Upload
olteanunbogdan
View
228
Download
0
Embed Size (px)
DESCRIPTION
Reg. BNR 5.2013 - EN
Citation preview
REGULATION no. 5 from December 20, 2013 regarding the prudential requirements for credit institutions
Summary at January 3, 2014. The present act was created using the SintAct-Acte Sintetice technology. SintAct and Acte Sintetice are Wolters Kluwer trademarks. Taking into consideration the provisions of art. 24, art. 51, para. (1), letter (d), art. 77, art. 101, art. 101, art. 104, art. 106-110, art. 148, art. 149, art. 150 para. (1), art .1521, art. 163, art. 1631, art. 164 para. (2), art. 166, art. 1663, art. 1691, art. 289, art. 320, art. 382, art. 384 para. (1) and of art. 385 para. (1) from the Government Emergency Ordinance no. 99/2006 regarding the credit institutions and capital adequacy, approved by Law no. 227/2007, as further amended and supplemented, as well as those of art. 416 para. (1) letter (a) from the Regulation (EU) no. 575/2013 of the European Parliament and the Council from June 26, 2013 regarding the prudential requirements for credit institutions and investment firms and those of modification of the Regulation (EU) no. 648/2012,, Based on the provisions of art. 420 para. (3) from the Government Emergency Ordinance no. 99/2006, approved with subsequent amendments and additions by Law no. 227/2007, as further amended and supplemented, of art. 25 para. (2) letter a) and those of art. 48 para. (1) from Law no. 312/2004regarding the Statute of the National Bank of Romania.
The National Bank of Romania issues the following regulation:
TITLE I: General provisions CHAPTER I: Scope of application Art. 1 This regulatory document regulates: a) The governance framework of credit instructions, the internal capital adequacy assessment process and outsourcing conditions of credit institution activities; b) Certain issues concerning credit institutions own funds; c) Requirements for capital buffers; d) supervision on consolidated basis of credit institutions; e) conditions for approval of internal rating models in determination of capital requirements for credit risk; f) conditions for preliminary notification of approval of Standard approach for operating risk, those for the approval of the use of alternative standard approach for operating risk and the conditions for the approval of advanced assessment in determination of capital requirements for operating risk; g) conditions for approval of internal models in determination of capital requirements for market risk; h) certain issues concerning implementation of Regulation (EU) No. 575/20133 of European Parliament and Council of June 26, 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012. Art. 2
(1) This regulation applies to credit institutions, Romanian legal entities, individually and/or, as the case may be, consolidated and sub-consolidated, as well as at cooperative network level.
(2) Without any prejudice to provisions in art. 77 para. (2) in Government Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by Law no. 227/2007, as further amended and supplemented, this regulation applies correspondingly to branches of credit institutions located in third party countries.
(3) Provisions regarding liquidity risk management in Chapter II and Chapter IV of Title II also apply correspondingly to branches of Member States credit institutions.
CHAPTER II: Definitions Art. 3
(1) In the meaning hereof, terms and expressions below shall have the following meaning: 1. management body a credit institutions body or bodies, appointed in accordance with incorporation
documents, as per the provisions in Companies Law No. 31/1990, republished, as further amended and supplemented, and in Government Emergency Ordinance No. 99/2006 on credit institutions and capital adequacy, approved by Law No. 227/2007, as further subsequently amended and supplemented, which are empowered to set the credit institution's strategy, objectives and overall direction, which oversee and monitor management decision-making, and include the persons who effectively direct the business of the institution;
2. management body in its supervisory function - means the management body acting in its role of overseeing and monitoring management decision-making and which is represented by the board of directors, within the unitary management system and by the supervisory board in the dual management system;
3. senior management - means those private individuals who exercise executive functions within an institution and who are empowered with the day-to-day management of the credit institution and answer for the accomplishment mode of this to the management body. The senior management is represented by directors in the unitary management system and by directorate in the dual management system;
4. Internal control framework means a framework that provides effective and efficient development of some operations, adequate control of risks, prudent conduct of business, reliability of financial and non-financial information reported, both internally and externally, and compliance with laws, regulations, supervisory requirements and the credit institutions internal rules and decisions;
5. Governance framework means a limited but crucial component of corporate governance, focusing on the internal structure and organisation of a credit institution;
6. Risk profile means the aggregate of a credit institutions actual and potential risk exposures; 7. Risk appetite means the absolute risks an institution is a priori open to take; 8. Risk tolerance means the real limits within the risk appetite assumed by a credit institution; 9. Compliance risk means the current or prospective risk to earnings and capital, leading to fines,
damages and/or termination of contracts or those that may affect credit institutions reputation, arising from violations or non-compliance with laws, rules, regulations, agreements, recommended practices or ethical standards;
10. conflict of interests means the particular situation or circumstance when the personal interest, direct or indirect, of the staff and members of the management team of the credit institution contravenes the interests of the credit institution, to the extent that it affects or might affect their independence and impartiality in making decisions or timely and objective performance of their duties, as part of their job description;
11. persons in key positions means staff members whose whose positions confer them a significant influence over the credit institutions orientation but who are not members of the management body. Persons in key positions can be the managers of some important business lines, of branches within European Economic Space, of subsidiaries in third party states, of support and control functions;
12. persons in middle management positions means persons assigned to provide the management of credit institutions business units;
13. internal capital adequacy assignment process means a component of credit institutions governance framework, that ensures that that the management body adequately identifies, measures, aggregates and monitors the credit institutions risk, holds an adequate internal capital in relation to the institutions risk profile and use sound risk management systems and develops them further;
14. stress testing means a risk management technique used to evaluate the potential effects on a credit institutions financial condition of a specific event and/or movement in a set of financial variables. Basically, stress testing could fall within the category of sensitivity analysis which assesses the impact
on a credit institutions financial condition of a move in one particular risk driver, the source of the shock being unidentified, and scenario test which assesses the impact on a credit institutions financial condition of simultaneous moves in a number of risk drivers, the stress event being well-defined;
15. unhedged borrowers means borrowers without a natural or a financial hedge; 16. natural hedging operation means an operation where borrowers receive denominated incomes or
indexed in foreign currencies in which the credit is granted, including reception of cash originating from transfers or exports;
17. financial hedging operation - means an operation that presumes a contract with a credit institution or a financial institution with the purpose of hedging the foreign exchange risk;
18. interest rate risk means the current or prospective risk to earnings and capital arising from adverse movements in interest rates;
19. IT risk means a subcategory of operational risk, that concerns the current or prospective risk of adverse impact on earnings and capital, arising from inadequate IT strategy and policies, information technology or processing, in terms of manageability, integrity, controllability and continuity thereof, or from inadequate use of the institutions information technology;
20. reputational risk means the current or prospective risk to earnings and capital arising from adverse perception of the image of the credit institution on the part of customers, counterparties, shareholders, investors or supervisory authorities;
21. strategic risk means the current or prospective risk of adverse impact on earnings and capital, arising from changes in the business environment and from adverse business decisions, improper implementation of decisions or lack of responsiveness to changes in the business environment;
22. economic value means the updated value of expected net cash flows of the credit institution; 23. operational unit means a unit separate from a technical, geographical or organizational point of view
from the other parts of the credit institution or the group like entities separate depending on legal or organizational standpoints, the line of business or homogenous exposure groups within a credit institution or a group;
24. documentation means the description and, as the case may be, underlying fundaments of a process, system, methodology or decision, found at the credit institution level as a written presentation with an adequate degree of complexity and thoroughness;
25. core deposits means financing resources remaining at the disposal of the credit institution for a long period of time, determined by such credit institution according to internal policies referred to in art. 136;
26. outsourcing means the use by the credit institution of an external service provider, on contractual and ongoing basis, for performance of activities that would normally be undertaken by that credit institution;
27. external services provider means the supplier of goods and services, which may or may not be an authorised entity, depending on the outsourced activity, respectively an affiliated entity within a group or an entity that is external to the group;
28. material activities means: a. activities of such importance that any difficulty or failure in their performance could have a material
negative effect on the credit institution ability to meet its regulatory responsibilities and/or to continue its business;
b. any other activities requiring a license from the competent authority; c. any activities having a significant impact on the risk management and d. the management of risks related to activities in item (i); 29. chain outsourcing means outsourcing where the external service provider subcontracts elements of
the services delivered to the credit institution to other external providers; 30. categories of staff whose professional activities have a material impact upon the credit institutions
risk profile (identified personnel) means categories of staff whose professional activities have a material impact on the credit institutions risk profile, including members of the senior management, risk takers regarding the credit institution for example persons having granted higher individual
clearances concerning the conduct of transactions in which the credit institution is involved, such as: dealers, persons approving credits of a material amount -, staff engaged in the internal control functions and any employee whose total remuneration, including discretionary pension benefit provisions, classifies him / her into the same remuneration bracket as members of senior management and risk takers regarding the credit institution;
31. material risks means risks with significant impact on the financial and/or reputational position of credit institutions;
32. malus agreement means a performance adjustment practice that allows firms to adjust the as-yet invested portion of an individuals bonus to take account of developments after communication of the bonus.
