67707 Final Version FINANCIAL SECTOR DEPARTMENT TECHNICAL NOTE SLOVENIA CONSOLIDATED RISK BASED SUPERVISION. JULY 2007 THE WORLD BANK FINANCIAL AND PRIVATE SECTOR Joaquin Gutierrez Garcia VICE PRESIDENCY Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Left Blank Intentionally Page 2 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Background Following the request of Bank of Slovenia in 20061, and based on the work program agreed in advance between the Bank of Slovenia (BoS) and management of the World Bank2, a third and concluding mission3 visited Ljubljana from June 4th to 18th., of 2007. The mission continued, through a series of consultations and working sessions, the work initiated in common with its banking supervisors4 regarding consolidated supervision at group level, including assessing group control functions associated to internal governance structures. The work has followed a combination of the risk based supervision (RBS) procedures, developed by the BoS, and a framework for consolidated supervision developed by the mission to expand at group level the scope of these RBS procedures. The supervisory risk assessments and conclusions reached as part of this work remain classified, including associated supervisory actions, as well as all the related material shared with the mission. The framework for consolidated supervision developed by the mission is left to BoS for its suitable integration with its evolving RBS practices and the procedures being tested. The mission intends to use this framework in further country work performed on behalf of the Word Bank. As in previous occasions, the mission wishes to express to management and supervisors of BoS its appreciation for the support and attention dedicated to this common engagement. The mission also wishes to commend the work and professional dedication of the team and its leader Mr. Miha Fila. Purpose This Technical Note5, of a confidential and informal nature, summarizes our recommendations based on the current scope of discussions with supervisors of BoS in charge of supervising the Target Group, including several meetings organized by the latter with management of the parent bank. The Note is organized in three sections. The first section includes a summary of our main recommendations. The second section presents a few strategic issues we noted, which may be of interest to BoS going forward as it implements risk based supervision. The third and last section proposes a series of elements to continue the supervision of the Target Group going forward, including how to assess internal governance in a practical manner. Given the depth of issues involved, and that in internal governance the devil is in the details, on purpose this Technical Note is long in providing detailed recommendations on how to implement consolidated RBS. 1 Per official letter, dated 05-23-06, of former Governor of Bank of Slovenia Mr. Mitja Gaspari. 2 Mr. Samo Nucic, Deputy Governor of Bank of Slovenia in charge of Banking Supervision, and Mr. Fernando Montes- Negret, Director ECSPF, who also participated in the first scoping mission in September 2006. 3 Previous missions took place in September and December 2006. As in those two previous occasions, the current mission has been integrated by Mr. Joaquin Gutierrez, Lead Financial Sector Specialist of the World Bank, also Senior Supervisor Chief Examiner and Manager, in an official leave of absence, from the Banking Supervision Department of the Bank of Spain. 4 Mr. Miha Fila, Senior Supervisor in charge of the supervision of the NLB d.d. Group and parent bank, and Mrs. Vilma Hanzel, Senior Bank Analyst of the later., including also Mrs. Sonja Meserko and Mr. Igor Lajovic, examiners. 5 Annex 1 includes the outline of provisional recommendations shared with Bank of Slovenia in December 2006. A portion of this outline was shared on an informal basis with the president of the Management Board of the Target Group. Page 3 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Section One: Summary. The following summarize our main recommendations as developed further in detail in this note: Regarding BoS's efforts to further develop and implement its risk based supervision strategy: ▫ Formalize the strategy and communicate to the industry its new risk based supervisory approach and assessment framework, including processes and underlying supervisory objectives, as well as the manner in which BoS will reach its conclusions and respond to adverse rated risk profiles. ▫ To support implementation, obtain powers to hold directors of supervisory boards responsible to govern their institutions, to understand the risks run by their activities, as well as to ensure the effectiveness of the risk management and control structures with which their institutions operate. ▫ Include among those powers mechanisms for BoS to promote best standards of business and financial operation and to respond to imprudent management practices, supporting its judgments regarding controls and enabling the desired transition to a more qualitative form of supervision. ▫ As part of the above, identify any gaps and needs to facilitate convergence in standards and practices among different financial supervisors, to gain consistency in risk assessment practices and minimize any regulatory asymmetries, preparing for an eventual future integration. ▫ Adapt the organization of supervision to operate the above processes, ensuring reasonable resources for onsite assessment, enabling for large banks a resident team of supervisors to better understand the risks run, with access to management accounts and systems on an ongoing basis. ▫ Emphasize the role of onsite supervisors, the need to provide them adequate compensation and career development, finding means to bring current skills and numbers closer to a reasonably estimated work load resulting from the migration to risk based Basel II supervision. Regarding the supervisory strategy and activities for the Target Group and other nascent groups: ▫ Based on the existing assessment, adopt a (three) years supervisory strategy for the resident team, and planned target activities, to deepen the assessment of group functions, specially financial and risk control units, to follow up how members and business lines contribute to group performance. ▫ Complete the assessment of the adequacy of the de-consolidation and financial control MIS features to provide granular information to management and supervisory boards about such contribution and where earnings, risks and capital needs arise at group and member level. ▫ Seriously review, and question both boards about, the relegated preeminence assigned to the risk management activities (particularly on credit risk) of the parent versus the activities of group members, and the mandate and resources of the unit in charge, particularly for risk asset reviews. ▫ Require to boards the adoption of tracking systems and pre-notification to BoS regarding any group re-allocation of capital and earnings via inter-group transactions, as well as the effects of any other temporary capital and earnings management schemes. ▫ Require to boards the adoption of policies to assess break even of member units to expected contribution targets, including valuation of franchises and related goodwill, ensuring complete documentation of movements in escrow accounts, asset quality and related financial projections. ▫ Dedicate time onsite to follow up the scope and results of the group internal audit program. Page 4 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Section Two: General Issues. The implementation of a risk based approach to supervision that is compatible with the adoption of Basel II is costly in resources, both for banks and bank supervisors. It has also explicit risks to the supervisor that need to be properly managed, including mechanisms to mitigate expectations and enhance the effectiveness of internal bank and official supervision. This section provides a few general recommendations to deal with these issues as BoS continues developing its supervisory practice, completing its framework of financial oversight towards a more risk based approach to supervision. Our observations are limited in scope, restricted to some issues reported during the latest FSAP Update6, as well as to others that were discussed in that occasion. Authority of Bank of Slovenia under the Banking Law 1. Several amendments to the Banking Law have been adopted recently. Among those originally drafted7, two of crucial importance to supervision were not finally submitted to Parliament. The first has to do with the powers of BoS vis-à-vis the members of Supervisory Boards (SB). The second refers to the authority of BoS to approve ex-ante major investments of a bank, such as the acquisition of a significant or a controlling participation. The lack of specific powers in these two concrete areas may limit the scope of tools available to BoS for delivering supervision in a more qualitative risk based oriented manner. 