WP/15/200
IMF Working Papers describe research in progress by the author(s) and are published to elicit comments
and to encourage debate. The views expressed in IMF Working Papers are those of the author(s) and
do not necessarily represent the views of the IMF, its Executive Board, or IMF management.
“But we are different!”:
12 Common Weaknesses in Banking Laws, and What to
Do about Them
By Wouter Bossu and Dawn Chew
© 2015 International Monetary Fund WP/15/200
IMF Working Paper
Legal Department
“But we are different!” 12 Common Weaknesses in Banking Laws, and What to Do
about Them
Prepared by Wouter Bossu and Dawn Chew
Authorized for distribution by Sean Hagan
September 2015
Abstract
Well-designed banking laws are critical for regulating the market access and operations of
banks, as well as their removal from the market in case of failure. While at a financial policy
level there is a broad consensus as to the content of banking laws, from a legal perspective
their drafting often leaves something to be desired. In spite of what is often argued, the types
of weaknesses of banking laws are hardly country-specific; many weaknesses are shared by
many banking laws. This working paper discusses those weaknesses and ways to remedy
them, by focusing on a selected set of legal policy principles.
JEL Classification Numbers:
G21, G28, K22, K23
Keywords: Banking Regulation, Policy Analysis
Author’s E
This Working Paper should not be reported as representing the views of the IMF.
The views expressed in this Working Paper are those of the author(s) and do not necessarily
represent those of the IMF or IMF policy. Working Papers describe research in progress by the
author(s) and are published to elicit comments and to further debate.
3
Contents
Abstract ..................................................................................................................................... 2
I. Introduction ........................................................................................................................... 4
II. Scope and Definitions .......................................................................................................... 6
III. Objectives, Functions and Legal Powers of Supervisor ................................................... 10
IV. Legal Nature and Hierarchy of Secondary Regulatory Instruments ................................. 13
A. Legal Nature ................................................................................................................... 14
Binding Secondary Instruments ...................................................................................... 14
Non-Binding Secondary Instruments .............................................................................. 15
B. Hierarchy of Norms ........................................................................................................ 16
Classification of Instruments Issued by Monetary Authority of Singapore (MAS) ... 17
V. Licensing Requirements ..................................................................................................... 18
A. Licensing Criteria ........................................................................................................... 18
B. Licensing Procedure ....................................................................................................... 20
VI. Ongoing Requirements versus Licensing Criteria ............................................................ 22
VII. Corporate Governance ..................................................................................................... 23
VIII. Power to Control Ownership Changes ........................................................................... 25
IX. Market Access by Foreign Banks: Branches vs. Subsidiaries vs. Representative Offices 28
X. Consolidated Supervision .................................................................................................. 31
XI. Sharing of Information and Inter-agency Cooperation ..................................................... 34
XII. Bank-Related Party and Large Exposure Limits ............................................................. 38
XIII. Supervisory Enforcement, Early Intervention and Resolution ...................................... 39
A. Types of Enforcement Measures .................................................................................... 39
B. Link with License Revocation ........................................................................................ 41
C. Role of Sanctions ........................................................................................................... 43
XIV. Conclusion ..................................................................................................................... 44
4
I. INTRODUCTION
1. Over the last 20 years, the IMF’s Legal Department has made a significant
contribution to the development of banking laws in the Fund’s membership. A “back of
the envelope” exercise suggests that lawyers of the Fund have been involved in the banking
laws of approximately 50 countries. This involvement ranges from comments on surgical
amendments to assistance in redrafting entirely new banking laws. (In some countries, the
banking law is a stand-alone type of legislation whereas in others, it is part of the central
bank law, which is often also enhanced with support of Fund staff.) This law reform support
takes place within the context of financial sector surveillance (including through the
Financial Sector Assessment Program or FSAP), the implementation of financial sector-
related conditionality as part of Fund-supported programs, or voluntary technical assistance
outside such programs. Surveillance, financial support to address balance of payments
problems and technical assistance are the three core functions of the IMF.
2. Summarizing the authors' experience in this field, this paper highlights common
weaknesses in banking legislation and suggests solutions.
1
In discussions with country
officials in the context of law reform, the argument is often made that one or more specific
problems with the local banking law are due to the local circumstances of that jurisdiction.
However, our experience has shown that most weaknesses to banking laws are hardly
idiosyncratic to individual countries. On the contrary, many countries share similar problems,
and these are thus really part of a more global pattern. In fact, the shared problems are caused
more by inherent challenges in designing and drafting banking laws than by local
circumstances. This paper will seek to illustrate those common issues, and why the “but we
are different” argument does not always carry weight. Hence the title. To facilitate the
reader’s access to practical examples of the general points made below, the paper will make
manifold references to current banking laws of countries.
2
3. This paper aims at complementing the existing financial policy standards with
specific legal recommendations for drafters of banking laws. Banking regulation is one
field of economic policy-making with a firm international standard: the Basel Committee on
Banking Supervision’s Core Principles for Effective Banking Supervision (September 2012)
(“BCP”) have evolved into the de facto global minimum standard for sound prudential
1
This paper was written while Dawn Chew was on secondment with the IMF. It has benefitted from the
comments of Nikita Aggarwal, Jean Pierre Deguee, Barend Jansen, Ross Leckow, Nicolas Staner, and Virginia
Rutledge. Colleagues from the IMF’s Monetary and Capital Markets Department have also provided invaluable
comments. While the views expressed in this paper are to some extent based upon the authors’ experience as
Fund counsels, the views expressed herein are their own and should not necessarily be attributed to the Fund.
2
These country examples are chosen for illustrative reasons only; the references do not imply that those
countries have received technical assistance of the Fund with respect to their banking law.
5
regulation and supervision of banks and banking systems.
3
As the legal framework is an
important instrument for implementing banking regulatory policy—the policy preferences
established by the international soft law of the BCP must often be implemented through
national legislation—the BCP include many references to banking laws and regulations. The
problem is that the BCP do not always offer sufficiently granular guidance to drafters of such
laws. This is not a criticism, for it is explained by the very nature of the standard, which is
focused on supervisory policy and practice, and not on the law per se. It is also explained by
the fact that the BCP are the result of decision-making in an intergovernmental committee
structure, which entails decision making by consensus, and at times sacrifices clarity for
compromise. Hence there is a need for more specific legal guidance as to what constitutes
good legal practice in drafting banking laws. This paper intends to make a meaningful
contribution to this. This being said, at times the paper will also make suggestions (in
footnotes) as to how the pronouncements of the BCP on banking law itself can also be
strengthened, so as to ensure that policy and law are bound in a mutually enforcing virtuous
circle.
4. The paper is, however, not intended to advocate any particular “one size fits all”
approach. The paper aims merely to give a flavor of a number of selected, commonly
encountered, legal issues that should be addressed in the legislative framework for banks and
raise inherent legal complexities. Thus, the list below is by no means exhaustive in covering
all legal issues pertaining to banking law—e.g. it does not address legal issues relating to the
liability protection of the banking supervisor and their staff, resolution framework or anti-
money laundering—and is not intended to be so. To design a complete legal framework for
banking legislation would entail issues that go beyond the list set out below. Last not but
least, this paper does not enter too much in the pure, detailed technique for legislative
drafting, even though it touches occasionally upon general drafting principles.
4
5. The paper will cover the following twelve selected issues: (i) scope and definitions,
(ii) the supervisory mandate, (iii) the legal nature of secondary regulatory instruments, (iv)
licensing requirements, (v) the distinction and relationship between licensing criteria and
ongoing requirements, (vi) corporate governance, (vii) the power to control changes in
ownership, (vii) the difference between branches and subsidiaries, (viii) consolidated
supervision, (ix) sharing of information and inter-agency coordination, (x) related-party
transactions and large exposure limits, and (xii) the legal distinction between enforcement,
early intervention and resolution.
3
See paragraph 1 of the Executive Summary of the BCP: http://www.bis.org/publ/bcbs230.htm
4
For an overview of legislative drafting in the context of tax laws: see Chapter III of IMF (Ed. V. Thuronyi),
Tax Law Design and Drafting, 1996. http://www.imf.org/external/pubs/nft/1998/tlaw/eng/
6
II. SCOPE AND DEFINITIONS
6. The scope of application of the banking law must be clear and appropriate.
Naturally, banking laws apply first and foremost to “banks”—or “credit institutions” as they
are sometimes referred to—and below we will discuss the importance of defining this
concept adequately. In addition to banks, countries have submitted credit unions, deposit-
taking micro-finance institutions, and lending-only institutions to the personal scope of
application of their banking laws. Recently, policy makers have been considering subjecting
institutions that finance their lending activities through short term financing distinct from
deposits also to the banking law with the aim to address the so-called “shadow-banking”
problem. The exact determination of which types of non-bank financial institutions should
(partly or in whole) be covered by the banking law is a matter of policy. To discuss the legal
ramifications of the possible approaches would require a separate working paper. What
matters here from a legal perspective is that all entities providing banking activities in the
pure sense of the word—lending financed by taking deposits from the public—must be
adequately covered by the banking law.
7. To that end, the design of banking laws needs to distinguish between two related,
but distinct, legal concepts, namely (i) the activities subject to licensing and (ii) the
permissible activities of banks. Many banking laws tend to conflate those two concepts,
which complicates their application.
5
What matters for the scope of the law is the first
concept, and not the second.
Activities subject to licensing—The banking law should require that any person or
entity that carries on a “banking business” obtains a license to do so. Breach of this
requirement should be punished by criminal sanctions. In this context, the question
arises whether the mere taking of deposits from the public should also be subject to
licensing. The answer is affirmative, for with very few exceptions (central banks,
postal check services, and under strict conditions brokers-dealers), only licensed
banks should have the “monopoly” of taking deposits from the public.
Permissible Activities of banks— The banking law should set out what activities a
duly licensed bank is by law allowed to undertake.
6
These activities are additional to
what constitutes the core of banking business (see below), and are as such not
otherwise subject to licensing. Examples of typical permissible activities for banks
5
An example of this problem can be found in Article 54 of the Law 32/1968 concerning Currency, the Central
Bank of Kuwait, and the Organization of Banking Business (hereafter the “Kuwaiti banking law”). The Articles
3 and 4 of the Turkish banking law (2011) are a good example of how this conceptual distinction can be
appropriately reflected in legislation.
6
Some banking laws also include a list of activities banks are prohibited to undertake.
7
are the provision of payment services, the issuance of electronic money, foreign
exchange transactions, safekeeping and vaults, etc.
8. Definitions are critical to determine the personal and material scope of
application of the banking law. To achieve an appropriate scope, the banking law needs to
define with utmost precision who is required to obtain a license to exercise which activities.
Definitions are less important for the permissible activities. What matters is that the activities
which a duly authorized bank is permitted to exercise are clearly listed. It is less important to
define those activities.
7
However, another aspect of banking laws for which definitions are
also important are the main regulatory provisions of the law, such as those on governance,
lending restrictions, and consolidated supervision. These aspects will be discussed in the next
paragraphs, but for now we focus on the definitions pertaining to the scope of the law, which
need to focus on the following two points.
9. First, every banking law needs to define what is considered to be the “banking
business” subject to licensing. The standard practice is to define this concept as “the taking
of deposits from the public and the making of loans on its own account.” This may require
the banking law also to define the concept of “deposit,” which raises the question on the
extent to which this definition in the banking law relies on the definition in the civil code, if
any. (On the interaction between definitions in different laws more generally: see below) In
that regard, one should bear in mind that deposits of money with a bank are legally not
deposits, but actually loans—the bank has contractually the right to use the deposit funds by
lending them on. Hence the need for a sui generis definition of “deposits” in the banking law.
Establishing the precise contours of that definition may be hazardous: a too broad definition
may improperly include ordinary borrowing and the issuing of bonds and commercial paper,
while a too narrow definition may open the gates for regulatory arbitrage and evasion.
10. Secondly, definitions need to ensure that the scope of the banking law covers
both individuals and corporations. Requiring only a “company” or “entity” that carries on
banking business to be licensed is insufficient, as it leaves open the possibility that banking
business be carried out by an individual or a non-corporate entity, without running afoul of
the licensing requirement.