33. clawback agreement means a performance adjustment practice that enables firms to demand payback of all or part of an individuals bonus that has already vested with the individual, to take account of developments after vesting.
34. market risk means the risk to incur losses corresponding to on-balance and off-balance positions due to adverse market movements in prices and interest rates concerning the trading book business, as well as from movements in foreign exchange rate and commodities prices for the whole business of the credit institution (e.g. share prices, interest rate, foreign exchange rate).
35. model risk means the potential loss a credit institution may incur, as a consequence of decisions that could be principally based on the output of internal models, due to errors in the development, implementation or use of such models;
36. internal approaches means the internal ratings based approach referred to in Art. 143 (1), the internal models approach referred to in Art. 221, the own estimates approach referred to in Art. 225, the advanced measurement approaches referred to in Art. 312 (2), the internal models method referred to in Art. s 283 and 363, and the internal assessment approach referred to in Art. 259 (3) of Regulation (EU) No 575/2013;
37. credit risk means the current or prospective risk to earnings and capital arising from an borrowers failure to meet the terms of any contract with the credit institution or its failure to perform as agreed;
38. country risk means the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk as all forms of lending or investment activity whether to/with private individuals, corporations, credit institutions or central administrations are covered;
39. transfer risk means the risk that a borrower will not be able to convert local currency into foreign exchange and so will be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the borrowers country.;
40. liquidity risk means the current or prospective risk to earnings and capital arising from a credit institutions inability to meet its liabilities when they become due;
41. capital conservation buffer - means the own funds that an institution is required to maintain in accordance with cu art. 256 herein;
42. institution-specific countercyclical capital buffer - means the own funds that an institution is required to maintain in accordance with art. 257 herein;
43. capital buffer of global systemically important institutions (G-SII buffer) - means the own funds that are required to be maintained in accordance with art. 271 herein;
44. capital buffer of other systemically important institutions (O-SII buffer) -means the own funds that may be required to be maintained in accordance with art. 269 para.(1) herein;
45. systemic risk buffer - means the own funds that an institution is or may be required to maintain in accordance with art. 281-289 herein;
46. combined buffer requirement - means the total Common Equity Tier 1 capital required to meet the requirement for the capital conservation buffer extended by the following, as applicable: a. a credit institution-specific countercyclical capital buffer; b. G-SII buffer; c. O-SII buffer; d. A systemic risk buffer;
47. countercyclical buffer rate means the rate that institutions must apply in order to calculate their institution-specific countercyclical capital buffer, and that is set in accordance with art. 258 and art. 259 herein or, as the case may be, by a relevant third party country authority, as the case may be;
48. domestically authorised institution - means an institution that has been authorised in Romania for which the National Bank of Romania is responsible for setting the countercyclical buffer rate, as per recommendations of the interinstitutional coordination structure in the domain of the macro-prudential supervision of the national financial system, named hereinafter coordination structure.
49. buffer guide - means a benchmark buffer rate calculated in accordance with art. 258 para. (2) and (3) herein.
50. judicial risk loss risk following fines, penalties and sanctions for which the credit institution is liable in case of not applying or deficiently applying the legal or contractual dispositions, as well as the fact that the contractual rights and liabilities of the credit institutions and/or of its counterparty are not established adequately.
51. effectiveness the degree of accomplishing the targets established for each of the activities and the ratio between the projected effect and the actual result of the respective activity;
52. efficiency maximizing the results of a activity in relation with the used resources (2) the terms and the expressions used in the content of the present regulation have the signification
provided in the Government Emergency Ordinance no. 99/2006 regarding the credit institutions and capital adequacy, approved by Law no. 227/2007, with subsequent amendments and additions,
(3) For the purposes of the present regulation, the terms and expressions: institution, entity from the financial sector, consolidated situation, consolidated basis, sub-consolidated basis, own funds, regularized market, discretionary benefits of pension type, trading portfolio, initiator, sponsor, special entity constituted for securitization, eligible capital, leverage, risk associated to excessive use of leverage, external institution of risk assessment provided in art. 4 para. (1) from Regulation (EU) no. 575/2013
TITLE II: The governance framework of credit institutions, the internal capital adequacy assessment
process and conditions for outsourcing of credit institutions businesses
CHAPTER I: The governance framework of credit institutions Art. 4:
(1) credit Institutions shall have robust governance arrangements, which include at least the following:
a. Organisational structure and organisation; b. the management body of the credit institution, respectively: attributions and responsibilities,
composition and operation, general governance framework; c. risks management; d. internal control; e. IT systems and business continuity; f. Transparency requirements. (4) The central house of credit cooperatives is responsible for the presence of a general governance
framework in the meaning of para. (1) and at the level of cooperative network. Art. 5 (1) Credit institutions must have internal regulations in place concerning the governance framework. (2) Credit institutions shall adapt the governance framework based on the nature, extent and
complexity of risks incurred by the business model and activities developed by them. (3) Provisions in para.(2) shall be applied by the central house of credit cooperatives also at
cooperative network level.
SECTION 1: Organisational structure of a credit institution
SUBSECTION 11: Organisational framework Art.6 (1) The management body of a credit institution must provide an adequate and transparent
organisational structure for the respective credit institution (2) In the meaning of para. (1), the organisational structure of a credit institution shall be
transparent and organised in a way that promotes effectiveness and demonstrates the prudent management of the institution, both on a solo basis and at the level of group it belongs to.
(3) The reporting lines and the allocation of responsibilities and competences within a credit institution shall be clear, precise, well defined, coherent and efficiently implemented.
(4) The management body must assess the way in which various elements of the organisational structure are mutually complementary and interacting. The (organisational) structure must not affect management bodys capacity to oversee and administrate in an efficient manner risks run by the credit institution or its respective group.
(5) The management body must assess how the changes incurred in groups structure (which can result, without limitation, due to establishment of new subsidiaries, mergers and acquisition, sale or winding up of parts of the group or due to evolutions outside the group) affects its soundness. The management body must undertake promptly any action required.
