Toronto Centre

Sunday, Feb 28, 2016

Download Document

Group-Wide Consolidated Supervision in Bank and Financial Groups

Introduction^[1]

What is Group-Wide Consolidated Supervision?

Group-wide consolidated supervision is a comprehensive approach to evaluate the strength of an entire group considering all the risks that may affect a bank, regardless of whether these risks are booked in the bank, or in affiliated entities.

Why is Group-Consolidated Supervision Important?

When banks are associated with a broader group they are subject to risks in addition to the Basel II risk framework. These group risks, also called conglomeration risks, emanate from the financial and non-financial relationships of the bank with the parties that make up its broader group. Mix-activity groups, involving both financial and non-financial activities, are a special case where these risks are accentuated.

Which are these Group (Conglomeration) Risks?

Typical group risks that are not captured in the traditional Basel risk framework include the risks of transparency, contagion, and autonomy, inter-alia, which (besides double-gearing and arbitrage risk) capture a number of issues making a bank vulnerable to its group “connections,” such as threats to its good name and suborned governance.

Why may these Group Conglomeration Risks Elude Supervisors?

Due to limited powers, a too restricted legal perimeter, or because of a self-imposed interpretation, supervisors may restrict the scope of their supervision of a bank group to the bank and the group of subsidiaries below its level. Upward risks from levels above the bank and from parties associated to ultimate controllers are not looked upon or are deemed often out of legal scope.^[2]

How is Group-Wide Consolidated Supervision Performed?

Group supervision actively seeks to contain the risks to a bank from its group members, whether or not of a financial nature, which might at one-point hamper the effectiveness of capital and liquidity. It does so using a suite of quantitative and qualitative tools, and a proactive use of the basic licensing powers available to supervision.

Purpose of This Note

This note^[i] explains the risks from association of a bank to a broader group and how group-wide supervision can keep group risks aligned to the resources and internal governance capabilities of a bank and its parent entities. The note fully endorses the Joint Forum’s^[ii] approaches to achieve this core objective, emphasizing the importance of both solo and consolidated supervision to keep group risks at bay. Its suggestions are applicable to other non-bank financial groups and advocate flexibility in crafting legal powers and definitions, active use of licensing to preclude unsound group structures, and an effective mix of quantitative and qualitative group-wide consolidated supervision tools.