8
The law needs to be clear that all individual persons as well as
corporations and non-corporate legal entities can be caught by the relevant provision. This is
achieved by (i) requiring that any “person” exercising banking business or otherwise taking
deposits from the public is subject to licensing and (ii) defining “persons” as both natural and
7
BCP 4 requires the permissible activities of institutions that are licensed and subject to supervision as banks to
be clearly defined. From a legal perspective, this appears to require too many definitions than may be necessary.
8
Section 7A (f) of the Bangladeshi Bank Order highlights this issue.
8
legal persons. If it is the policy intent to only allow corporate entities to hold a banking
license, this should be stated as a qualifying license criteria,
9
and not through the definitions.
11. The core definitions should be enshrined in the banking law itself. As a legal
matter, definitions that shape the personal and material scope of application of a primary law
cannot, and should not, be provided for in secondary regulation; their place is in the primary
law.
10
This does not mean that some more detailed aspects of certain central definitions
cannot be elaborated upon in secondary regulation.
11
As regards the more operative
definitions (e.g., “exposure,” “subsidiary,” “bank-related party,”), there is more tolerance for
inserting them in secondary regulation. This being said, the overall legal certainty and
transparency of the banking law would be served by putting most operative definitions in the
primary law itself.
12. In spite of their criticality, many banking laws lack relevant and robust
definitions. The extent to which terms used in the law are defined differs between legal
traditions. Our experience has shown that the extent to which terms used in banking and
other financial sector legislation are defined differs between common and civil law traditions,
with the former generally defining more terms and the latter sometimes relying on definitions
already found in the Civil or Commercial Codes. This being said, this difference should not
be overestimated: civil law banking laws increasingly include a list of definitions,
12
and many
common law banking laws refer to definitions enshrined in other laws.
13
Be that as it may,
our experience is that, both in civil and common law traditions, definitions are however often
overlooked in banking laws.
14
9
See for instance Article 56.1 of the Kuwaiti banking law, Article 7 a) of the Turkish banking law, and Article
5.2.d of the Rwandan banking law of 2008.
10
The prescriptions of the BCP with regard to the legal establishment of definitions could be stricter. For
instance, the Essential Criteria (“EC”) 1 of BCP 4 requires the term “bank” to be clearly defined in laws or
regulations. We would, however, advise that in the interest of legal certainty such a fundamental definition be
clearly set out in the law, as a primary legal instrument.
11
Section 978(d) of the Canadian Banking Act for instance authorizes the Governor in Council to issue
regulations to “to define words and expressions to be defined for the purposes of this Act.”
12
See for instance Article 3 of the Belgian banking law of 25 April 2014.
13
A good example of the latter point is Section 2 of the Reserve Bank of New Zealand Act 1989, which
includes references to the Companies Act 1993, the Insurance (Prudential Supervision) Act 2010, and the
Financial Markets Authority Act 2011.
14
A good example of circular definitions are the Financial Institutions Act 1998 of Solomon Islands, which
includes in Section 2(1) definitions for banks and financial institutions, with the latter being defined as a “body
corporate doing banking business,” and Egypt, where “banking business” is defined in the Law Nr. 88/2003 on
9
13. A second concern is that definitions should be consistent with one another and
consistent across various interconnected laws. The need to have internally consistent
definitions within the banking law is self-evident. A common example is the definitions of
“parent companies” and “subsidiaries”. These two definitions should be flipsides of each
other, but many banking laws do not necessarily draft them as such. Secondly, as the banking
law is typically only one of many relevant laws (e.g. company law, competition law,
consumer protection law, insolvency law) that are relevant for banking regulation, there is a
need to make sure that definitions are consistent across the various relevant laws, at least to
the extent that those laws are indeed interconnected.
15
This problem often arises when there
are definitions of the same term in different laws and, when the definition of a term is
amended in one law, while the similar definition in another law is not concurrently amended.
One way to avoid such inconsistencies would be to only define the term in one law and for
other laws to simply make cross-references.
16
For example, the definitions of “bank” in a
deposit guarantee law can cross-refer to the definition of “bank” in the banking law. This
simple legislative drafting method overcomes the problems of inconsistent definitions in
various laws and having to amend multiple definitions in various laws each time one law is
amended.
14. A third concern is that definitions should not also provide for substantive
obligations or requirements.
17
This is a general rule of legislative drafting technique, but
often infringed in banking and other laws. This rule certainly applies when banking laws
include upfront a single article/section with all or most of the definitions of the law. Such
approach has an advantage from the perspective of legal clarity, although it may complicate
the ease with which the law is read. When, in contrast, the law spreads definitions throughout
its structure, as in the civil law tradition, it is to be expected that definitions and normative
provisions are more closely interwoven.
15. Finally, without compromising certainty, there should also be sufficient
flexibility afforded to regulators to exercise judgment or prescribe additional categories
within the definitions. For example, for the purposes of consolidated supervision, related
party transactions and large exposure limits, terms such as “parent companies”, “banking
the Central Bank, the Banking Sector and Money as “all that is considered by banking tradition as banking
business.”
15
The authors accept that there may be instances where the same term is appropriately defined differently in
different laws. This will particularly be the case when the more specific law serves a narrow and specific
purpose that is not directly connected with the main purpose of the more general law.
16
Another way is to amend multiple laws in a single amending act or instrument (e.g. a statutes miscellaneous
amendment or consequential amendments to various pieces of legislation), rather than amending each law
individually by way of a distinct piece of legislation.
17
Article 2 of the Mexican banking law (Ley de Instituciones de Credito) is a good example of this problem.
10
groups” and “affiliated parties” will need to be defined with the necessary precision (see
below). However, there should be flexibility for regulators to prescribe additional categories
of affiliated parties. A common legal technique would be to set out specific categories in the
primary law, with a residual discretion to the regulator to prescribe additional categories in
subsidiary legislation.
18
In some cases, this technique can even be used in the other direction,
by exempting certain cases from the general definitions of the banking law.
19
III. OBJECTIVES, FUNCTIONS AND LEGAL POWERS OF SUPERVISOR
16. The legal framework should clearly set out the supervisory authority’s
objectives, functions and legal powers.
20
The banking law, as any type of supervisory law,
is essentially a specialized branch of administrative law. This body of law sets out how the
States and its agencies operate, and under which conditions and modalities the rights of
citizens can be constrained by the State. To protect their citizens, in many jurisdictions the
judiciary construes the powers of the State and its agencies narrowly: they have no functions
and powers but those established by legislation (the legality principle). In that light, to make
banking supervision and regulation legally robust, it is imperative that the contours of the
“mandate” of banking supervisory agencies are adequately laid down in legislation. The
mandate comprises the agency’s objectives, functions and powers. The objectives are the
goals that the supervisory authority aims to accomplish (the “why” of the regulator’s
mandate). The functions (or tasks) are the activities that the supervisory authority should
undertake to attain these goals (the “what”). The powers are instruments and tools (the
“how”) the supervisory authority will need to achieve its objectives and perform its
functions.
17. Many banking laws do not adequately specify the objective of banking
supervision and regulation. To offer an effective anchor for supervisory decision making,
including in the context of accountability exercises of autonomous supervisors, a clear
statement of the supervisory authority’s overall objective in supervising banks should be
specified in the primary law. An alternative approach is to cast the objectives as those of
18
As illustrated by Article 1 of the Iraqi banking law of 2003.
19
See Article 3.30 of the Belgian banking law, which authorizes the supervisory authority to exempt certain
banks from the qualification as “significant” even though the balance sheet threshold established in the primary
law is met.
20
The BCP require that the responsibilities and objectives are clearly set out in the law. EC 1 of BCP 1 requires
that the responsibilities and objectives of the authority involved in banking supervision are clearly defined in
legislation and publicly disclosed. BCP 1 also requires that there is a legal framework in place for the authority
to be provided with the necessary legal powers to authorize banks, conduct ongoing supervision, address
compliance with laws and undertake timely corrective actions to address safety and soundness concerns.
11
banking supervision per se, instead of as objectives of the supervisory authority.
21
Common
supervisory objectives include to promote the safety and soundness of banks and the banking
system and to protect depositors.
22
The drafting of supervisory objectives often raises the
following three complex legal points:
Some jurisdictions may assign other objectives to banking supervisors, such as the
development of the local financial sector.
23
It is however important to ensure that such
other objectives are legally subordinate to, and do not conflict with, the primary
objectives of financial stability and depositor protection.
24
The primary supervisory objectives should also be phrased in an achievable manner.
To phrase an objective as “to prevent bank failures” is unrealistic and conducive to
“moral hazard” problems. In this regard, the BCP clearly state that it should not be
the objective of banking supervision to prevent bank failures. However, an (implied)
objective of banking supervision should be to reduce the probability and impact of a
bank failure, so that when a failure occurs, the failure can be managed in an orderly
manner. This could be achieved by the new supervisory tool of “Recovery and
Resolution Planning.
A final point is that the primary objectives of banking supervisory authorities should
be read in their broader institutional context. For instance, the financial stability
objective of a separate supervisory authority should be read in conjunction with the
central bank’s objective in this regard. In a similar vein, the depositor protection
objective must be considered in light of the depositor guarantee scheme.
25
18. To enable the supervisory authority to pursue its objectives, there should be a
(set of) corresponding statutory function(s). For supervisory authorities that are not
central banks, these functions can easily be discerned from the banking law, and are
generally not specified as such in legislation—in contrast to the objectives and powers. The
reason for such approach is that banking supervisors have few and straightforward functions.
21
See for example Article 1.2 of the Belgian banking law.
22
See for instance Article 1 of the Turkish banking law and Article 56, second paragraph, of the Central Bank
of Russia Act. Section 6 of the 2013 Malaysia Financial Services Act also offers an interesting approach: the
Act first sets out the promotion of financial stability as the “primary regulatory objective of the Act,” and then
sets out some intermediate objectives, such as the safety and soundness of financial institutions and the
protection of rights of consumers of financial services.
23
See for instance Article 3 of the Central Bank of Russia Act, which entrusts the Central Bank of Russia with
the objective to “develop and strengthen the banking system of the Russian Federation.”
24
See BCP 1, EC 2
25
E.g. a depositor protection objective does not imply that no depositor, whatever is the size of his deposit,
should ever suffer a loss due to a banking failure. Coverage under the deposit guarantee scheme up to a certain
amount gives an indication of the amounts up to which deposits are socially “worthy” of protection.
12
This issue is more relevant for those central banks that are also banking supervisory
authority, since they are charged with a great many functions. To offer clarity in this regard,
central banks laws often set out a comprehensive list of functions in a single legislative
provision. If that is the case, such a list should ideally also include a supervisory/regulatory
function.
26
A good way to draft such a function is to charge the supervisory authority with
the succinct function “to regulate and supervise banks and other financial institutions.” An
alternative is to draft the regulatory and supervisory function in somewhat more detail,
27
possibly even in the banking law instead of in the central bank law.
28
Whatever approach is
taken, such a function should be clearly distinguished from the objectives of the central bank-
cum-supervisory authority, given that they play legally very different roles.
29
19. The legal framework should also be clear as to whether the supervisory
authority has powers to pursue the statutory objectives. Does the supervisory authority
have the legal powers to pursue the statutory objectives (e.g., powers to issue regulations, to
set prudential standards, to grant and revoke banking licenses, to take corrective action,
impose sanctions etc.), or does the power reside with another authority or agency? Ideally,
the supervisory authority should also be the licensing authority and be able to issue
regulations and take supervisory decisions autonomously. However, constitutional or
administrative law may constrain the level of involvement of autonomous (i.e., non-political)
agencies in general or individual normative decisions, and require a degree of involvement of
political bodies in the establishment and enforcement of banking and other forms of
regulation. For instance, in some countries, the supervisory authority may not have the legal
power to issue or revoke licenses
30
or to promulgate secondary regulation.