SUBSECTION 12: Checks and balances in a group structure Art. 7 (1) Within a group structure, the management body of a parent credit institution, Romanian legal entity, has to make sure that, within the group, there is an adequate corporate governance and that this is appropriate to the structure, business and risks of the group and its entities.
(2) The management body of a subsidiary credit institution, Romanian legal entity, should adhere to the governance values and principles espoused by its parent credit institution and should acknowledge the business objectives, risk profile and policies established by the management body of the parent credit institution, excepting the case when there are legislative or supervisory requirements or proportionality reasons that determine other conduct. In this respect, the management body of a subsidiary credit institution should set its own governance responsibilities, and should evaluate any group-level decisions or practices to ensure that they do not put the subsidiary in breach of regulatory provisions or prudential rules applicable on a solo basis in Romania. The management body of a subsidiary should also ensure that such decisions or practices are not detrimental to:
a) the sound and prudent management of the subsidiary;
b) the financial health of the subsidiary; or
c) the legal interests of the subsidiarys interested parties.
(3) To the end of fulfilling its responsibilities in line with the governance framework, the management body of a parent credit institution, Romanian legal entity, should:
a) establish a governance structure which contributes to the effective oversight of its subsidiaries and which takes into account the nature, scale and complexity of the different risks to which the group and its subsidiaries are exposed;
b) approve a governance policy at the group level and for its subsidiaries, which includes the commitment to meet all applicable governance requirements;
c) ensure that enough resources are available for each subsidiary to meet both group standards and local governance standards;
d) have appropriate available means to monitor that each subsidiary complies with all applicable governance requirements;
e) provide that group-wide reporting lines are clear and transparent, especially where activity lines are not consistent with groups legal structure.
(4) A subsidiary credit institution, Romanian legal entity, must also have available a sufficient number of independent members in its management body. The independent members of its management body are members that do not detain an executive position, that are independent from the subsidiary and its group and from its controlling shareholders.
SUBSECTION 13: Know your structure Art. 8 (1) The management body must be aware of, and fully understand, the operational structure of a credit institution and it must provide that it is consistent with the approved business strategy and risk profile. (2) The management body must orient and have a good understanding of the structure of credit institution, its evolution and limitations, and it must provide that such structure is adequate and that it does not involve an excessive or inadequate level of complexity. The management body is also responsible for approval of sound strategies and policies for establishment of new structures. In addition, the management body must be aware on the risks incurred by the complexity of structure itself of the legal entity and it must provide that the credit institution is capable to produce, in due time, information concerning the type, statute, shareholdership structure and activities of each legal entity.
(3) The management body of a parent credit institution, Romanian legal person, must:
a) understand not only the group organisation, but also the purpose of various entities and connections and relations between them
b) provide that various groups entities (including the credit institution itself) receive enough information to acquire a clear overview on groups overall objectives and risks;
c) provide that it is permanently updated information concerning the risks incurred by groups structure.
SUBSECTION 14: Non-standard or non-transparent activities Art. 9
(1) In case when a credit institution operates through special-purpose structures or through interconnected structures or structures located in jurisdictions that prevent transparency or that are not consistent with international banking standards, the management body must understand the scope, structure and special risks associated thereto.
(2) The management body must allow these activities only when it is certain that risks shall be managed properly.
(3) The management body must establish, maintain and review, on an on-going mode, adequate strategies, policies and procedures for approval and maintenance of such structures and activities, to provide that they remain consistent with their declared scope.
(4) The management body must provide that proper measures will be taken to prevent or mitigate risks related to such activities.
(5) In the meaning of para. (4), the measures include: a) the credit institution has adequate policies as well as procedures, and formal processes
(e.g. applicable limitations, information requirements) for consideration, approval and management of risks related to such activities, taking into account their effects on
groups operational structure; b) data related to these activities and corresponding risks is available in central offices and
to credit institutions auditors, and it is reported to the management body and to the National Bank of Romania; Monitoring Division
c) the credit institution provides periodic assessment on the permanent necessity to perform activities that prevent transparency.
(6) In the meaning of para. 5, the credit institution must take the same measures when performing activities that are not transparent or that are not performed regularly for its clients.
(7) All structures and activities described in this Art. must be subjected to periodical analysis from internal and external audit.
SUBSECTION 2: The management body of the credit institution SUBSECTION 21: Duties and responsibilities of the management body Art. 10
(1) Responsibilities of the management body shall be clearly defined in a written document, and approved, respecting the relevant legislation.
(2) Responsibilities established in document must be consistent with provisions of Companies Law no. 31/1990, republished, as further amended and supplemented, and of Government Emergency Ordinance No. 99/2006 on credit institutions and capital adequacy, approved as further amended and supplemented by Law No. 227/2007, subsequently amended and supplemented.
Art. 11
(1) The management body must define, oversee and take responsibility for implementation of a governance framework that provides efficient and prudent management of the credit institution, including segregation of responsibilities within the organisation and prevention of conflicts of interests
(2) In the meaning of para. (1), the implemented governance framework must provide consistency with the following principles:
a. the management body must have full responsibility with regard to the credit institution and it must approve and oversee implementation of strategic objectives, of strategy concerning risks management and of credit institutions governance framework
b. the management body must provide integrity of accounting and financial reporting systems, including financial and operational controls and compliance with relevant legislation and standards
c. the management body must oversee the publication and notification processes
d. the management body must be responsible for provision of effective oversight of senior management
Art. 12
(1) Apart from responsibilities set forth in art. 11 para. (2), the management body is also responsible for the establishment and review of:
a. amounts, types and distribution of both internal capital and of own funds, adequate for coverage of credit institutions risk;
b. a sound and transparent organisational structure, with efficient communication and reporting channels;
c. a policy for appointment and progression of persons in key positions within the credit institution;
d. a remuneration scheme that is consistent with the strategies of the credit institution regarding the risk management
e. principles of governance framework and of corporate values of the credit institution, including of those established through a code of conduct or an equivalent document; and
f. a proper and efficient framework of internal control that includes risk management, compliance and internal audit functions, as well as a proper and efficient framework for financial reporting and accounting.
(2) The management body of a credit institution shall review and approve regularly the strategies and policies for approval, managing, monitoring and mitigation of the risks that may be incurred by that credit institution, considering particularly the macroeconomic environment in which the credit institution operates and the position in the business cycle
(3) When reviewing policies and strategies, the management body is responsible for the proper communication with The National Bank of Romania Monitoring Division and other interested parts
(4) In the meaning of para. (1) letter c), credit institutions must assess adequacy of personnel holding key positions before the appointment thereof or to reassess their adequacy, if the case, and to record the assessment/reassessment and the results achieved.
(5) If, following credit institutions assessment,, conclusion is drawn that key personnel is not adequate, the credit institution must take proper measures.
Art. 13
(1) The management body of a credit institution shall monitor and periodically assess the effectiveness of the governance arrangements of the credit institution and it shall take proper measures to remedy any deficiency
(2) A review shall be performed at least once a year on the governance arrangements of the credit institution and on implementation thereof. This review must take into consideration any changes in internal and external factors affecting the credit institution.
Art. 14
(1) The management body, in its monitoring function, and the senior management must interact efficiently.
(2) The management body, in its supervisory function, must:
a. be prepared and capable to contest and to dispose of the capacity to asses in a critical yet constructive manner proposals, explanations and information provided by the members of senior management;
b. monitor whether the strategy, risk tolerance / appetite and policies of the credit institutions are implemented consistently and whether performance standards are maintained as per long-term financial interests and solvability of the credit institution; and
c. monitor performances of members of senior management in cross-reference with respective standards.