2. Besides moral suasion, BoS does not have at present effective powers to regulate, license and assess, the fitness and properness of members of the SB. BoS cannot recall their responsibilities, impose penalties, neither bar nor remove its members from office. The only way out for BoS is to request alternative actions to shareholders. Based in the German Law tradition of dual boards, BoS may find that it has limited tools to elicit qualitative responses from the SB, including the adoption of measures to ensure effective implementation of internal governance improvements. This may complicate the evolution towards a more qualitative principles based regulatory system which supports its migration towards RBS. We propose below some specific recommendations to mitigate this issue. Recommendation 1: Compensate the Lack of Powers under the Law ▫ In collaboration with the industry, compile and communicate best standards of internal governance, including alternative arrangements which would better suit the prudential expectations of BoS. ▫ Adopt these initially as standard guidelines, not as regulations, and strive to balance in them the different size and complexity of banks operations and activities. ▫ Use these standards to support the implementation of Pillar 2 of Basel II (risk assessment program).. ▫ Until legal amendments are passed which provide the powers needed, advocate for a more professional and independent composition of the SB, including oversight of the relationships with internal and external 8 auditors, frequency, and scope and depth of meetings, as well as other relevant standards . ▫ Compile and make public a list of imprudent practices (undesirable, not sound) based on frequent gaps found in implementing the above standards (to mitigate legal risks in implementing RBS under a civil code regime which may restrict the room for supervisory discretion and judgment). 6 See Annex 1 of the Aide Memoir dated September 2004, prepared during the FSAP mission that took place in November 2003. BoS has advanced several of the recommendations, others not yet. We have not performed a review of the overall status of the issues reported on that occasion. 7 Alter the FSAP of 2003, BSD drafted appropriate proposals which were not considered by the Board of BoS as relevant. 8 See Moody’s, “Best Practices In Audit Committee Oversight Of Internal Audit�, and “on Board Oversight of Risks Management�, including those provided in the most recent report on Bank Governance by Mrs. Sue Rutledge. Page 5 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia 3. BoS cannot prohibit a bank to execute a major acquisition or carry on a significant investment, provided the bank is in full compliance with prudential regulations. There seems not to be a formal regime in place to authorize such transactions which would allow BoS to review ex-ante their risks and associated requirements, including assessing the financial and institutional capacities of a bank to undertake it. These regimes are used to agree/grant supervisory authorization subject to specific supervisory covenants. This limitation may affect the ability of BoS to perform effectively its role as parent-group supervisor. We propose below some specific recommendations to mitigate this issue. Recommendation 2: Agree with Parents a Channel for Early Communication ▫ Agree with parents executing investments an (in)formal protocol for this situation, at least for those cases that involve cross border expansion, which promotes ex-ante notification and consultation with BoS, and which ensures that certain conditions would be fulfilled by the SB of the parent bank and the newly acquired or incorporated subsidiary, including: Satisfactory legal opinion that no constraints apply to the flow of information to the parent bank to fulfill its consolidated supervision responsibilities; Enabling alternative means to ensure the above, and that the parent has access and systems to identify and aggregate risk exposures, related party and intra-group transactions; Commitment by the parent bank to perform an annual group internal audit of relevant subsidiaries; Appropriate risk management controls, specifically for risk asset review, are established to support group wide and local monitoring of asset quality and concentration risks; Access is granted to BoS to periodic management reports of performance by the subsidiaries to the parent (business, financial, risks and institutional development); Amendments in the by-laws of the subsidiary to facilitate consolidated supervision; Ad-hoc additions/reinforcement of external audit work program if, and as, needed by BoS. Supervisory Strategy and the Prospects of Integration 4. The changes in the operational environment pose new challenges to Supervision. Since 2003, the complexity and scope of operations of the Slovene banks have continued to evolve, and major banks, such as NLB and NKBM, have started to expand to neighboring countries or to scale the significance of their activities in other non regulated financial activities. Others banks are planning to merge to acquire further size, probably to follow the same route as the former. At the same time, with the adoption of the Euro, BoS has lost its monetary policy prerogatives and a crucial tool related to supervision –its lender of last resort capabilities. 5. Besides functions related to the operation of the payment and settlement systems, banking supervision is now the main core function of BoS. As in other Central Banks in Europe, these changes will soon lead to questioning its “raison d'être�, its organization and its objectives. This naturally will lead to further debating the allocation of supervision and about whether to integrate financial supervisors into a more cost effective financial oversight watchdog, including how to rationalize the operational structure and costs of BoS in this new environment. 6. These changes provide ground for public and political debate and augment the risks of loss of a well earned institutional autonomy. The outcome of the debate can sidetrack the focus of supervision from facing the challenges posed by these changes. The changes continue to create pressures upon the tight balance between growing work load and available skilled resources As recommended in the FSAP Update, BoS may like to perform an in-depth analysis of its supervisory mandate and objectives, including how to conceptualize and rethink its supervisory strategy and the risks to that strategy.. Page 6 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia The following four sets of recommendations are suggested for preparing BoS to face associated challenges and mitigate potential risks related to the changes that are taking place. Recommendation 3: Promulgate a Public Strategy for Risk Based Supervision ▫ Organize a series of specific internal strategic events to develop a vision and a plan of how BoS is going to face the new conditions, the resources needed and the expectations from the involved stakeholders; ▫ Formalize/announce an updated doctrine for supervision (official and internal to banks) communicating to industry and government how BoS will conceptualize and manage its risks as supervisor; ▫ Review and adopt the already drafted Risk Assessment System (RAS)9; ▫ Emphasize the respective roles and responsibilities of management and supervisory boards aligned to Pillar 2 for Basel II implementation (internal risk assessment to assess capital adequacy); ▫ Emphasize communication with the industry and the means and mechanisms of supervisory accountability associated to render supervision even more transparent and cost effective; ▫ Adopt a framework of output and outcome indicators to assess supervisory effectiveness. Recommendation 4: Link RAS to Risk Accumulation and the Response Regime ▫ Promulgate RAS10 (and existing and planned standards of good financial and business practice) as part of , an overarching Supervisory Process (current draft is internal and would benefit from some additions); ▫ Specify how BoS will conceptualize risk accumulation, how it will assess and rate the adequacy and effectiveness of internal governance (management and supervisory board processes, risk management, systems of internal control, audit and information) –current draft may need elaboration in a few areas;; ▫ Add an explicit regime to make objective how BoS will react at each step to risk