Home   Browse contents   View updates   Search  
     Quick search
Go
   

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Laws
Rulebook Modules
Prudential — Investment, Insurance Intermediation and Banking Module (PIB) [VER33/02-19]
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Notices
Financial Markets Tribunal
Archive

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • PIB App10 Supervisory Review and Evaluation Processes

    • PIB A10.1 IRAP

      • PIB A10.1 Guidance

        Application

        1. This GuidanceG is relevant to an Authorised FirmG described in PIB section 10.3 (that is, a firm in CategoryG 1, 2, 3A, 3B, 3C, or 5) in regard to an Internal Risk Assessment ProcessG (referred to in this GuidanceG as an IRAPG ).
        2. The following GuidanceG generally assumes that the RulesG relating to capital adequacy in PIBG apply to an Authorised FirmG on a solo basis. However, the GuidanceG is to be read as also applying where the capital adequacy requirements in these modules apply to the Financial GroupG of an Authorised FirmG on a consolidated basis.

        Purpose of the IRAPG

        3. The IRAPG is an internal process of an Authorised FirmG which enables it to identify, assess, aggregate and monitor its risks adequately. The objective of the IRAPG is to develop a comprehensive and detailed risk profile for the firm. The IRAPG should help the firm ensure that sound risk management systems are in place, address any weaknesses in its risk management framework, and maintain adequate internal capital relative to its risk profile.
        4. An Authorised FirmG should ensure that the IRAPG forms an integral part of the firm's risk management framework and decision-making processes. The IRAPG should cover all activities of the Authorised FirmG and should be proportionate to the nature and complexity of the firm's activities.
        5. The Authorised FirmG should be able to demonstrate to the DFSAG that its internal risk assessment is comprehensive and adequate relative to the nature of risks posed by its business activities and its operating environment.
        6. The DFSAG does not prescribe any specific approach for the IRAPG and, consequently, an Authorised FirmG can choose to implement an IRAPG which is proportionate to the nature, size and complexity of the business activities.
        7. The IRAPG should be subject to adequate internal controls and reviews by internal audit to ensure the integrity and objectivity of the process. The IRAPG should consider the quality and effectiveness of the Authorised Firm'sG risk management framework while determining its risk profile.
        8. The IRAPG should:
        a. identify and outline all related parties of the Authorised FirmG , and list the types of transactions that occur between those related parties and the firm;
        b. identify the most significant risks to which the firm is exposed, which should, at a minimum, include the risks identified in GuidanceG note 9;
        c. identify each of the firm's major business lines and prepare a comprehensive list of the major risks to which each of the businesses are exposed;
        d. identify the controls and risk management measures used to address the risks referred to in b. and c. and assess the strength of such controls and systems; and
        e. consider the impact of an economic or industry downturn on its future earnings, taking into account its business plans.
        9. The IRAPG should, in addition to the aforementioned factors:
        a. estimate, with the aid of historical data, where available, the range and distribution of possible losses which might arise from each of those risks and consider using stress tests to provide risk estimates;
        b. consider the extent to which the firm's Capital RequirementG adequately addresses the type of risks referred to under GuidanceG note 8 (b) and (c); and
        c. estimate the expected change in the firm's risk profile on the basis of projections of the firm's business activities for the next 3 to 5 years.
        10. If the firm's IRAPG is based on this GuidanceG , it may enable the DFSAG more easily to review the IRAPG as part of its SREPG . However, the DFSAG may decide to rely on an IRAPG that is not consistent with the elements of this GuidanceG , owing to specific reasons and/or circumstances which necessitate an alternative approach.

        GuidanceG on risks to be covered as part of the IRAPG

        11. An Authorised FirmG should consider the following risks, where relevant, in its IRAPG :
        a. Credit RiskG , including Large ExposuresG and Concentration RisksG ;
        b. Market RiskG ;
        c. Liquidity RiskG ;
        d. for Islamic Financial BusinessG involving PSIAsG , displaced commercial risk;
        e. interest rate risk in the Non-Trading BookG ;
        f. Operational RiskG ;
        g. internal controls and systems; and
        h. reputational risk.
        12. This GuidanceG is merely an indicative list of risk categories, which does not preclude an Authorised FirmG from assessing other risks that it considers significant (for example, securitisation risks and residual risks). Likewise, certain categories of risks might not be relevant to all Authorised FirmsG completing the IRAPG . In this case, the IRAPG should clearly indicate why the risk is considered minimal or not relevant. The IRAPG should also consider all risks arising from any non-regulated activities of the Authorised FirmG , if they are seen as material to the risk profile of the firm.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB A10.2 ICAAP

      • PIB A10.2 Guidance

        Application

        1. This GuidanceG is relevant to an Authorised FirmG as described in PIB section 10.4 (that is, a firm in CategoryG 1, 2, 3A or 5) in regard to an Internal Risk Capital Adequacy Assessment ProcessG (referred to in this GuidanceG as an ICAAPG ).