(3) The senior management must provide to the management body, in its supervisory
function, periodically and without delay, depending on the case, information on elements that are relevant in the assessment of a situation with impact on the credit institutions management and on maintenance of its financial safety.
SUBSECTION 22: Membership and operation of the management body Art. 15 (1) The management body must have an adequate number of members and a proper
structure. (2) When determining the membership, credit institutions must assess adequacy of
members of management body based on the criteria provided by the Government Emergency Ordinance no. 99/2006, regarding the credit institutions and the capital adequacy, approved by Law no. 227/2007, as further amended and supplemented. The assessment will be made, ordinarily, before the occupancy of the respective function.
(3) Credit institutions must reassess the adequacy of members of the management body when events occur that require such reassessment, to monitor on-going adequacy of that person
(4) The management body must dispose of policies for selection, monitoring and planning of progression of its members
(5) A credit institution must establish the size and membership of its management body depending on the size and complexity of the credit institution and on the nature and scope of its activities.
(6) If, following credit institutions assessment, conclusion is drawn that a person is not fit to be appointed as member of the management body, the respective person must not be appointed.
(7) If, following credit institutions assessment, conclusion is drawn that a member of the management body is no longer adequate, the credit institution must take proper measures to remedy this situation and to notify the National Bank of Romania in this direction.
(8) Measures set forth in para. (6) and (7) may include, without limitation: adjustment of responsibilities among members of the management body; replacement of certain persons, training of members or of the entire management body to provide that management bodys aggregate qualification and experience are sufficient.
Art. 16
(1) Management body members must take active part in the activity of a credit institutions and they must be capable to take decisions and to deliver their own professional judgements in a solid, objective and independent manner.
(2) Selection of members of the management body must provide the availability of sufficient expertise and independence. The credit institution must provide that members of the management body have the capacity to allocate time and sufficient effort to execute their responsibilities in an efficient manner.
(3) Credit institutions must have written documents setting forth commitments concerning the minimum expected time for effective participation in exercising in an adequate mode the prerogatives for each management body member. Participation of management bodys members in its supervisory position to the exercise of supervisory attributions must be made public.
(4) Management bodys members must be capable to act in an objective, critical and independent manner.
Art. 17
The management body must have a written policy concerning the management of conflicts of interest for its members.
Art. 18
(1) Credit institutions must allocate human and financial resources adequate for the integration and training of management bodys members
(2) In the meaning of para. (1), training programs adapted based on the need of each member of the management body must take into account any inconsistency between the needs of the credit institution and the actual knowledge of management bodys members
Art. 19
Credit institutions and respectively their nomination committees, if the case, must consider a wide range of competences and capacities when recruiting management bodys members and, to this end, they must establish a policy for the promotion of diversity within the management body
Art. 20
(1) The management body must define adequate practices and procedures, corresponding to the governance framework for its own organisation and operation and it must dispose of means assuring that such practices are monitored and reviewed periodically for improvement purposes.
(2) In the meaning of para. (1), sound practices and procedures for the management body corresponding to the governance framework include periodicity of meetings, work procedures and minutes thereof, the role of management bodys chairman and the use of committees.
Art. 21
(1) The management body in its supervisory function must take into consideration, based on the size and complexity of credit institution, establishment of specialized committees including management bodys members (other persons may also be invited to attend, based on their specific expertise or due to the fact that their recommendations are relevant for a certain issue).
(2) In the meaning of para. (1), delegation of responsibilities to such committees should not exonerate in any way the management body in its supervisory function from collective exercise of its attributions and responsibilities.
Art. 22
(1) Credit institutions must establish an audit committee.
(2) An audit committee must, among other things:
a) monitor efficacy of internal control, internal audit and risk management
b) supervise external auditors of the credit institution;
c) recommend to the management body and other shareholders the appointment, remuneration and revocation of external auditors;
d) assess and approve the scope and periodicity of internal audit;
e) assess internal audit reports;
f) verify timely adoption, by the senior management, of corrective measures required to remedy control deficiencies, noncompliance with legal and regulatory framework and with policies, as well as with other deficiencies identified buy auditors.
(3) The audit committee must also supervise implementation of accounting policies by the credit institution.
(4) The chairman of the audit committee must be independent in case when the chairman is a former member the credit institutions senior management, he/she may take the chair only after expiration of a corresponding period of at least one year.
(5) Overall, members of the audit committee must have recent practical and relevant experience in financial markets or must have acquired, following previous activities, sufficient professional experience directly related to activities on the financial markets. The chairman of the audit committee must have specialised knowledge and experience in implementation of accounting principles and internal control processes.
Art. 23
(1) Credit institutions that are material in size, internal organisation and nature, extent and complexity of activities must set up a risk management committee comprised of management bodys members that do not hold any executive position in respective credit institution. Members of the risk management committee must have adequate knowledge, competences and expertise to fully understand and monitor the strategy concerning risk management and risk appetite of the credit institution
(2) The risk management committee must provide advice to the management body concerning the risk appetite and the credit institutions overall strategy on current and future risk management and it must assist the management body in overseeing of implementation of respective strategy by the senior management. The overall responsibility concerning risk administration shall still fall under the management body.
(3) The risk management committee shall review whether prices of liabilities and assets offered to clients take fully into account the institution's business model and risk strategy. Where prices do not properly reflect risks in accordance with the business model and risk strategy, the risk committee shall present a remedy plan to the management body.
(4) The National Bank of Romania may allow an institution which is not considered material in the meaning of para. (1), to join the risk committee with the audit committee. Members of the joint committee shall have the knowledge, skills and expertise required for the risk management committee and for the audit committee.
(5) In order to assist in the establishment of sound remuneration policies and practices, the risk management committee shall, without prejudice to the tasks of the remuneration committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of profits.
Art. 24
(1) Credit institutions that are material in size, internal organisation and nature, extent of complexity of their activities must establish a nomination composed of members of the management body who do not perform any executive function in the institution concerned
(2) The nomination committee shall:
a) identify and recommend, for the approval of the management body or for approval of the general meeting, candidates to fill management body vacancies, evaluate the balance of knowledge, skills, diversity and experience of the management body and prepare a description of the roles and capabilities for a particular appointment, and assess the time
commitment expected;
b) periodically, and at least annually, assess the structure, size, composition and performance of the management body and make recommendations to the management body with regard to any changes;
c) periodically, and at least annually, assess the knowledge, skills and experience of individual members of the management body and of the management body collectively, and report to the management body accordingly;
d) periodically review the policy of the management body for selection and appointment of senior management and make recommendations to the management body
(3) In the meaning of para. (2) letter a), the nomination committee shall decide on a target for the representation of the gender, masculine or feminine, underrepresented in the structure of the management body and prepare a policy on how to increase the number of these persons in the structure of the management body in order to meet that target. The target, policy and its implementation shall be made public in accordance with Art. 435 (2) letter (c) of Regulation (EU) No. 575/2013.
(4) The nomination committee must provide active contribution to the fulfilment of credit institutions responsibilities by adoption of corresponding internal policies concerning assessment of adequacy of management bodys members and of individuals holding key positions in the meaning of art. 12 para. (1) letter c) and art. 17 para. (4). Assessment of adequacy of management bodys members and of personnel in key positions, achieved both initially and ulterior, on an on-going basis, must be primarily under credit institutions responsibility.
(5) In performing its duties, the nomination committee shall, to the extent possible and on an ongoing basis, take account of the need to ensure that the management body's decision making is not dominated by any one individual or small group of individuals in a manner that is detrimental to the interests of the institution as a whole.