accumulation, as well as to the effectiveness of the response by both boards; ▫ Include in that regime the criteria of how BoS intends to escalate its stance before and after reaching the legal triggers for applying the most stringent enforcement actions provided in the Banking Law; ▫ Identify key gaps and needs to implement RAS within the Supervisory Process (people, skills, training). Recommendation 5: Use the Strategy to Risk Fence Political Expectation Gaps ▫ Factor into that Process a regime to manage public expectations that BoS can, and is responsible to, investigate all Parliament requests, or avoid individual failures (discover abuse, fraud and); ▫ Clarify whether or not BoS will be delivering the same intensity of supervision to all the institutions, whether large or small (manage the reputation risk from unexpected/untreated failures); ▫ Make public the costs of delivering the same level of protection to all stakeholders in all the institutions; ▫ Given that BoS does not have all the resources to “promise to� avoid failures, externalize that higher costs that supervision would face in case of being expected to do so; ▫ Shift the costs of internal governance to the SB of larger institutions and to their external auditors; ▫ Differentiate the impact of large and small institutions in case of failure, how the intensity of supervision will be linked to BoS’ risk assessments, and to the “size of the impact� in case of crisis; ▫ Establish a regime of capital augmentation above the minimum regulated (8%) to consider the scale of activities, versus the sophistication of internal bank governance (risk management and controls) 11 , considering the documented capital adequacy assessment (pillar 2) of each bank; ▫ Consider pricing explicitly the costs of supervision and requiring an explicit supervisory fee to defray some/most of the incremental costs of supervision to banks (more people, better prepared, better paid). 9 The Banking Supervision Department of BoS already has developed a robust RAS which is being tested. 10 As soon as appropriate, so that other Slovene financial supervisors are seen behind BoS. 11 As size and complexity augments, the expectation of BoS should be that processes and systems also increase in sophistication and effectiveness, otherwise capital adequacy above the minimum should augment. In this sense, we have the impression that the capital adequacy of the Target Group might be below its acceptable level, if were not by the nature of its major shareholder. Page 7 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Recommendation 6: Prepare to Win Out in Case of Integration ▫ Prepare a strategy for the eventuality of an integration of supervisors to minimize distractions and political interferences, avoid the mistakes made by others, and gain in the game of integration; ▫ Built in the strategy, and into RAS, the possibility to add an additional "actuary-insurance" risk to accommodate a potential integration of insurance/pension supervision activities; ▫ Review other cases of integration into European central banks and select omnibus draft legislation; ▫ Develop a contingency plan for integration, including: coordination of RAS among banking, insurance, pension (and securities), harmonization of legal, regulatory and supervisory practices, identification of cost reduction measures, basis and quantity of supervisory fees. ▫ Develop an initial merger plan to be in the position to lead the process, in case that it materializes. Challenges to Implement Risk Based Supervision: Risks, People, Processes and Remuneration 7. The move initiated by BoS to migrate from compliance to a RBS approach has challenges and risks which need to be considered, whilst the costs-rewards of the migration can only be assessed in the medium term. A process of RBS aligned to the standards of Basel II may need careful review that the legal basis exists for BoS be able to act based on judgments about qualitative aspects --rather than wait to identify lack of compliance with quantitative prudential regulations. Albeit, if powers are not conductive, top management in BoS may not be always prepared to support the judgments of its line supervisors (unsure about whether they are good enough to know and right and, if right, concerned of the consequences and reactions, from government and bankers). Therefore, besides the need to conceptualize and communicate its RBS approach, including allocating sufficient people to implement it, the regime might need built in flexibility and additional mechanisms to manage the risks to the supervisory objectives and existing public expectations of BoS. Recommendation 7: Manage the Risks of Risk Based Supervision ▫ Review precedents 12 and authority currently available to ensure that BoS is empowered to address “sound & safe� issues related to gaps in internal governance (in small, medium and large bank cases);. ▫ Assess the consequences, the risks to the objectives of BoS and the alternatives open to implement RBS even if powers and precedents are not clear; ▫ Consider whether a framework to assess the effectiveness of supervision is needed to strengthen the regime of accountability of BoS, including which elements should integrate that framework13; ▫ If powers are not clear and the expectations are yet to be created, (repeated from before) compile the typical gaps encountered and publish a list on imprudent practices to anchor the doctrine of RBS; ▫ Ensure an audit trail of supervisory assessments to communicate findings and recommendations to supervisory boards (to held them responsible even if the Banking Law does not explicitly binds them); ▫ Bifurcate the risk assessment for large complex institutions and for smaller more simple types14; ▫ Small entities may need a simple rating rather than a complex RAS, since they will not ever have the resources to invest in developing controls, systems, and policies. ▫ Smaller banks pose lower systemic risk and may be left to operate with lower controls provided they have higher target operational capital adequacy ratios and BoS is ready to intervene at crucial points. 12 Legal and related to the assertiveness of its response and enforcement actions (has BoS taken effective action in the past to resolve internal governance weaknesses and with which success and constraints? i.e., SIT, SKB, other cases. 13 For example, an ex-post system for quality assurance, an ex-ante set of indicators of good governance (cost of internal, external and risk management activities per unit of risk weighted asset in the banking sector), as well as other indicators that BoS is doing it well to justify its actions (response obtained from bankers to warnings and requirements from BoS). 14 BoS cannot ask to all the banks the same level of sophistication in internal governance, for example in the sophistication of systems and policies to implement Basel II, or it would impose unreasonable costs to the system. Page 8 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia 8. People are the most important scarce resource for supervision, and more people and skills may be needed onsite already. Of the total headcount (BoS has about 400 staff), the Banking Supervision Department (BSD) has a dedicated force of about 64 persons (16% of total headcount of BoS). Of these, about 26 persons (6.5% of the total headcount) are assigned to supervision activities (onsite and offsite). The remaining staff (38) is allocated to essential functions such as management, licensing and regulation, as well as to administrative support. Given the qualitative jump in skills required by Basle II and the migration to RBS, BoS would like to estimate the incremental work load anticipated, including how the complexity and size of banking operations compares to current resources. We think that there may be the need to bring additional resources to perform onsite assessments of management and control processes, including finding alternatives to utilize in supervision existing resources within BoS. Recommendation 8: Allocate More Staff Resources Where they Are Needed ▫ Investigate other EU central banks’ staff metrics to cope with change, costing and staff acquisition; ▫ Assess the underlying workload and skills required under Basel II and a RBS approach to supervision; ▫ Discriminate between large groups (as NLB, NMLB, Abanka+NG), and other smaller institutions; ▫ Based on the strategy adopted15, review whether to reallocate, and how, staff surplus from other units of BoS to supervision and assess which incremental skills and numbers of onsite supervisors are needed; ▫ Evaluate which alternatives could have Financial Stability to contribute more actively to supervision16 ▫ Identify whether Research & Economics has staff with mathematical/statistical background which can add value to supervision in assessing risks measurement in the field; ▫ Explore other forms of onsite activities (different to traditional examination, not necessarily by bank examiners), and the use of surveys and cross-sector visitations17 to supervise risks looking forward; ▫ For example: periodic assessment of credit underwriting standards for significant loan segments; ▫ If the merger of supervisors materializes, restrict target costs synergies to the latter, not to Supervision; ▫ Dedicate incremental resources exclusively to cover the gaps in resources needed in onsite supervision; ▫ Require changes in audit programs to compensate for work that current resources cannot performed. 