        Purpose and process of the ICAAPG

        2. The ICAAPG is an internal process of an Authorised FirmG which enables it to determine and maintain the amount and quality of capital that is adequate in relation to the Authorised Firm'sG risk profile as assessed in the IRAPG . Authorised FirmsG are encouraged to maintain capital over and above the regulatory minimum capital. The ICAAPG , in conjunction with the IRAPG , should be embedded in the Authorised Firm'sG business and organisational processes.
        3. When assessing its capital needs, an Authorised FirmG should take into account the impact of economic cycles, and sensitivity to other external risks and factors. For larger or more complex institutions, this may mean developing an appropriate stress testing and scenario testing framework.
        4. The DFSAG does not prescribe any specific approach for the ICAAPG and, consequently, an Authorised FirmG can choose to implement an ICAAPG which is proportionate to the nature, size and complexity of the business activities.
        5. In completing an ICAAPG , an Authorised FirmG should:
        a. estimate the amount of capital required to absorb potential losses, if any, for the significant risks identified in the IRAPG (particularly risks which lead to financial losses);
        b. perform reasonable and proportionate sensitivity tests to analyse the impact of variation in the risk parameters of significant risks identified in the IRAPG on the profitability and the capital position of the Authorised FirmG ;
        c. estimate, using the range and distribution of possible losses estimated from historical data, the level of capital required reasonably to cover likely losses;
        d. estimate the Capital ResourcesG required to address potential variation in the Authorised Firm'sG Capital RequirementG arising from planned growth in business levels or any significant deviation in growth from plans; and
        e. document the ranges of capital required for each of the factors identified above and enable the Governing BodyG and the senior management to form an overall view on the amount and quality of capital which that Authorised FirmG should hold.
        6. The DFSAG does not require an Authorised FirmG to implement ICAAPG through sophisticated models and the DFSAG has no prescribed approach for developing an internal capital model for the firm's ICAAPG assessment. However, an Authorised FirmG should be able to demonstrate:
        a. the confidence levels set and whether these are linked to its corporate strategy;
        b. the time horizons set for the different types of business that it undertakes;
        c. the extent of historic data used and back-testing carried out;
        d. that it has in place a process to verify the correctness of the model's outputs; and
        e. that it has the skills and resources to operate, maintain and develop the model.
        7. If an Authorised Firm'sG internal model makes explicit or implicit assumptions in relation to correlations within or between risk types, or in relation to diversification benefits between business lines, the firm should be able to explain to the DFSAG , with the support of empirical evidence, the basis of those assumptions. An Authorised Firm'sG model should also reflect the past experience of both the firm and the sectors in which it operates.
        8. The assumptions required to aggregate risks that are modelled and the confidence levels adopted should be considered by the Authorised Firm'sG senior management. An Authorised FirmG should also consider whether any relevant risks, including systems and control risks, are not captured by the model.
        9. An Authorised FirmG using an internal capital model should validate the assumptions of the model through a comprehensive stress testing programme. In particular this validation should:
        a. test correlation assumptions (where risks are aggregated in this way) using combined stresses and scenario analyses;
        b. use stress tests to identify the extent to which the firm's risk models omit non-linear effects, for instance the behaviour of derivatives in Market RiskG models; and
        c. consider not just the effect of parallel shifts in interest rate curves, but also the effect of the curves becoming steeper or flatter.
        10. Any internal assessment of capital adequacy should address diversification benefits and transferability of Capital ResourcesG between members of the Financial GroupG . It should also describe the distribution of the capital required by the Financial GroupG across all entities, including the Authorised FirmG .
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB A10.3 Supervisory Review and Evaluation Process (SREP)

      • PIB A10.3 Guidance

        Application

        1. This GuidanceG is relevant to an Authorised FirmG as described in PIB section 10.5 (that is, a firm in CategoryG 1, 2, 3A, 3B, 3C or 5) in regard to a Supervisory Review and Evaluation ProcessG (referred to in this GuidanceG as a SREPG ).

        Introduction

        2. This GuidanceG covers the evaluation criteria and methodology (referred to as a SREPG ) that the DFSAG may use when reviewing and evaluating the IRAPG and ICAAPG of an Authorised FirmG .

