The IFSCA Banking Handbook- Prudential Directions | 07/06/2022
1. Introduction and Applicability
i. These prudential rules apply to IBUs established and operating in IFSC as branches, of Banking Companies1 regulated by their respective Home Regulators.
ii. Under the extant IFSCA Banking Regulations, an IBU can be set up and operate only as a branch of a Banking Company that is regulated by its Home Regulator.
iii. In practical terms, the operations of an IBU shall be in accordance with the prudential guidelines applicable on those of the Banking Company, as a whole. An IBU as a branch of the Banking Company is a part of the same legal entity and uses the capital held by the Banking Company including for the operations of the IBU. Accordingly, the IFSCA Banking Regulations provide, as part of licensing requirements, that the minimum initial / regulatory capital for the IBU shall be maintained at the parent bank as per the Home Regulations. The Regulations also provide, as part of prudential requirements, that the IBUs shall continue to comply with the directions and instructions issued by their Home Regulators, unless otherwise specified by the Authority.
iv. The robustness of prudential guidelines applicable on the Banking Company under the respective Home Regulations shall be one of the most important considerations while deciding on the application for a licence for setting up an IBU in IFSC. Such prudential guidelines of the Home Regulators of the Banking Companies as applicable also on the IBUs set up as branches – unless otherwise specified by the Authority, must be based on the updated Basel framework including the Basel III reforms comprising of all the current and forthcoming standards issued by the Basel Committee on Banking Supervision (BCBS) that are applicable on internationally active banks. Also, the supervisory framework of the Home Regulators / Supervisors of the Banking Companies must be broadly compliant with the Basel Core Principles for Effective Banking Supervision issued by the BCBS.
v. The directions under these PRU modules are aimed at establishing certain minimum non-quantitative prudential requirements that shall be applicable for the IBUs set up as branches in IFSC, in addition to those applicable on them as a branch of the Banking Company under the respective Home Regulations. The PRU modules cover the qualitative aspects of prudential requirements in respect of governance, governing board responsibilities, policies, systems and controls to be made applicable on IBUs.
2. Capital for IBUs
i. The minimum regulatory capital for the IBUs may be held by the Banking Companies as per the capital adequacy and capital requirements applicable under the Home Regulations subject to meeting the minimum initial / regulatory capital set out under the IFSCA Banking Regulations.
ii. However, the Authority may require an IBU set up as a branch to have capital resources or to comply with any other capital requirement if the Authority considers it necessary or desirable to do so in the interest of effective supervision of the IBU, in coordination with the Home Regulator.
3. Requirement for policy
i. In these rules, a requirement for an IBU to have a policy in respect of managing various risks or on other aspects shall also imply a requirement for such an IBU to have suitable procedures, systems, processes, controls and limits needed to give effect to the policy.
ii. An IBU may choose to adopt the policy followed by its Banking Company or may use a different policy, duly approved by the Board or the Governing Body. In either case the policy followed by the IBU must be able to ensure compliance with the prudential requirements – both quantitative as well as non-quantitative, prescribed under the Home Regulations as well as the IFSCA Regulations and Rules, wherever applicable.
4. Responsibility for principles
i. The Governing Body of the IBU shall be responsible for the IBU’s compliance with the principles and requirements set out in these rules and other prudential requirements – both quantitative as well as non-quantitative, prescribed under the Home Regulations.
ii. The Governing Body must ensure that the IBU’s senior management establishes and implements policies to give effect to these rules. The Governing Body must approve significant policies and any material changes to them and must ensure that the policies are fully integrated with each other.
iii. The Governing Body must review the IBU’s significant policies from time to time, taking into account changed operating circumstances, activities and risks of the IBU.
iv. An IBU’s Governing Body must evaluate the suitability and effectiveness of the information and reports that it and the IBU’s senior management receive under these rules.
5. Stress-testing
The IBUs must consider the Basel Committee’s recommended standards for stress-testing while carrying out stress-testing and developing its stress-testing scenarios.
Guidance:
The stress testing carried out at the Banking Company level may be considered for the purposes of compliance of the requirement for stress testing for the IBU under the IFSCA Banking Regulations, provided that it adequately covers the capital requirement for the IBU . However, since the asset profile, nature of transactions, clients, and business environment of an IBU may be significantly different as compared to those of other branches and operations of the Banking Company, as a general principle and good practice, the IBUs are expected to develop their own stress-testing scenarios and methodologies for carrying out stress testing at the IBU level also. The stress testing for the IBU carried out at the Banking Company or / and at the IBU level shall be in accordance with the Basel Committee’s recommended standards, as are applicable for stress-testing by the Banking Company as a whole, in terms of the relevant Home Regulations, unless specified otherwise by the IFSCA.
MODULE NO. 2
PRINCIPLES RELATING TO BANKING
BUSINESS
(PRBB)
1. Principle 1—Capital adequacy
i. The Banking Company must maintain capital, of adequate amount and appropriate quality, nature, scale and complexity of its business and for its risk profile, including for the operations of the IBU, in accordance with the Home Regulations subject to meeting the minimum initial / regulatory capital set out under the IFSCA Banking Regulations.
2. Principle 2—Credit risk and problem assets
i. An IBU must have an adequate credit risk management policy that takes into account its risk tolerance, risk profile and the market and macroeconomic conditions.
ii. The IBU must have adequate policies for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.
3. Principle 3—Transactions with related parties
i. An IBU must enter into transactions with related parties on an arm’s-length basis in order to avoid conflicts of interest.
4. Principle 4—Concentration risk
i. An IBU must have adequate policies to identify, measure, evaluate, manage and control or mitigate concentrations of risk in a timely manner.
5. Principle 5—Market risk
i. An IBU must have an adequate market risk management policy that takes into account the its risk tolerance, its risk profile, the market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. The IBU must have adequate policies to identify, measure, evaluate, manage and control or mitigate market risk in a timely manner.