9. For large institutions there might be the need to ensure more permanent oversight based on a well documented strategy and the identification of their risk profile. To supervise these entities supervision may need to count much more on the systems and process of control used by the management and the supervisory boards. After identifying and assessing these systems, supervisors should use more frequently the information generated for and used by the boards, even if not perfect. This should include ongoing validation of the programs and outputs of the internal audit and risk management functions which should be periodically followed up. For these banks, the traditional annual examinations are too costly, cannot be performed with the necessary intensity due to resource constraints, and in the current phase of the cycle are less effective to identify solvency-asset quality problems. The focus has to be in assessing the effectiveness of systems and controls to foster good internal supervision by the boards. To stay on top of these large banks, it is time to institute a dedicated team of supervisors exclusively focused in their (quasi) permanent oversight (NLB, NMLB, Abanka+NG, perhaps others). 15 Resources needed to deliver the “promised� intensity of supervision as public good, per bank risk profile or rating, with a given frequency per cycle, number of examinations, duration, scope and extension of the review, frequency, etc. 16 Financial Stability or the Economics Department could help to supervise South Yugoslavia (macroeconomics and operational environment, overall trends in monetary and fiscal policy, trends and performance of local banking systems). 17 For example to review: Basel plans and implementation; practices of governance by SB; stress test practices; risk management, credit, liquidity, other; internal and external audit efforts and practices; etc. Reviews and surveys that would help to support the development and communication of good practices expected from bankers. Page 9 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Recommendation 9: Pay More Attention Onsite to Larger Banks ▫ Consider forming (for the Target Group) a permanent Team of Supervisors (TS) of about five to six permanent persons “managed� by a Team Leader (TL) with appropriate mandate vis-à-vis bank boards; ▫ Planned activities should cover a series of essential routines across the full year; ▫ These activities should be formalized in a written supervisory strategy and resources allotted; ▫ These activities should be supported in the identification under RAS of weak areas, activities less understood of the Target Group, or those where the balance between risks and management systems are judged to be less adequate or effective (i.e., credit risk assessment, control and contribution analysis); ▫ As a routine, quarterly, the TS should review the performance of the parent and the group, the source and contribution to revenues and net earnings, as well as put special emphasis in understanding how the businesses support the performance, including (credit) risk quantification related to those businesses; ▫ The TS should perform its work from within the parent bank; ▫ The TL should be provided with a budget of additional examination weeks for performing ad-hoc target examinations in crucial selected areas or subsidiaries (say 80 additional weeks of examination) ▫ Any additional efforts should come from changes agreed in audit and risk assess review by the parent; ▫ A clear regime should be formalized for the TL to manage the TS and fulfill the supervisory strategy; ▫ The TL should be accredited and have access to all members of the management and SB of the group; ▫ The TL should be given sufficient flexibility to plan and manage the supervision without excessive interference (new urgent ad-hoc tasks requested that could impede to fulfill planned activities); ▫ Monitor unplanned work and quantify its effect upon other tasks agreed in the supervisory strategy. 10. To manage the risks of getting lost in transition to Basel II, IFRS and RBS, the importance of having in supervision good people well remunerated is crucial. People who assess banks onsite need to be well trained and well paid to feel empowered to interact with bank managers and directors. Their dedication requires consistent training, a formal realistic performance assessment system and a career development program. Supervisors that deal onsite with bankers are the eyes and ears of BoS (especially now that supervision is one of the most important functions left to BoS), and deserve careful attention as well as reasonable work programs. If all of this does not take place, the supervisors available to assess banks onsite may get alienated, and the best will sooner or later leave to the private sector, letting BoS at risk. Recommendation 10: Attract to Supervision More Skilled Resources ▫ Review current conditions and practices, and note whether gaps have been accumulated; ▫ Identify reasons and risks for recent turnover, whether work load, salaries or mid term career issues; ▫ Adopt a basic career development plan to have the desired resources in onsite supervision; ▫ Devise a salary comparator to monitor the gap in salaries versus an indicative target; ▫ “Promise� to keep a minimum mid term gap between the target and the actual salaries per category; ▫ Explore means to attract more senior skills in banking to banking supervision; ▫ Use existing skilled resources from other departments in BoS, such as IT, statisticians, and economists; ▫ Pay for experience in banking and for sharing experience onsite; ▫ Consider a system of yearly bonus to compensate Team Leaders in charge of more complex assignments; ▫ For selected areas, contract consultants on a short term basis. Page 10 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Section Three: Forward Looking Strategy for the Target Group. For the first time, BSD has done a qualitative risk assessment at group level of control structures and processes 18 , as well as initiated the review of the systems surrounding the preparation of consolidated financial accounts. This section discusses some issues related to this exercise from the perspective of the Target Group and provides views on how to roll out that work. First, it suggests those areas which should attract more attention during the next supervisory cycle. Second, it proposes to limit traditional full scope examination to refocus existing scarce resources in continuing the discovery/assessment process initiated, which has not ended yet. Third, it recommends institutionalizing a program of periodic quarterly monitoring of group performance, using intensively the outputs of core control functions of the parent (financial control, risk management and internal audit). Finally, it details several ongoing activities regarding the use and continued attention to the reinforcement and design of these control functions, including aspects related to the evaluation of goodwill and the features of financial and management accounts. 11. The supervisors have assessed that some elements of internal governance are still evolving and may lag behind what may be necessary for the dimensions of the group being created. A basic tenet of good internal governance is that the SB ensures management organizes itself in a manner that mirrors the businesses it has selected, deploying systems that enable visualizing how each business (and its responsible management) contributes to financial performance on a risk adjusted basis in order to create shareholder value. Satisfying this tenet promotes the necessary internal supervision by the SB and enables risk-adjusted compensation of management aligned to the interests of the institution’s shareholders. The systems and the organization to support this basic tenet are still evolving in the Target Group, both at parent and member unit levels. 