        The SREPG in detail

        3. A SREPG of an IRAPG and an ICAAPG forms an integral part of the overall supervisory approach of the DFSAG . A SREPG is expected to enable assessment of the effectiveness, completeness and quality of an IRAPG and ICAAPG in relation to the overall risk profile of the Authorised FirmG . It leverages from information collected and assessments carried out as part of the wider supervisory regime, including desk-based reviews, on-site risk assessments, discussions with the firm's management, and reviews completed by internal and external auditors.
        4. The SREPG is structured to provide consistency of treatment across Authorised FirmsG , taking into consideration the differences in risk profiles, business strategies and management. An essential element of the SREPG is the qualitative assessment of each type of risk and its management within the overall context of the firm's internal governance.
        5. The DFSA'sG assessment of the individual risk profile of an Authorised FirmG will provide the context for evaluation of the firm's IRAPG and/or ICAAPG . The evaluation in turn will be used by the DFSAG to augment its understanding of the overall risk profile of a firm. Also, in relation to a firm in CategoryG 1, 2, 3A or 5, the DFSAG might involve such a firm in a formalised discussion of risks and capital adequacy, which might lead to a requirement for additional capital.
        6. The SREPG may be used as a regulatory tool for Authorised FirmsG which are required to perform an IRAPG and/or ICAAPG . The SREPG for each Authorised FirmG will be proportionate in terms of the size, scale and complexity of its business and its impact on financial sector stability. The DFSAG will cooperate actively with other supervisory authorities whenever an Authorised FirmG is part of a GroupG and is prudentially regulated on a consolidated basis.
        7. The SREPG evaluation cycle will be determined in the discretion of the DFSAG and be based on the risk assessment, developments in the risk profile and changes in the Authorised Firm'sG strategy or products. The SREPG is as far as possible aligned with the risk assessment process to ensure that a recent risk assessment is available for the SREPG evaluation process.
        8. It is envisaged that the DFSAG will use a range of supervisory tools of qualitative or quantitative nature to perform the SREPG . The SREPG is not intended as, and should not constitute, a parallel or secondary IRAPG or ICAAPG . Its purpose is to evaluate the quality, completeness and consistency of the IRAPG or ICAAPG of the Authorised FirmG .

        Review of the IRAPG and ICAAPG Assessment

        9. Upon receipt of an IRAPG or ICAAPG the DFSAG would normally:
        a. subject the data provided to an initial analysis for completeness and accuracy followed by a more detailed comparison with the relevant data held on file at the DFSAG about the Authorised FirmG ;
        b. determine if there are material changes compared with previous submissions;
        c. determine if the submitted data contains indicators of a possible material change in the firm's risk profile;
        d. address and discuss any information gaps or anomalies with the firm; and
        e. form an assessment about content and quality of the submission which will be integrated into the overall supervisory approach.

        Evaluation of the IRAPG and ICAAPG

        10. The SREPG evaluation of the IRAPG and, where applicable, the ICAAPG covers all activities of an Authorised FirmG and takes all relevant data collected during the supervisory process into account. The SREPG evaluation process will use desk based reviews, firm visits and meetings to arrive at a final view.
        11. As part of the SREPG , the DFSAG will consider:
        a. the completeness of the IRAPG and, where applicable, the ICAAPG by ensuring that it covers all business areas, internal governance and all risk categories of the Authorised FirmG ;
        b. the soundness and quality of the IRAPG and, where applicable, the ICAAPG process in relation to the firm's size, business complexity and risk profile;
        c. soundness of qualitative calibration and quantitative methodology whenever employed by the firm;
        d. execution of the IRAPG and, where applicable, the ICAAPG in terms of consistency, quality and documentation;
        e. adequacy of internal controls and quality assurance processes on the IRAPG and, where applicable, the ICAAPG ; and
        f. adequacy of management information and whether the management had responded adequately and in a timely manner to such information.
        12. Based on the SREPG , the DFSAG will form an assessment which will be communicated to the Authorised FirmG and flow into the overall supervisory approach. The action required resulting from the IRAPG and ICAAPG will be communicated to the firm as part of a risk mitigation programme.
        13. In relation to an Authorised FirmG in CategoryG 1, 2, 3A or 5, where the DFSAG does not agree with the results of the firm's ICAAPG results, the DFSAG will involve the firm in a dialogue to reconcile any difference in view to arrive at a consensus estimate of the capital level required to address all risks identified either by the firm or by the DFSAG in its SREPG . Such an estimate will be specified by the DFSAG as the Individual Capital RequirementG for the firm. Where consensus is not possible the DFSAG may impose an Individual Capital RequirementG on a firm.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]
        [Amended] DFSA RM135/2014 (Made 21st August 2014). [VER22/06-14]