(6) The nomination committee shall be able to use any forms of resources that it considers to be appropriate, including external advice, and shall receive appropriate funding to that effect
SUBSECTION 23: General governance framework Art. 25
(1) The management body shall develop and promote high ethical and professional standards
(2) In the meaning of para. (1), implementing appropriate standards (e.g. a code of conduct) for professional and responsible behaviour throughout an institution should help reduce the risks to which it is exposed.
Art. 26
(1) The management body shall establish, implement and maintain effective policies to identify actual and potential conflicts of interest. Conflicts of interest that have been informed to and confirmed by the management body shall be appropriately managed.
(2) In the meaning of para. (1), A written policy should identify the relationships, services, activities or transactions of an institution in which conflicts of interest may arise and shall state how these conflicts should be managed.
(3) A parent company, Romanian legal entity, should consider and balance the interests of
all its subsidiaries, and consider how these interests contribute to the common purpose and interests of the group as a whole over the long term.
(4) The conflict of interest policy should set out measures to be adopted to prevent or manage conflicts of interest. Such procedures and measures might include:
a) adequate segregation of duties, e.g. entrusting activities that may generate conflicting situations within the chain of transactions or of services to different persons or entrusting supervisory and reporting responsibilities for conflicting activities to different persons;
b) establishing information barriers, and
c) preventing people who are also active outside the institution from having inappropriate influence within the institution regarding those activities.
Art. 27
(1) The management body shall put in place appropriate internal alert procedures for communicating internal concerns from the staff convening governance framework.
(2) An institution should adopt appropriate internal alert procedures that staff can use to draw attention to legitimate concerns and of substance regarding matters connected with internal governance. These procedures should respect the confidentiality of the staff that raises such concerns. To avoid conflicts of interest there should be an opportunity to raise concerns outside regular reporting lines (e.g. through the Compliance function or the Internal Audit function or an internal whistleblower procedure). The alert procedures should be made available to all staff within an institution. Information provided by the staff via the alert procedure should, if relevant, be made available to the management body.
(3) In addition to the internal alert procedures, the staff of a credit institution shall inform the National Bank of Romania Monitoring Division about the legitimate concerns and of substance provided in para. (2).
SECTION 3: Risk management Art. 28 Risk management within a credit institution involves:
a) A risk-related culture in place;
b) A risk management framework in place;
c) A policy in place for approval of new products.
SUBSECTION 31: Risk culture Art. 29
(1) Credit institutions shall develop an integrated and institution-wide risk culture, based on a full understanding of the risks it faces and how they are managed, taking into account credit institutions risk tolerance/appetite.
(2) Every member of the credit institution should be fully aware of his or her responsibilities relating to risk management. The responsibility related to risk management must not be limited to the level of the specialists in the risk domain or that of the control functions. Business units, under the oversight of the management body, should be primarily responsible for managing risks on a day-to-day basis, taking into account the credit institutions risk tolerance/appetite and in line with its policies, procedures and controls.
(3) The the management body must dedicate sufficient time to consideration of risk issues.
(4) In the meaning of para. (3), the management body shall be actively involved in and
ensure that adequate resources are allocated to the management of all material risks addressed herein and in Regulation (EU) no. 575/2013, as well as in the valuation of assets, the use of external credit ratings and internal models relating to those risks.
(5) A credit institution should have a holistic risk management framework extending across all its business, support and control functions, recognizing fully the economic substance of its risk exposures and encompassing all relevant risks. The scope of risk management should cover the credit, market, liquidity and operational risks, but should also include concentration, reputational, compliance and strategic risks.
SUBSECTION 32: Risk management framework Art. 30
(1) A credit institution's risk management framework shall include policies, procedures, limits and controls providing adequate, timely and continuous identification, measurement or assessment, monitoring, mitigation and reporting of the risks posed by its activities at the business line and institution-wide levels.
(2) A credit institution's risk management framework should provide specific directions on the implementation of its strategies.
(3) When identifying and measuring risks, a credit institution should develop forward-looking and backward-looking tools. These tools should allow for the aggregation of risk exposures across business lines and should support the identification of risk concentrations.
(4) The ultimate responsibility for risk assessment lies solely with the credit institution which, accordingly, should evaluate its risks critically and should not rely exclusively on external assessments.
(5) The credit institutions should establish regular and transparent reporting mechanisms so that the management body and all relevant units in that credit institution are provided with reports in a timely, accurate, concise, understandable and meaningful manner and can exchange relevant information about the identification, measurement or assessment and monitoring of risks. The reporting framework should be well defined, documented and approved by the management body.
(6) In the meaning of para. (5), the credit institution shall establish reporting lines to the management body that cover all material risks and risk management policies and changes thereof.
(7) The management body in its supervisory function and, where a risk committee has been established, the risk committee must have adequate access to information on the risk situation of the credit institution and, if necessary and appropriate, to the risk management function and to external expert advice.
(8) The management body in its supervisory function and, where one has been established, the risk committee shall determine the nature, the amount, the format, and the frequency of the information on risk which it is to receive.
Art. 31
The management framework for material risks must be clearly and transparently translated into internal regulations, procedures, including manuals and codes of conduct, with segregation between the general standards applicable to entire personnel and specific regulations applicable only to certain personnel categories.
SUBSECTION 3 3: New products Art. 32 (1) A credit institution shall have in place a well-documented new product approval policy,
approved by the management body, which addresses the development of new markets, products and services and material changes to existing ones.
(2) The risk management function should be involved in approving new products or material changes to existing products. The risk management function should also have a clear overview of the roll-out of new products (or material changes to existing products) across different business lines and portfolios and the competence to require that changes to existing products go through the formal new product approval policy.
SECTION 4: Internal control Art. 33 The internal control of a credit institution involves:
a) A sound internal control framework in place;
b) Independent control functions in place.
SUBSECTION 4 1: Internal control framework Art. 34 (1) A credit institution shall develop and maintain a sound and comprehensive internal control framework, including specific independent control functions with appropriate authority to fulfil their mission.
(2) The internal control framework should cover the whole organisation, including the activities of all business, support and control functions.
(3) The internal control framework should be appropriate for a credit institutions business, with sound administrative and accounting procedures.
(4) In order to implement a strong internal control framework in all areas of the credit institution, the business and support functions should be responsible in the first place for establishing and maintaining adequate internal control policies and procedures.
Art. 35
(1) An appropriate internal control framework also requires verification by independent control functions that these policies and procedures are complied with. The control functions should include a risk management function, a compliance function and an internal audit function.
(2) The control functions should be established at an adequate hierarchical level and there must exist reporting lines directly to the management body. They should be independent of the operational and support functions they monitor and control, as well as organisationally independent in relation with the other. The group control functions should oversee is subsidiaries control functions.
(3) In order for the control function to be regarded as independent the following conditions should be met:
a) its staff does not perform any tasks that fall within the scope of the activities the control function is intended to monitor and control;
b) the control function is organisationally separate from the activities it is assigned to monitor and control;
c) the head of the control function is subordinate to a person who has no responsibility for managing the activities the control function monitors and controls. The head of the control function generally should report directly to the management body and any relevant committees and should regularly attend their meetings; and
d) the remuneration of the control functions staff should not be related to the performance of the activities the control function monitors and controls, but to successful fulfilment of objectives assigned, and therefore it should not compromise their objectivity.
(4) Control functions should have an adequate number of qualified staff (both at parent credit institution and subsidiary level in groups). The staff, which must be entrusted with proper authorities, should be qualified on an on-going basis, and should receive proper training. They should also have appropriate data systems and support at their disposal, with access to the internal and external information necessary to meet their responsibilities.