12. The Letter of BoS on Warnings and Recommendations adequately conveyed to the Supervisory Board of the parent bank the gaps identified. The organization of its management to mirror the group’s selected businesses, and the systems that control and visualize contribution, still need further development and realignment. From our point of view, among the elements reviewed, there are four crucial components of internal governance where BoS would like to see further progress in order to satisfy its evolving prudential standards. These include the management information systems (MIS) at group level, the system for consolidated accounting, the means for financial control and the arrangements for risk management --most concretely credit risk review and associated controls of lending and concentration limits. 13. We recommend that, going forward, the manner of delivering supervision to the Target Group is adjusted. It should be performed by a dedicated Team of Supervisors. It would need to focus on continuing the discovery work initiated. The work of the Team should be formalized in a strategy with concrete objectives and trigger points. It should be conceived as a process to achieve objectives selected to optimize the resources used in supervising, not as isolated series of event examinations. The strategy should consist of value added tasks to support the objectives, connected to what now appear gaps and unknowns. An overriding priority should be to organize a program of periodic group monitoring from inside the parent based on a protocol agreed with the parent management. These recommendations are expanded in the following paragraphs. 18 Previous examination of internal governance processes during 4Q2006 with recommendations and warnings issued by BoS to the Supervisory Board of the parent bank NLB already processed. Page 11 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia 14. The work performed is the first discovery step in a process of continued supervision which should evolve and gain effectiveness at the pace in which the oversight of the group by the parent progresses. Some areas will need primary attention (i.e., credit risk and the sources of revenues and net income). Others need follow up (i.e., accounting consolidation, once COGNOS is operative)19. Some will require further suasion to elicit progressive openness on the part of management (i.e., financial control). The fact is that the results of this first exercise are important to compile a formal supervisory strategy, for the group and the parent, which provides the thrust for the next cycle including focus into: a) confirming the implications of the gaps that were discovered (i.e. board oversight and MIS); b) assessing progress of the improvements and developments achieved by management (i.e., de-consolidation by COGNOS to enable contribution analysis); c) clarifying the areas of higher risk (i.e., risk assets review in subsidiaries); and d) enabling understanding how financial control is being conducted (i.e., gain access to the full package already available to management). To inform that supervisory strategy, once the Team of Supervisors suggested before is formed and its work program stabilizes, we would recommend focus in the areas that follow. Recommendation 11: Formalize a Supervisory Strategy to Achieve Actionable Objectives ▫ Internal audit program of the parent of the full consolidation process and the allocation to BRIDGE of the local chart of accounts (which seems has not been covered before by internal audit); ▫ Functionality of COGNOS to provide for robust consolidation, including its controls and the de- consolidation features that should enable contribution analysis (more below); ▫ Depth and design of the parallel data base being created to support financial control of the group units, which management has not still disclosed to the supervisors (more below); ▫ Controls enabled surrounding the information of that data base including audit of the source MIS; ▫ Means enabled in COGNOS, in the latter data base, or in other applications to identify, aggregate, control and report large exposures, inter-group (whether eliminated or not) and related party transactions, including credit risk limits at unit, country and group level (and its auditing program); ▫ Reassess the role, authority, resources and programs, of the parent risk management function to independently assess and monitor credit quality in all units, including group compensating provisions; ▫ Periodic (quarterly program) monitoring of performance and contribution of the group and its units by using the information of COGNOS and Financial Control (more below); ▫ Document the workload vs. resources dedicated in parent and units to audit (internal and external) and (credit) risk management: i.e., budget incurred and staff head count (hours billed and costs per unit of asset) so that the efforts of the SB in reinforcing independent controls are quantifiable). 15. In developing the supervisory strategy for the next cycle, one would propose adopting specific result objectives that focus on assessing the effectiveness of the response of management and the SB to mitigate the gaps identified. These risks can be those reported officially in the Letter of Warnings and Recommendations to the SB, other items left in the examination report that did not flow to the Letter or the areas that are still not well known or in process of being assessed. Supervision should not be evaluated by the number of examinations performed on the above suggested or other alternative areas, but assessed in terms of achieving the objectives selected (or confirm that the response does not do so). After selecting the objectives, it would be appropriate to identify a set of trigger events. 19 Besides the work performed on internal governance at group level, the examiners have been engaged into other important examination work, including group capital adequacy review, review of Basel II implementation plans, and ad- hoc work in key subsidiaries, leading to reasonable changes in the original plans, including judicious reallocation of time, resources and priorities. All of which are important but take time and absorb resources. Page 12 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia 16. Given that the Target Bank and its group are systemically important, if these trigger events materialize, then the intensity and stance of supervision should be escalated, including the number and frequency of onsite targeted detailed examinations. The following recommendations indicate some of the plausible result objectives and triggers that one would recommend as an example, some of which would need further specification in the form of measurable metric indicator. Recommendation 12: Focus the Objectives and Triggers of the Supervisory Strategy ▫ Objectives to ensure that internal governance is effective for BoS to minimize its costs and intrusiveness: Deconsolidation by COGNOS allows contribution analysis (risks, capital, margins, net earnings) Credit risk asset reviews of its units by the parent are an effective component of internal governance Credit growth to generate attributable net income is reasonable balanced with sound provisioning Dividend payout by the parent is based on effectively earned economic profits by units and activities BoS has full access to the system of financial control which facilitates and saves costs to supervision ▫ Triggers to require augmented audit and risk assessment efforts and carry additional target examination: No access granted to COGNOS or COGNOS does not enable contribution analysis Credit risk asset review of units continue subdue to earning pressure without SB apparent interest Management continues engaging in marginal temporary measures to manage capital and earnings No access granted to financial control management reports or these reports fail to satisfy needs 17. Limit traditional examinations and rather examine more on an exception basis guided by increased monitoring efforts20. Supervision of the Target Bank should be measured based on achieving measurable objectives, not by the number of examinations. The discovery process has not but started and it would not be effective to rush in doing more and more examinations in units, even in South Yugoslavia. Examinations are costly and should be performed where needed on a risk based basis. The key issue at this stage is to ensure that the parent control functions do effectively their work so that BoS can rely on them and optimize their use, rather that attempting to supplement them. This should be only possible if these functions work well. The objectives should go then into enabling a recurrent process of monitoring within the parent bank with full access to the