Group Challenges for Banking Supervision

Conglomeration poses three main challenges to banking supervision. The primary challenge is that the risks arising from the association of a bank with its related corporate entities and parties, including vehicles off-its-balance sheet, tend to be overlooked. As a consequence, supervision may fail to assess and respond to risks adequately. The second challenge comes from the complexity of the groups’ structures. The third challenge is their often-systemic importance. Financial groups tend to be large and become powerful. The individuals who stand behind them can be influential in the political and socio-economic status quo of a country, and much more so in groups that conglomerate financial with commercial-industrial activities (mixed-activity groups).
Complexity and size makes financial groups difficult to understand. Group-wide supervision is difficult and requires multidisciplinary skills, dedicated resources and a comprehensive risk assessment process. Most of all, it requires an independent supervisor with strength to withstand political pressure and interferences. Implementing group-wide supervision requires understanding well the structure of the corporate group in which a bank is integrated. This is crucial to visualize the “connections” among group members to anticipate contagion channels, to restrict dark corners,^[3] and to eliminate any obstacles to resolution if a crisis materializes.
Three dimensions of group structure matter for banking supervision. One dimension is the form of the group itself and how its members are organized. A second dimension is its ownership structure and where the group’s ultimate “mind and soul” resides. A third relevant aspect of the structure is how the businesses and the management of the group entities are set-up. These structures condition oversight over the full group and whether or not all the relevant risks and group entities are reasonably captured. Group-wide supervision should keep an updated map of the above structures and, through investigation and proactive licensing, and should seek to prevent complex structures and dark corners that may hinder the effectiveness of regulation and supervision.
Some structures may impede prudential regulation and supervision to achieve their objectives. Unsuitable structures must be disallowed if, for example, they obscure the identity of the final controllers, the identification of who are their related parties and affiliates, who are the beneficiaries of loans, how funds are used, and from where bank capital has been sourced. Opaque structures may leave dark corners unnoticed and significant unidentified risks of the broader group outside the scope of regulation and supervision. Other structures may impede access by supervisors to the information necessary to oversee the group, for example when key members are located in foreign jurisdictions with tight confidentiality regimes.
The structures of groups (parents and group members) varies in complexity.^[iii] There is always a group placed above the level of any bank made of its significant owners and their associates. There are plain vanilla “homogeneous banking groups,” when banks own other banks possibly in addition to certain other financial institutions such as investment or securities firms (hence no actuary risk involved). “Mixed-financial groups” are more complex, consisting typically of financial entities operating in both the banking and insurance sectors, and thus involving also actuarial risks. “Mixed-activity groups” are the most complicated since they conglomerate traditional financial risks with the risks of commercial and industrial activities, as in a “financial-industrial group.”
A bank may act as a parent controlling a group or may be controlled by another parent above its level. This parent may be another bank, or another financial institution, such as an investment firm or an insurance company. The parent can also be a holding company (HC) whose objective is to control a group of banks (bank HC), or to control banks and other financial institutions (a mixed HC, or MHC). If permitted by law, an industrial company could control a bank or a financial group, or a holding company that acts as parent to both financial and non-financial entities (mixed-activity holding company, or MAHC). Finally, there are also “horizontal groups” where there is not a parent controlling the group, but one or more persons acting systematically in concert to exert control upon a group of entities, financial or otherwise. Horizontal groups are among the most challenging to regulate and supervise because it is difficult to find a point to consolidate and apply prudential regulations and standards.
All banks have insiders eager to do business with the bank, and there is often a group behind a bank that needs to be watched with care. The prevention of abuse starts with a proactive and rigorous licensing regime. Significant shareholders, bank directors, and key managers must be subject to fit and proper and suitability tests. The sources of contributed capital must be thoroughly investigated to preclude direct or indirect financing by the bank of its own capital, in part because it erodes the effectiveness of capital as a backstop of losses. Limits on lending to the above mentioned parties and their associates must be imposed, including obligations for the board to approve all transactions with such insiders and to ensure they are not at more favorable terms that those offered to third parties. This is necessary to avoid, inter alia, excessive concessionary lending to such parties.
Yet, made the rule, made the trap. As soon as the rules are set, some parties may conceive alternatives to sidestep them. Stratagems may be construed to evade the formal wording of legal provisions or to obstruct their effectiveness. Legal gaps might be exploited to circumvent prudential regulations. For example, by using unregulated entities and interposed parties, a group controlling a bank might seek to deceive the supervisors. Regulatory arbitrage may look for the weakest spot, conspire to circumvent regulatory risk limits, and spin risks out to the darkest corners. Nonetheless, those risks will continue to lurk outside the official scope of regulation and supervision, such as unconsolidated step-in risks.
The above issues of ownership, control, and morphology structure create risks in addition to those typically addressed in the Basel risk framework. These additional “group or conglomeration risks” give rise to the possibility that the solvency and stability of a regulated entity –“the bank we care for”– is threatened due to its association with companies and other parties within its group.

Group risks superimpose upon traditional financial risks and include transparency, contagion, autonomy and arbitrage risks. These four forms of risk capture other issues (such as arbitrage, double-gearing, leverage) conceptualized as vulnerabilities of group conglomeration.^[iv] Conglomeration risks cannot be measured with precision. However, the group risks arising from conglomeration may be approximated as a qualitative proxy of risk,^[4] and the source of the risk lessened or deducted from capital if needed.

Transparency risk is the risk that association with a broader group can obfuscate standard supervisory indicators, for example by overstating group profits and/or capital, or understating net group risks. Transparency risk also includes the risk that the bank might not be capable of properly evaluating the potential impact on its solvency of a transaction or a set of transactions undertaken among entities associated with its corporate group.
Contagion risk is the possibility that problems arising in other members of a corporate group may compromise the financial and operational position of the bank, potentially compromising its viability. These problems may or may not be of a financial nature and the group members may be regulated or not regulated. The group members can include non-financial entities of the broader corporate group and their respective significant related parties, as well as affiliates, nominees and trustees.
Autonomy risk is the risk that the boards and management of a bank are comprised of individuals who are also executives of its parent or other entities in its group. As a consequence, these individuals might be incapable of independently discharging their fiduciary duties to the bank, and its clients and minority shareholding interests, and may be subject to conflicts of interest, including in relation to profit, funds pricing and cost allocation issues.
Arbitrage risk originates in the lack of consistent and comparable prudential and accounting rules across sectors (banking, securities, insurance, and commercial and industrial). This allows benefits from switching transactions among regulatory regimes, including booking transactions and portfolios in those entities of the broader group where regulation and supervision are less onerous.
Group risks cannot be as easily measured as traditional financial risks. The situations that create issues of transparency, contagion, autonomy and arbitrage are rarely reflected in the consolidated accounts. These basically capture only financial transactions and do not record qualitative situations, many of which cannot be assigned a number. The implications of outsourcing essential control functions to an unsupervised parent or affiliate, a reputational event affecting a major controller, or a subsidiary bank’s board being comprised by its parents’ officers, all are examples of potentially “unsafe connections” not reflected in the group accounts. Further, any financial or economic transaction shifted outside the consolidation perimeter to evade or arbitrate regulations would be lost from sight.