6. Principle 6—Operational risk
i. An IBU must have an adequate operational risk management policy that takes into account its risk tolerance, its risk profile and market and macroeconomic conditions. The IBU must have adequate policies to identify, measure, evaluate, manage and control or mitigate operational risk in a timely manner.
7. Principle 7— Interest rate risk in the banking book
i. An IBU must have an adequate management policy for interest rate risk in the banking book that takes into account its risk tolerance, its risk profile and the market and macroeconomic conditions. The IBU must have adequate policies to identify, measure, evaluate, manage and control or mitigate interest rate risk in the banking book in a timely manner.
8. Principle 8—Liquidity risk
i. An IBU must have prudent and appropriate quantitative and qualitative liquidity requirements. The IBU must have policies that enable the firm to comply with those requirements and to manage liquidity risk prudently.
ii. An IBU shall maintain, on stand-alone basis,
i. Liquidity Coverage Ratio (LCR) at a level that is higher of (a) and (b) below: 8
a. minimum LCR prescribed by the Home Regulator of the Banking Company of which the IBU is a branch or
b. the minimum LCR prescribed by the Authority from time to time. The minimum
LCR as prescribed by the Authority is 100%, with effect from April 1, 2021.
ii. The Net Stable Funding Ratio (NSFR) at a level that is higher of (a) and (b) below:
a. minimum NSFR prescribed by the Home Regulator of the Banking Company of which the IBU is a branch or
b. the minimum NSFR as and when prescribed by the Authority, from time to time. At present, the Authority has not implemented the requirement for NSFR.
iii. The IBUs may approach the Authority for seeking permission to maintain the LCR and/or NSFR at the Banking Company level. The Authority may grant permission, on case-to-case basis, for the liquidity ratios i.e., LCR and NSFR for the IBU, at the levels as per 8 (ii) above applicable to be maintained by the Banking Company. The submission by the IBU in this regard shall clearly provide the justification behind such request, including the proposed strategy of the IBU to manage liquidity risk if such permission is given by the Authority.
9. Principle 9—Group risk
i. An IBU and its Banking Company must effectively manage risks arising from its membership in a group.
MODULE NO. 3
PRUDENTIAL REPORTING, DISCLOSURE AND
SUPERVISION
(PRDS)
1. Prudential Reporting Requirements
i. Introduction
a) The IBUs shall comply with the prudential reporting requirements applicable on the Banking Company as per the respective Home Regulations, unless specified otherwise by the Authority.
b) The Authority may require the IBU to submit a copy of the prudential reports being submitted to the Home Regulator as a branch of the Banking Company, to the Authority also, as directed under the guidelines / directions / circulars issued by the Authority, from time to time. In addition, the IBU shall comply with the prudential reporting requirements under the regulations /directions / circulars issued by the Authority.
ii. Information about the Banking Company and the financial group
a) The Authority shall broadly rely on the prudential reporting requirements applicable on IBU as a branch of the Banking Company under the respective Home Regulations of such Banking Company.
b) The Authority may generally use the channels of cooperation with the Home Regulator / Supervisor for such information, subject to the degree of convergence of the home jurisdiction’s prudential supervisory regime with the Basel framework and the Basel Core Principles of Effective Supervision.
c) The Authority may require an IBU to provide relevant information, from time to time, about the Banking Company and the financial group to which the Banking Company belongs, if applicable. Such information may include:
i. details about the entities in and structure of the group;
ii. details relating to flow of management information, decision-making, oversight, control and review of the operations and activities of the group;
iii. any other information about the group that the Authority may deem as useful.
iii. Submission of Returns by the IBU
a) The IBU must prepare and submit its prudential returns in accordance with the Authority’s instructions. The instructions for preparation of returns may be set out in these directions, in the return itself, in a separate document published by the Authority on its website or may be communicated by written notice or email to the IBUs.
b) Presently, an IBU must prepare the prudential returns as per the format given in Annex 1 to these directions. The Authority may revise the formats or / and the instructions through a notice / circular published by the Authority on its website or communicated by email / letter, from time to time.
c) Such instructions may set out, among other aspects, the requirement that a return may be prepared or / and submitted through a particular electronic submission system that may include the use of SupTech.
d) The IBU must submit the returns to the Authority within the period stated in the notice issued by the Authority for the purpose.
e) The Authority may, by written notice:
i. require an IBU to prepare additional prudential returns;
ii. exempt an IBU from a requirement to prepare any periodic return (annual, half-yearly, quarterly, monthly or weekly returns) or any specific return); or
iii. extend the period within which a return is to be submitted.
f) The IBU that has obtained an exemption must comply with any condition attached to such exemption.
g) A prudential return must be signed by two individuals, who are Approved Individuals for the IBU and who are assigned any of the Controlled Functions of the IBU. If these Approved Individuals are not available or are unable to sign, the prudential return must be signed by both of the individuals approved to exercise the Controlled Functions.
h) The Authority may prescribe acceptable modes of affixing a signature for the prudential returns, including but not limited to electronic signatures.
iv. Accounting Standards and Financial Year
a) The IBUs shall follow the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB), including any new amendments thereto, for preparing and maintaining its financial statements on standalone basis and for the purpose of reporting and compliance under the relevant IFSCA regulations, rules, directions, circulars and guidelines applicable for IBUs.
b) The IBUs whose Banking Companies are following accounting standards other than the IFRS, shall prepare and maintain their stand-alone financial statements and comply with the reporting and other requirements under IFSCA regulations, rules, directions, circulars, guidelines, as per the IFRS, beginning from the financial year (accounting period) starting from April 1, 2022.
c) The IFSCA may permit an IBU to follow a system of accounting standards, other than the IFRS, that is applicable for its Banking Company, based on the specific requests from such IBUs. The IFSCA shall consider such requests based on the merits of each case, including the aspect related to the degree and quality of convergence of such accounting standards vis-à-vis the IFRS.
