BSP tightens risk management rules

August 25, 2017 - 2:12 AM
5482
Bangko Sentral ng Pilipinas headquarters in Manila. The central bank’s first quarter Consumer Expectations Survey (CES) for 2018 showed an index of 1.7 percent, down from the previous quarter’s 9.5 percent and year-ago’s 8.7 percent. (Reuters file photo)

MANILA – The central bank has issued fresh guidelines that require risk management protocols of banks and other financial firms, as well as their subsidiaries.

Bangko Sentral ng Pilipinas (BSP) Circular No. 971 requires such companies to adopt policies that enhance risk identification, mitigation and monitoring, covering both parent firms and their units.

“The risk governance framework shall consider the entities in the conglomerate and shall be applied on a group-wide scale,” according to the Aug. 22 circular.

“In case of group structures, there should be a board-approved policy that defines the risk management framework that shall apply to entities across the group,” it read.

“The policy shall provide the structure that shall be adopted by the group, either to establish the risk management function centrally at the parent bank or in each of the identified subsidiaries.”

The new guidelines require each company to adopt a risk appetite statement that will spell out risks it is “willing to assume” to achieve its business objectives.

“The degree of sophistication of the risk management and internal control processes and infrastructure shall keep pace with developments in the BSFI (BSP-supervised financial institution),” the central bank said.

Relevant factors to consider include balance sheet, revenue growth, increasing complexity of the business, operating structure, geographical expansion, mergers and acquisitions, introduction of new products or business lines, as well as business environment and industry practice, among others.

As a general rule, risk assessments done by banks and non-banks are expected to observe accuracy, integrity, completeness, timeliness and adaptability.

The BSP also requires that a risk management function be incorporated in the corporate structure and not entrusted to an external service provider.

Universal and commercial banks must appoint chief risk officers to oversee their risk-taking.

Separately, Circular No. 972 outlined the internal structure for enhanced risk management, including the adoption by the board of directors of a charter or any other formal document that spells out requirements for compliance with the new guidelines, establishment of a board-level committee led by a non-executive director to oversee compliance and appointment of a chief compliance officer, among others.

“The compliance risk management system shall be designed to specifically identify and mitigate risks that may erode the franchise value of the BSFI such as risks of legal or regulatory sanctions, material financial loss, or loss to reputation, a BSFI may suffer as a result of its failure to comply with laws, rules, related self-regulatory organization standards and codes of conduct applicable to its activities,” the circular read.

“Said risk may also arise from failure to manage conflict of interest, treat customers fairly, or effectively manage risks arising from money laundering and terrorist financing activities.”