31
The question is
26
A good example of this can be found in the Law 1/34 of 2 December 2008 on the Statute of the Central Bank
of Burundi: Article 6 states that the central bank has a secondary objective to contribute to the stability of the
financial system, while Article 7 establishes the function of regulation and supervision of banks and other
financial institutions.
27
See for instance Article 4 (5), (7) and (9) of the Central Bank of Russia Act.
28
The Netherlands is an example of where the central bank is the prudential supervisor, but the supervisory
objective and function is established in the banking law rather than in the central bank law: see next footnote.
29
A good example of how this can be achieved can be found in the Netherland’s Law on Financial Supervision.
Article 1:24.1 provides that the objective of financial supervision is the solidity of financial firms and the
stability of the financial system. Article 1:24.2 charges the Dutch central bank with the function of supervision
over financial firms and their access to financial markets.
30
There are still countries where the supervisory authority is not the licensing authority. For instance, in
Malaysia and Kuwait, the central bank is the supervisor, but banks are licensed by the Minister of Finance. In
Italy, the Ministry of Economy and Finance decides on license revocations, upon proposal by the Bank of Italy.
31
In some countries (e.g. USA, Lebanon and Singapore), regulatory agencies have the legal power to
promulgate secondary regulation in their fields of competence. In other countries (e.g. the UK, Netherlands,
Belgium), constitutional principles require that secondary regulation be approved by political bodies
(Parliament, the Government, or Ministry of Finance).
13
of course to which degree this is the consequence of a political choice or, conversely, legal
constraints.
20. From a drafting perspective, the supervisory authority’s objectives, functions
and legal powers should as much as possible be provided by the banking law. This is
particularly relevant for those central banks that are also banking supervisors. When that is
the case, the central bank law should only refer summarily to—and not intend to
summarize—the legal aspects of the bank supervisory regime; this body of law should as
much as possible be comprehensively enshrined in the banking law itself. If the bank
supervisory regime is spread out over two or more laws, the interpretation and application of
the rules will be complicated, for instance due to a higher risk of contradiction and also to
complexities inherent to the contextual interpretation method.
Figure I. Common Objectives, Functions and Powers
21. Finally, effective and efficient bank supervision requires the involved authorities
to have clear mandates, without gaps or overlaps in their responsibilities. Where there is
more than one regulatory authority involved in banking supervision or supervision of a
banking group, the respective roles and responsibilities should be clearly defined in the law.
This is necessary to avoid regulatory and supervisory gaps. Effective domestic inter-agency
cooperation and coordination would also be crucial in such cases (see below).
IV. LEGAL NATURE AND HIERARCHY OF SECONDARY REGULATORY INSTRUMENTS
22. To ensure their effective implementation, most banking laws authorize the
issuance of a variety of secondary legal instruments. It is all but impossible, and moreover
Objectives: To promote the safety and
soundness of banks and the banking
system; to protect depositors
Functions: To regulate and supervise
banks and other financial institutions
Powers: To license banks, conduct
ongoing supervision, enforce laws,
impose sanctions, take corrective action
14
quite impractical, to include all aspects of banking regulation in a single piece of primary
legislation. By consequence, most legislatures have included in their countries’ banking laws
powers for the government and/or banking supervisors to issue legal instruments aimed at
implementing the main banking law. Thus these instruments are “secondary” to the primary
banking law.
23. The legal nature of those secondary legal instruments is often unclear. We are not
concerned here with the powers of the government to issue decree-type instruments as per
general constitutional provisions or principles. Generally speaking, such powers raise few
legal questions. Nor shall we discuss here the question whether banking supervisors ought to
have autonomous regulatory powers per se, which often raises complex constitutional and
administrative law issues (see para. 19), and calls for an altogether different paper. Rather we
are concerned in the context of this paper with the more problematic issue of the “regulatory”
powers granted to banking supervisors to issue regulations, circulars, guidelines, directives,
and similar instruments, the legal nature of which is often unclear. The two most common
questions that arise in this respect concern (i) the binding nature of the instruments in
question, and (ii) their place in the overall “hierarchy of norms.”
A. Legal Nature
24. Banking laws should first be clear as to the legal nature or effect of the
respective secondary instruments issued under them. In doing so, it is critical to
adequately distinguish between those instruments that have direct binding effects on private
entities, and those that do not.
32
Binding Secondary Instruments
25. If a jurisdiction is to have recourse to binding secondary instruments issued by
the supervisor, the banking law itself or another piece of primary legislation should
unequivocally establish the authority to issue such instruments.
33
The manner in which
this is done raises several concerns, grounded in the interaction between the banking law and
administrative and constitutional law. The following four principles apply:
The banking supervisory authority should ensure that it issues its binding secondary
instruments under the categories and conditions foreseen by constitutional and/or
32
The Egyptian banking law is an example of a law referring to a multiplicity of secondary instruments without
defining with precision the legal nature and effect of those instruments.
33
Article 8 of the above-mentioned Law 1/34 of 2 December 2008 on the Statute of the Central Bank of
Burundi gives a good example of how the legal nature of the various secondary legal instruments can be
established. Article 57 of the Central Bank of Russia Act also clearly and unequivocally established the binding
nature vis-a-vis banks of the CBR’s “rules.”
15
administrative law.
34
In this respect, it is often important to distinguish between
binding instruments of general application to all banks (“regulations”), and those that
apply to a single bank (often labeled “instructions” or “orders”). In many
jurisdictions, general and individual normative instruments are subject to different
prescriptions of constitutional and/or administrative law. In our advisory practice, we
have often observed that jurisdictions tend to conflate those two aspects, which may
weaken the legal robustness of those instruments.
Drafters of banking laws must decide whether they will grant the banking supervisor
general executive power over the banking law, or only a specific power to implement
on a case by case basis the provisions of the banking law that need to be implemented
by secondary regulation. Each of those two approaches has advantages and
disadvantages. The advantage of the former is that the supervisor has broad
regulatory powers and can decide to regulate whenever a specific development
requires regulatory action. The disadvantage is that the statutory ground for regulation
is less precise and explicit, which makes the regulation more vulnerable to the
argument that it was established without sufficient legal basis. The latter approach
raises the opposite points.
Banking laws should not create different but similar legal instruments (e.g.
“regulations” and “rules”) if there is no real added value in the distinction. Doing so
would create unnecessary legal confusion that may weaken the legal robustness of
those instruments.
The legal framework should be clear as to how the secondary instruments acquire
their binding effect. To that end, the law should be clear on which decision-making
body of the banking supervisor is competent to issue the instrument, how the
instruments are promulgated and published, and what the consequences of their
breach are.
Non-Binding Secondary Instruments
26. If the banking law provides for non-binding secondary instruments, the law
should equally be clear on their legal effects and nature. If the banking law is silent on
such instruments, than it may generally be assumed that the supervisory authority can issue
non-binding instruments.
35
If however the law establishes such an instrument, then the law
should expressly state that the purpose of the instrument (e.g., a circular) is to merely provide
34
For instance, in the Solomon Islands’ Financial Institutions Act 1998, some secondary rules are not enshrined
in regulations foreseen by the banking law, but rather in so-called “prudential guidelines,” the legal nature of
which is not particularly clear. A similar problem arises in Indonesia, where Article 16.3 of the Act 7/1992
concerning Banking requires Bank Indonesia to “stipulate” licensing criteria and procedures, without clarifying
the nature of such stipulations, whereas Article 20.3 utilizes the clearer category of “Government Regulation.”
35
The “legality principle” only requires an explicit legislative basis for the issuance of binding legal
instruments. This issue is, however, jurisdiction-specific, and different jurisdictions may have different
approaches, also in function of their legal and political traditions.
16
guidance to private entities, so as to avoid confusion on its legal nature. If the legal
instrument is not binding in itself, but still has legal consequences for a supervised entity
(e.g., a warning notice that commences a regulatory delay) or for the supervisor itself, this
should equally be provided for with precision in the law, or at least be clearly determinable
pursuant to the relevant general principles of the relevant jurisdiction. The consequences of
breaching the prescriptions enshrined in non-binding instruments are another issue that may
need to be addressed in the banking law.
27. A particular concern in that regard is that the use of different labels in the
banking law should be consistent with the broader legal framework. For instance, if the
administrative law regime of a jurisdiction recognizes the use of binding secondary
instruments labeled “guidelines,” it would be unwise to refer as “guidelines” to non-binding
legal instruments under the banking law. Conversely, if in a country’s legal tradition
“circulars” are generally used to label summaries of non-binding administrative practice
(e.g., in the field of tax law), it is better not to use the term to designate normative
instruments under the banking law. An example of how a jurisdiction explains to the public
the legal effect (if any) of the various legal instruments can be found in Box 1.
B. Hierarchy of Norms
28. The banking law or broader legal framework should be unequivocally precise on
the place of the secondary instruments in the overall legal “hierarchy of norms.” Most,
if not all, legal systems utilize this concept, pursuant to which all public law acts are ranked
according to a legal hierarchy, entailing that each legal act must be consistent with the legal
acts of a higher rank. If a lower legal instrument is not consistent, judicial review can strike
down the lower, inconsistent legal act, thus rendering it inapplicable and unenforceable. A
common hierarchy looks as follows: (1) the constitution, (2) acts of parliament/congress, (3)
normative instruments (“decrees”) of the executive, i.e. the cabinet as a whole, (4) normative
instruments (sometimes also called “decrees”) of individual ministers/secretaries, (5)
normative instruments (“regulations”) of autonomous regulatory agencies, and (6) normative
instruments of local governments.
36
In designing legal frameworks for banking supervision,
this implies that due care must be given to determining with the highest possible precision
which elements are, or must be, governed by primary law, and which ones may be dealt with
in secondary regulation. Moreover, drafters of secondary instruments should ensure that the
latter are consistent with, as well as grounded in, what is set out in primary legislation, and
are promulgated pursuant to an empowering provision in the primary legislation.
Box 1. Classification of Instruments
36
We note that this is a stylized representation of the concept, and that most jurisdictions will have hierarchies
that differ from it due to, among other factors, their administrative organization (including federal or regionalist
models) and mechanisms for judicial review (some ancient parliamentary traditions do not have judicial review
of the constitutionality of acts of parliament).
17
Classification of Instruments Issued by Monetary Authority of Singapore (MAS)
37
MAS, in carrying out its functions as a regulator of the financial services industry, issues various
instruments under Acts administered by MAS. For the purposes of this website, the following
classification of instruments issued by MAS is adopted:
(1) Acts
The Acts contain statutory laws under the purview of MAS which are passed by Parliament. These
have the force of law and are published in the Government Gazette. Examples are the Banking Act
and Financial Advisers Act.
(2) Subsidiary Legislation
Subsidiary legislation is issued under the authority of the relevant Acts and typically fleshes out the
provisions of an Act and spells out in greater detail the requirements that financial institutions or
other specified persons (e.g. a financial adviser's representative) have to adhere to. Subsidiary
legislation has the force of law and may specify that a contravention is a criminal offence. They are
also published in the Government Gazette. Examples are the Insurance (Actuaries) Regulations and
Finance Companies (Advertisements) Regulations.
(3) Directions
Directions detail specific instructions to financial institutions or other specified persons to ensure
compliance. They have legal effect, meaning that MAS could specify whether a contravention of a
direction is a criminal offence.
Directions consist of the following:
(a) Directives - Directives primarily impose legally binding requirements on an individual financial
institution or a specified person.*
(b) Notices - Notices primarily impose legally binding requirements on a specified class of financial
institutions or persons. Examples are the Notice to Banks (MAS 603) on Branches and Automated
Teller Machines and Notice to Life Insurers (MAS 307) on Investment-linked Life Insurance
Policies.
(4) Guidelines
Guidelines set out principles or "best practice standards" that govern the conduct of specified
institutions or persons. While contravention of guidelines is not a criminal offence and does not
attract civil penalties, specified institutions or persons are encouraged to observe the spirit of these
guidelines. The degree of observance with guidelines by an institution or person may have an impact
on MAS' overall risk assessment of that institution or person. Examples are the Technology Risk
Management Guidelines for Financial Institutions and Guidelines on Standards of Conduct for
Insurance Brokers.