d) The financial year (accounting period) for the purpose of preparation of financial statements by the IBUs on standalone basis, under the IFRS, shall be taken as the period from April 1 to March 31. The IFSCA may permit an IBU to follow a different financial year (accounting period) based on the specific requests from such IBUs and merits of each case.
e) For other prudential regulations, IBUs shall continue to comply with the directions and instructions issued by their respective Home Regulators, unless otherwise specified by the Authority.
v. Obligation to notify the Authority
a) An IBU must notify the Authority if it becomes aware, or has reasonable grounds to believe, that the IBU or the Banking Company has breached, or is about to breach, a prudential requirement as set out under the Home Regulations or under the IFSCA Banking Regulations, rules, directions, circulars and guidelines applicable for IBUs.
b) In particular, the IBU must notify the Authority as soon as practicable of:
i. any breach or potential breach by the Banking Company in respect of the minimum capital requirement for the IBU;
ii. any concern it has about its solvency or capital adequacy position;
iii. any other significant adverse change in its capital; and
iv. any significant departure from the Banking Company’s Internal Capital Adequacy Assessment Process (ICAAP).
c) The IBU must also notify the Authority of any measures planned or taken to deal with any real or potential breach or concerns related to its solvency or capital adequacy position.
Guidance for para v a), b) and c):
In respect of the actual and anticipated breaches by the IBU or the Banking Company, of prudential requirements – as set out under the Home Regulations, the IBU is expected to notify the Authority about only those breaches that have been or are required to be reported to the Home Regulator / Supervisor.
2. Public Disclosure requirements
i. The IBUs shall follow the detailed public disclosure requirements specifying the data items to be disclosed, frequency and periodicity of disclosures and related guidance as provided under the Basel framework applicable on the Banking Company as per the respective Home Regulations, for implementation of Pillar III of the Basel III framework.
ii. An IBU must maintain and implement a written disclosure policy that is duly approved by its Governing Body. Such a policy should clearly set out the IBU’s approach to disclosure and the details of the processes, procedures and its internal controls in relation to such disclosure. The policy should also contain the details of the medium for disclosure that most appropriately meets the purposes of such disclosure requirements.
iii. An IBU must take all reasonable steps to ensure the accuracy and timeliness of the disclosures by performing appropriate verification, whether internal or external.
iv. In cases where and to the extent that any required disclosure is substantially similar to a disclosure required of the IBU under the International Financial Reporting Standards, a disclosure under such standards may be considered to meet the requirement for such disclosure requirements set out under the Home Regulations applicable for the Banking Companies or the IFSCA regulations, rules, directions, circulars and guidelines, if any, applicable for IBUs.
3. Supervision of prudential requirements
i. General approach to supervision of IBUs
a) The conditions and processes related to the licensing of IBUs set out certain minimum general expectations of the Authority in respect of the regulatory regime followed under the respective home jurisdictions of the Banking Companies (Banking Companies) of which the IBU is a branch.
b) The Authority shall adopt a risk-based supervisory approach for the IBUs. The supervision function and processes shall be mainly based on the factors like the size, complexity and systemic importance of the IBU, among others. Apart from such factors, the supervision function shall be guided by the expectations of the Home Regulator / Supervisor from the Authority in respect of the IBU which is a branch of the Banking Company under the regulation of such the Home Regulator / Supervisor. The Authority’s supervision function shall take active cognizance of the outcomes of the supervisory processes carried out by the Home Regulator / Supervisor in respect of the Banking Company of which the IBU is a branch.
c) The general expectations of the Authority shall include a consideration of:
i. the convergence of the supervisory regime in the home jurisdiction with the Basel framework of the BCBS and compliance with the Basel Core Principles for Effective Banking Supervision;
ii. the degree and quality of cooperation and coordination with the home regulator / supervisor of the Banking Company of which the IBU is a branch; and
iii. any specific provisions, limitations in respect of specific business activities, if any, or arrangements including resolution framework under the home regulations applicable on the IBU as a branch of the Banking Company.
ii. Approach to supervisory cooperation
a. The Authority’s approach to supervisory cooperation shall be generally underpinned by a memorandum of understanding (MoU) with the relevant home jurisdiction supervisory authorities. Wherever such bilateral/multilateral arrangements exist, the MoU shall establish a formal basis for co-operation, exchange of information, assistance in investigation, facilitation of timely and effective supervision, early identification of systemic risks including crisis situations.
b. As part of its framework for supervisory cooperation, the Authority shall be mainly guided by the principles published by the Bank for International Settlements in the form of ‘High-Level principles for the cross-border implementation of the New Accord’, ‘Principles for effective supervisory colleges’ and the aspects related to home-host relationships in ‘Core Principles for Effective Banking Supervision’.
c. The Authority shall expect to have access to certain categories of financial and regulatory information in respect of the Banking Company (Banking Company) of which IBU is a branch and the financial group -if applicable, to assess whether it would be able to continue to meet the licensing conditions and other prudential requirements on an ongoing basis, without causing a significant adverse impact on the stability of the financial system in the IFSC.
iii. Internal Capital Adequacy Assessment Process and Supervisory Review
a. As per the IFSCA (Banking) Regulations, as updated on July 6, 2021, the Banking Company of an IBU shall provide and maintain a minimum prescribed initial capital (USD 20 million) for the IBU’s operations, at all times, on an unimpaired basis. Subject to such prescribed minimum capital for the IBU, the Banking Company shall maintain regulatory capital in respect of IBU’s operations in accordance with the prudential requirements prescribed by the Home Regulator of the Banking Company, unless otherwise specified by the IFSCA. The IBUs shall provide quarterly certificate in respect of minimum initial / regulatory capital signed by an authorised official of its Banking Company.