Approaches for Supervising Groups on a Consolidated Basis

The objective of group-wide supervision is to respond to the risks posed by conglomeration. Group-wide supervision is an extension to an appropriate level beyond the bank and banking group levels in order to ensure the effectiveness regulation. This broader concept reaches upward beyond a bank to its broader corporate group in order to ensure solvency and foster stability. An extension of the scope of supervision does not mean that unregulated entities of the broader group are subject to the same degree of regulation and supervision. However, the same relevant standards of licensing, governance, and information disclosure applicable to a financial group and its ownership structure should be enforced to the top levels, including add-hoc risks deduction and agreed upon group commitments.

Box 1 – The Objectives of Group-Wide Consolidated Supervision

Understand the risks that emanate from relationships among the members of a corporate group.
Assess and track the risk of the group’s activities wherever originated, booked and managed.
Confirm the adequacy of systems used to measure contribution to overall group risk and capital.
Monitor advance indications of trouble and identify routes of risk contagion to mitigate its effect.
Ensure the integrity of group and solo capital, its effectiveness, location and transferability.
Identify the “mind and soul” that makes the final decisions across a group and where it is located.
Follow alternative strategies for responding to the above issues and mitigate undesirable outcomes.

There are three approaches to achieve the objectives of group-wide supervision. These approaches may coexist and be combined to different degrees. Each is progressively more difficult to implement, reflecting the increasing complexity of group structures. Difficulties also come from the resistance often encountered from influential parties who are confronted in the process of seeking to bring transparency to the group’s structures and activities, and in striving to constrain the behavior of controllers and group entities.
The first approach relies heavily on traditional “solo bank supervision” looking at banks at a “level 1” perspective as the key priority. It may include a layer of standard consolidated supervision for homogeneous sectorial groups, for example, made of banks and other non-insurance entities, where banks are the ultimate group parent and there are not significant actuary risks involved.^[5]
The second approach adds a layer of “supplemental consolidated supervision” for mixed-financial groups where banking and insurance activities might be amalgamated, inter-alia, looking at these combined at a “level 2” perspective.
For more complex mixed-activity groups an overlay of group-wide oversight may be needed at “level 3.” This approach aims to eliminate dark corners and to foster the structural separation of activities (banking and other financial activities from non-financial activities) – for example by requiring a MAHC, and by extending requirements as high upward to the top of the group as needed, including above unregulated HCs, towards the ultimate controllers, wherever located.
To enable the most appropriate supervisory approach, law and regulation must set out relevant quantitative and qualitative standards. There are four types of standards relevant for group-wide supervision.^[6]
Institutional standards designate and grant powers to sectorial and mixed group supervisors, including licensing and resolution powers, specify the agency in charge of leading group-wide supervision, as well as set forth a protocol for coordination among financial supervisors.
Group standards delimit the scope of permissible structures and group activities, and provide the relevant group concepts and definitions, such as the perimeter for prudential consolidation,^[7] including any form of regulated HC.
Quantitative standards establish the methods to measure and aggregate group risks, to assess the group’s capital adequacy, including eligible capital and applicable deductions, and the relevant risk limits at group level; and lastly.
Qualitative standards set forth the expected behavior and obligations of parent and group members regarding board membership, governance, sound risk management and audit programs, and reporting to enable clear understanding of the activities and transactions across the broader group.
The solo bank approach aims to keep group risks on check as much as possible. It seeks to constrain the risks from association of a bank with unregulated and unconsolidated entities and to minimize unsound connections. Regulation restricts the types of permissible group structures. Mixed-activity and horizontal groups should be prohibited. Mixed-financial activities might exclude insurance underwriting or require a non-operational MHC^[8] with a diversified base of physical shareholders. When there is backbone and political appetite for it, solo supervision behaves “brutally” and allows no action from ultimate controllers that might undermine transparency or result into a contagion channel. Upward risks from above the bank are rooted out. Ideally, if the solo approach is effective, an overlay of consolidated supervision might not be necessary, or basically be directed to a bank as top parent of its group.
In practice, a supplemental consolidated supervision may be needed one level above a bank, or at “level 2”, for conglomerated financial activities. Some jurisdictions might restrict insurance companies from owning banks, and vice-versa. Any mixed-financial activities should be conducted under the universal bank model^[9] or under a regulated non-operational MHC. Consolidated supervision of the parent bank or the MHC is not a substitute for solo supervision (the supervision of individual group members), but an essential sine qua non condition which completes the solo supervision. Regulatory techniques and the mix of group quantitative and qualitative requirements are discussed below. Divergences in sectorial rules might be reasonably solved with add-hoc capital deductions.
An overlay of supervision (at a higher “level 3”) may be needed in those groups that amalgamate banking and other financial activities to commercial-industrial activities. Mixed-activity groups are common in developing and less developed countries. But few jurisdictions have actively and adequately addressed the amalgamation of financial and non-financial risks.^[v] Mixed activity groups often are horizontal groups connecting banking to non-financial activities, or are headed by one or several non-regulated HCs. MAHC are seldom mandated. Supervision at “levels 1 and 2” often fails to address the upward risks involved. This often happens because of limited legal scope and insufficient activism from official supervision, sometimes due to the political clout of key influential individuals who concentrate wealth and power and resist the necessary reforms.
A “level 3” approach is an overlay to deal with the structural risks posed by complicated structures such as in mixed-activity groups. When these groups are not prohibited, dealing with them requires a forceful use of licensing powers, including willingness from legislators and government officials to segregate the financial and non-financial parts of the overall group. This may be achieved through two approaches. One approach is to legislate reforms that require the constitution of a mixed-activity holding company (MAHC). A second approach involves negotiation through relentless application of licensing authority imposing segregation, and extracting additional undertaking from the ultimate controllers, such as on governance, reporting requirements, and prohibiting specific intergroup transactions.
In all the approaches, the assessment of group risks and capital depends on adequate group reporting systems and requirements. Supervisors need clarity about the perimeter of the full group, including legal entities and natural persons. They must use their legal and moral authority to obtain the information necessary on all the relevant parties, transactions, and exposures to spot connections in and out the regulated part of the group. The suite of group reports that are necessary go beyond the group consolidated accounts.
These group reports should reach upward to capture ultimate owners and their business structures. This is where the ultimate mind and soul of the group lies. The reports should include board composition, risks and outstanding exposures, intra-group transactions, cross-equity participations and debt investments. The reports should facilitate the reconciliation of differences in consolidation perimeters and to perform de-consolidation analysis, including to inform about the outsourcing of essential services to central group units and other step-in risks situations that may become serious obstacles in case of resolution.

