(a) The Role of the Board of Directors

The Board of Directors must approve all the operating policies of a bank (see principle 1 of Basel Committee paper, 'Framework for Internal Control Systems in Banking Organisations' – Section CM-B.2).

Given that credit risk is still the major risk that banks are exposed to in their business, particular scrutiny must be paid to credit policies, in terms of various limits as well as in terms of risk strategy. An essential function of the Board is to review and reassess the credit policies of the bank (including collateral, provisioning policies and concentration policies) on a periodic basis. The Board should also regularly review overdue and large facilities both in terms of performance, and also in relation to the capital (base) of the bank. The Board should insist upon periodic review/evaluation of internal systems and control weaknesses identified by external/internal auditors and management. Principle 1 of the Basel Committee paper 'Principles for the Management of Credit Risk' (see Section CM-B.2) also gives greater detail on the role of the Board in developing a sound credit culture.

(b) The Role of the senior management

Senior Management should be involved in regular reviews of outstanding facilities and overdue accounts as well as reviewing changes in activity, turnover or balances in clients' accounts. The role of senior management is covered in depth in Principle 2 of Basel Committee paper 'Principles for the Management of Credit Risk' – Section CM-B.2 (see also Principle 3 of Basel Committee paper 'Framework for Internal Controls Systems in Banking Organisations' – Section CM-B.2). However, Senior Management should be involved in the credit review process of (larger) existing facilities, visiting clients, requesting up to date financial statements and verifying collateral. Too often, a lack of direct contact by senior management with a problem client has been an identified factor in significant credit losses by banks, whether by way of fraud, or corporate failure.

(c) Role of an Independent Risk Management Function

Perhaps the key point to emphasise in Risk Management is that the function must be independent of the senior management and operational functions which are related to business acquisition. The Risk Management function should report to the Board or to senior management related to control functions. The Risk Management function must not only monitor risk, but also control it (i.e. review limits, excesses etc). It must also ensure that risk monitoring systems accurately measure risk in the first place, and that all risks where they occur are correctly identified (see also Principle 6 of Basel Committee paper, 'Framework for Internal Controls Systems in Banking Organisations' ' – Section CM-B.2).

(d) Effective Internal Systems and Controls

Well implemented sound policies and procedures maintain credit standards, enable monitoring and control of credit risk, and identify problem credits in a timely manner (see Principle 2 of Basel Committee paper 'Principles for the Management of Credit Risk' – Section CM-B.2 for more detail). Sound policy and administrative requirements also apply equally strongly to existing facilities as well as new ones (see Principle 8 of Basel Committee paper 'Principles for the Management of Credit Risk' – Section CM-B.2). Policies and procedures should allow a thorough understanding of the counterparty, the purpose of the credit facility and the source of repayment (Principle 4 of Basel Committee paper 'Principles for the Management of Credit Risk' – Section CM-B.2) to be gained by the Risk Management function in its assessment of the counterparty for risk profiling purposes, (see also Principle 6 of Basel Committee paper 'Framework for Internal Controls Systems in Banking Organisations' – Section CM-B.2 and Section E of the paper issued by the Counterparty Risk Management Policy Group - 'Improving Counterparty Risk Management' – see Section CM-B.2). Banks should seek to utilise internal rating systems to manage credit risk and to set adequate provisions on a timely basis (see Principle 10 of Basel Committee paper 'Framework for Internal Controls Systems in Banking Organisations' – Section CM-B.2 and also the Credit Ratings in Section CM-2.2).

(e) The Role of Internal Audit

The internal audit function must, on an on-going basis, monitor the system of internal controls because it provides an independent assessment of the adequacy of, and compliance with, the established policies and procedures. The internal audit function must report directly to the highest levels of the banking organisation, typically the Board of Directors or its audit committee, and to senior management. This allows for the proper functioning of corporate governance by giving the Board information that is not biased in any way by the levels of management that the reports cover.