On 20 November 2020, the Central Bank of Myanmar (“CBM”) issued the “Guideline on Risk Management Practices of Banks” pursuant to section 184 of the Financial Institutions Law (“FIL”). The guidelines apply to all banks in Myanmar and set out CBM’s supervisory expectations in relation to the banks’ risk management systems. The guidelines will come into effect six months from the issued date, that is, 20 May 2021.
The objectives of the guidelines are as follows:
- Require banks to ensure that their risk management system is appropriate to the nature, scale and complexity of their business;
- Encourage banks to enhance their risk management practices, taking into account developments in the financial system in Myanmar and the bank’s strategy and plans for the development of its business; and
- Set out the standards which CBM uses in assessing risk management systems under its risk-based approach to supervision.
The guidelines set out recommendations on a range of topics for banks to note and implement: risk management systems, risk governance, risk appetite framework, adequate monitoring and management information systems, internal controls (including internal audit), stress testing, external audit, capital management plan and supervision by CBM.
Key guidelines to note include:
- The Board of Directors of a bank should approve the bank’s risk appetite framework and a comprehensive risk strategy, as well as the bank’s risk management system.
- CBM expects Boards of Directors, especially of large banks, to establish a Risk Management Committee chaired by an independent non-executive director of that bank.
- The senior management of a bank is responsible for implementing the bank’s risk management system.
- Banks should establish a function to be responsible to the senior management for overall bank-wide risk management and this function should be independent from units and staff which take or accept risk for the bank, including the bank’s business units. This risk management function should have responsibility for providing oversight of the management of the risks inherent in the bank’s activities.
- Banks should establish an appetite for the aggregate level and types of risk they are willing to assume, decided in advance and within their risk capacity, to achieve their strategic objectives and business plan.
- Banks should develop and implement a rigorous and well-documented stress testing framework that is proportionate to the scale, nature and complexity of their operations and appropriate to their material risks. Detailed requirements on stress will be set out in separate guidelines to be issued by CBM.
The guidelines also define the key financial risks that banks should establish a system to manage, namely, (i) credit risk, (ii) market risk, (iii) liquidity risk, (iv) operational risk, (v) legal, regulatory and reputational risk, (vi) strategic risk, and (vii) group and related parties risk, and set out detailed standards on risk management for such risks.
Failure to comply with the guidelines constitutes a violation and is subject to corrective actions or sanctions as may be imposed under sections 94 and 96 of the FIL and administrative penalties under section 154 of the FIL.