Accounting Consolidation

There are three relevant types of group-consolidated accounts. They are not equal in terms of the resulting net assets and income, and their reconciliation is important to understanding their differences.
Prudential consolidated accounts are used to assess the capital adequacy of a group and evaluate its overall condition and financial performance. Regulation sets the perimeter of entities that consolidate for prudential purposes, which can differ from the perimeter used to prepare the other types of accounts.
Public financial accounts consolidate all the subsidiaries and associated participations of a broad corporate group for non-prudential purposes (such as share listing requirements). Subsidiaries and participations are consolidated into the top identifiable parent, whatever the activities of the parent may be. The top identifiable parent need not be a regulated financial institution, such as a bank or a bank holding company, but could also be an unregulated MHC.
Group management accounts are those used internally by the parent’s board and management to manage a group and therefore are the most important accounts, even more critical than the two just discussed. In relatively simple groups, the management accounts would normally be similar to the prudential consolidated accounts and public financial accounts, except for some modifications on crucial points that need to be ascertained always.
The preparation of consolidated accounts follows generally accepted accounting practices depending on the level of control and type of company consolidated. There are four consolidation methods. The global method for fully controlled entities. The pro-rata proportional method for jointly controlled entities. The equity method for participated entities with less than control. And the fair value method for non-significant participations. Understanding what has been consolidated under each method is relevant to foresee the effect in net capital, earnings, and the residual risks. There would be consolidation reserves and differences that for prudential purposes may need to be excluded from capital, for example, unrealized profits from securities held at fair value and other paper gains that are not easily transferable.
The analysis of the preparation of the group’s accounts and their composition is a central tool of consolidated supervision. Group capital and risks exposures are measured based on the consolidated reports of condition per the applicable perimeter of group entities. The consolidated accounts serve several purposes for different users and are often prepared using different criteria including consolidating different entities depending on their purpose and user. The consolidated group is not a legal entity but a representation device to ascertain the net position of the consolidated entities. However, what is left outside the perimeter of consolidation, and the intragroup exposures and transactions not eliminated are important to identify connections and evaluate their significance regarding the potential economic and reputational impact upon a bank.
The consolidated accounts are used to understand the solvency position and financial performance of the group members as if they were a single entity. Intra-group exposures, the effect of inter-group transactions, and cross-equity investments among the consolidated entities are netted. The same does not happen for those group entities that are not consolidated or that are consolidated using the equity method. The exposures, transactions, and cross-participations with the unconsolidated group merit attention. The analysis of the group accounts requires understanding how these are prepared, the contribution of each of its parts, and obtaining assurances about the reliability of their underlying accounting controls and information systems. The group’s internal price transfer and cost allocation systems are key elements to review.
The reconciliation of the three types of group accounts and a bit of de-consolidation analysis are elements of good practice. Reconciliation identifies the reason and the effect of differences in perimeter and in the consolidation method followed. De-consolidation visualizes the contribution of each consolidated entity to the group in terms of activity, risks, capital and earnings, and the location of these. The de-consolidation analysis and a good look at what lurks beyond the consolidated perimeter helps to visualize the realms of accounting creativity. These are essential techniques to ascertain the location, availability, and transferability of capital and liquidity resources across a group, including discovering obstacles to resolution.
To ensure that consolidated accounts serve their purpose, supervisors need to have powers for determining the scope and the techniques of consolidation for prudential reporting. The techniques under IFRS may result into group net assets and income inconsistent with the Basel II capital regime. The consolidation scope under IFRS may include non-financial and insurance companies whose risks cannot be easily aggregated with those of banking. The effect of consolidating these entities would need offset. Excluded special purpose entities must be consolidated for prudential purposes and paper gains and unrealized losses excluded and included into regulatory capital. The reconciliation of the differences involved is important to understand the location, materiality and net effect involved.