b. The IBUs shall ensure compliance with prudential requirements, qualitative or quantitative, if any, prescribed by the Authority. In case such prudential requirements are at a variance with those issued by the Home Regulator as applicable on the IBU as a branch of its Banking Company, the IBU shall demonstrate compliance with the minimum requirements prescribed by the Authority for the purposes of compliance with the Authority’s directions in that regard.
c. The supervision by the Authority in respect of capital adequacy and other non-qualitative prudential requirements shall be carried out in coordination with the respective Home Regulator / Supervisor. The IBU shall submit a periodic certification confirming compliance with all prudential limits / ceilings / conditions applicable as per the Home Regulations, by the Banking Company, in respect of IBU’s operations.
d. In relation to the IBU’s Internal Capital Adequacy Assessment Programme (ICAAP), the IBU may rely on the ICAAP for the Banking Company of which it is a branch, to demonstrate compliance.
e. An IBU shall promptly report any anticipated or actual breach of prudential limits by the Banking Company, to the Authority. An IBU shall also share with the Authority, a copy of any compliance reports submitted to Home Regulator, if called for by the Authority.
f. The Authority may observe and review, in active coordination with the home regulator / supervisor, any additional capital requirement imposed by the Home Regulator / Supervisor on a Banking Company, under Pillar II of the Basel III framework.
iv. Powers to take supervisory and enforcement action
a. Apart from the other applicable legislations, the Banking Regulation Act, 1949, empowers the Authority to inspect and supervise the IBUs in IFSCs. These powers may be exercised through on-site inspection and off-site surveillance, as per the supervisory framework of the Authority, based on the principles of Risk-Based Supervision (RBS).
b. The powers of the Authority include but are not limited to the power to gather information; restrict, suspend or withdraw a Licence; impose any additional requirement, prohibition or restriction on any activity. The Authority may exercise such powers at any time where it considers it necessary or desirable to do so in pursuing its mandate and regulatory objectives.
c. The Authority shall exercise the supervisory powers in accordance with the supervisory policy under the RBS framework the relevant component of which shall be duly notified to the IBUs. The powers mentioned at 2(iv) above are likely to be exercised by the Authority in the following circumstances:
i. an IBU is failing, or is likely to fail, to satisfy the criteria referred for the grant of a licence; or
ii. an IBU has failed, during a period of at least 12 months, to start or carry on the activity for which it has a licence; or
iii. it is desirable to take such steps to exercise such power in order to protect the interests of clients or customers of an IBU or for the stability of the financial system; or
iv. an IBU is in or is likely to be in breach of, or has been, in breach of one or more conditions, restrictions or requirements applicable to its licence; the IFSCA Act or any Rules or Regulations issued thereunder; or
v. a request has been received from the home regulator; or
vi. an IBU has contravened or is likely to contravene a relevant requirement and there is a reasonable likelihood that the contravention will continue or be repeated; or
vii. required confirmations regarding capital, prudential norms etc. from Banking company has not been not submitted within the prescribed time limit or additional time limit that may have been provided
viii. any other situation where it becomes necessary for justifiable reasons
(iv) The Authority may take suitable supervisory and enforcement actions including imposition of a penalty, as per the IFSCA’s framework for banking supervision, in respect of any breach of or non-adherence to any prudential regulations / guidelines issued by the Home Regulator of the of the Banking Company of which the IBU is a branch or of any regulations / directions issued by the Authority.
MODULE NO. 4
CAPITAL ADEQUACY
(CAR)
1. Introduction
i. These directions aim to establish that the IBUs must adhere to the capital adequacy requirements as set out under the Home Regulations applicable on the Banking Company subject to meeting the minimum initial / regulatory capital set out under the IFSCA Banking Regulations.
a) A Banking Company’s total regulatory capital is the sum of its Tier 1 capital and Tier 2 capital. The directions / guidelines issued by the Home Regulators shall essentially cover the categories and elements of regulatory capital, as well as the limits, restrictions and adjustments to which they are subject to.
b) The capital should support the IBU’s operations by providing a buffer to absorb losses from its activities and, in the event of stress, it should enable the IBU to continue to operate in a sound and viable manner while the causes and impact of such stress events are resolved.
c) Capital management must be an integral part of an IBU’s credit risk management process and must align its risk tolerance and risk profile with its capacity to absorb losses.
ii. The IFSCA Banking Regulations provide, that as part of prudential requirements, the IBUs shall comply with the directions and instructions issued by the Home Regulators of the Banking Company, unless otherwise specified by the Authority.
iii. Under the extant IFSCA Banking Regulations, an IBU can be set up and operate only as a branch of a Banking Company that is regulated by its Home Regulator. The prudential guidelines of the Home Regulators of the Banking Companies that shall be applicable also on the IBUs set up as branches – unless otherwise specified by the Authority, must be based on the updated Basel framework including the Basel III reforms comprising of all the current and forthcoming standards issued by the Basel Committee on Banking Supervision (BCBS) that are applicable on internationally active banks.
2. Capital for IBUs
i. The Banking Company shall maintain minimum regulatory capital for the operations of the IBU, subject to a minimum base capital of USD 20 million.
ii. An IBU as a branch is required to comply with the prudential reporting requirements under the Home Regulations as well as those detailed under the relevant module of this Handbook or other regulations directions, circulars, guidelines issued by the Authority. In relation to the IBU’s Internal Capital Adequacy Assessment Programme (ICAAP), the IBU may rely on the ICAAP for the Banking Company of which it is a branch (if available), to demonstrate compliance.
iii. A minimum Leverage ratio (LR), as defined under the Basel framework, for an IBU shall be maintained by its Banking Company at the level and subject to the regulations specified by the respective Home Regulator applicable on the Banking Company, unless otherwise specified by the Authority.
iv. The IBU shall furnish a quarterly certificate issued by an authorised official of the Banking Company about compliance in respect of capital adequacy and leverage ratio for the IBU. The certificate shall form a part of the prudential reporting and disclosures and shall be submitted within forty five days after the end of the quarter or within such time as may be permitted by the Authority.
v. The IBUs that are already operational in IFSC, as on date of issue of this Handbook will be required to provide the certifications mentioned in para 3 i (a) and (b) of Module No.1 of the IFSCA General Directions (GEN), before date of coming into force of this Handbook.
vi. The Authority may require an IBU set up as a branch to have capital resources or to comply with any other capital requirement if the Authority considers it necessary or desirable to do so in the interest of effective supervision of the IBU, in coordination with the Home Regulator.