(5) Codes
Codes set out a system of rules governing the conduct of certain specified activities. Codes are non-
statutory and do not have the force of law. However, a breach of a Code may attract certain non-
statutory sanctions like private reprimand or public censure. There is currently a Code on Take-overs
and Mergers (which is administered by the Securities Industry Council), a Code on Collective
Investment Schemes and a Code of Conduct for Credit Rating Agencies. A failure to abide by a code
does not in itself amount to a criminal offence but may have certain consequences.**
(6) Practice Notes
Practice Notes are meant to guide specified institutions or persons on administrative procedures
relating to, among others, licensing, reporting and compliance matters. Contravention of a practice
note is not a criminal offence, unless a procedure stated in the practice note is also required by an Act
or regulation. An example is the Practice Note on Lodgment of Documents relating to Offers of
Shares and Debentures.
(7) Circulars
37
http://www.mas.gov.sg/regulations%20and%20financial%20stability/regulatory%20and%20supervisory%20fra
mework/classification%20of%20instruments%20issued%20by%20mas.aspx
18
Circulars are documents which are sent to specified persons for their information or are published on
the MAS website for public information. Circulars have no legal effect. An example is the MAS
Circular to Banks on Outsourcing of Cash And Cheque-Related Transactional Services to Another
Bank.
(8) Policy Statements
Policy statements outline broadly the major policies of MAS.
* An exception relates to a certain class of instruments, Directives to Merchant Banks, which are essentially
"Notices" for the purposes of this classification but, for historical reasons, are known as directives.
**For the Singapore Code on Take-overs and Mergers, please refer to Part VIII and section 321 of the
Securities and Futures Act for its effect. For the Code on Collective Investment Schemes, please refer to Part
XIII, Division 2 and section 321 of the Securities and Futures Act for its effect. For the Code of Conduct for
Credit Rating Agencies, please refer to section 321 of the Securities and Futures Act for its effect.
V. LICENSING REQUIREMENTS
29. Many banking laws tend to conflate the procedure and criteria for licensing
banks; these are two related but legally very different concepts. The licensing procedure
sets out the procedural rules that applicants—and indeed the supervisory authority—are
required to follow in requesting a banking license from the competent licensing authority. As
discussed below, this includes the informational requirements necessary to commence the
licensing procedure. The licensing criteria, in contrast, provide the substantive preconditions
that must be met by an applicant for the licensing authority to grant it the license. Banking
laws often include provisions dealing with both aspects in a confusing manner, whereby it is
not clear which aspects are procedural and which aspects are substantive. It should be noted
that this problem can be general, or specifically related to a particular sub-issue (e.g.
significant shareholders).
38
A. Licensing Criteria
30. To remedy this weakness, the primary law should first clearly set out the
licensing criteria for banks. The details of these criteria can certainly be further elaborated
in subsidiary regulation.
39
However, the core criteria themselves should be clearly set out in
primary legislation.
40
From a drafting perspective, this does not only require that the subject
matter (e.g., governance, accounting mechanisms) be provided, but also the yardstick against
which the subject matter will be judged (e.g., the governance must be appropriate for the
38
A good example of this can be found in the banking law of the DRC: the law only requires applicants for a
license to include a list of prospective shareholders in the license application, but lacks any requirements or
standards regarding significant shareholders in the context of licensing a bank.
39
For instance, Article 16.2 of the Indonesian Banking Law grants Bank Indonesia the power to specify the
licensing criteria.
40
Article 31 of the Bangladeshi Bank Companies Act is an example of too limited criteria being provided in
statute, thus obliging the licensing authority to rely excessively on secondary guidelines.
19
operations and structure of the bank). Further, it is critical that the respective requirements
are well defined. In doing so, a balance should be struck between legal certainty for the
industry to know what licensing requirements are required to be satisfied and the discretion
of the regulator to refuse licensing. In that regard, it is often very useful to provide an
overview to the political bodies, industry, and the public at large, by way of circulars or
similar non-binding instruments, of the licensing authority’s administrative practices in
granting and refusing licenses as well as its understanding of the relevant legal framework.
31. International good practice has now converged upon a comprehensive set of
minimum statutory licensing criteria. The following are the typical criteria that are
expected to figure in well written banking laws:
the minimum paid-up capital of the bank should meet the amount established by law or
regulation; (as opposed to the Capital Adequacy Ratio, which is an altogether different
concept, relying on the ongoing level of risk exposure in relation to qualifying own
funds);
the ownership structure of the bank should be sufficiently transparent and allow for
effective supervision of the bank;
41
fit and proper requirements for directors and senior management of the bank;
suitability requirements for significant shareholders of the bank;
a financial structure, managerial structure, and business plan that are appropriate for the
programme of the bank’s projected activities;
42
adequate arrangements for accounting, internal controls, risk management, and internal
and external audit; and
41
Some banking laws go beyond this criterion, and prohibit for instance, certain types of entities to be
shareholders of banks (e.g. industrial or commercial enterprises), or require banks to have a significant
shareholder of a certain type (e.g. a bank holding company). This raises other specific policy issues, namely
who can own and control a bank.
42
The concept of financial structure is different from the one of minimum paid up capital mentioned under (i).
The latter merely seeks to require from all banks a capital beyond a fixed quantitative limit. The former goes
beyond this minimum threshold, and requires that any bank has a starting capital that is adequate in light of its
projected activities. Thus, except for the smaller banks, it is to be expected that the former amount will in most
cases be higher than the latter amount.
20
for branches and subsidiaries of foreign banks, the consent of the foreign bank’s home
supervisor as well as an adequate supervisory arrangement between home and host
supervisor.
43
32. The legal operation of the licensing criteria should also be clear. On the one hand,
it must be beyond doubt that the license can only be granted if the licensing authority is
satisfied that all licensing criteria are (cumulatively) met. On the other hand, the law should
also be clear as to whether the licensing authority can refuse the license even though all
criteria are met. In that regard, there may be good “systemic” reasons to refuse the license,
for instance when the banking system is overbanked, or when there is general state of
systemic distress. In some legal systems, it is necessary to include such systemic licensing
criteria in the law itself, lest applicants enjoy a legal right on a license when all the bank-
specific criteria are met. In other legal systems, such systemic criteria are not necessary,
because the licensing authority can refuse (as per general administrative law principles or on
public interest grounds) to grant a license even though all criteria are met.
B. Licensing Procedure
33. Furthermore, banking laws should lay the legal basis for the licensing
procedures, although the details can very well be established in secondary regulation.
At a minimum, the primary law should grant the licensing authority the power to establish a
comprehensive licensing procedure by means of secondary regulation.
44
This approach is,
however, not the very best practice we have distilled from our advisory practices. Rather, we
believe that the primary banking law itself should include the core provisions of the licensing
procedure. The main argument for this is similar to the one regarding the criteria: because
the licensing procedure, and in particular the refusal to grant a license, may affect third party
interests, it is advisable to enshrine the key mechanisms of the procedure in primary law,
including the possibility to legally challenge the said refusal. An additional but related
argument is indeed that courts may be requested to review the legality of decisions taken
pursuant to the licensing procedure. Firm foundations established in statute rather than in the
licensing authority’s own rules tend to strengthen the position of the licensing authority in
this type of review, in the sense that the review focuses on the legality of the individual
decision rather than of the entire procedure—an illegal procedure would ipso facto affect the
legality of the individual decision.
34. Here too it is possible to distill good legal practice. Without purporting to be
exhaustive, the following elements call for the attention of drafters of banking laws:
43
See EC 10 of BCP 5.
44
See for instance Article 6 of the Turkish banking law.
21
The law should unambiguously state that the licensing criteria operate as such, i.e. they
must all be fully deemed met by the licensing authority for the license to be granted.
45
When not all criteria are fully deemed to be met, the licensing authority must have the
power—if not the duty—to reject the license application. (see also BCP 5)
The law should require the applicant to provide complete and correct information to the
licensing authority. As it is quite impractical to establish all informational requirements
in primary legislation, it is appropriate to stipulate that the licensing authority can specify
those, or impose additional requirements, in secondary regulation.
46
Secondary regulation
may also be useful to prescribe the more practical informational aspects of the licensing
procedure (e.g., forms). Finally, in listing informational requirements in law and
regulations, it is always useful to insert a “catch-all” clause pursuant to which the
licensing authority may require any additional information deemed necessary or useful
for completing the licensing process.
47
The law should set out the legal consequences of any incomplete or untimely provision of
information.
48
For instance, the relevant time period for deciding upon the license should
only commence if and when the licensing authority has determined that it has received all
necessary information to come to a conclusion. Further, the provision of incorrect
information should be a ground for refusing to grant the license,
49
and withdrawing it in
the event the license has already been granted.
The law should lay out the key steps, and the corresponding time-frames, of the licensing
procedure. In some countries, the banking law includes a rule that the licensing authority
will decide upon the license application within (x) months upon receiving a complete
application.
50
Such a rule is sometimes complemented by another rule that the license
application shall be deemed rejected if the licensing authority has not decided within the
required time. In designing such rules, a balance must be struck between the flexibility of
45
As an example of where that is not the case, Section 5.5 of the banking law of the Solomon Islands states a
list of “matters” that must merely “be regarded” by the licensing authority while licensing banks.
46
A good example of a comprehensive regulatory approach is Article 5 of the Sudanese Licensing Regulation.
47
See for instance Article 10 VI of the Mexican banking law.
48
We accept that in jurisdictions with sophisticated administrative law regimes, the latter will include general
principles for dealing with those questions, thus making detailed rules in the banking law superfluous. In all
other jurisdictions, which include many emerging and most developing countries, lawmakers shall find it useful
to elaborate on these issues in the banking law itself.
49
See EC 2 of BCP 5.
50
Some banking laws may not provide for such a time frame, so as not to tie the hands of the authorities.
However, including a time frame would provide for certainty to applicants and discourage authorities from
taking too long to process a license application.
22
the supervisory authority in making complex judgments and the fundamental right of
applicants to seek judicial review of administrative decisions. In doing so, due regard
must be given the application of general administrative law principles, which may
provide guidance as to when an administrative decision is deemed to be made and when
it becomes subject to judicial review. In case there would be no such principles, or if the
general principles would be unclear or problematic, it may be useful to enshrine some
specific principles in the banking law to enhance the overall legal quality of the process.
VI. ONGOING REQUIREMENTS VERSUS LICENSING CRITERIA
35. Many banking laws are unclear as to the extent to which, beyond the licensing
stage, the initial licensing criteria continue to apply on an ongoing basis to maintain the
license. As discussed in the previous section, banking laws should provide the requirements
(“criteria”) for obtaining a banking license. All of these requirements should not only apply
at the licensing stage, but should continue to apply even after the banking license has been
granted. BCP 5, EC 3 provides that the criteria for issuing licenses should be “consistent
with” those applied in ongoing supervision. The manner in which this is legally achieved in
banking laws, however, often leaves something to be desired.
36. The banking law needs to explicitly provide that all licensing criteria continue to
apply to licensed banks as ongoing requirements. Naturally, the legal nature of ongoing
requirements differs considerably from that of licensing criteria and the banking law should
bring out this distinction clearly. This is most obvious in case of breach of ongoing
requirements. In this regard, it is critical that the supervisory authorities have the appropriate
power to take remedial action if any of the criteria is no longer satisfied. To enable the
supervisor to monitor changes, the legal framework could impose an obligation on the bank
to immediately report to the supervisor any changes in information or circumstances after the
grant of the license, to enable the supervisor to make the necessary assessment. A failure to
provide timely notification should in such case attract the appropriate corrective measures
and/or sanctions.
37. Three examples of typical criteria which need to be complied with as long as a
firm holds a banking license are –
Suitability requirements for significant shareholders. At the licensing stage, the
licensing authority determines suitability of the bank’s major shareholders, sources of
initial capital and ability of shareholders to provide additional support. These
requirements should continue to apply once the license is granted as there is a need to
ensure continued suitability and financial soundness of the significant shareholders. As
will be discussed in detail in Section VIII below, in relation to changes in significant
shareholdings in the bank, the authorities should have powers to approve or reject
changes to ensure that the ownership structures do not hinder effective supervision.