Group-Wide Supervision Processes

Box 2 – Applicable Group Standards ^[vi]
Qualitative Governance Standards	Quantitative Risk-capital Standards
Fit and proper standards on ultimate controllers	Group consolidated and un-consolidated reporting
Group structures (supervise-able, resolvable)	Reconciliation of perimeters and de-consolidation
Board (suitability, organization, processes)	Capital requirements (location and contribution)
Fit and proper officers and other relevant persons	Risk concentration and consolidated limits
Group audit programs and control systems	Large Exposures and related party transactions
Group risk management	Intra-group transactions: eliminated and at level 3
Group management information systems	Liquidity requirements, systems and reporting
Group compliance function	Group outsourcing arrangements reporting
See the detailed guidance on the above standards in the suggested sources listed in the end notes.

Performing group-wide supervision requires always a reference set of prudential standards and an efficient review process. For groups with significant banking activities, the standards and the process build on the framework for solo bank supervision. If insurance is significant in mixed-financial groups, then it is important to understand the differences among the standards and supervisory processes of the different financial sectors. This may assist to plan achieving a reasonable degree of convergence across sectors and to spot and minimize arbitrage opportunities. The standards of reference are set by regulation in each relevant regulated financial sector. These include the qualitative requirements for the internal governance expectations, and the traditional quantitative regulations to measure and to report risks and capital at solo, including for sectorial groups at the consolidated level (See Box 2).
A key consideration is the degree to which the standards can be made applicable to unregulated entities outside the (legal?) scope of prudential supervision. This could be relevant for unregulated parents located above regulated HCs (above the “level” 3 perspective). The fit and proper standards and other behavioral requirements, such as on permissible structures, should be applied to ensure full control of the qualities of ultimate beneficiary owners, and that the group structures can be supervised at all times. Licensing is the key tool to enforcing these standards from the solo bank level to the top of a group, including any relevant parent HC if unregulated. This is customarily done by agreeing on conditions for the license to be granted, and by requiring additional undertakings from any unregulated parents and their directors and ultimate beneficiary owners. However, this approach requires that supervisors use their licensing powers proactively, including to deal with the recalcitrant parties who are often encountered.
The qualitative standards aim at ensuring an appropriate environment of risk governance and control across the entities of the group and its key parents, including ultimate controllers. These standards are logically built on those applied in each regulated financial sector. The purpose of the qualitative standards is to ensure that the internal governance framework across the broader group is compatible with the principles of transparency, prudent management of regulated entities, sound risk management, and of clear understanding of the activities and transactions across the group, whether regulated or not, of a financial or non-financial nature. Obstacles to resolution are also relevant.
The quantitative standards are the traditional prudential regulations for risks and capital adequacy applied to group level. These include the methods to calculate and aggregate risk-weighted assets across a group, to determine eligible capital and its adequacy, and to evaluate group-wide risk concentrations.^[10] A major policy issue is whether and how to require a test of capital adequacy for a regulated MAHC and, if unregulated, to other higher parents placed at or above level 3. The best outstanding practice remains that provided by APRA (see notes ^v and ^vi).
Group-wide supervision is customarily performed following a risk-based cycle. A cycle is the span of time in years in which each key relevant process or group element will be assessed at least once. The duration of the cycle is determined by supervisory policy as a function of the risk profile of the group, its size and complexity, and the reliability placed in key group control functions and consolidated reporting systems. A medium risk group may be assigned a three-year cycle. There are occasions in which large and complex groups may be assigned an extended five-year cycle. However, rather than committing to a full cycle, some consolidated supervisors continuously “refresh” the rating of group issues and operate a moving cycle with changing priorities based on their assessment. This is typical of large financial groups with a dedicated resident team of supervisors working close to key group central functions, including with continuous access to group reporting systems.
Depending on country practice, there are a number of substantive procedures for group-wide supervision considered as good practice (Figure 1). These procedures include the assessment of essential internal governance elements at group level (the qualitative assessment) and the review of the consolidated accounts, risks, and capital and liquidity resources (the quantitative review). The assessment and the review are intended to achieve two essential objectives. The first is to reach a satisfactory level of confidence in the reliability of the group’s information systems for risk measurement and aggregation, including consolidated accounting. The second is to reach a reasonable level of confidence that group control functions are performing effectively their roles and can be relied upon (e.g., that the data is accurate).