MODULE NO. 5
CREDIT RISK
(CERS)
1) Application
i. These directions set out the requirements in respect of an IBU’s obligation to manage its Credit Risks effectively.
ii. For the purpose of these directions, Credit Risk of an IBU refers to the risk of incurring losses due to failure on the part of a borrower or a counterparty to fulfil their obligations in respect of a financial transaction.
iii. The risks covered under this definition include all the on-balance sheet and off-balance sheet, funded and non-funded credit exposures including those arising from financial instruments such as loans, trade finance products and acceptances, interest rate, foreign exchange and Credit Derivatives (including foreign exchange, financial futures, swaps, bonds, options) , commitments and guarantees, inter-bank transactions, bond and equity holdings, settlement of transactions, facilities extended by way of equipment leasing, hire purchase finance and factoring services.
2) General requirements
i. An IBU shall implement and maintain a Credit Risk Management Policy which is appropriate for the scope, complexity and scale of IBU’s operations and enables it to identify, assess, monitor, control and mitigate Credit Risk;
ii. As credit risk may exist or occur in combination with other risks such as market risks, the Credit Risk Management Policy should be based on a holistic approach and ensure that credit risk management is part of an integrated approach to the management of all financial risks;
iii. The Credit Risk management policy must be documented and approved by the Governing Body of IBU;
iv. The Credit Risk Management Policy must include the IBU’s risk appetite for Credit Risk exposures and tolerance. The policy must also set out as to how the IBU identifies, assesses, mitigates, controls and monitors that risk.
v. IBU’s Credit Risk Management Policy must ensure that credit decisions are free from conflicts of interest and are made on an arm’s-length basis.
vi. IBU’s Credit Risk Management Policy must provide for monitoring the total indebtedness of each counterparty and any risk factors that might result in default (including any significant unhedged foreign exchange risk).
vii. An IBU must give the Authority full access to information about its credit portfolio. The IBU must also give the Authority access to staff involved in assuming, managing, controlling and reporting on Credit Risk;
3) The Credit Risk Management Policy must include:
i. a clearly laid out risk management strategy that is consistent with the IBU’s credit risk tolerance and business goals;
ii. administrative processes for facilitating effective management oversight and execution of credit risk management and control processes including the following aspects:
a. ongoing administration of various credit risk bearing portfolios
b. information systems and analytical techniques that enable management to measure the credit;
c. analysis of a borrower’s ability and willingness to repay under the terms of the debt, monitoring of documentation, legal covenants, contractual requirements and Collateral;
iii. well-defined criteria for approving credit (including prudent underwriting standards), renewing, refinancing and restructuring existing credit;
iv. process for identifying the approving authority for credit, given its size and complexity;
v. prudent and appropriate credit limits including concentration limits and large exposure norms that are consistent with the IBU’s risk tolerance, risk profile and capital;
vi. well-documented and effectively-implemented process for assuming Credit Risk that does not rely unduly on external credit rating assessments;
vii. processes for grading and classifying all credit exposures, including off-balance sheet exposures and for ensuring appropriate and robust provisioning levels;
viii. process and criteria to define, identify, measure and assess Credit Risk and problem assets;
ix. processes for ensuring that all credit approvals are carried out on an arm’s length basis and free of any conflict of interests including those to the related parties of the IBU;
x. criteria and responsibility for Credit Risk and problem assets reporting, and the scope, manner and frequency of reporting, to the Governing Body or a committee of the Governing body;
xi. procedures for regular review of, the IBU’s Credit Risk strategy including its risk tolerance and credit exposure limits;
xii. procedures for tracking and reporting exceptions to credit limits and deviations from Credit Risk management policies; and
xiii. effective controls for the quality, reliability and relevance of data and validation procedures;
4) Credit Risk Assessment Process:
i. When utilising external credit rating agencies as part of its credit assessment processes, an IBU must:
a) maintain an internal credit grading system; and
b) stress test its capital position on at least an annual basis
ii. An IBU must implement and maintain appropriate policies, processes, systems and controls to administer its credit portfolios by;
a) ensuring that the valuations of Credit Risk mitigants employed by the IBU are up-to-date;
b) reviewing all material concentrations in its credit portfolio and reporting the findings of such reviews to the Governing Body; and
c) measuring Credit Risk and monitoring the condition of individual credits to facilitate identification of problem credits and to determine the adequacy of provisions and reserves.
iii. An IBU must not solely use external credit rating agency credit ratings as a basis
for its assessment of the risks associated with an exposure, especially in respect of a Large Exposure and must at all times conduct its own credit assessment of such an Exposure.
iv. An IBU shall establish a clearly defined criteria for identification and recognition of problem assets as well as systems for measurement and reporting of problem assets as per directions/ regulations of the Home Regulator
v. For the purpose of (iii), and subject to (v), an IBU must categorise its credits
categories as per directions/ Regulations of the Home Regulator
vi. An IBU may also have in place a more detailed credit grading system provided it can address the categories in (iv).
vii. An IBU must have detailed policies, processes and resources for managing problem credits/assets which address the following:
a. monitoring of credits and early identification of credit quality deterioration;
b. review of classification of problem credits; and
c. ongoing oversight of problem credits, and for collecting on past due obligations.
viii. An IBU must ensure that each and every credit which qualifies as a Large Exposure and is classified as an impaired credit is managed individually. This includes valuation, classification and provisioning for such credits on an individual item basis.