23
Fit and proper requirements for directors and senior management. The requirement
for directors and senior management to be fit and proper should continue to apply as well.
Therefore, the banking law should require that the subsequent appointment of bank
directors and senior managers be subject to the supervisor’s express prior approval. BCP
14 provides that laws, regulations or the supervisor should require banks to notify the
supervisor as soon as they become aware of any information that may negatively affect
the fitness and propriety of a bank’s Board member or member of senior management.
Should a director or senior management no longer satisfy the fit and proper requirements,
the supervisor should be empowered to require the relevant person to be removed from
his position, whether directly or via the bank.
Internal controls, accounting, risk management, audit requirements. At the licensing
stage, the authority reviews the proposed strategic and operating plans of the bank. This
would entail a determination that there is an appropriate system of corporate governance,
risk management and internal controls that is commensurate with the scope and degree of
sophistication of the proposed activities of the bank.
51
These requirements would continue
to apply beyond the grant of the license and the supervisor would be monitoring the
implementation of these policies.
VII. CORPORATE GOVERNANCE
38. The recent financial crisis has brought corporate governance issues to the fore.
Most banking failures are caused by weaknesses in bank governance. For advanced
economies, this problem consists predominantly of management being insufficiently
accountable to the shareholders and stakeholders of banks. The recent crisis showed up
additional problems with insufficient board oversight of senior management, inadequate risk
management and unduly complex or opaque bank organizational structures and activities. A
good corporate governance framework facilitates efficient decision making, promotes
accountability, transparency and legitimacy. Sound corporate governance practices also
enhance public confidence in individual banks and the banking system
52
.
39. The emphasis on good corporate governance and risk management has resulted
in a new CP on corporate governance in the 2012 version of the BCP. BCP 14, in relation
to corporate governance, requires that banks and banking groups have robust corporate
governance policies and processes covering strategic direction, group and organizational
structure, control environment, responsibilities of the banks’ Boards and senior management
and compensation. These policies and processes should be commensurate with the risk
51
BCP 5, EC 8
52
See also Basel Committee’s Principles for Enhancing Corporate Governance, October 2010
24
profile and systemic importance of the bank. BCP 15 deals with the bank’s risk management
process.
40. There are several aspects of bank corporate governance that should be
addressed in the legal framework. Banks are typically structured as companies, and
companies law requirements would apply to the extent that they do not conflict with express
provisions in the banking law, devised as a lex specialis departing from the general company
law.
53
Provisions on the board of directors, board meetings, audit requirements and the like
would typically be found in the Companies Law. To the extent that there is a need for
specific requirements for banks (e.g., a minimum or maximum number of directors, specific
committees, more detailed requirements for selection of external auditors and external
audits), these should be expressly provided for or varied in the banking law.
54
The legal
framework, whether in the Banking Law or the Companies Law, would need to address the
following:
a. Board of Directors. The law should set out the Board composition and the minimum
number of independent directors
55
. There should also be a clear process for nominating
and appointing directors, clarity on the duration of office, qualification and
disqualification criteria and a requirement for supervisory approval. There should also be
provisions dealing with conflicts of interests and confidentiality obligations which should
survive beyond the term of directorship. Supervisors should have the legal power to
require changes in the composition of the bank’s Board if it believes that any individual
is not fulfilling his duties in relation to the criteria set out in BCP 14
56
.
b. Fit and proper criteria for board directors and senior management. Bank board
members and senior management need to be suitably qualified for their duties and satisfy
fit and proper criteria. Typical criteria would relate to -
i. honesty, integrity and reputation (not refused right to carry on trade, business,
profession, not censured, disciplined or suspended by a professional body, no
criminal proceedings or convictions),
53
As nicely illustrated by Article 6 of the Mexican banking law.
54
See, for instance, Article 21 of the Mexican banking law, which states that the “management of (banks) is
entrusted to the board of directors and a director-general.” The provision also requires the board of directors to
establish an audit committee. Article 23 of the Turkish banking law requires that “the board of directors of any
bank have at least five members including the general manager.”
55
In some countries, a two-tier structure exists where the supervisory function of the board is performed by a
separate entity known as a supervisory board, which has no executive functions. It is outside the scope of this
paper to discuss different board structures and the principles discussed in this paper are intended to be of
general application to different structures.
56
BCP 14, EC 9
25
ii. competence and capability (past performance or expertise, no conflicts of interest,
educational qualifications); and
iii. financial soundness (able to fulfill financial obligations, not a bankrupt, no
outstanding judgment debts).
Typically, a banking law would provide for a general requirement that Board directors
and senior management be fit and proper persons. The details on what constitutes “fit and
proper” could be expanded upon in subsidiary legislation or guidelines. The term “senior
management” is subjective and may be understood differently depending on a bank’s size
and organizational structure. Reiterating the very first point made in this paper, it is thus
essential to define with precision the universe of “senior management” that would be
subject to this test, so as to provide clarity and prevent legal challenges.
c. Audit, risk management and internal control. The law should require an external audit
and internal audit function, with Board oversight over it. Banking supervisors should be
satisfied that banks have in place a comprehensive risk management process to identify,
measure, monitor and control all material risks. The Board and senior management
should know and understand the bank’s and banking group’s operational structure and
risks. The Board approves and oversees implementation of the bank’s strategic direction,
risk appetite and strategy, establishes conflicts of interest policies etc. The Board should
also have audit and risk committees whose duties and membership are segregated from
the executive functions of the bank.
57
VIII. POWER TO CONTROL OWNERSHIP CHANGES
41. The misuse of banking resources by dominant shareholders is a second notable
example of corporate governance failures that are an important cause of bank failures.
Sometimes this problem is caused by an individual shareholder exercising excessive
influence. In other cases banks are owned by conglomerates and the bank’s funds are used to
fund commercial and industrial activities of affiliate firms beyond what would be conducive
to the long term stability of the bank.
42. Many banking laws lack the legal tools to prevent such oft-occurring misuse. All
too many banking laws lack robust mechanisms to vet new significant shareholders acquiring
their stake after the licensing procedure has been completed, as well as tools to remove
inappropriate shareholders once they have illegally acquired their influential position, or
legally acquired it and start misusing it. In some instances, this problem has been considered
by the IMF to be so fundamental to supporting the medium term financial, and consequent
balance-of-payment stability of its members, that the Fund has required strengthening the
rules regarding significant ownership of banks as part of its structural conditionality under
57
BCP 14, EC 3
26
Fund-supported programs. This was for instance the case of the recent arrangements of the
DRC and Bangladesh under the Fund’s Extended Credit Facility, which both required these
countries to significantly strengthen their regulatory frameworks for significant
shareholders.
58
43. In what follows, we will give an overview of the central elements that any legal
framework for significant shareholdings in banks should include.
59
While some of the
details of the broader regime (e.g., in respect of the details of the approval standards, the
procedural aspects of the approval process, and some elements of the enforcement regime)
can be established in secondary regulation, we believe that the central features of this regime
should be established in primary legislation. This would provide legal certainty, reinforce the
importance of those rules, and enhance the effectiveness of supervision and enforcement.
44. The supervisory authority should first and foremost have the power to control
changes in significant ownership in banks. The legal mechanism underpinning this power
consists of several interconnected components. The first component is one of principle: the
law should stipulate with utmost clarity that a person or entity may and can only acquire or
divest a significant shareholding in a bank with the explicit and prior approval of the
supervisor. This entails that any shareholder, or prospective shareholder, should request the
approval by the supervisor of its intent to acquire or divest a shareholding respectively above
or below the applicable thresholds, prior to actually acquiring or divesting the said
shareholding.
45. Secondly, the banking law or implementing regulations should lay down the
thresholds beyond which supervisory approval is required. Most banking laws start with
shareholdings of 5% or 10%, and require additional approvals for every 5 or 10%.
60
Several
banking laws do not require further approval once a shareholder has acquired with
58
For DRC: http://www.imf.org/external/pubs/ft/scr/2011/cr11190.pdf For Bangladesh:
http://www.imf.org/external/np/loi/2012/bgd/032712.pdf
59
Again, the conceptual guidance offered by BCP is not as clear as it could be. BCP 6 states that “the
supervisor has the power to review, reject and impose prudential conditions on any proposals to transfer
significant ownership or controlling interests held directly or indirectly in existing banks to other parties.” The
wording of EC 2 suggest that countries have a choice between requiring supervisory approval and providing
immediate notification of proposed changes that would result in a change in ownership. (DRC and Indonesia
(Article 27 of banking law) are examples of countries where current law only foresees a notification
requirement.) EC 3, in contrast, requires that the supervisor has the power to reject any proposal for a change in
significant ownership, which suggests notification will not suffice. At any rate, we are of the opinion that
supervisors should indeed have the power of prior approval, and that notification requirements serve to enforce
such mechanisms, rather than being an alternative to it.
60
In Kuwait, any increase of an equity stake in a bank beyond the 5% is subject to supervisory approval: see
Article 57.2 of the banking law.
27
supervisory approval 50% + 1 of the shares or voting rights, which is deemed to be full
control over the bank.
61
To make the mechanism effective, the banking law or regulations
will need to establish explicitly that the shareholding must be considered either directly or
indirectly, i.e. held through various connected legal entities or natural persons.
46. A third important component of this power is the relevant standard for
approval. The supervisory authority should have the power to block the acquisition or
divestment when that would endanger, or risk to endanger, the prudent and sound
management of the bank. BCP 6 EC 3 requires that the criteria for approval should be
“comparable to those used for licensing banks.” These criteria determine the “suitability” of
the prospective significant shareholder with respect to the management of the bank, and
essentially relate to the following four elements:
the significant shareholder must display the trustworthiness and experience—both in
managing important participations and in managing banks—that render it appropriate
for it to participate in the control of a bank;
the significant shareholder must be financially sound, in a manner that both avoids
that its own financial weakness negatively impacts the bank and allows it to
financially support the bank in case the latter’s financial solidity is weakened by
circumstances;
the structure and the behavior of the significant shareholder may not hinder effective
supervision of the bank in question; and
the significant shareholder should not raise issues from the perspective of anti-money
laundering.
47. Fourthly, the banking law should establish effective corrective mechanisms in
case the relevant prescriptions were breached, or a previously approved significant
shareholder starts misbehaving. Ideally, these corrective mechanisms address both short
term/protective and longer term/definitive needs. An example of the former is the power to
suspend the voting rights associated with the shareholding (see also the BCP 6 EC 3). An
example of the latter consists of the power of the supervisor to attach the shareholding—or at
least limit its transferability—and to require divestment of part or whole of the participation.
Such strong powers will be necessary to satisfy the BCP 6 EC 5 requirement that “the
supervisor has the power to take appropriate action to modify, reverse or otherwise address a
change of control that has taken place without the necessary notification to or approval from
the supervisor.”
48. An important question relates to how the supervisor should be informed of
changes in the significant shareholders of banks. Naturally, supervisors can keep a close
61
See for instance Section 87(3)(b) of the Malaysian Financial Services Act 2013.
28
eye on shareholding structures of banks by regularly inspecting the share registers of banks
and the voting patterns during the general assembly of shareholders. Further, it should be
clear that the legal obligation to request prior approval for the acquisition or divestment of
significant shareholdings rests with the (prospective) shareholder. This being said, the
question arises whether the bank itself ought to have an obligation to inform the supervisory
authority when it becomes aware of important changes in its shareholders’ structure or events
which could affect the suitability of shareholders. Banking laws that impose such an
obligation upon banks are rare, but this approach could become more prevalent in the
future.
62
IX. MARKET ACCESS BY FOREIGN BANKS: BRANCHES VS. SUBSIDIARIES VS.
REPRESENTATIVE OFFICES
49. The legal distinction between branches, subsidiaries and representative offices of
foreign banks is not always well appreciated. The establishment of foreign banks in a host
country can take very different legal forms, with important legal and regulatory
consequences.