There are a variety of approaches to conduct a group assessment and reach a conclusion about the risk profile of a group. These approaches can reflect the prevailing regulatory structure of the country (sectoral versus fully or partially integrated supervisors), as well as the degree of integration of central control functions across a group.^[11] Within evolving international practice, there is a continuum between two stylized models, a bottom-up and a top-down approach.
The bottom-up approach is probably the most common and least advanced. In this approach each sectoral supervisor assesses risks in the entities for which it is responsible, and the assessments for each sector are combined together by a lead or coordinating supervisor for the full group. This approach poses many different issues regarding the level of convergence in risk regulations and supervisory styles. The ratings of each sector entity are weighted considering their risk contribution to the group, and a qualitative overlay for residual conglomeration risks may be added to capture issues not reflected in the individual ratings (e.g., obscure ultimate beneficiary owners for the full group).
The top-down approach is the least common among emerging and developing countries and probably the most advanced. In this approach the group (often an integrated) supervisor assesses risk activities and central control functions at group level from a top parent group perspective. The results are used to determine the business lines and units that would be subject to further onsite assessments by the sector and risk specialists, say, a particular insurance product sold across the group, or a significant credit card subsidiary.
The execution of group-wide supervision has a number of standard routines built into its processes. Importantly, each routine has to have its own dedicated set of onsite procedures and rating guides. These routines will normally consist of the work-streams indicated below where the focus of the assessment is the group elements (qualitative and quantitative) depicted in Figure 1, above, including:
- The mapping of the group structures at different levels (up to the top)
- The confirmation of the perimeter of entities for prudential consolidation
- The validation of the consolidation techniques used and their effect
- The board processes and other governance protocols and components
- The reliability of central group functions (audit, risk management, compliance)
- The validation of the risk-capital measurement and its information systems
- The continued execution of an onsite inspection program
- The assignment of group ratings and design/update of onsite review plans
- The update of the supervisory and response strategies for the group.

Depending on local approach and practice there should be always a form of group risk rating to summarize the results of the assessment and group’s risk profile. Most agencies use a risk matrix to summarize their These risk matrices vary in their style and design, but most deploy risks in their columns and activities or business units in their lines. Integrated supervisors add a column for actuary risk and use the same risk matrix for all possible types of financial entities, including insurance. The same risk matrix is used to rate all the businesses and activities of all the entities of the group. Non-integrated supervisors rate risks and controls as per their respective matrix and then “collate” the ratings of the different financial sectors, adding an overlay for group conglomeration risks not captured at sector level, as practiced in most developing and emerging markets.
The risks from conglomeration are incorporated explicitly into the rating in different forms. The important matter is not how this is done, but that a device is present to formally record any residual group aspects not captured in the standard risk assessment process. Few supervisors include a risk column for group risk. Integrated supervisors rate conglomeration risks within each risk module with a “group risk driver component” to capture significant group risks not explicitly captured otherwise. In that manner, contagion risk and group-connections are explicitly rated as part of strategic risk, autonomy risk is explicitly rated as part of risk governance, and transparency risk is explicitly rated as a risk driver affecting board processes and group structure. These ratings must be assigned “explicitly” to avoid letting group risks escape from oversight and due watch.
Supervising well from the solo bank level to the appropriate selected group level requires effective responses to address the risks detected. The assessments underlying the solo and group risk ratings must have consequences in terms of managing the risk posed to the objectives of supervision. It is not sufficient to increase the frequency of reviews or the resources dedicated to do reviews. Unwarranted risk situations have to be acted upon by the boards and senior managers of the group and its key group entities. The role of the consolidated supervisor is to require an effective response from the board and senior managers to:
- Follow group risk governance with explicit identification of group risks
- Forcefully clarify dark corners and bring transparency to the broader group
- Require versatile group risk information systems to enhance group reporting
- Build in the above controls to identify intragroup transactions and connections
- Get non-permissible, say industrial, activities segregated from the financial
- Reasonably control group outsourcing including for essential control functions
- Enhance plans for resolution and eliminate any identified obstacles
- Ensure improved risk measurement, aggregation and reporting as needed
- Strengthen resources to operate effective audit programs, and inter-alia,
- Track the location and transferability of capital and liquidity across the group.