ix. Any evergreening exercise involving refinancing of past due credits must not result in their being classified as a higher category. In particular, impaired credits cannot be refinanced with the aim of classifying them as standard or special mention credits.
x. An IBU must comply with the provisioning norms as specified by the Home Regulator.
xi. An IBU must, on a periodic basis, at a frequency as specified by the Home Regulator, review its problem credits (at an individual level or at a portfolio level for credits with homogeneous characteristics) and review the asset classification, provisioning and write-offs for each of those problem credits / assets
5) An IBU must:
i. identify, assess, monitor, mitigate and, control its Credit risk exposures;
ii. ensure that its risk management framework including but not limited to tools, methodologies and systems enable it to implement its Credit risk management policy;
iii. review and update its Credit risk management policy at a frequency appropriate to the nature, scale and complexity of its activities.
iv. implement a system of management reporting which provides relevant, accurate, comprehensive, timely and reliable Credit Risk reports to relevant functions within the IBU.
6) The Authority may require the IBUs to furnish credit information on all their borrowers having aggregate fund-based and non-fund based exposure above a threshold value as decided and informed by the Authority, for the purpose of setting up a central repository of data base on large exposures.
MODULE NO. 6
MARKET RISK
(MARS)
1. Application
i. These directions set out the requirements in respect of a BU’s obligation to manage its Market Risks effectively.
ii. For the purpose of these directions, Market Risk refers to as the risk of losses arising from movements in market prices. The risks covered under this definition include:
a. default risk, interest rate risk, credit spread risk, equity risk, foreign exchange (FX) risk and commodities risk for trading book instruments
b. FX risk and commodities risk for banking book instruments.
iii. For the purpose of these directions.,
a. A Trading book consists of positions in financial instruments and commodities held either with trading intent or in order to hedge other elements of the trading book.
b. The Banking book consists of assets that are expected to be held to maturity, usually consisting of customer loans to and deposits from retail and corporate customers. It also includes those derivatives that are used to hedge exposures arising from the banking book activity, including interest rate risk.
2. General requirements
i. An IBU shall implement and maintain Market Risk management policy which enables it to identify, assess, monitor, control and mitigate Market Risk.
ii. The Market Risk management policy must be documented and include the Bank’s risk appetite for Market Risk exposures. The policy must also set out as to how the Bank identifies, assesses, mitigates, controls and monitors that risk.
iii. The Market Risk management policy must include:
a. The methodology adopted by the IBU, with particular reference to its activities, to define and measure Market Risk;
b. the BU’s investment or trading strategy distinguishing, as applicable, between its Trading and Non-Trading Books;
c. the detailed limit structure for Market Risk which should:
(i) address all key risk factors;
(ii) be commensurate with the volume and complexity of activity; and
(iii) be consistent with the IBU’s strategy, historical performance, and the overall level of earnings or capital the IBU is willing to risk;
d. Procedures for:
(i) approving new products and activities that give rise to Market Risk;
(ii) regular risk position and performance reporting;
(iii) limit exception reporting and approval; and
(iv) Reporting and controlling of off-market trades, if these are permitted;
e. a process that enables the IBU to identify and assess the Market Risk exposures inherent in its new products, activities, processes and systems
iv. The Market Risk management policy of an IBU must be approved by its Governing Body.
v. An IBU must:
a. identify, assess, monitor, mitigate and, control its Market Risk exposures;
b. ensure that its risk management framework including but not limited to tools, methodologies and systems enable it to implement its Market Risk management policy;
c. review and update its Market Risk management policy at a frequency appropriate to the nature, scale and complexity of its activities.
vi. An IBU should implement a system of management reporting which provides relevant, accurate, comprehensive, timely and reliable Market Risk reports to relevant functions within the IBU.
MODULE No. 7
LIQUIDITY RISK
(LQRS)
1) Application
i. These directions set out the requirements in respect of an IBU’s obligation to manage its Liquidity Risks effectively.
ii. For the purpose of these directions, Liquidity Risk of an IBU refers to its risk of failing to meet its financial obligations – whether real or perceived, without incurring unacceptable losses in the short term and long term that may threaten its financial sustainability.
iii. These directions require the IBUs to
a. adopt prudent practices in managing liquidity risk;
b. to maintain adequate liquidity to meet its obligations as they fall due across a wide range of operating circumstances; and
c. to have adequate stable sources of funding on on-going basis.
iv. These directions require the IBUs to appreciate the links between funding liquidity risk and market liquidity risk. The rules also emphasise the need to recognise that other kinds of risks, such as credit risk, market risk, operational risk and reputational risk, affect the firm’s liquidity risk management strategy.
2) General Principles for Liquidity Risk Management
i. An IBU is required
(a) to have a framework, as part of its overall risk management framework, to measure, monitor and manage liquidity risk that is appropriate for the nature, scale and complexity of the firm’s operations;
(b) to maintain a portfolio of high-quality liquid assets that would be sufficient to enable it to withstand episodes of severe liquidity stress – the portfolio of high-quality liquid assets must be consistent with the distribution of its currency-wise liquidity needs if the IBU deals in multiple currencies;
(c) to maintain a robust funding structure appropriate for the nature, scale and complexity of the its operations on on-going basis;
(d) to limit maturity mismatches between its assets and its liabilities as part of its Asset Liability Management (ALM) policy; and
(e) to inform the Authority promptly about any current or anticipated liquidity concerns.
ii. Responsibilities of Governing Body and Senior Management of IBU
(a) An IBU’s Governing Body is ultimately responsible for the sound and prudent management of the IBU’s liquidity risk.
(b) The Governing Body shall ensure that the IBU’s senior management and other relevant personnel have the necessary experience to manage liquidity risk as per the documented liquidity risk framework and practices.
(c) The Governing Body shall obtain and review regular reports on the IBU’s liquidity and, as necessary, information on new or emerging liquidity risks.