Branches are legally dependent extensions of a bank and they do not have any legal
personality separate from the parent entity. This implies that claims on, and assets of,
the branch are claims on, and assets of, the parent entity.
63
A branch would have a
local management team but is directly monitored by the head office.
A subsidiary is incorporated in the local “host” jurisdiction and is a legally separate
entity from the parent bank in the “home” jurisdiction. It would have separate capital,
a separate Board of Directors and would be monitored by the parent indirectly, as part
of the banking group.
A representative office is an entity that does not carry out any regulated activity but
serves as a liaison office only.
50. First, the legal framework should be clear as to the type of “foreign” corporate
entity that can obtain a license and carry out banking activity. This determination will
have a significant impact on the modalities under which a foreign bank can exercise banking
activity in a host country. In particular, the banking law will need to establish whether
branches of foreign banks are allowed to carry out banking business or whether the
jurisdiction requires a subsidiary to be formed. It may seem obvious, but it is worthwhile
stressing that to be allowed to open a branch in a host country, the parent entity should be
62
This duty to inform the supervisor should be distinguished from the one to notify the supervisor as soon as the
bank becomes aware of any material information which may negatively affect the suitability of a major
shareholder or a party that has a controlling interest: see BCP 6 EC 6.
63
We must however recognize that this principle is modified when, in case of insolvency, the host jurisdiction
of the branch “ring-fences” local assets to satisfy local claims.
29
licensed as a bank in its home country. This issue is less straightforward for subsidiaries. The
banking law will need to determine under which conditions a foreign entity can apply for a
banking license for a subsidiary in the host country. If both branches and subsidiaries are
allowed, the banking law should explicitly provide for this, and corresponding definitions be
included in the law. In any event, the banking law should also make clear that representative
offices are not authorized to carry out any banking activities and should limit their activities
to that of a promotional/ liaison nature.
51. Next, the banking law should clearly stipulate which prudential requirements
apply to which type of establishment of foreign banks. If a jurisdiction allows for both
branches and subsidiaries, the next issue is to determine what types of activities these
respective entities can carry out and what are the applicable regulatory requirements for each
form of entity, e.g. minimum asset maintenance requirements, cash balances and liquid assets
for branches and intra-group exposures for subsidiaries. Many banking laws fail to set out
with sufficient precision which rules apply, or do not apply, to subsidiaries and branches of
foreign banks. For subsidiaries, this is not that problematic as they are typically considered as
local banks. For branches, however, the lack of adequate legal clarity can cause severe
problems. Table I below sets out possible licensing and regulatory distinctions between
subsidiaries and branches.
64
As can be seen from the table, the requirements do not differ
substantially and should generally be applicable whether an entity is a branch or a subsidiary.
However, in the case of a branch, reliance on the home supervisor for certain aspects of
regulation become crucial and the host authorities need to be satisfied with the level of
supervision carried out by the home authority. Further, asset maintenance requirements are
generally imposed on branches rather than subsidiaries.
52. A related issue is what is, or should be, the extent of supervisory powers over
branches and subsidiaries of foreign banks in the “host” jurisdiction. The recent
financial crisis showed that the soundness of bank branches may be critical for the host
country for both financial stability and political reasons. Whilst recognizing the need for
interaction and coordination with home country authorities, it is important for the host
country to have strong tools to regulate (and resolve) bank branches. From the perspective of
regulatory oversight, the difference between branches and subsidiaries should be minimal.
BCP 13 also requires that supervisors require the local operations of foreign banks to be
subject to prudential, inspection and regulatory reporting requirements similar to those
required of domestic banks.
53. Lastly, although outside the scope of this paper, the distinction between
branches and subsidiaries is also relevant when it comes to resolution.
Table I. Licensing Requirements for Subsidiaries and Branches
64
Country practices differ in this regard but the table sets out what is commonly seen in many jurisdictions.
30
REQUIREMENTS
SUBSIDIARY
BRANCH
LICENSING
Minimum Capital
Same amount as for local
banks
Capital Dotation
Corporate Form
Same form as for local
banks
Corporate form of parent
bank
Fit and Proper
Board and Management
Management
Board (depend on home
supervision)
Significant Shareholders
Applicable
Indirectly applicable
(depend on home
supervision)
Risk, Control and Audit
Yes
Yes
Consent of Home Supervisor
Yes
Yes
Consolidated Supervision of
Home Supervisor
Yes
Yes
ONGOING REGULATORY
Capital Adequacy
Large Exposures
Related Party Lending
Yes
Yes with consideration of
parent capital
Liquidity Ratios
Central Bank Minimum
Reserves
Yes
Yes
Local Asset Maintenance
Requirements
No
Yes
Macro-prudential
Yes
Yes
31
X. CONSOLIDATED SUPERVISION
54. From a policy perspective, international best practice (BCP 12) requires
international banks to not only be supervised on an individual (“solo”) basis, but, to the
extent they belong to a “group,” they should also be supervised “on a consolidated
basis.” This entails that the supervisory authority “adequately monitors and, as appropriate,
applies prudential standards to all aspects of the business conducted by the banking group
worldwide.” To be more precise, consolidated supervision consists of applying certain
prudential standards not only to the bank itself, but also to a collective body of entities
belonging to the same corporate “group” as the bank, forming an economic entity under
unified decision. This necessitates that that collective body reports the relevant financial and
supervisory information qua group, i.e. in a consolidated fashion.
55. At first sight, the principle of consolidated supervision appears conceptually
relatively easy to grasp, but its implementation in law raises many complex legal
questions. Many banking laws struggle with establishing clear and robust legal
underpinnings for consolidated supervision. Part of this is caused by the fact that the policy
prescriptions are not always that clear. Another contributing factor is that the design of the
legal underpinnings for consolidated supervision requires a delicate interaction between
banking law, company law and accounting law. It is hence incumbent upon the legal
draftsman to disentangle the relevant legal concepts and to provide the appropriate legal basis
for applying the relevant supervisory tools on a consolidated basis. In that light, the main
legal components for a sound framework for consolidated supervision are discussed below.
Recognizing however the complexity of this issue, we focus only on the major legal
concepts, and acknowledge that this could benefit from a more detailed approach, which
would surely require a separate paper.
56. First, the banking law must determine with precision which aspects of the
banking supervisory toolkit will be applied on a consolidated basis. Conceptually,
consolidated supervision was originally designed to be applied to the quantitative aspects of
bank supervision, and in particular for limits on, or minimum requirements for, capital
adequacy, liquidity, large exposures, and bank-related party lending. In such cases, the
mathematical ratios are applied with numerators and denominators that represent the
consolidated accounts and supervisory reporting of the entire banking group. There is
however a noticeable tendency to apply the broader concept of consolidated supervision also
to the qualitative aspects of banking supervision, such as governance and fit and proper
requirements.
65
Whatever approach is taken, the banking law should be precise in providing
65
This tendency is reflected in the BCP. For instance, Additional Criterion 1 of BCP 12 requires under the
heading of consolidated supervision that banking laws apply fit and proper requirements to managers of parent
companies of banks. Another example is how it mentions group structure as a subject matter of consolidated
supervision. As a legal-technical matter, it is perfectly possible to maintain such requirements without
consolidated supervision, e.g. the latter point through the licensing and continuous requirement that group
32
for which of those quantitative and qualitative aspects consolidated supervision applies, or at
least allow the regulator to adequately define those aspects in secondary regulation.
66
A
statement of the general principle of consolidated supervision is not enough.
57. In addition, the banking law must stipulate mechanisms to determine which
entities (different from the bank) will be included in this process (implying that such
entities will be part of the consolidation scope of the group for supervisory purposes). The
determination of which entities will be included will evidently depend on the types of
prudential standards that are applied on a consolidated basis. For instance, applying capital
adequacy ratios based on risk exposures resulting from banking activities to a group
including non-financial entities will lead to an irrelevant, or at least biased, picture of the
group’s situation under a banking supervision perspective. For such non-financial entities,
other prudential tools than consolidation might be appropriate (for example deduction from
qualified capital at group level of participating interest in non-financial entities). In any
event, the law must establish the principles for determining which non-bank entities will be
included into the supervision of the bank on a consolidated basis and, conversely, which
entities will be excluded. The details of these principles can be enshrined in legislation or in
secondary regulation, but the core concept that supervisory tools apply to non-bank entities
connected to a bank should be established in primary legislation.
58. Banking laws can basically follow two approaches to achieve this outcome.
Some jurisdictions follow an approach whereby the banking law establishes the circle
of consolidated supervision by referring to accounting law: in principle, the entities
included in consolidated financial reporting pertaining to a bank are also included in
consolidated supervision. This has the advantage of simplicity. The disadvantage is
that the needs of supervisory consolidation may be different from those of accounting
consolidation. For this reason, when a banking law refers to accounting law, it should
do so as a starting point, and foresee the possibility to depart from the accounting law
for supervisory purposes.
67
In other jurisdictions, the banking law or implementing regulations will establish a sui
generis concept—quite disconnected from accounting law—of “banking group” or
structures of bank should be conducive to sound management and effective supervision. This being said, the
supervisory aspect is increasingly considered as part of broader consolidated supervision.
66
See for instance Section 115(3) of the Malaysian Financial Services Act 2013.
67
An example of this approach can be found in the EU, where the principle of consolidated supervision
enshrined in the legal framework for banking supervision (directive 2013/36/EU and regulation 575/2013/EU)
cross-refers to the accounting consolidation concepts established in directive 83/349/EEC on consolidated
accounts. EU regulation however foresees conditions under which entities that are consolidated under
accounting law can be excluded from the scope of prudential consolidation.
33
“financial conglomerate,”
68
the entities of which will be included in the consolidated
supervision of the bank that is part of the group. The advantage of such approach is
that the circle of covered entities is more likely to be finely attuned to the needs of
supervision. The downside however is that financial reporting is complicated by
distinct consolidation rules for the same corporate group (see below).
59. Whatever the approach taken, the legal framework will need to address three
distinct legal variables:
First, to be subject to consolidated banking supervision, the group of connected
entities must naturally include at least one bank.
69
Secondly, the law will need to determine which type of link or connection the other
legal entities need to have with the bank in order to be included in the latter’s
consolidated supervision. It is in this regard that the question of reliance on
accounting law is particularly relevant. Accounting law will require consolidated
financial reporting of all entities that are connected by way of a concept of “control”
exercised by a single ultimate parent company “at the top of the pyramid.” To that
end, accounting laws typically include detailed criteria for establishing control
(necessary to have access to the assets of the entity).
70
Will the banking law rely on
these concepts, or will it establish its own criteria?
Thirdly, the question arises whether this link is sufficient in and of itself, or whether
other requirements are relevant. Should the entities be of a financial nature? Should
they be regulated?
60. These distinctions are also relevant to financial reporting, without which
consolidated supervision cannot be effective. The banking law must provide for the
principle of consolidated supervisory reporting by combining the information of all entities
68
See R. Mc Donald, Supervision consolidada de bancos, Ensayo Nr. 67, Centro de Estudios Monetarios
Latinoamericanos, p. 4. A good example is Peru where, for the purpose of consolidated supervision over
financial conglomerates, a regulation issued by the supervisory authority pursuant to the banking law
establishes the concepts of conglomerate and control: see Articles 8-10 of the Resolucion No. 445-2000 of the
Superintendente de Banca y Seguros.
69
This does not imply that the bank must be the controlling entity of the group. Nor does it, secondly, in and of
itself imply that the controlling entity of a bank (sometimes labeled a “bank holding company or financial
holding company”) must be regulated and supervised on a solo basis. Several jurisdictions impose prudential
standards on bank holding companies or financial holding companies, but this is achieved through other legal
mechanisms than consolidated supervision.
70
These triggers include shareholdings of a certain percentage—to hold 50%+1 of the equity in a company
certainly amounts to control—but control can also be deduced from the ability to appoint the majority in the
board of directors with a lower percentage of shareholding. In fact, the law or secondary regulation could even
cater for control exercised by contractual, as opposed to corporate, techniques. Sometimes, accounting law will
ensure that the control is assessed on grounds of dominant direct and indirect influence.