Box 3 – A Capital Adequacy Test in Mix-Activity Holding Companies (MAHC)

A mandatory MAHC may be a good solution to start the separation of financial and non-financial activities in many emerging and developing countries where commerce and industry are amalgamated with banking. In its 1999 Capital Measurement Techniques, the Joint Forum provides a number of alternatives to test capital at the level of a MAHC (note ⁱⁱ). A simplified alternative is described as follows.

Available eligible capital instruments at the MAHC are netted of a number of its balance sheet lines such as its equity participations in the non-financial sector, all the goodwill and fixed investments of the holding, the gross intragroup exposures and any intra-group transactions, as well as any capital deduction required by supervisors to “price” in residual group conglomeration risks above the MAHC.

The remaining eligible capital is all what is left available to absorb the risks from the financial arm of the mixed-activity group. Any issues with insurance can be solve by deducting from the remaining eligible capital the equity participations in insurance companies. The residual is compared to the consolidated capital requirement of all the non-insurance financial entities, including banks. This gross approach helps to identify capital deficits and the associated de-consolidation analysis the location of entities, risks, and liquidity and capital resources across the full group.

Coordination among financial supervisors is critical in performing group-wide consolidated supervision, notably at levels 2 and above. This requires the designation of a lead group supervisor, especially if insurance activities are material. For cross-border groups, coordination among national supervisors is also essential for the functioning of supervisory and resolution colleges. The designation of the lead group supervisor may raise jurisdictional issues, and the functioning of group colleges requires clear protocols and procedures for the efficient supervision of group entities and risks, to avoid duplications, and to ensure reasonable attention to non-material group entities though systemically relevant in a host jurisdiction.

Conclusions on Group-Wide Supervision (GWS)

A summary of GWS issues and lessons learned follows.

Conglomeration of financial activities, including their amalgamation with industrial and commercial ventures, causes in most emerging and developing countries new risks besides those traditionally addressed in the overall Basel framework, including the risks of contagion, transparency, autonomy, and regulatory arbitrage, among others.
GWS deals with these group risks as an extension to an appropriate level beyond the solo bank and banking group levels to complete the effectiveness regulation. GWS reaches upward beyond a bank to the parents and associates of its broader corporate group to clarify dark corners and to foster the stability of the bank members of the group.
GWS is a challenging undertaking requiring a well conceived regulatory framework and supervisors with strong determination and capacity. It must be firmly based on the legal and regulatory frameworks of the solo sector levels and ultimately depends on the effectiveness of, and the coordination among, the solo supervisors.
Ordinary licensing has to play a pivotal role in GWS by proactively projecting its principles and standards to the top of any group to ensure the quality of ultimate beneficiary owners, the transparency of corporate structures and its controllers, that these can be supervised at all times, and to eliminate any material obstacles to resolution.
A major policy issue in GWS is the separation of the financial entities from industry and commerce, to insulate the former from the risks of the latter. Three techniques crucial to this endeavor are the incorporation of a MAHC, a rigorous capital test for latter, and the setting of intra-group reporting obligations from above the MAHC.
Within global evolving practice, there is a continuum of GWS approaches between two stylized models, a bottom-up approach (solo supervisors coordinating their risk assessments) and a top-down approach (integrated supervisors operating under common behavioral standards and progressively convergent risk measures).
Both approaches add a qualitative measure of conglomeration risk to the risk rating. This is an overlay to the weighted rating of group members, for coordinated solo supervisors, or it is embedded in the group assessment from the top, for integrated supervisors, using proxies to capture transparency, contagion, and autonomy risks.
As groups grow in size and complexity, including geographical dispersion, it is essential to provide for the most possible effective coordination mechanisms among sector and country supervisors, including through formalizing supervisory and resolution colleges, as advocated by the Basel Committee and the FSB.
Above all lessons and experiences, the effectiveness of group supervision depends critically on having sufficient political willingness and a lead group supervisor with sufficient resources and backbone to withstand pressures and deflect inferences.

