Consolidated Supervision of Banks

 In November of 2023 CIMA (CIMA or Authority) published its Regulatory Policy on Consolidated Supervision (Policy) in relation to regulated entities, and in particular, banks that are part of a group encompassing entities regulated elsewhere.  This includes, for example, Cayman Class B banks that are branches or subsidiaries of parent banks regulated elsewhere.

As stated, the Policy aims to ensure that there are no gaps in the regulatory oversight of entities, and, where the Authority acts as home or host supervisor of a regulated entity, the regulated entity “is subject to effective consolidated supervision”.

What is meant by “Consolidated Supervision”

The Policy defines ‘consolidated supervision’ as “a group-wide comprehensive approach to supervision which includes the assessment and evaluation of the strength of an entire group, while taking into account the group’s reputation and financial soundness, as well as the overall risks which may affect the group regardless of whether the risk is identified within the regulated entity, or another entity within the group.  It therefore allows for assessment of the risks posed to a regulated entity by other members of the group to which it belongs.”

It lists some of the relevant risks it will take into account:

  •  Reputational risk
  • Contagion risk
  • Intra-group transaction risk
  • Conflict of interest risk
  • Supervisory arbitrage risk
  • Double or multiple gearing risk

 Scope – who does it apply to

The Policy is applicable to all regulated entities that are part of a group and will be applied in a proportionate manner to the risks posed to a regulated entity by other members of the group.

This captures, for example, a Class B Cayman branch or subsidiary of a regulated foreign bank. Group is defined as “a financial group” or “financial conglomerate”.

Financial Group is defined as a group of entities under “common control” that provide a range of financial services through multiple legal entities, including branches of such legal entities, generally confining their activities to a given sector, including banking, insurance, securities and trusts.

Financial Conglomerate is defined as any group of entities under common control whose exclusive or predominant activities consists of providing significant services in at least two different financial sectors, for example, banking and securities.

Currently, regulated entities such as banks holding a class B banking license already produce prudential returns reflecting consolidated financial statements in accordance with standard rules for accounting consolidation.  The Policy enables CIMA to further delineate what may be included or excluded, and to agree in writing to any such variations.

In instances where the Authority acts as the “host regulator”, it will generally verify whether the regulated entity’s home supervisor conducts consolidated supervision of the entire group in accordance with standards acceptable to it. This is the case for many of the Class B banks that are either branches or subsidiaries of onshore regulated banks.

As a side note, the Policy confirms the CIMA’s strong position to eliminate “shell banks”.  It clearly states that “the Authority will not permit shell banks or the continued operation of shell banks.” Shell banks are defined as banks that have no physical presence in the country where they are incorporated and licensed and are not affiliated to any financial services group that is subject to effective consolidated supervision.

 Expected Approach

 As stated, the Authority intends to take an approach designed to gauge the risk and the need for more intrusive action on its part.  It may well be that nothing changes for a regulated entity, however, that determination will follow an analysis of certain factors. In this regard, the Authority may require regulated entities to submit organisational charts for the group, as well as information from the group-wide supervisor where the Authority does not perform that role.

 Qualitative and Quantitative Assessment

The Policy confirms that CIMA’s approach to consolidated supervision includes both quantitative and qualitative assessments, founded on a risk-based approach to supervision.  The objectives of the assessment include the following:

  •  Understanding risk that emanate from relationships among the members of a group and their impact on the Cayman regulated entity
  • Confirming adequacy of risk management
  • Confirming capital integrity and its effectiveness, location and transferability
  • Monitoring advance indications of stress
  • Identifying mind and management for key group wide decisions
  • Taking account of all of these factors in its supervision role

Quantitative factors include:

  •  Review and management of capital
  • Both at solo and consolidated levels
  • Monitoring of such capital against regulatory benchmarks

Qualitative factors include an analysis of suitability and appropriateness of:

  •  Corporate structures
  • Risk management
  • Board and management oversight
  • Internal controls
  • Degree of complexity of group structure
  • Ultimate beneficial ownership
  • Corporate governance
  • Transparency

Observations and recommendations

Much of the Policy simply repeats and/or clarifies existing CIMA policies, and in essence, does not introduce new factors to its role as a supervisor.  It does, however, make clear that it will engage with regulated entities in a more thorough and robust manner. We would expect the Policy to come up in your next inspections and reviews, and the key is to be prepared to address the points set out in the policy.

Our principal recommendations to regulated entities, particularly to Class B branches or subsidiaries of onshore banks are the following:

  1.  Ensure that senior management at headquarters are aware of the Policy, understand its scope and ambition, and are ready to engage if needed.

  1. Look at the qualitative and quantitative factors defined in the Policy and create your own assessment of risks posed and management tools available to manage such risks.

  1. As with your compliance policies and procedures, this Policy is founded on a risk-based approach which requires the regulated entity to conduct its own risk assessment of the parameters that may impact its operations and reputation. While most banks have stringent quantitative management tools, are the qualitative parameters also subject to stringent reviews?

  1. As with every regulatory initiative, documenting that you have a) reviewed it, and b) taken action to prepare for it, is essential. Much of what the regulator looks for in a typical inspection is evidence of policies being implemented consistently and in accordance with the legal requirements.  As you are aware, it is not enough to show you have policies, you are required to show that you implement and apply your policies.

  1. Be prepared to have these conversations at your next inspection. This should include thoughtful consideration of the factors set out in the Policy and confirmation that head office has been alerted and prepared to engage.

  1. Think about training program for your onshore colleagues and senior management. This could be added to your ongoing compliance training program, for example.

  1. We can help with all of these initiatives. If you’d like an initial assessment, please reach out.