34
included in the circle of consolidated supervision.
71
As will be discussed below, the
“periodic” information provision requirements of banking laws should require the transfer of
information from supervised banks to the supervisor at two levels: first, the general
accounting reporting through financial statements, and second, the specific supervisory
reporting. What is essential is that for banks that are part of banking groups, both sets of
information should be reported on a consolidated basis. In other words, it does not suffice to
merely report general accounting information as per the consolidation rules established in
generally applicable accounting law; the supervisory information must be reported on both
solo and consolidated bases too.
XI. SHARING OF INFORMATION AND INTER-AGENCY COOPERATION
61. A legal framework to support domestic and cross-border cooperation and
information sharing should be in place. This would include the ability to cooperate with
domestic authorities (deposit insurance schemes, securities, insurance regulators etc.) and
foreign (home-host) authorities. The ability to share and exchange information is crucial for
effective supervision of cross-border banks and domestically for macro-prudential oversight.
BCP 3 provides that laws, regulations or other arrangements should provide a framework for
cooperation and collaboration with relevant domestic authorities and foreign supervisors and
that these arrangements reflect the need to protect confidential information.
72
The legal
framework should thus be clear that the banking regulator can cooperate and share
information with other domestic authorities, as well as international counterparts.
62. The legal framework should not only support such cooperation, there should be
no provisions which hinder or restrict cooperation and information sharing. In some
legal frameworks, although information can prima facie be shared with other domestic and
foreign authorities, a closer examination reveals that information sharing is subject to certain
pre-conditions or limiting criteria. For example, some statutes may limit the circumstances in
71
See R. Mc Donald, o.c., p. 10.
72
The scope of information sharing in the BCP could be widened. While the scope of BCP 3 in relation to
domestic information sharing extends to all domestic authorities with responsibility for the safety and soundness
of banks, other financial institutions and the stability of the financial system, the scope of sharing with foreign
authorities relates only to “relevant foreign supervisors of banks and banking groups” (EC 2). Further, EC 4
states that the supervisor receiving confidential information from other supervisors shall use the information
only for bank-specific or system-wide supervisory purposes only. This begs the question as to whether
information sharing can be extended to other non-bank supervisors or other agencies such as resolution
authorities in the financial safety net, particularly for resolution (as opposed to supervisory) purposes.
Increasingly, jurisdictions broaden their legal information sharing provisions in that sense, and this is a good
development.
35
which information may be shared to a situation where there is a need to enforce a breach of a
provision.
A. Information Sharing and Cooperation at Different Stages
63. Cooperation is required at all stages; at the initial licensing stage, as part of
ongoing supervision and in resolution. BCP 13 on home-host relationships provide that
home and host supervisors of cross-border banking groups share information and cooperate
for effective supervision of the group and group entities and effective handling of crisis
situations.
Licensing stage. At this stage, contact and information sharing between the home and
potential host supervisor is crucial. The host supervisor would want to obtain supervisory
information from the home supervisor on the banking group, in order to assess the license
application of a branch or subsidiary. The host supervisor would also want to assess
whether the home supervisor is supervising the banking group on a consolidated basis.
Legal frameworks should also require the prior consent of the home supervisor of a
parent bank to be obtained before a bank is granted a license (BCP 15). In this regard, the
home supervisor would also need confidence that supervision in the host country is
adequate and information will flow from host to home supervisor. Lastly, host
supervisors would require that the local operations of foreign banks be conducted up to
the same standards as those required of domestic banks.
Ongoing Supervision. Information-sharing takes place between home and host
supervisory authorities for the purpose of consolidated supervision of cross-border
banking groups, through supervisory colleges and other arrangements. Joint examinations
of branches and subsidiaries of banking groups could be conducted or the home
supervisor could be given on-site access to facilitate the assessment of the group. The
legal framework should be clear as to the modalities of such inspections and access, i.e.
whether the host supervisor needs to be merely informed or if consent of the host
supervisor needs to be obtained. Although BCP 13, EC 8 provides for the home
supervisor to merely inform the host supervisor of intended visits, some countries have
expressly included in their legal framework a requirement for prior approval rather than a
mere notification—this is understandable given that this is intimately related to a
country’s sovereignty. Further, it could also be clarified whether it will be a joint
inspection or if the host supervisor may send a representative and whether the
examination report would be shared in full with the host supervisor. Information should
be shared when there are supervisory concerns and shared on a timely basis.
73
Resolution. BCP 11, EC 7 states that the supervisor should cooperate and collaborate
with relevant authorities in deciding when and how to effect the orderly resolution of a
73
BCP 13, EC 2
36
problem bank situation. The crisis has shown that the range of agencies that information
should be shared with needs to be expanded beyond supervisory authorities to include
central banks (who are not supervisors), Ministries of Finance, deposit insurance and
other resolution agencies. Such information sharing is important for these non-
supervisory agencies to carry out their respective mandate or play a role in the resolution
of banks.
74
The requirement for systemically important institutions to prepare recovery
and resolution plans (RRPs) should also have a statutory footing. While some countries
have provided expressly for this in their legal framework, some others rely on the general
powers in the banking law to obtain information or to issue directives. The latter may
however not be sufficient and open to legal challenges. For effective sharing of
information for the RRP process, it would be preferable for an express statutory footing
for sharing information for such purposes.
B. MoUs and Cooperation Agreements
64. Apart from the statutory legal framework, cooperation arrangements are
frequently captured in MoUs (bilateral and multi-lateral) or exchanges of letters. Where
such agreements exist, their legal effect and their interaction with the statutory framework are
important. Most MoUs are not legally binding agreements and subject to the relevant legal
framework. As such, the scope of cooperation that may be extended under such MoUs will
need to be read in the context of the relevant applicable law.
65. Some frameworks also make it conditional that an MoU is in place before
information can be shared. Where this is so, then there should be some flexibility built-in
to allow information to be shared on a timely basis between authorities that have yet to enter
into a MoU, especially in an emergency situation. MoU negotiations may sometimes be
protracted and should not hinder interim information sharing. As such, the legal framework
may need to make it clear that information sharing is allowed even whilst a MoU is in the
process of being negotiated.
C. Safeguards
66. Disclosure of information should be subject to adequate confidentiality
requirements and safeguards that are appropriate to the nature of the information and
clearly set out in the law. Where disclosure of confidential information may be compelled
under certain statutes e.g., freedom of information legislation or by the courts, authorities
may be less willing to share information. Banks may also be unwilling to provide sensitive
information to banking regulators if they are not adequately assured of the confidentiality
74
See the FSB Key Attributes for Effective Resolution Regimes for Financial Institutions and Key Attribute 12
in particular.
37
safeguards that would apply if information is shared with other domestic and foreign
authorities.
67. Most regimes provide that information may be shared subject to the following
safeguards -
The legal framework should establish a regime for the protection of confidential
information that imposes adequate confidentiality requirements on authorities, their
employees (both current and former) and agents that receive or have received confidential
information, and there should be effective sanctions and penalties (criminal and civil) for
breach of confidentiality requirements.
The requirement that the legal framework of the recipient authority has comparable
confidentiality requirements as that of the authority providing the information. The
level of protection would need to be assessed to be adequate and there are effective
sanctions for breach of the confidentiality. There should be clear criteria and procedures
for determining comparability, given that this is often a difficult exercise and requires a
basic understanding of another jurisdiction’s laws.
The requirement of prior consent for onward sharing. There should be clarity as to
when information received from the banking supervisor may be onward shared with
another authority or person. Authorities generally share information on the understanding
that there will not be any onward disclosure to third parties without seeking the prior
consent of the authority providing the information. Where information is required to be
shared with third parties, the prior consent of the authority should be obtained and third
parties should be subject to similar confidentiality requirements.
The commitment to take best efforts to resist disclosure. A recipient authority may be
compelled by statute or the courts to disclose information in certain cases e.g. third party
subpoenas for disclosure under freedom of information or similar legislation. The legal
regime should provide that when faced with applications to compel disclosure, the
recipient authority should take all reasonable means to resist disclosure of information,
such as relying on public interest grounds or seeking to rely on legal exemptions and
privileges to preserve the confidentiality of the information. It would be helpful in this
regard if the law would provide that the supervisor can only disclose confidential
information to courts or judicial authorities in the context of civil or criminal
proceedings.
68. Legal protection should also be afforded to the banking supervisor, its
employees and agents. Where information is disclosed by the banking supervisor and its
employees or agents, there should be legal protection for the agency as well as current and
past employees and agents against criminal or civil action for breach of confidential
38
requirements. Such legal protection should be explicit in the law and should extend only to
cases where the disclosure was lawful.
XII. BANK-RELATED PARTY AND LARGE EXPOSURE LIMITS
69. Banking laws often struggle with establishing clear, robust and distinct legal
underpinnings for bank-related party and large exposure limits. This is mainly caused
by the fact that both types of prudential limits are similar yet different concepts, and tend to
confuse drafters of banking laws. The key features of these two critical tools of banking
regulation can be summarized as follows:
Bank-related party limits impose restrictions on the amounts that a bank can lend to
borrowers that are “connected” with the bank, such as through their shareholders,
directors and managers. Such limits are quantitative and expressed as a percentage of the
capital of the lending bank. In addition, it is good practice for banking laws to prescribe
qualitatively how transactions with bank-related parties can be entered into by banks.
More specifically, the approval of such transactions should be subject to higher
governance standards than ordinary bank transactions.
Large exposure limits aim at limiting concentration risk in the balance sheet of banks by
imposing quantitative limits on individual large exposures of banks as well as the total of
a bank’s large exposures. Such limits are entirely quantitative and expressed as a
percentage of the capital of the lending bank.
70. On the one hand, both limits make use of similar legal techniques. The three
important legal commonalities of both supervisory tools are that:
The limits are built upon a common set of legal definitions, which include the
concepts of “exposure”—this should not only include credit claims but also other
types of financial risk—and “capital.” These definitions are typically shared with
other components of the banking law (e.g., the definition of capital will also be used
for the establishment of the capital adequacy ratio). This does not mean that all
definitions are shared between both types of limits, or that either concept does not
need its own specific definitions. On the contrary, the regulation of bank-related party
transactions will require a specific definition of such party in the banking law,
75
secondary regulation, or a combination of both.
Both limits require the establishment of a quantitative limit relative to capital. As a
legal matter, those quantitative limits can be established by a relatively simple and
general habilitation in primary legislation combined with more detailed rules in
secondary regulation.
75
See for instance Article 1.4 of the Rwandan banking law of 2008.
39
Both limits should be designed so that connected borrowers are considered to be a
single exposure for the purpose of the limits. To achieve this, some banking laws
have recourse to a definition of single risk in primary law.
76
Other laws simply
establish the principle in the substantive provisions. In any event. The concept of
connectedness between borrowers should be clearly distinguished from relatedness
between a borrower and a stakeholder in the bank.
71. On the other hand, both limits also feature important legal differences. The main
distinction is that, whereas large exposure limits can be designed as relatively straightforward
quantitative prudential limits, bank-related party rules require a set of comprehensive
governance prescriptions that in most cases need to be included in primary legislation. These
prescriptions will require that bank-related party transactions be entered into “at arm’s
length” basis and be approved by the board of directors, without participation in the vote of
the interested director. Other distinctions are that bank-related party transactions are typically
subject to more stringent reporting rules, and that some banking laws require that bank-
related party transactions be deducted from the bank’s capital if certain conditions are not
met.
77
XIII. SUPERVISORY ENFORCEMENT, EARLY INTERVENTION AND RESOLUTION
72. While adequate enforcement is critical to their effectiveness, many banking laws
establish sub-optimal enforcement mechanisms. The three most common legal problems
are (i) conceptual confusion about the types of enforcement measures, (ii) an inadequate link
between enforcement and license revocation, and (iii) legally problematic sanctioning
regimes.
A. Types of Enforcement Measures
73. Where there are concerns over the safety and soundness of banks, timely action
is required.