information available to the parent management and SB. Recommendation 13: Focus of Surveillance Inside the Parent ▫ Understand the business and plans of the units21, and the targets for contribution to attributable profits; ▫ Focus in units where dividend pay out targets may force lower credit standards and local provisioning; ▫ Monitor sources of revenue and earnings at group versus parent level and dividend policies to parent; ▫ Attest quality and stability of interest and fee income from lending and fee activities versus business done; ▫ Identify units where the gap between local and IFRS provisioning contributes more to group profits; ▫ Ascertain the source of earnings from core vs. extraordinary transactions, including intragroup items; ▫ Focus to identify and question further temporary capital and earnings management measures practices; ▫ Ascertain the depth of reporting for old and new credit, versus lending plans and provisioning effects; ▫ Evaluate credit plans for core segments, loan vintages behaviour, and adherence to sound underwriting; ▫ Compile, assess and reassess credit underwriting now that loan portfolios are growing; ▫ Identify and monitor the quality and plans for largest corporate accounts (contributors to revenues); ▫ Determine units whose net provisioning to average portfolios are below reasonable thresholds; ▫ Focus in units whose core deposits growth below credit growth and require alternative funding; 20 Performed by the Team of Supervisors that we recommend should be formally organized. 21 From where does management plan to deliver the target growth in parent and group pre-provision profits (new South of Yugoslavia units, leasing units, other subsidiaries, parent growth)? Which volume versus spread effect and how do credit provisions compare to trends and plans? How these compare to local market and competitors? Where is the magic? Page 13 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia ▫ For those units, analyze trends in individual accounts and in fast growing segments; ▫ Identify the plans of the parent to audit and risk assess credit and liquidity risks in those units; ▫ Confirm that the programs of these functions duly cover the risk of fast growth in credit activity; ▫ Plan time to review the outcome of this work for significant units in fast growth mode in need of attention; ▫ Guide onsite work in the units with judicious identification of where risks appear to accumulate; ▫ In parallel, strive to assess and criticize credit risk assessment and monitoring by the parent. 18. The supervisory strategy should first concentrate in organizing a program of more intensive periodic follow up monitoring from within the parent. Offsite supervision of the Target Group cannot be performed anymore with the official reporting provided to BoS22. Given its lack of granularity, the latter is already insufficient to understand the performance of the full and the parts. Offsite analysis has to become an “inside of the parent� surveillance program. First, supervisors have to become familiarized and acquire access to the full system of information of units and parent that Financial Control seems to be implementing (see below). Then, three to four selected members of the Team of Supervisors should focus in analyzing that information every quarter with sufficient time and access to the required information and systems. Examination should then focus in clarifying those areas where the parent control functions do not seem to deliver appropriate internal governance, or where risks seem higher going forward (i.e., asset quality that generates the attributable net profits to pay the dividends to the parent). 19. The Team should follow the performance of the whole and its parts using the most relevant information used by management and the SB to actually controlling and governing the parent and its group. Gaining access to such information is not always easy. Sometimes, our efforts backfire and management naturally restricts access or reduces the relevance “substance� of its reports. Periodic monitoring should include a series of steps and be based on a formal protocol agreed with the boards of the parent as proposed in the next paragraph. The following detailed elements can provide support to such a protocol of periodic monitoring. Recommendation 14: Organize Offsite Surveillance Inside the Parent ▫ Quarterly review of consolidated accounts including deconsolidated contribution by units23; ▫ Ad-hoc review of exceptions and abnormalities in adjustments and eliminations; ▫ Disclosure by the parent, and review by supervisors, of extraordinary items and temporary measures24; ▫ Identify, track and clarify transactions engineered to manage capital and earnings; ▫ Review of periodic financial control reports from the units to the parent including management write ups. ▫ Evaluation of summary results of risk assets reviews and internal audit programs; ▫ Compliance reports of units with risk limits and review work by parent of exceptions and breaches; ▫ Confirm the above and then decide where to apply our scarce examination resources; ▫ Compensate any lack of examination resources by requiring audits and asset reviews to parent. 22 This is a common feature in many developed countries regarding large groups. Usually, as a reaction, supervision has started to use selected internal tools and reports at parent level to ensure adequate coverage and updated understanding of business, financial performance, risk metrics, and overall institutional development. 23 Once the application of COGNOS is operative, and the Team understands it and has gained access to its tools for query, for which BoS should agree with the parent a terminal point of access limited to review and analysis. 24 The management of the parent will resist such disclosure. It will tend to restrict the depth of its reports to the SB. The supervisors will be then left forced to screen the systems in search of extraordinary, abnormal transactions, and temporary measures to manage revenue allocation, earnings and capital management. The screen work needs adequate access to core systems and reasonable time to be carried on. Therefore, the best approach would be to include such declarations as part of the protocol suggested in the next paragraph (tell us what is being cooked in the kitchen, or else!). Page 14 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia 20. Periodic monitoring should include the above series of steps based on a formal protocol agreed with the boards of the parent. Such protocol is important to ensure a common language and mitigate gaps in common expectations. Above all, it is management in the parent who must understand and report to the SB, better than as of today, the consistency of business achievements versus financial performance and the selected risk metrics and limits. This has to include adequate implementation of the necessary internal institutional development to allow the units self sustainable delivery of growth in risk-return value. It is the responsibility of the SB of the parent to oversee that management reports them in such a manner, which today does not entirely seem to be the case yet. Accordingly, internal governance could be said to have reached good practice only when management and the SB achieve that and management explains and controls internally how the different businesses and units contribute to risk adjusted performance targets. The following proposes the recommended structure of the surveillance program “inside� the parent bank. Recommendation 15: Enable a More Structured Periodic Review ▫ For significant business lines25 and units at group level, on a periodic basis (quarterly and semiannually) Business evolution: Metrics of underlying business volumes and consistency with plans and markets. Financial performance: Contribution of volume and rates to margins and pre-provision profits. Risk metrics: Measures of risks incurred, input in pricing and provisioning efforts vs. targets Institutional development: Progress in reinforcing service delivery, systems and controls. 21. The current financial accounting consolidation package (Clime) is being substituted by another package (Cognos) which is being tested and will need to enable de-consolidation analysis. This analysis is essential to management and BoS for understanding and analyzing the contribution to the group by each unit in terms of volumes, margins, capital and earnings, net of adjustments and eliminations. This allows identifying where are located the activity, the earnings and the capital value of the group26. De-consolidation analysis is crucial to understand the quality, trends and location of pre-provision and attributable profits, of goodwill, and capital and consolidation reserves. The current system of reporting to BoS does not require banking groups to report the synthesis of consolidation in a manner that allows such deconsolidation analysis. For larger organizations such as the Target Group, BoS would need to access internally that information to periodically review and assess group performance. 