Catalog

• When drawing up management policy, does the management take into consideration soundness, rationality, and feasibility?
• Is the management policy integrated?

• Is the management policy clear with respect to criteria for action by each department?
• Is the policy well understood throughout the entire organization, and does it function well?
• Does the FI compile a medium- and long-term business plan (e.g., every 3-5 years)?
• Does the FI compile a business plan (annually or semiannually)?
• Does the department in charge of management planning regularly monitor the level of accomplishment and make necessary adjustments?

• Does the management have high professional moral standards and make efforts to establish awareness of the importance of internal controls among employees?
• Does the management recognize internal and external factors constituting potential risks to the FI, and is the management aware of the different types and degrees of risk and risk exposure inherent in these factors?
• Does the management recognize different risk management methods according to the types of risk and risk exposure?
• Does the management set limits to the acceptable amount or degree of risks inherent in the FI and adequately instruct relevant sections?

• Is the management clearly aware of its responsibility for drawing up appropriate and adequate risk management policy?
• Does the board of directors decide basic policy vis-à-vis risk-taking and risk control giving due consideration to the balance between various risks to the FI's capital as well as each business operation?
• Does the management regularly check the effectiveness of its risk management system?
• Does the management possess the necessary framework, system, and procedures for identifying, monitoring, and controlling various risks?
• Does the management aim to build a comprehensive risk management system on an institution-wide basis?

• Is the FI aware of the necessity of diversifying fund-raising sources and investment vehicles?
• Does the FI have in place an organization and operational framework that further emphasizes the importance of risk management rules and regulations such as limit on exposure to a single borrower?
• Does the FI avoid excessive dependency on a specific counter-party in its business operation?
• Is it possible to monitor risks so as to detect any mal-distribution?

• Does the FI have in place countermeasures against payment failure by other FIs or resulting financial system instability?

• Is the FI adapting its organization and staff allocation so as to strengthen the risk management system?
• Is the burden of responsibility regarding business operations and risk management clearly defined?
• Does the FI have in place a system that can control risk exposure while responding to economic change by utilizing research department data?
• Does the FI have in place an internal control system capable of swiftly and adequately dealing with newly recognized risks arising from changes in the environment, etc.?
• Is the FI aware of the necessity for organizational reform in line with changes in the environment, etc., and is there a department responsible for planning and implementing measures in response to such changes?
• Does the institution-wide risk management section regularly assess the effectiveness of the FI's overall risk control system

• Are internal rules for the delegation of authority rational from the standpoint of securing double-checking of operations and risk control in line with business expansion?
• Has the FI confirmed that there is no excessive concentration of authority nor extreme delegation of authority to subordinates?
• Does the FI have in place a framework where monitoring and evaluation of major risks are conducted by a specializing section independent from the business promotion department?
• Are risk management responsibilities clearly defined among the board of directors, ALM committee, directors in charge, and department heads?
• Does the department head keep to the unavoidable minimum the range of duties where a sufficient double-checking system cannot be applied, and does the FI have in place a system for close monitoring?

• Does the FI have in place an appropriate reporting system by which directors in charge and the board of directors receive information on business operations and risk management without undue delay?
• Does the FI have a consistent reporting format, giving due consideration to easy comprehension and coherency of contents?
• Are decisions made by directors in charge and the board of directors adequately communicated to, and understood by, concerned sections (including domestic and overseas branches)?
• Does the FI have in place a regular reporting system to senior officers and management regarding risk management?

• Does the FI recruit staff with appropriate experience, skill levels, and degree of expertise to undertake specialized business operations, in particular, those relating to risk management?
• Do staff members actively take part in business operations in line with their position and responsibilities?
• Does the FI recruit staff based on an employment plan?

• Does the on-the-job training (OJT) program function adequately?
• Does the FI have training programs according to qualifications and job description?
• Does the FI revise training programs in accordance with changes in business operation and sophistication of risk management?

• Are the frequency, checkpoints, and scope of internal audits adequate?
• Does the internal audit section/department have auditors with expertise in each business area, and are they able to effectively audit the FI's overall operation?
• Does the internal audit section/department have access to all relevant documents and vouchers?
• Does the FI conduct regular internal audits of all departments including headquarters and of all operations excluding those that are considered customarily exempted from auditing?
• Is the internal audit section/department completely independent from other sections/departments, and does it directly report to the management?

• Are internal audit results reported to the management promptly and accurately?
• Is information useful for improvement of operations regularly passed on to concerned departments such as the operations planning department?
• Does the internal audit section/department take the initiative in directing improvement measures such as the revision of internal rules in order to prevent the reoccurrence of problems?
• Does the management appropriately monitor whether improvement measures directed to sections/departments are carried out?

• Does a specialized department (e.g., the financial department) monitor profit/loss from various viewpoints such as profit by customer and branch, and on a consolidated basis?
• Does each department manage profit/loss bearing in mind the allocation of indirect costs?
• Is due consideration given to risk profiles when assessing and determining profit/loss conditions?
• Is there a computerized support system for profit/loss management (e.g., cost accounting of deposits and lending)?

• Does the FI thoroughly assess capital and other resources before embarking on a new business?
• Does the management appropriately decide the resources distribution policy based on regular profit/loss reports?
• Are limits on risk exposure set for each department taking into consideration the FI's capital?

• Is the differential between actual market rates and pricing of deposit, lending, and derivatives rates within a rational range?
• Is delegation of authority relating to pricing clearly defined?
• In pricing, is consideration given not only to operations, profit, and market conditions, but also operating cost, credit spread, and embedded option premium for premature cancellation?