(d) IBU’s Senior Management shall lay out a liquidity risk management process covering the structure, responsibilities and controls for managing liquidity risk, and for overseeing the liquidity positions, of the IBU, including adequate internal controls for ensuring the integrity of the process.
(e) IBU’s Senior Management shall ensure that stress tests, contingency funding plans and holdings of high-quality liquid assets are effective and appropriate for the scale and scope of IBU’s business activities.
(f) IBU’s Senior Management shall closely monitor current trends and potential market developments that may pose challenges for managing liquidity risk and shall initiate timely changes to the liquidity management strategy as needed;
3) The Liquidity Risk Management framework:
i. The IBU must have a documented framework / policy for managing liquidity risks.
The framework must define the IBU’s liquidity risk tolerance clearly stating the trade-off between risks and profits – appropriate for its operations and strategy.
ii. The framework should provide for periodic (at least annually) review of IBU’s liquidity risk tolerance to reflect its current and anticipated financial condition and funding capacity.
iii. Apart from the IBU’s liquidity risk tolerance, the liquidity risk management
framework must include:
(a) a statement of the IBU’s liquidity risk management strategy and policy, approved by the Governing Body;
(b) details of the IBU’s operating standards (in the form of policies, procedures and controls) for identifying, measuring, monitoring and controlling its liquidity risk in accordance with its liquidity risk tolerance;
(d) a statement of the IBU’s funding strategy, including a contingency funding plan approved by the Governing Body.
iv. The framework must clearly set out the IBU’s organisational structure and processes related to liquidity risk management, and must define the responsibilities and roles of senior management involved in managing liquidity risk.
v. The framework must be formulated to ensure that the IBU maintains sufficient liquidity to withstand a range of liquidity stress events (whether specific to the IBU, market-wide, or a combination of the two), including the loss or impairment of both unsecured and secured funding sources.
vi. The framework must be well integrated into the IBU’s overall risk management process.
vii. The liquidity risk management framework must be subject to ongoing effective and comprehensive independent review.
4. Liquidity ratios
I. An IBU shall maintain, on stand-alone basis,
i. Liquidity Coverage Ratio (LCR) at a level that is higher of (a) and (b) below:
(a) minimum LCR prescribed by the Home Regulator of the Banking Company of which the IBU is a branch or
(b) the minimum LCR prescribed by the Authority from time to time. The minimum LCR as prescribed by the Authority is 100%, with effect from April 1, 2021.
ii. the Net Stable Funding Ratio (NSFR) at a level that is higher of (a) and (b) below:
(a) minimum NSFR prescribed by the Home Regulator of the Banking Company of which the IBU is a branch or
(b) the minimum NSFR as and when prescribed by the Authority, from time to time. At present the Authority has not implemented the requirement for NSFR.
iii. the definitions, eligibility, classification and calculations of high quality liquid assets (HQLA), the methodology for computing the cashflows, available and required stable funding, and the LCR and NSFR shall be in accordance with the directions and guidelines issued by the respective Home Regulators of the Banking Companies of which the IBUs are a branch, unless otherwise specified by the Authority.
II. The IBUs may approach the Authority for seeking permission to maintain the LCR and/or NSFR at the Banking Company level. The Authority may grant permission, on case-to-case basis, for the liquidity ratios i.e., LCR and NSFR for the IBU to be maintained by the Banking Company. The submission by the IBU in this regard shall clearly provide the justification behind such request, including the proposed strategy of the IBU to manage liquidity risk if such permission is given by the Authority.
5. Liquidity management strategy
i. An IBU’s liquidity management strategy as part of overall liquidity framework must include specific policies on liquidity management, such as:
(a) the composition and maturity of assets and liabilities;
(b) the diversity and stability of funding sources;
(c) the IBU’s approach to managing liquidity in different currencies, across borders, and across business lines; and
(d) the IBU’s approach to intraday liquidity management.
ii. The strategy must take account of the IBU’s liquidity needs under normal conditions as well during periods of liquidity stress.
iii. The strategy must be appropriate for the nature, scale and complexity of the IBU’s operations. The strategy for the IBU must consider its key business lines, the breadth and diversity of its markets and products and regulatory requirements.
6. Liquidity risk management—Processes
i. An IBU must have a sound process for identifying, measuring, monitoring and controlling liquidity risk. The process must include a robust framework for comprehensively projecting cashflows arising from assets, liabilities and off-balance-sheet items over an appropriate set of time horizons.
ii. An IBU must set limits to control its liquidity risk exposure and vulnerabilities. The limits and the corresponding escalation procedures must be reviewed regularly.
iii. The limits must be relevant to the IBU’s business in terms of the complexity of its operations, the nature of its products, and the currencies and markets it serves. If a limit is breached, the IBU must implement a plan of action to review the exposure and reduce it to a level that is within the limit.
iv. An IBU must actively manage its collateral positions, distinguishing between encumbered and unencumbered assets.
v. An IBU must have a set of early warning indicators that will support its daily liquidity risk management processes to identify the emergence of increased risk or vulnerabilities in its liquidity position or potential funding needs. The indicators must be structured so as to help identify negative trends in the firm’s liquidity position and to lead to an assessment and a potential response by management to mitigate the firm’s exposure to the trends.
vi. An IBU must have a reliable management information system that provides the governing body, senior management and other appropriate personnel with timely and forward-looking information on the IBU’s liquidity position.
vii. An IBU must actively manage its intraday liquidity positions to meet payment and settlement obligations on a timely basis under both normal and stressed market conditions and must contribute to the orderly functioning of payment and settlement systems.
viii. An IBU must have a process for appropriately apportioning the costs of prudent liquidity management to the sources of liquidity risk, and must provide appropriate incentives to manage liquidity risk.
ix. An IBU dealing in multiple currencies:
a) must assess its aggregate currency-wise liquidity needs and determine an acceptable level of currency mismatches; and
b) must undertake a separate analysis of its strategy for each significant currency, considering possible constraints during periods of liquidity stress.
x. A currency shall be treated as significant for an IBU for the purposes of 6 (ix) above,
if the ratio of its liabilities denominated in such currency to the IBU’s total liabilities is more than a threshold level. Such threshold level shall be lower of (a) and (b) below:
a) minimum level specified by the Home Regulator of the Banking Company or
b) 10% or any other minimum level specified by the Authority, from time to time.