22. The current package to prepare the group financial accounts (Clime) seems to have, in principle, the necessary information to produce more granular reports than the ones used till present on contribution by each consolidated member. Yet, in the absence of the appropriate programs, the de-consolidation process requires today a lengthy manipulation process upon the journals of consolidation in other to reconcile the movements of consolidation reserves, goodwill, and other consolidation accounting differences. Nevertheless, instead than programming the necessary reports, management decided to install a new package (Cognos) that is already being tested, that will run in parallel by June and substitute Clime next December. A potential major advantage would be the possibility of automatic interface and cross validation with the database developed by Financial Control. The following recommendations summarize the work program that we suggest in this area to optimize the use of Cognos for prudential supervision. 25 Including the parent. 26 But, not necessarily the risks, for which additional systems for risk management and financial control are essential. Page 15 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Recommendation 16: Audit, Access and Use of Cognos by Supervisors ▫ Agree with management access to BoS examiners to the training session in Cognos that are taking place; ▫ Also, secure that examiners will have authorization to access Cognos for query and analysis; ▫ Ensure understanding of the functionality of Cognos, specially its controls and deconsolidation; ▫ Ascertain when the full process of consolidation, including Cognos, will by subject of internal audit; ▫ On an ad-hoc basis, for selected countries, review the tables allocating internal to Cognos accounts; ▫ Focus in the correct allocation of net worth, earnings, accruals, provisions, fees and transitory accounts; ▫ Identify where and how asset quality classifications, whether internal or regulatory, will be reported27; ▫ Review, for a selected country, the adequacy of the consolidation process to learn its mechanics; ▫ Identify in the process key codes and steps to search later for temporary capital/earnings measures; ▫ Confirm the presence of controls of data entry that are consistent with those suggested as procedures28; ▫ Follow up and discuss with management the type and format of periodic automatic reports from Cognos; ▫ Agree the formats of periodic reports that suit the surveillance needs of BoS: Changes in net worth by unit and reconciliation of its local vs. corporate components; Reconciliation of movements between dates of goodwill and consolidation reserves; Changes in provisions between dates and reconciliation of changes to corporate IFRS mode; Inter-group transactions and economic P/L eliminations, including subjacent transactions; Allocation of overheads, management fees and other internal redistribution (costs, revenues, profits); Changes in asset quality classifications, arrears, re-aged and tagged trouble loans restructured29; Changes in intangible, foreclosed and amortized write off assets; ▫ Obtain and review the risk assessment and working papers of external auditors for 2006 under Clime; ▫ Follow the complete set of review steps in the procedures prepared for BoS. 23. The financial control function of the parent is developing a database to warehouse additional information to the financial accounts which has not still been disclosed to BoS. Financial Control has an ambitious project to compile information from units and business lines, including essential information to implement Basel II. Part of the information is being already used to report to the SB. But, what is reported lacks granularity and fails to explain how the business growth supports financial performance and its contribution to risk and its metrics. These metrics are few and elemental. Actual versus plan is not discussed, and no comments are provided on core pre-provision profits versus extraordinary and non-recurrent items. Moreover, no explanations are provided on volume versus rate mix and their effect on gross and net margins. There are not references to competitors, market share, and the general evolution of the local banking system. The reports are cut and pasted tables that do not explain what is going on. 24. The SB must be better informed of the risks assumed to deliver the attributable earnings to the group, what business underlies these earnings and how they are achieved. In turn, the BoS needs to have access to the bulk of the reports and information being warehoused to be able to supervise the Target Group. Yet, as discussed before, gaining access to such information is not always easy. Therefore, BoS has to proceed carefully to ensure that supervisors will be supervising with the same information as management is managing and reporting to its SB, except that with a balanced coverage and depth of analysis (on a sensible risk based basis). The following recommendations summarize the approach and work program that we suggest in this area. 27 So far, it is unclear who and how in the parent is developing a systematic process to warehouse and monitor this data. 28 The procedures to review the accounting consolidation process provided to BoS by the World Bank, which once Cognos is operational should be passed on order to review the accounting consolidation process for selected units; 29 If these information is not captured in Cognos, it must be captured in the parallel database being warehoused. Page 16 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Recommendation 17: Access, Assess, and Use Financial Control Information by Supervisors ▫ Management of BoS to agree with the parent bank access to all the relevant information captured; ▫ Initially, restrain from criticizing the scope of the data, its accuracy and its reconciliation to systems; ▫ Obtain copies of the database/warehousing system to evaluate the scope of information to be captured; ▫ Ascertain the pace of data population, sources, controls and granularity to complement Cognos; ▫ Identify where are warehoused the periodic reports by local management for periodic follow up; ▫ Identify how the database will interface latter with Cognos and the Basel II addendum; ▫ Find out which metrics of business volume are being/going to be captured. If not, recommend addition; ▫ Ascertain which metrics of credit quality are being/going to be captured to support credit monitoring; ▫ Ascertain whether control of risk limits would be enabled under this system or how it would be done; ▫ Evaluate which metrics for other risks would be captured (i.e., stability and terms of deposits/funding); ▫ If the above three types of metrics are missing: ascertain which alternative means are in operation; ▫ If no systems are in place: criticize openly this important gap in controlling the group risk activiries; ▫ Later on, ascertain whether data entry is adequately controlled and which validation tests are built in; ▫ Further follow the complete set of review steps in the procedures prepared for BoS by the World Bank. 25. Risk asset review by the parent risk management would seem to lack an appropriate role, the authority and the mandate, as well as sufficient means to control the risks of the current expansion. Risk management, and more specifically credit and liquidity risk management, is a crucial pillar of internal governance. The in-depth assessment of credit risk management has not been performed yet. But the initial impression is that it is not yet well structured at group level, as it might seem to be in the parent bank, especially in the new units in South Yugoslavia and in the leasing activities. Although ALCO at group level was formed last October, risk management as a group function seems fragmented, and it does not seem to have the necessary stature and preeminence necessary to govern an already large group. There might be, though, subjacent organization issues. 