of their risk management standards. In particular, for financial institutions investing a large portion of their portfolio in securities, the Bank will urge them, when necessary, to pay attention to the recognition of risks including those attaching to new products, and their involvement in the risk management process, and to establish a checking system for those units responsible for investments (front office).
3. Operational risk management
- Following a review of the business lines of financial institutions, the trends toward the concentration of back-office processing and outsourcing are expected to accelerate even further. The Bank will place emphasis on monitoring whether operational risk management is carried out in response to these changes. Particularly when a financial institution outsources essential operations, the Bank will focus on risk management systems related to these operations.
- With regard to issues related to computer systems, the Bank intends to take information security examinations implemented in fiscal 2000 one step further. Specifically, in addition to the integrity of computer systems such as ensuring information security, the Bank will examine their stability and reliability, including whether computer system failure would hinder proper financial services and whether the functions and information provided by the systems correspond to business requirements.
- The Bank will promote further discussions with financial institutions, focusing on a desirable management approach to operational risk, including methods of quantifying operational risk and their application to control of business.
4. Payment and settlement risk management and liquidity risk management
- In fiscal 2001, the Bank will particularly focus on payment and settlement risk management and liquidity risk management. With the introduction of the new RTGS system, it will monitor how the risk profiles of the major participants of settlement systems will change, and whether they respond appropriately to those changes. If the risk management of a financial institution is judged to be insufficient, the Bank will ask it to take appropriate measures, and examine whether this would have any negative effect on overall markets. The Bank expects that, through such processes, a suitable settlement mechanism will be established under the new RTGS system, leading to a reduction of risk in overall settlement system.
- At the same time, with a view to preventing payment and settlement risk from materializing, the Bank intends to examine whether each financial institution adequately manages liquidity risk, taking into account each institution's circumstances with respect to financial investments and funding, and whether each institution establishes a contingency plan in place against unexpected circumstances.
5. Integrated risk management
- The establishment of systems to properly manage complicated risk profiles is an important issue for new financial businesses, especially at Japan's leading banks. Recognizing this, the Bank intends to discuss with financial institutions progress in management techniques and their application to business control, such as methodologies for integrated risk management, efficient utilization of capital, and verification of capital adequacy based on these procedures with a view to promoting the establishment of a system capable of managing complicated risk profiles.
Also, in a changing period of business operation systems due to various mergers and acquisitions and the launch of new businesses by financial institutions, the Bank will monitor whether risk management policies based on those changes are consistent with actual business operations, and whether internal control frameworks continue to function effectively.