7. Funding strategy
i. An IBU must
a. prepare and document a 3-yearly funding strategy approved by its Governing Body supported by robust assumptions in line with the IBU’s liquidity management strategy and business objectives.;
b. maintain an active presence in its chosen funding markets;
c. maintain strong and regular relationships with funds providers; and
d. must regularly estimate its capacity to raise funds quickly.
ii. The IBU must identify the main factors that may affect its ability to raise funds, and must monitor those factors closely to ensure that its estimates of its fund-raising capacity remain valid.
iii. The funding strategy, covering the contingency funding plans, must be reviewed periodically (at least annually), and must be updated as necessary in light of changed funding conditions or changes in the firm’s business model.
iv. The IBU must provide a copy of the documented funding strategy to the Authority on request. The firm must also inform the Authority of any significant change to the strategy.
8. Liquidity related stress testing
i. An IBU must carry out stress tests regularly for a variety of short-term and long-term liquidity stress scenarios (both firm-specific and market-wide, separately and in combination) to identify sources of potential liquidity stress and to ensure that the IBU’s exposures continue to be in accordance with its liquidity risk tolerance.
ii. The scenarios and assumptions related to stress tests must be well documented, and must be reviewed together with the test results. The results, the major vulnerabilities found and any resulting actions must be reported to, and discussed with, the IBU’s governing body and the Authority.
iii. The results of the stress tests must be integrated into the IBU’s strategic planning process and its day-to-day risk management practices. The results must be explicitly considered in the setting of internal limits.
iv. The stress test outcomes must be used to adjust the IBU’s liquidity management strategy, policies and positions, and to develop effective contingency plans to deal with the conditions of liquidity stress.
9. Independent oversight of Liquidity Risk Management
i. An IBU’s liquidity risk management oversight function must be operationally independent. The relevant staff / officers must have the requisite skills and authority to challenge the firm’s treasury and other liquidity management functions.
ii. The IBU must have adequate policies, procedures and controls to ensure that the its governing body and senior management are informed immediately of new and emerging liquidity concerns.
MODULE No. 8
Operational Risk
(OPRS)
1. Application
i. These directions set out the requirements in respect of a BU’s obligation to manage its Operational Risks effectively.
ii. For the purpose of these directions, Operational Risk refers to the risk of incurring losses due to inadequate or failed internal systems, processes, and people, or from external events. Operational Risk losses also include losses arising out of legal risk but excludes strategic and reputational risk.
2. General requirements
i. An IBU shall implement and maintain an Operational Risk management policy which enables it to identify, assess, monitor, control and mitigate its Operational Risk exposures.
ii. The Operational Risk management policy must be documented and include the Bank’s risk appetite for Operational Risk exposures. The policy must also set out as to how the Bank identifies, assesses, mitigates, controls and monitors Operational Risk.
iii. The Operational Risk management policy must include:
a. an approval process for all new products, activities, processes and systems being undertaken by the IBU
b. a process that enables the IBU to identify and assess the Operational Risk exposures inherent in its new products, activities, processes and systems
iv. The Operational Risk management policy of an IBU must be approved by its Governing Body.
v. An IBU must:
a. identify, assess, monitor, mitigate and, control its Operational Risk exposures;
b. ensure that its risk management framework including but not limited to tools, methodologies and, systems enable it to implement its Operational Risk management policy;
c. review and update its Operational Risk management policy at a frequency appropriate to the nature, scale and complexity of its activities.
vi. An IBU must immediately notify the Authority of any material Operational Risk event including notification of any resulting financial impact, positive or negative, associated with such event.
3. Business continuity
i. An IBU’s operational risk management policy must include effective and comprehensive procedures for disaster recovery and business continuity. The BU must have a business continuity plan for possible scenarios of severe business disruption. The plan must provide for the BU to continue to operate its core functions and to minimise losses (especially those from disturbances to payment and settlement systems), in those scenarios.
ii. An IBU must establish and maintain appropriate systems and controls to manage its information security risk.
4. Outsourcing risk – Policies
i. An IBU must establish appropriate policies to assess, manage and monitor the operational risk associated with its outsourced activities. The management of those risks must include the following elements:
a. carrying out due diligence for selecting service providers
b. structuring outsourcing arrangements
c. managing and reporting the risks associated with an outsourcing
d. ensuring effective control over an outsourcing
e. contingency planning
ii. The outsourcing contracts and service level agreements must clearly state the allocation of responsibilities between the service provider and the IBU.
Annex I
List of Certificate/ Reports/ Returns:
The IBUs are required to prepare and submit following certificate/ reports/ returns in accordance with the Authority’s instructions including about the periodicity, timeline and format to be communicated to the IBUs by Circular/Email from time to time:
1. Asset Liability Report (ALR)
2. Report on Problem Credit and Investments (PCI)
3. Report on Assets (ROA)
4. Report on Liabilities (ROL)
5. Report on Country Exposures and Maturity (CEM)
6. Profitability Report (PR)
7. Exposure Data Report 1 (EDR 1)
8. Exposure Data Report 2 (EDR 2)
9. Exposure Data Report 3 (EDR 3)
10. Treasury Report (TR)
11. Report on Prudential Ratios (Prudential Certificate) (RPR)
12. Liquidity Coverage Report (LCR)
Notes:
1 Banking company has the same meaning as the ‘Parent Bank’, defined under Regulation 2 (j) of the IFSCA (Banking) Regulations 2020, updated as on 6.7.2021.
(Republished with Amendments)