26. Management seems under pressure to deliver growth in volume to achieve growth in earnings and (credit) risk management is a second order priority30. Anecdotic discussions with staff of the parent of the Target Group suggest that the SB does not appear to be concerned about risks as much as about growth, and that the unit in charge, whilst knowledgeable, is conscious of its secondary role. The activities in South Yugoslavia, are already significant as a whole (11%) and their contribution to pre-provision profits unclear, given that Climb cannot de- consolidate net of intra-group transactions. Albeit, there is a major but: it would seem that, at the consolidated level, the provisions made under local rules are freed when adjusted to IFRS, as estimated by the local units at entry in consolidation, without active control by the parent RMF. This may create artificial earnings at group level that should not be accepted by BoS. The review of credit risk and liquidity management at group and parent level will need further assessment and continued attention. The following recommendations, limited to credit risk31, can help to center the objectives of this crucial aspect. 30 We have already noted that neither in the group strategy and its annual plans, nor in the reporting to the SB we have been able to find a clear trace of the metrics of risk and the risk appetite that the SB has established for managing the expansion and the overall group activities. Current reporting to the SB on risk is anecdotic and poor. 31 Although we did not discuss the topic, our initial reaction is that the information gathered for liquidity risk monitoring is not adequate (stock ratios, instead than flow measures based on deposit mix, stability and other relevant market features). It would appear that the parent is already supporting actively credit growth above core deposits in some units. Page 17 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Recommendation 18: Accentuate Surveillance of Credit and Liquidity Risks. ▫ Dedicate two members of the proposed Team of Supervisors to monitor credit, and then liquidity, risks; ▫ Plan for about 80 staff weeks (two supervisors) per year32 to be managed by the Team Leader suggested; ▫ Perform as soon as possible an in-depth review of the organization and processes of risk management; ▫ Focus on substantive governance issues: mandate, authority, processes, limits, controls, MIS enabled; ▫ Ensure that the database of Financial Control or other alternative means will warehouse the data needs; ▫ Confirm or discard the initial impressions that (credit) risk management is subdued to management/SB; ▫ Mitigate the risk that the risk management function (RMF) is merged under Financial Control; ▫ Consider requiring that the RMF is elevated in authority within the overall organization structure; ▫ Consider requiring that a formal matrix reporting line is set from RMF in units to RMF in parent; ▫ Ensure that RMF has corporate mandate to review, reclassify and order provisioning; ▫ Prohibit freeing local provisions at parent consolidated level to create artificial earnings under IFRS; ▫ Ensure that RMF has a robust itinerant risk assets review team motivated to review credit in the units; ▫ Ensure that management of RMF has input in determining local risk managers’ compensation; ▫ As for internal audit, the incremental staff needs should be factored and acquired or transferred; ▫ Ascertain/compile the structure of group’s and its units lending limits and how is controlled by whom; ▫ Urgent review is required of systems at group level to manage credit risk concentration and limits; ▫ For further guidance see the steps in the procedures prepared for BoS by the World Bank. 27. Goodwill recorded in the consolidated accounts is not excessive in principle, but does not appear well documented and the tests of impairment are not well substantiated. The group has about € 70 millions invested in goodwill which represents about 9.5% of tier I capital of the group and 23% of total investments at book value of the parent. Whilst supervisors have not carried yet a review of valuations, price to book values would not appear disparate, except in those units whose market share premium is negligible (i.e., Serbia). Price to expected earnings multiple ratios were not calculated 33 . The policies and procedures of the parent to assess impairment of goodwill would need better articulation, especially regarding break-even/pay-back expectations, including dividends policies versus expected rate of return (ROR). Considering the pressures to management to deliver growth in earnings, the review of risk assets by the parent of the credit growth in its units becomes more important. 28. The documentation of the initial valuations seems scattered, due diligences were carried on with some rush, and the alternative free cash flow valuations available were those made by the sellers. The free cash flow valuations by the buyer have not been produced yet to the supervisors. An anecdotic review of two acquisitions seem to indicate that asset reviews did not result into substantial reclassification of loans and additional provisioning that one would expect. The asset listed in the reserve escrow accounts34 could explain that. Although, the details of the escrow accounts have not been produced and, in the last acquisition it does represent less than 10% of the total price35. The underlying parameters of the annual projections to test impairment of goodwill have still not made available to the supervisors, who would like to pursue these issues later, based on the list of questions propose by the mission to management in the parent as per the recommendations that follow. 32 The overall envelop of weeks available to the Team of Supervisors should be well estimated. Initially we thinks that should be about six team members (management by Team Leader, group analyst in charge, )and 80 incremetal weeks 33 Market comparators of price to book values are deceiving when franchises are in high demand. Price to multiple earnings ratios are what buyers look for. 34 The reserve escrow accounts and their covenants are the legal vehicle to adjust the price ex-posts 35 Our limited experience indicates that in emerging countries, classified assets moved to the escrow account oscillate between 20% to 30% of the price paid. Page 18 of 19 Technical Note on Consolidated Risk Based Supervision Restricted and Confidential for the Sole Use by Bank of Slovenia Recommendation 19: Compile Essential Information and Review In-Depth on the 3rd. Aniversary. ▫ Determine which materiality and relevance attaches BoS to these issues; ▫ Based on the above, plan when to review again acquisition, goodwill impairment and related policies; ▫ As an assumption, consider break-even to take place by the 3rd anniversary after acquisition; ▫ Consequently, plan to review in depth goodwill of material units at that point in time; ▫ As soon as feasible, request to management discussing the list of questions left by the mission36; ▫ Inquire again about the specificities of the relevant criteria (break-even, pay-out, required ROR; ▫ If the required ROR is linked to the cost of capital of the parent bank, obtain updated calculations; ▫ In the meantime, compile essential information on each unit as suggested by the mission, including: Original due diligence report, list of classified assets and adjustments to provisions; List of assets sent to the reserve escrow account and a copy of the relevant governing contract; Initial assumptions and worksheet of the first projection and valuation made by parent (not sellers); Subsequent annual projections and valuation to test impairment of goodwill; File copies of the models used with formulas to understand and validate its mechanics; Major reorganization, asset clean up and restructuring made in the unit after acquisition; With this information, create a permanent file for each significant unit for future reference. ▫ Periodically (after the 3rd. year) attest how achieved actual contribution compares to original plans; ▫ Notice changes in growth and interest spreads planned and achieved; ▫ Look for unplanned non-recurrent transactions (and counterparties) to beef up value and free cash flow: Tax breaks, assets sales and revaluations, loan recoveries, and provisions freed after acquisition; ▫ Ascertain whether the contribution achieved compares with the original plan and reasons for deviation; ▫ Based on the results, consider adopting supervisory policy standards to guide work in the area; ▫ Plan to develop or acquire a template spreadsheet to perform alternative contradictory projections. C:\AAfiles\CCS\CCS TEN\C:\AAfiles\COU\COU SLO\Slovenia 2007JUN Governance and Consolidated Supervision Final Note.doc 36 After the review of two cases of acquisition, and the documentation available in English, the mission prepared a list of questions that were discussed in a meeting with management of the parent bank. No further documentation or clarifications were obtained in that meeting or after it. Page 19 of 19