Home » General » BIS2

Pillar two: Supervisory review process

The second pillar considers the method in which banks and central banks should review the implementation and usage of BIS II. This pillar requires banks to develop their risk management beyond the minimum requirements set out in pillar one. Additional risk types such as interest rate risk should be incorporated in this more comprehensive risk management system. Furthermore it dictates that the BIS II framework should be an integral part of the banks activities. This means for instance the banks general management should be aware of BIS II and should be involved in the decisions surrounding BIS II. The BIS II paper itself defines the purpose of pillar two as:

The supervisory review process of the Framework is intended not only to ensure that banks have adequate capital to support all the risks in their business, but also to encourage banks to develop and use better risk management techniques in monitoring and managing their risks.”

In pillar two, four principles of supervisory review
are defined.


  1. Banks should have a process for assessing their overall capital adequacy in relation to their risk profile and a strategy for maintaining their capital levels.

  2. Supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with regulatory capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of this process.

  3. Supervisors should expect banks to operate above the minimum regulatory capital ratios and should have the ability to require banks to hold capital in excess of the minimum.

  4. Supervisors should seek to intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank and should require rapid remedial action if capital is not maintained or restored.


Principle one
The first principle is divided into five main features

  1. Board and senior management oversight; The board and management of a bank should consider itself responsible for adequate risk management. It should define a risk appetite and communicate it within the bank. Capital management should be an integral part of strategic planning.

  2. Sound capital assessment; According to BIS II this includes:

    • Policies and procedures designed to ensure that the bank identifies, measures, and reports all material risks;

    • A process that relates capital to the level of risk;

    • A process that states capital adequacy goals with respect to risk, taking account of the bank’s strategic focus and business plan; and

    • A process of internal controls, reviews and audit to ensure the integrity of the overall management process.


  3. Comprehensive assessment of risks; A bank must consider all material risks for determining its required capital. Minimally the following risks should be included: credit risk, operational risk, market risk, interest rate risk in the banking book, liquidity risk and other risks.

  4. Monitoring and reporting; A bank should monitor its risk profile and the underlying assumptions. Senior management should be aware of the key assumptions underlying this profile, including the sensitivity of the risk assessment to changes in the assumptions. Furthermore the development of the risk profile and capital requirements should be analysed.

  5. Internal control review; A bank should review its own risk management and capital assessment process. This can be done by an independent internal department, internal audits or external audits.


Principle two
The second principle is also divided into five main features

  1. Review of adequacy of risk assessment; A supervisor should asses if the capital assessment incorporate all relevant risks. Furthermore supervisor should asses if the measurement of those risks is used in the day to day business. It should also review the results from stress testing from a bank and check whether the results have been incorporated into the strategy (and its effect on the capital needs).

  2. Assessment of capital adequacy; A supervisor should asses if the level of capital is adequate, If these levels are properly monitored and if the composition of the capital is appropriate for the bank. A supervisor should also check if a bank utilises scenario analysis and stress tests to determine its required capital.

  3. Assessment of the control environment; A supervisor should asses a banks management information. Whether it’s timely and correct. It is also important to asses the management record in reacting to the received information.

  4. Supervisory review of compliance with minimum standards; In pillar one certain minimum requirements have been determined, for the capital calculation. A supervisor should ensure that a bank meets with these requirements, on an ongoing basis.

  5. Supervisory response; If a supervisor determines a gap in the risk management of a bank, it should respond with an appropriate action.

Principle three
The third principle is not divided into sub features. The idea behind this principle is to ensure that supervisors consider the pillar one, capital calculation a minimum requirement. A supervisor should expect
banks to hold capital in excess of the minimum. This can be necessary for risks which have not been incorporated in the first pillar. It can also be advisory because of bank specific issues. Or a bank may wish a larger buffer in order to position itself as a safe bank in the market. Furthermore the capital requirement will change through
time. If the available capital equals the required capital any negative change will lead to a breach of the regulatory capital requirement. No bank is expected to find such a situation acceptable.

Principle four
The fourth principle is also not divided into sub features. This principle states that a supervisor should signal a move towards inadequate capital, before it is actually deemed inadequate. A supervisor has several actions which it can take if there is a serious thread that the available capital becomes less than the required capital. It can increase monitoring of a bank, Forbid (or restrict) payment of dividends, require the bank to create and implement a capital restoration plan or force a bank to attract capital from the market immediately. These actions may be used permanently or temporarily while a bank is improving the situation at hand.