• Is financial performance monitored on a consolidated basis with full understanding of the business performance of companies subject to consolidated accounting?
• Is financial performance monitored appropriately on the basis of including affiliated companies not subject to consolidated accounting taking into consideration degree of business affiliation?

• Is there a section responsible for monitoring the business operations of affiliated companies (including nonbank financial institutions)?
• Is the FI capable of checking unusual activities such as large fund transfers among affiliated companies?
• Does the head office fully recognize the risk profiles inherent in overseas affiliated companies?
• Does the FI regularly monitor risks to which domestic and overseas affiliated companies are exposed to ensure that they are within a rational range in relation to their financial strength such as capital?

• Does the management fully understand that insufficient compliance can impair the management base?
• Is the top management making efforts to ensure that recognition of the importance of compliance penetrates throughout the FI?
• Is the management fully aware which FI operations are most likely to cause problems in terms of compliance?
• When starting a new operation, does the management take into consideration of newly arising risks in the area of compliance?

• Are responsibilities with respect to compliance clarified by appointing an executive director and setting up a responsible coordination department? Are matters regarding compliance such as planning and monitoring under centralized control?
• Does the FI have in place concrete procedures (i.e., planning of education and training programs, compiling codes of conduct and compliance manuals, drawing up internal rules, etc.) that effectively initiate compliance?
• Do FIs with overseas branches have a compliance officer for each country who regularly monitors local legal changes?
• Has the FI appropriately placed a person in charge of compliance in relevant departments and clearly stipulated their job descriptions in the allocation of duties? Have these positions been effectively put into practice (i.e., implementation of training programs and educational activities, consultation, and inspection in the event of any doubtful contradictions to rules, swift reporting to the coordinating department)?
• In the development and sales of new products, does the coordinating department confirm the legal compliance of its content and policy of customer explanation in advance?
• Does the FI maintain close contact with its lawyers with a view to forestalling trouble and dealing with any incident appropriately and swiftly?

• Is the compliance consistency in each type of FI business monitored by compliance officers and in-house audits on a daily basis?
• Does the compliance officer promptly and appropriately report the compliance consistency and problems in each operation section to the coordinating department?
• Does a department (i.e., internal audit department) independent from operation sections and a coordinating department regularly examine the compliance consistency?
• Does the coordinating or internal audit department promptly and appropriately report the compliance consistency and problems to the management and auditors (or auditors committee)?
• Are incidents and accidents swiftly reported to the supervisory authorities? Is the credibility of the content of reports sent to other authorities assured?
• Are summaries of customer complaints or lawsuits sent to branches in order to forestall problems?

• Are the FI's management policy and strategies made widely known through disclosure magazines and other means?
• Are major indicators of the FI's performance accurately disclosed?
• Do the board of directors and auditors (or auditors committee) function appropriately to secure proper execution of business by the management? When required, does the FI appoint external board members and set up a compliance committee?
• Does the management take due notice of the opinions of external auditors (letters of advice on improvement of internal control, i.e., management letters)? Does the management examine and implement appropriate improvement measures?
• Does the FI actively initiate relations with investors, by for example, conducting briefings about its business performance for investors?
  

• Is the processing of daily accounts carried out properly?
• Are annual financial statements produced in accordance with accounting principles?
• Is there any unsound accounting manipulation of statements (i.e., figures subject to financial statements and disclosure) such as carrying over of losses that should be realized?
• Are the required amounts of write-offs and provisioning determined by self-assessment appropriated in the financial statements?
• Are soundness of accounting principles and reliability of financial statements secured through adequate auditing?

• Has the FI drawn up a comprehensive plan for the head office and all branches, and is there a manual for it?
• Is there a section responsible for drawing up and coordinating the plan?

• Is the management aware of the plan, and do they fully understand it?
• Are staff aware of the plan, and do they fully understand it?
• Is the plan approved by the board of directors?
  

Managerial factors:

• Does the plan give due consideration to the safety of customers and employees in case of an emergency?
• Does the plan clearly designate an emergency headquarters to be in charge of dealing with a crisis?
• Does the plan assess the degree of impact an emergency will have on operations?
• Does the plan clearly designate the priority level of each operation, delegation of authority, and arrangements for obtaining the necessary staff in case of an emergency?
• Does the plan clearly state the order and method of contacting management and staff in case of an emergency?
• Does the FI have a means of communication with entities operating payment systems and supervisory authorities, etc., in case of an emergency?
• Does the FI have in place a public relations network (including the use of mass communications) directed at customers in case of an emergency?

Material factors:

• Does the plan take into consideration electricity, water, and food supply?
• Does the plan clearly designate the necessary action to protect assets such as securing a warehouse to store things and deciding the evaluation procedure for damaged property?
• Has the FI secured backup data in a vault and/or distant location?
• Does the FI have in place a backup center or a backup contract with trustworthy subcontractors or other FIs?
• Has the FI secured multiple communications methods using private lines between the head office and branches, and between the computer center and branches?
• Has the FI secured countermeasures (i.e., alternative office space, etc.) in the event of an emergency (in particular, for overseas branches)?

• Does the FI have a system to review the plan when necessary?
• Are on-site drills conducted regularly at the head office against possible shutdown of the system?
• Are on-site drills conducted regularly at both the head office and branches?
• Are results of on-site drills reported to management after appropriate assessment, and utilized in reviewing the plan?