(5) Control functions should regularly submit to the management body formal reports on major deficiencies identified. These reports should include follow-up measures on earlier findings and, for each new identified major deficiency, the relevant risks involved, an impact assessment and recommendations. The management body should act on the findings of the control functions in a timely and effective manner and require adequate remedial action.
Art. 36
(1) Without any prejudice to provisions in art.60, control functions cannot be outsourced.
(2) In the meaning of this Regulation, centralisation of control functions in the parent credit institution is not considered outsourcing from the standpoint of subsidiary credit institutions, Romanian legal entity.
(3) In case of centralisation of control functions, credit institutions shall provide compliance with provisions in art. 7.
(4) Subsidiary credit institutions, Romanian legal entity, part of a group where the parent credit institution centralises control functions, must observe provisions herein concerning organisation of control functions.
(5) The central house of credit cooperatives shall provide coordination of risk management, compliance and internal audit functions also for affiliated credit cooperatives.
SUBSECTION 4 2: Risk management function Art. 37 (1) Depending on the size, internal organisation and on the nature, extent and complexity of activities, the credit institutions must have a risk management function independent from the operational functions, provided with sufficient authority, stature, resources and access to the management body.
(2) The risk management function should be central organisational feature of the credit institution, structured so it can implement risk policies and control the risk management framework.
(3) Large, complex and sophisticated credit institutions may consider establishing dedicated risk management functions for each material business line. However, the credit institution should include central risk management function (including, as the case may be, a group-wide risk management function in the parent company of a group) to deliver a holistic view on all risks.
(4) The central house of credit cooperatives shall provide that strategic policies and objectives of each affiliated credit cooperative are consistent with those of the central house and with the overall risk appetite and objectives set forth by the central house., for that purpose, the central house of credit cooperatives shall define policies and principles for the assessment and measurement of risks and it shall determine risk control procedure at the level of credit cooperative network and for each affiliated credit cooperative.
Art. 38
The risk management function must provide that all material risks are identified, measured and properly reported.
Art. 39
The risk management function shall play a key role within the credit institution, ensuring that it has effective risk management processes in place, being involved in
a) elaboration and review of strategies, and decision-making process;
b) assessment of transactions with related parties;
c) identification of risks incurred by complexity of legal structure of a credit institution;
d) assessment of material changes;
e) internal measurement and assessment of risks;
f) risk monitoring;
g) unapproved exposures.
Art. 40
(1) In the meaning of art. 39 letter a), the risk management function must be actively involved in elaboration of credit institution's risk strategy and in all material risk management decisions regarding the material risk management and that it can deliver a holistic view of the whole range of the credit institutions risks.
(2) In the meaning of para. (1), the risk administration function must provide to the management body all the relevant information about risk (for example, by using a technical analysis about the risk exposure) in order to permit the establishment of the risk tolerance/appetite level of the credit institution.
(3) The risk administration function must also evaluate the risk administration strategy, including the targets proposed by the operational units, and accord advice to the management body before taking any decision. The targets, including the credit rating and capital rate of return, must be plausible and consequent.
(4) The risk administration function must distribute the implementation responsibility of the strategy and of the policy regarding a credit institutions risk administration with all the operational units within this. While the operational units must implement the relevant risk limits, the risk administration function must be responsible with assuring that the limits are in conformity with the general risk appetite/tolerance of the credit institution and with the monitoring on an on-going basis in order that the credit institution to not assume excessive risks.
(5) Regarding the implication of the risk administration function in the decisive process, this should assure that the aspects regarding are taken into consideration in an adequate mode. With all this, the operational units and the support functions and, lastly, the management body should remain responsible for their decisions.
Art. 41 In the meaning of art. 39 letter b), the risk administration function must make sure that the transactions with the affiliate parties are analyzed, and that the actual or potential risks that these presume for the credit institution are identified and evaluated in an adequate mode. Art. 42
In the meaning of art. 39 letter b), the risk administration function must have as an objective the identification of the significant risks that result from the existence of a complex judicial structure. Art. 43 (1) In the meaning of art. 39 letter d), the risk administration function must evaluate the mode in which any identified significant risk could affect the capacity of the credit institution or of the group to manage their risk profile and to mobilize the financing and the capital in normal conditions and unfavourable conditions. Art. 44 In the meaning of art. 39 letter e), the risk administration function must make sure that the measurement and internal evaluation of a credit institutions risk cover an adequate area of scenarios and it is based on assumptions sufficiently conservative regarding dependence and correlation. These shall include a qualitative perspective at the whole level of the credit institution (including the experts reasoning) of the relation between the risks and profitability of the credit institution and the external operation environment of this. Art. 45 (1) In the meaning of art. 39 letter f), the risk management function must provide that all
identified risks can be monitored efficiently by the business units. The risk management function
must monitor, periodically, the actual risk profile of the credit institution and to assess it by
cross-reference to credit institutions strategic objectives and to the risk tolerance / appetite to
allow managements decision-making process and taking it under discussion by the managerial
body in its supervisory position.
(2) The risk management function must assess trends and identify new or emerging risks arising
from changing circumstances and conditions. It must also review, periodically, the current risk-
related results compared to previous assessments (e.g., back-testing) in order to evaluate and
improve accuracy and efficacy of the risk management process.
(3) The group-level risk management function must monitor risks approved by the branch
offices. Inconsistencies with the centrally approved strategy must be reported to the relevant
managerial body.
Art. 46 (1) In the meaning of art. 39 letter g), the risk management function must assess, independently,
any breach of, or incompliance with (including the cause thereof and a legal and economical
evaluation of the actual costs required for closing, reducing or covering the exposure
compared to potential costs incurred by its maintenance) strategies, risk tolerance / appetite
or risk thresholds. The risk management function must inform, if the case, the business units
involved and it must recommend possible remediation measures.
(2) The risk management function must have an important role when providing that a decision
based on its recommendations is taken at an adequate level, is complied with by the relevant
business units and reported in a proper manner to the managerial body, to the risk
management committee and to business units or to support functions.
(3) A credit institution must take proper measures against internal or external fraudulent
conduct and against improper behavior (e.g., breaching of internal procedures, incompliance
with limits).
Art. 47
When necessary, the risk management function must be able to report directly to the management body in its supervisory function, independently from senior management, and to raise concerns and warn that body, where appropriate, where specific risk developments affect or may affect the credit institution, without prejudice to the responsibilities of the management body in its supervisory and/or superior managerial functions pursuant to
provisions of Government Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by Law no. 227/2007, as further amended and supplemented, of this Regulation and of Regulation (EU) no. 575/2013.
Art. 48
(1) The coordinator of the risk management function shall be an independent member of senior management with distinct responsibility for the risk management function. Where the nature, scale and complexity of the activities of the credit institution do not justify a specially appointed person from the superior management members, another person from the persons holding a key-position of the credit institution (senior person)may fulfil that function, provided there is no conflict of interest .
(2) The coordinator of the risk management function shall not be revoked without prior approval of the management body in its supervisory function and shall be able to have direct access to the management body in its supervisory function where necessary.
SUBSECTION 43: Compliance function Art. 49 The credit institution must have an adequately staffed, permanent and efficient compliance function for managing their compliance risks.
Art. 50 (1) The credit institutions shall approve and implement a compliance policy which should be notified to all staff.
(2) The compliance function of a credit institution should provide that the compliance policy is observed, and report to the management body on the management of compliance risk.
(3) In the meaning of para. (2), the findings of the compliance function should be taken into account by the management body within the decision-making process.