[1] This note was prepared by Joaquin Gutierrez on behalf of Toronto Centre.

[2] The most frequent upward risk comes from the failure to fully identify ultimate beneficiary owners. If these are not precisely and legally known, their related parties would remain undetermined. Consequently, the effectiveness of supervision (e.g., of capital adequacy) is limited by the possible existence of risk exposures to these unknown parties.

[3] Dark corners are those situations that pose a risk to the stability of an institution because the entities or transactions in question are outside the scope of prudential consolidation. Examples include so-called “step-in risk,” the risk that a bank may well provide financial support to such entities even in the absence of any contractual obligations, should the entity experience financial stress, and situations where the circumstances that give rise to the risk cannot me quantified in terms of regulatory risk limits or capital, e.g., the majority of directors of an entity are suborned to the managers of a parent, or when a significant proportion of central functions of a bank or a banking group are outsourced to unconsolidated parents or affiliates.

[4] A qualitative proxy is a substantive judgment (e.g., extreme, high, or low) based on certain features or characteristics of a situation considering the significance of a risk to the stability of an institution –which otherwise cannot be more precisely quantified in terms of risk capital. For example, the risk to transparency of not knowing the ultimate beneficiary owners of a material proportion of the capital of a bank may be considered extreme. However, it does not have a direct number in terms of regulatory capital or risk limits.

[5] The approaches to measure banking (credit and market) and insurance (actuary) risk capital are different and not additive. As such, investments in insurance firm capital are often deducted to measure bank capital alone.

[6] The references in the end notes provide an exhaustive inventory of good regulatory practice.

[7] The institutions that conform a regulated group and which may act as parent of this group (see end notes).

[8] The activities of which are basically limited to hold the participations of other financial subsidiaries.

[9] The typical continental European model to provide different financial activities under the same bank entity, rather than the preferred Anglo-Saxon model of a holding company acting as parent of separated financial subsidiaries operating in different sectors – banking, insurance, securities, asset management.

[10] The Joint Forum’s July 2001 compendium and 1999 Capital Adequacy paper provide extensive examples.

[11] Group functions are essential operational and control activities, such as risk management, financial control, internal audit, and information and data processing. The more group functions are integrated into upward parents, regulated or not, the more it is necessary to supervise groups from the top to the bottom.

[i] The note is based on the experiences gathered by the work of the author in many countries while serving in the World Bank and the International Monetary Fund, including as manager of the Banco de España group responsible for the supervision of the Latin American operation of Spanish banking groups. The note summarizes a much longer unpublished note prepared for the World Bank from the author on the same theme and cannot fully address the many details and issues involved in performing group-wide supervision.

[ii] The Joint Forum (JF) was established in 1996 to deal with issues of financial conglomeration. The JF’s web site provides ample number of papers of best practice, including its July 2001 Compendium of documents, its 1999 Capital Adequacy and Annex 1 Measurement Techniques and its Supplement Examples, including its September 2012 Principles for the supervision of Financial Conglomerates.

[iii] Frank Dierick provides an excellent analysis of group structures and group supervision in his paper on The Supervision of Mix Financial Services in the European Union, European Central Bank. Occasional Papers Series No 20, August 2004. His paper provides a complete set of legal references and definitions.

[iv] Stephen A. Lumpkin provides a detailed recollection of group risks and structures in his paper on Risks in Financial Group Structures, OECD Journal, Volume 2010 – Issue 2, February 2011.

[v] See the sites of (1) the European Commission (EC) on Financial Conglomerates, including its: • The Report on the Review of the Directive 2002/87/EC on the supplementary supervision COM (2012) 785 Final, December 2012 (section 2.1.5), • the Financial Conglomerates Directive 2002, and • its Partial Reform in 2011; and (2) the European Banking Authority (EBA) on Financial Conglomerates, including its Regulatory Standards on Risk Concentration and Intra-Group Transactions, from December 2014.

[vi] For detailed practical examples of good practice see: (1) the prudential standards of APRA for the Supervision of conglomerate groups (Level 3), including cross-industry standards, (2) the 2008 Hong Kong Monetary Authority Group-wide Approach CS-1, and (3) the Guideline No. 02-2007/BSD of the Reserve Bank of Zimbabwe.

TC NOTE