78
The effectiveness of resolution frameworks—the last phase of dealing with
troubled banks—hinges critically on the quality of the legal regimes for the earlier phases of
supervisory enforcement and early intervention. The legal framework should provide for a
76
See Article 1.14 of the Rwandan banking law of 2008.
77
Article 39.1 of the Rwandan banking law 2008 is a good example.
78
BCP 1, EC 6 provides that where, in the supervisor’s judgment, a bank is not complying with laws or
regulations or is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to
jeopardize the bank or the banking system, the supervisor have the power to take (and/or require a bank to take)
timely corrective action, impose a range of sanctions, revoke the bank’s license; and cooperate and collaborate
with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where
appropriate. BCP 11, which deals with the corrective and sanctioning powers of supervisors, requires the
supervisor to act at an early stage to address unsafe and unsound practices or activities that could pose risks to
banks or to the banking system and the supervisor has at its disposal an adequate range of supervisory tools
(including the ability to revoke the banking license) to bring about timely corrective action.
40
logical progression of increasingly intrusive actions to deal with everything from relatively
minor breaches of the law to insolvency and liquidation. Conceptually, the three phases can
be distinguished as follows:
Supervisory Enforcement—Ordinary enforcement powers allow supervisory authorities
to require a banking institution to address any violation of law or regulation or unsafe and
unsound practice. Use of these powers does not require a finding that the institution is in
danger of failure, but it may be that the bank falls below established regulatory threshold
requirements. Key examples of such powers are the powers to (i) impose fines, (ii)
remove directors and managers who no longer meet the fit and proper requirements, (iii)
remove significant shareholders that are no longer suitable, (iv) issue “cease-and-desist”
orders to bring an end to inappropriate behavior of banks, (v) issue directions to take
remedial action to address the underlying issue; and (vi) suspend certain bank activities
for a specified period of time.
Early Intervention—At the last stage before resolution, the supervisory authorities
should have explicit and strong powers to require the board and management of an ailing
bank to undertake forceful action aimed at strengthening the financial position of bank, or
refrain from action that would further weaken it. Such types of measures—recently
coined “early intervention” measures—include prohibiting certain operations, requiring a
bank to submit a restructuring plan, raising additional capital, prohibiting dividend pay-
outs, prohibiting new activities, and requiring the divestment of certain assets or
businesses. The bank at this stage remains under private control. A failure to implement
the required measures or failure to adequately address the concerns would be a ground for
commencement of resolution proceedings and putting the problem bank into public
control, or closing it.
Resolution – At this stage, the resolution authority should assume control of an unviable
bank, to rehabilitate it where possible, or to liquidate the bank in an orderly manner when
rehabilitation proves impossible. Where the supervisory authority and resolution
authority are two distinct agencies, resolution may be triggered by the supervisory
authority, which will also be competent for withdrawing the license.
74. Many banking laws conflate the various stages for dealing with troubled banks.
Often banking laws will include a single list of measures dealing with non-compliance with
banking regulatory prescriptions. These measures typically range from sanctions—a tool of
supervisory enforcement—all the way to license revocation—a key component of resolution.
From a legal-formal perspective, this is not in and of itself problematic. We must recognize
that the border between in particular supervisory enforcement and early intervention is not
always clear. For instance, does the power to prohibit certain operations belong in the former
or the latter category, or both? Be that as it may, the central legal problem is that, under a
“single list” approach, there is often a lack of clear, robust, proportional and coherent triggers
for applying appropriate measures at each phase of a bank’s non-compliance with regulatory
41
standards and financial distress.
79
A consequence of this is that courts may be skeptical
toward the application of the toughest types of measures, mainly because the legislation does
not bring out the “crescendo” nature of bank distress and the corresponding measures, which
may be found to infringe the proportionality principle. To address this weakness, it is useful
to reflect the stages of supervisory enforcement, early intervention and resolution explicitly
and distinctively in well-tailored legislative provisions.
75. To provide critical legal clarity, it is particularly important to provide clear and
robust quantitative and qualitative triggers for the type of action that can be taken at
each stage. Examples of quantitative triggers are those tied to quantifiable variables, such as
for instance liquidity or capital adequacy ratios. Qualitative triggers entail a degree of
exercise of supervisory judgment, for example in relation to management not being fit and
proper, or a finding of unsafe and unsound practices. The fact that these triggers require
judgment does not preclude that they should be drafted with as much clarity as possible.
76. It is equally important to be clear as to whether the supervisory action is
mandatory or discretionary. Some countries provide for a prompt corrective action or
prompt remedial action framework, where certain regulatory actions mandatorily have to be
taken upon breach of certain triggers. While this provides some degree of legal certainty and
clarity, and reduces the probability of legal challenges as well as supervisory forbearance, it
can also tie the hands of the regulators when the action mandated by the law may not be the
most appropriate response in a particular case. Legal drafters would be well advised to
acknowledge that each situation is different, and thus grant a certain degree of flexibility—
and hence discretion—to the supervisory authority in taking corrective action. Forbearance is
legally better addressed by way of governance and accountability frameworks.
B. Link with License Revocation
77. Akin to licensing requirements, there should be legal clarity as to when a license
may be revoked. The timing and impact of the revocation of a license needs to be clear,
given that the supervisory authority will typically not have any supervisory powers over the
ex-bank (e.g. directional powers) once the license is revoked.
80
Clear yet flexible, and
proportionate grounds for license revocation should be set out in the banking law, and the
interaction of those grounds with the resolution regime should be explicitly provided for.
(We note that there should be grounds for revocation that are not directly connected to the
79
Article 85 of the Kuwaiti banking law is a good example.
80
There are however banking laws pursuant to which an entities whose banking license is withdrawn remains
under prudential supervision until the liquidation is completed. See for instance section 30AAM of the
Monetary Authority of Singapore Act which allows the authority to issue directions to any person who has
ceased to be a regulated entity when necessary to achieve certain objects.
42
financial situation of the bank.) This interaction goes both ways. Where relevant, this
requires careful drafting of the sequencing of administrative and judicial action.
In one direction, the license revocation should ipso facto trigger liquidation; this
automatic consequence should be explicitly spelled out in the banking law.
81
(It is
thus not helpful that administrative or judicial authorities be given any power of
discretionary judgment to open liquidation procedures.) It is sometimes argued that
such automaticity is not necessary, given that the legal entity could continue its
business as a non-bank. This argument is however not convincing. The license
revocation entails ipso facto a prohibition for the ex-bank to maintain deposits, which
should hence be swiftly transferred to a duly licensed institution. This problem is
exacerbated by the fact that the license revocation will almost inevitable occur against
the backdrop of severe financial weakness of the bank, which will equally require a
swift transfer of guaranteed deposits and corresponding assets. At any rate, a
(preferably administrative) liquidation procedure offers the best context for
effectuating such transfer.
In the other direction, a failure to rehabilitate a troubled bank by way of resolution
measures (other than liquidation) should in principle trigger license revocation (and
thus liquidation). Legally this cannot be drafted with the same automaticity as the
previous mechanism, given that this requires discretionary judgment from the
supervisory agency. Nevertheless, the principle itself that failure to rehabilitate a bank
by way of resolution measures is a ground for license revocation should be
established clearly and explicitly in the banking law.
78. Relevant considerations that arise in a license revocation are what are the due
process requirements and avenues for appeals. Does the bank need to be given prior
notice and an opportunity to be heard and make representations as to why the license should
not be revoked? Can the regulator revoke a license on an urgent basis, on public interest
grounds? Is there an avenue for appeal against the license revocation and what remedies are
available? License revocation decisions should be irrevocable on appeal; monetary
compensation should be the only available remedy in the event of a legally wrongful
revocation. To ensure legal certainty, these issues need to be explicitly dealt with in the legal
framework.
82
Country experience has shown that, if a bank’s license is reinstated after a
successful legal challenge, it would be difficult to resume ordinary banking business after a
81
See for instance Article 65 of the Kuwaiti banking law.
82
Some countries may provide for such provisions in the banking law while in others, provisions relating to due
process and opportunity to be heard may be found in administrative law instruments.
43
prolonged period of suspension.
83
Experience has shown that such reinstatement is quite
undesirable.
C. Role of Sanctions
79. In the case of non-compliance with provisions of the law, commensurate
penalties and sanctions should be imposed. These may take the form of criminal penalties
(monetary, custodial), civil penalties or administrative fines. Such measures may be taken
concurrently with any corrective action power. The imposition of sanctions raises several
legal questions that need to be addressed in banking laws or other legislation, such as penal
codes. This paper will focus on three important issues, but many more delicate legal
questions arise. For instance, each type of sanction may be subject to distinct procedural
prescriptions, “due process” requirements, or competent review bodies. Drafters of banking
laws would be well advised to study carefully the full legal ramifications of each type of
enforcement measure enshrined in the draft law
80. For sanctions to be effective, they should be targeted at both the corporate and
individual level (vicarious liability). Corporations have no mind of their own and actions
are taken via their directors and management. Therefore it may also be appropriate that
action can be taken at the individual level, i.e. the directors or senior management who had
knowingly contributed to the breach or willfully neglected to take actions to prevent the
breach. Often, action may be taken against both the corporate entity and the persons behind
the breach. In this regard, BCP 11, EC 5 requires that the supervisor applies sanctions not
only to the bank but, when and if necessary, also to management and/or the board or
individuals therein.
81. In addition, the legal framework should provide for an appropriate penalty for
the relevant breach. Policy considerations will have to determine what is the appropriate
penalty that is commensurate with the severity of the breach (and sufficient for deterrent
effect purposes). Monetary penalties may not necessarily be prohibitive for big banking
organizations. However, where there is a “name and shame” exercise, banks may be more
concerned with the reputational risk associated with the breach rather than the actual
quantum of the fine. Should the penalty take the form of a fixed amount of fine and
imprisonment term or a maximum amount allowing discretion to be exercised? Penalties are
rarely provided as a fixed amount or length of imprisonment in the law. This allows the
regulator or judicial authority to exercise discretion to impose the appropriate penalty
commensurate with the seriousness of the offence. Different factors (such as the track record
of the offender, whether the breach was self-reported, whether remedial actions have been
taken to rectify the breach) would be relevant in considering the appropriate penalty to be
83
In Nigeria for example, the court allowed a bank’s license to be reinstated after 6 years. The bank was
however not able to resume its business from where it left off as the infrastructure and bank records were not
maintained and capital requirements have since increased.
44
imposed. It is more common for laws to provide an upper limit or maximum penalty in terms
of a monetary amount of a fine or a figure and a maximum term of imprisonment. As
corporate entities cannot be subject to imprisonment, some country’s laws also provide a
“doubling-up” of the fine in the case of corporations.
82. A relevant consideration is whether the applicable penalty should be set out in
the primary law or in secondary legislation, such as a regulation. Typically penalties
provided in secondary legislation would be subject to a limit, and would generally be less
than that provided in primary law. It is thus important to ensure that if the intent is to provide
for a penalty in the subsidiary legislation, the intended penalty falls within what is allowed in
the regulation and there is an empowering provision in the primary law that allows the
penalty to be prescribed (to satisfy the legal principle of nullum crimen sine lege). Non-
binding secondary instruments should never have a penalty for a breach.
XIV. CONCLUSION
83. The meta message of this paper is that clear and robust legal underpinnings
buttress the effectiveness of banking supervision. The drafting of a banking law raises
many questions of financial policy, for which robust international best practice has emerged
in the form of the BCP. The drafters of banking laws will however also face complex legal
challenges that also need to be addressed, and for which guidance is not always available.
This paper hopefully makes a useful contribution in this regard.
84. Another message is that while a clear and robust banking law is a sine qua non,
the banking law cannot be considered in isolation from the wider legal context—
banking law is thus not a sufficient legal underpinning for supervision. In the end, banking
supervisory law is applied administrative law, and weaknesses in the general administrative
law framework will inevitably affect the banking law. A similar logic applies mutatis
mutandis to civil and commercial law, including company law. Authorities would therefore
be well advised to acknowledge the broadness of the necessary legal underpinnings,
including by dedicating the required resources to building a strong legal function within their
supervisory agencies.