Art. 51 The compliance function should advise the management body on provisions in laws, rules, regulations and standards the credit institution needs to meet, and assess the possible impact of any changes in the legal or regulatory environment on credit institutions activities.
Art. 52 The compliance function should also verify that new products and new procedures are compliant with the current legal environment in force and any amendments included in the adopted normative documents whose provisions will be applicable after.
Art. 53 A coordinator of the compliance function is appointed at credit institution level and at group level (the compliance officer or the compliance function coordinator) SUBSECTION 4 4: Internal audit function Art. 54 (3) Credit institutions must have an internal audit function, which shall assess whether the
quality of a credit institutions internal control framework is both effective and efficient. (4) The internal audit function must assess the compliance of all activities and operational
units of the credit institution (including the risk management and the compliance functions) with the credit institutions policies and procedures in this regard, the internal audit function must not be combined with any other function.
(5) The internal audit function must also assess whether the existing policies and procedures remain appropriate and are in compliance with the legal and statutory
requirements. Art. 55 With no prejudice to provisions in art. 60, the internal audit function shall be organized as per regulations issued by the Romanian Chamber of Financial Auditors.
Art. 56 The internal audit function should have unlimited access to relevant documents and information in all business and control units.
Art. 57 (1) The internal audit function should verify primarily integrity of processes providing credibility to methods and techniques, premises and information sources of credit institution, used in its internal models (e.g. the use of risk models and accounting expertise).
(2) The internal audit function should also assess the quality and method of use of qualitative tools for identification and assessment of risks.
(3) The internal audit function should not be directly involved in the design or selection of models or other risk management tools.
Art. 58
(1) The internal audit function should report directly to the management body and to the audit committee its findings and proposals concerning the material improvement of internal controls.
(2) All recommendations provided by the internal audit function should be subject to a formal follow-up procedure by the respective levels of management to ensure and report their resolution.
Art. 59 (1) The management body must encourage personnel within internal audit function to adhere to national and international professional standards.
(2) Activities of the internal audit function must be developed in compliance with an audit plan and detailed audit schedules based on a risk approach.
(3) The audit plan should be approved by the audit committee
Art. 60 (1) The management body of credit institutions may, in case where for performance of internal audit commitments special expertise is required, based on proper fundaments, decide to outsource the internal audit activity only with regard to credit institutions activities, other than those set forth in art. 18 para. (1) letter a) n) in Government Emergency Ordinance no. 99/2006 concerning credit institutions and capital adequacy, approved by Law no. 227/2007, as further amended and supplemented, to the end of performing this activity in co-participation or sub-contracting. When taking this decision, provisions in section V related to outsourcing shall apply correspondingly.
(2) In the meaning of para. (1), performance of internal audit activities in co-participation shall be achieved using, for execution of internal audit commitments, both own personnel activating within the internal audit function, and also external resources.
(3) In the meaning of para. (1), performance of internal audit activities through subcontracts considers situations when an internal audit commitment or only part thereof is performed by an external partner, usually for a limited time period.
SECTION 5: Information system and on-going activities SUBSECTION 51: Information system and communication
Art. 61 A credit institution shall have effective and reliable information and communication systems covering all its material activities. Art. 62 (1) Information systems, including those that store and use data in electronic form, should be secure, independently monitored and supported by adequate contingency arrangements for unforeseen situations. (2) When implementing informational systems, a credit institution should comply with generally accepted IT Standards. SUBSECTION 52: Business continuity management
Art. 63 A credit institution shall establish a sound business continuity management to ensure its ability to operate on an on-going basis and limit losses in the event of severe business disruption
Art. 64 (1) In order to establish a sound business continuity management, a credit institution should carefully analyse its exposure to severe business disruptions and assess (quantitatively and qualitatively) their potential impact, using internal and/or external data and scenario-based analysis.
(2) Based on the assessment in para. (1), a credit institution should have in place:
a) Contingency and business continuity plans to provide that the credit institution reacts appropriately to emergencies and is able to maintain its most important business activities if there is disruption to its ordinary business procedures;
b) Recovery plans for critical resources to enable it to resume ordinary business procedures in an appropriate timeframe. Any residual risk from potential business disruptions should be consistent with the credit institutions risk tolerance/appetite.
SECTION 6: Transparency Art. 65 (1) To the end of providing transparency internally, strategies and policies shall be communicated to all appointed staff throughout the credit institution. (2) Credit institutions staff should understand and adhere to policies and procedures pertaining to their duties and responsibilities.
(3) In the meaning of para. (1) and (2), the management body should inform and update the appointed staff about the credit institutions strategies and policies in a clear and consistent manner, at least to the level needed to carry out their particular duties.
Art. 66
(1) The internal governance framework of a credit institution shall be transparent.
(2) A credit institution shall present its current position and future prospects in a clear, balanced, accurate and timely manner.
(3) The objective of transparency in the area of internal governance is to provide all relevant interested parts of a credit institution (including shareholders, employees, customers and the general public) with key information necessary to enable them to judge the effectiveness of the management body in governing the credit institution.
Art. 67
A credit institution should publicly disclose at least the following:
a) its governance structures and policies, including its objectives, organisational structure, internal governance arrangements, structure and organisation of the management body, including attendances to the meetings thereof, and the incentive and remuneration scheme of the institution;
b) the nature, extent, purpose and economic substance of transactions with affiliates and related parties, if they have a material impact on the institution
c) how its business and risk management strategy is set (including the involvement of the management body) and foreseeable risk factors;
d) its established committees and their mandates and membership;
e) its internal control framework and how its control functions are organised, the major tasks they perform, how their performance is monitored by the management body and any planned material changes to these functions and
f) material information about its financial and operating results.
CHAPTER II: The internal capital adequacy assessment process SECTION 1: Provisions on the internal capital adequacy assessment process Art. 68 (1) The internal capital adequacy assessment process of a credit institution should form an integral part of that credit institutions management process and decision-making culture. (2) In the meaning of para. (1), the internal capital adequacy assessment process of a credit
institution should provide the management body with the opportunity to perform on-going assessment of the credit institutions risk profile and the level of adequacy of internal capital in relation therewith.
(3) The internal capital adequacy assessment process of a credit institution must be formally documented in internal norms.
(4) During the internal capital adequacy assessment process, credit institutions should perform the following:
a) identification, measurement, mitigation and reporting of risks that the credit institution is or may be exposed to, for an on-going measurement and assessment of internal capital requirements;
b) planning and maintenance of internal capital resources required for adequacy of capital to the credit institutions risk profile.
Art. 69 Credit institutions should inform the National Bank of Romania Supervisory Direction with regard to:
a) The method of structuration of internal capital adequacy assessment process;
b) Premises that are used to determine risks, per sectors and types of risks;
c) Sensitivity to risks and confidence levels assigned to risk quantification;
d) Method of aggregation of risks to determine the internal capital requirements.
e) b) Premises that are used to determine internal capital availabilities, including the time period considered in internal capital planning.
Art. 70
(1) To the end of internal capital adequacy assessment process, the credit institution should
identify and asses all material risks that the credit institution is or may be exposed to, including:
a) Risks for which, as per Regulation (EU) no. 575/2013, capital requirements are regulated, including the major differences between the regulated treatment of risks for calculation of minimum capital requirements and the treatment set forth in the internal capital adequacy assessment process;
b) a) Risks that are not fully covered by regulated capital requirements:
(i) risks arising from application of less sophisticated approaches underestimation of credit risk while using the standard approach, underestimation of operational risk while using the basic approach or the standard approach;
(ii) underestimation for non-reimbursement losses in stress situations;
(iii) residual risks corresponding to credit risk mitigation techniques; and
(iv) securitization risks;
(v) risks incurred by credits in foreign currencies awarded to borrowers that are exposed to currency risks.
c) Risks like: interest rate risk for activities outside the trading portfolio, concentration risk, liquidity risk, risk associated with the excessive use of leverage effect, reputational risk and strategic risks. For risks included in this category, credit institutions may use qualitative methods for assessment and mitigation;
d) Risks external to the credit institution, respectively risks corresponding to regulatory, economic or credit institutions business environment, that are not incidental to situations described in letter a) c).
(2) In accordance with the proportionality principle defined in art. 148 para. (2) in Government Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by Law no. 227/2007, as further amended and supplemented, credit institutions should establish the manner and the extent to which material risks are treated in the internal capital adequacy assessment process. Accordingly, credit institutions should establish the risks for which they will determine an internal capital for their coverage as well as those risks for which other methods will be used for their management and mitigation.
Art. 71
Credit institutions shall have an internal capital adequacy assessment process at solo level and, where relevant, at consolidated level, accordingly to the provisions of the title V Consolidated Supervision herein.
Art. 72
The provisions of Art. 149 of the Government Emergency Ordinance No. 99/2006, approved as further amended and supplemented by Law No. 227/2007, subsequently amended and supplemented, shall be applied by the central body of the credit cooperatives both at solo and at cooperative network level.
Art. 73
(1) Credit institutions are responsible for their internal capital adequacy assessment process, as well as for setting internal capital targets that are consistent with their risk profile and their operating environment.
(2) The internal capital adequacy assessment process shall be tailored to the credit institutions needs and it shall use the inputs and definitions that the credit institutions
normally use for internal purposes.
(3) In the meaning of para. (2), a credit institution may use its own definitions for risks and for the materiality level of a risk, albeit that it shall be able to explain these to the Supervisory Direction of the National Bank of Romania, including the methods used, the coverage of all material risks and how the approach used by the credit institution relates to the obligations imposed by Regulation (EU) no. 575/2013concerning calculation of capital requirements.
(4) In the meaning of para. (2), credit institution may use its own definitions for the internal capital and its components subject to the provision of clarifications to the National Bank of Romania Supervisory Direction, specifying the methodology used to determine the internal capital available to the credit institution.
Art. 74
Credit institutions shall clearly establish within the internal capital adequacy assessment process the risk types for which a quantitative measure concerning their assessment, management and mitigation is used, and those risks for which a qualitative approach of these issues is used.
Art. 75
(1) The internal capital adequacy assessment process shall take into account the credit institutions strategic plans and how they relate to macro-economic factors.
(2) In the meaning of para. (1), credit institutions shall develop a strategy for maintaining capital levels, which shall incorporate factors such as: loan growth expectations, future sources and uses of funds, dividend policy and any pro-cyclical variation, within an business cycle, of the minimum own funds requirements regulated according to the Regulation (EU) no. 575/2013.
(3) Credit institutions shall have an explicit capital plan, approved by the management body, which includes at least the following:
a) the credit institution's objectives and the time horizon for achieving those objectives;
b) a general description of the capital planning process and the responsibilities for that process;
c) how the credit institution shall comply with capital requirements in the future;
d) any relevant limits related to capital;
e) general contingency plan for dealing with divergences and unexpected events, such as possible capital increase, restricting business or the use of risk mitigation techniques.
(4) In the capital plan, credit institutions establish as objective an internal level of the capital requirement, considering the risk profile, economic environment in which they operate, the quality of processes of internal control and risk management, strategic plans, quality of the available internal capital, etc.
(5) Credit institutions shall conduct appropriate stress tests which take into account elements such as the risks specific to the jurisdiction where they operate and the stage of the business cycle.
(6) Credit institutions shall use the results of stress testing both in the planning of the available internal capital, and in the determination of the internal capital requirements adequate to the risk profile.
(7) Credit institutions shall analyse the impact that new regulatory framework, actions of
competitors or other factors may have on their performance, in order to determine what changes in the operating environment they could support.
Art. 76
(1) Credit institutions may design their internal capital adequacy assessment process in ways to use approaches such as:
a) use of the results produced by the regulatory methodologies for the calculation of risks capital requirements provided by Regulation (EU) no. 575/2013 and taking into account some risks such as concentration risk, residual risk of credit risk mitigation and securitisation or interest rate risk arising from non-trading activities. In the case of this approach, credit institutions shall demonstrate that they analysed all risks outside the scope of the abovementioned regulation and found them to be absent, non-material or they calculated a capital requirement that is additional to the one set out by aforementioned regulation;
b) use of different methodologies for the different risk types and then calculation of a sum of the resulting capital requirements. To this end, for a certain type of risk, credit institutions may use other methodologies than those used for determination of minimum regulated capital requirements;
c) use of complex methodologies.
(2) Credit institutions shall fundament the extent to which they take into account diversification and correlation effects within the methodology.
(3) If for some risk categories information is not available in sufficient amounts, credit institutions may also use estimates within the methodology.
(4) Credit institutions shall include in their internal capital adequacy assessment process estimates of non-quantifiable risks, if they are material. This requirement might be eased if the credit institutions can demonstrate to the Supervisory Direction of the National Bank of Romania that they have an appropriate policy in place for mitigating/managing these risks.
Art. 77
(1) The internal capital adequacy assessment process shall be based on adequate measurement and assessment processes.
(2) For the purpose of para. (1), credit intuitions must have appropriate policies in place for assessment of material risks, other than those set forth in art. 71.
Art. 78
(1) The credit institutions internal capital adequacy assessment process shall be reviewed as often as deemed necessary, but at least annually, in order to ensure that risks are covered adequately and that capital coverage reflects the actual risk profile of the credit institution.
(2) For the purpose of para. (1), credit institutions shall review their internal capital adequacy assessment process at least in the following situations: changes in the credit institution's strategic focus, in the business plan, in the operating environment or any other factors that materially affect assumptions or methodologies used in the respective process.
(3) Any new risks that occur in the credit institutions business shall be identified and incorporated into its internal capital adequacy assessment process.
Art. 79
(1) Credit institutions shall design in detail the internal capital adequacy assessment process.
(2) The responsibility for initiating and designing the internal capital adequacy assessment process rests with the credit institutions management body.
(3) In the meaning of para. (2), the credit institutions management body shall approve the conceptual design - at a minimum, the scope, general methodology and objectives - of the internal capital adequacy assessment process and the credit institutions senior management is responsible for the details of the design the technical concepts.
(4) The credit institutions management body is responsible for integration of the capital planning and capital management into the credit institutions overall risk management culture and approach.
(5) In the meaning of para. (4), the management body shall ensure that capital planning process, as well as process management policies and procedures are notified and implemented institution-wide and supported by sufficient authority and resources.
(6) The credit institutions internal capital adequacy assessment process the policies, methodologies, assumptions and procedures shall be formally documented, shall be reviewed and approved by the credit institutions management body.
(7) The results of the credit institutions internal capital adequacy assessment process shall be reported to its management body.
Art. 80
(1) A credit institutions internal capital adequacy assessment process shall produce a determination and preservation of its available internal capital at an adequate level in terms of the internal requirements related to the credit institutions risk profile.
(2) In the meaning of para. (1), credit institutions shall report to the National Bank of Romania the level of surplus/deficit of capital resulted from the internal capital adequacy assessment process. The reporting manner, as well as the frequency of transmission, are established by the technical Standard
