Reports on Observance of Standards and Codes

Estonia and the IMF

Estonia ROSC
I.  Banking Supervision
II.  Insurance Supervision
III.  Securities Supervision
IV.  Payment System
V.  Transparency of Monetary and Financial Policies

What do you think of Reports on the Observance of Standards and Codes?


   should be directed to:
   European II Department
   700 19th Street, NW
   Washington, DC 20431
I.  Banking Supervision
Prepared by a staff team from the International Monetary Fund and the World Bank in the context of the Financial Sector Assessment Program (FSAP) on the basis of information provided by the Estonian authorities.

June 2000

Compliance with the Basel Core Principles for Effective Banking Supervision1

1. An assessment of Estonia's observance of and consistency with relevant international standards and core principles in the financial sector, was undertaken under the auspices of the Bank-Fund Financial Sector Assessment Program (FSAP). This has helped to place the standards assessments in a broader institutional and macroprudential context, and identify the extent to which the supervisory and regulatory framework has been adequate to address the potential risks in the financial system. The assessment has also provided a source of good practices in financial regulation and supervision in various areas.

2. The assessment covered (i) the Basel Core Principles for Effective Banking Supervision; (ii) the International Association of Insurance Supervisors' (IAIS) Supervisory Principles; (iii) the International Organization of Securities Commissions' (IOSCO) Objectives and Principles of Securities Regulation; (iv) the Committee on Payment and Settlement Systems' (CPSS) Draft Core Principles for Systemically Important Payment Systems; and (v) the IMF's Code of Good Practices on Transparency in Monetary and Financial Policies. This comprehensive coverage of standards was carried out at the request of the Estonian authorities, in light of the rapid development of the financial sector, including nonbank financial institutions. It should be noted that some of the standards are still in draft form, and some do not yet have a complete methodology to systematically assess compliance or consistency.2

3. The assessment of standards and codes draws on the self-assessments by the Estonian authorities and on field work undertaken by a joint IMF-World Bank mission which visited Estonia during February 1–11, and February 29–March 14, 2000. The assessments were based on a peer review process by Stefan Niessner (Deutsche Bundesbank), M. Srinivasan (Reserve Bank of India) and Richard Abrams (IMF) on the Basel Core Principles, Martin Halvorsen (Kredittilsynet, Norway) on the IAIS Insurance Supervisory Principles, Melinda Roth Alexandrowicz (World Bank) on the IOSCO Objectives and Principles of Securities Regulation, and Charlie Garrigues (World Bank) on the Draft CPSS Core Principles for Systemically Important Payment Systems. Jingqing Chai (IMF) prepared the Code of Good Practices on Transparency in Monetary and Financial Policies, with inputs from the sectoral experts. The expert team was coordinated by the IMF-World Bank FSAP mission led by Alexander Fleming (World Bank, mission chief) and Richard Abrams (IMF, deputy mission chief).

4. The assessment, which was based on information available through March 2000, showed that Estonia has made great strides in strengthening its supervisory framework. Progress has been particularly strong in the area of banking supervision. Supervision of insurance firms is also improving, although some concerns remain. On the other hand, oversight in the securities sector is weak. While the payment system itself is viewed as relatively strong, payment system oversight could be improved.

5. The findings regarding transparency practices were quite favorable. No significant weaknesses were identified with respect to either monetary policy or the deposit guarantee scheme, while the shortcomings in banking and insurance supervision and on the payment system were relatively minor. Transparency practices in securities supervision were assessed as somewhat weaker than the others, although the flaws were not serious.

A. Background and Overview

6. The assessment took place against the background of a banking system that had been markedly strengthened, as the weaker, more poorly managed banks had failed, while the stronger, better-managed banks had entered into successive mergers. In 1998, the banking system entered into a second phase of the restructuring process, as three banks failed, one bank was recapitalized and merged with another small bank, while the four largest banks merged into two. Shortly thereafter the two largest banks were taken over by two major Swedish banks. The Swedish strategic investors have done much to strengthen the two banks, both directly through capital injections, and indirectly through improved governance and management. As a result, these banks both appear to be strong, conservative and well-managed. As of March 2000, there were seven commercial banks operating in Estonia, with the two largest accounting for over 55 percent of banking assets.

7. The assessment was carried out on the basis of an examination of the Credit Institutions Act (CI Act, 1999); the Money Laundering Prevention Act (which came into force in 1999); the Law on the Central Bank of the Republic of Estonia (CBL, 1993) and the Statute of the Bank of Estonia (1996); the principal statutory authority for the supervision of banks; and the Decrees made under the CI Act. The examination also included information provided by the major Estonian banks and the Estonian branch of a foreign bank, the Estonian Bankers Association, and the Chairman of the Accounting Board. Officials of the BoE and, particularly, the Head and staff of the BoE's Banking Supervision Department (BSD) were also consulted. The assessors also met with the Deputy Governor of the BoE who has overall responsibility for supervision. The assessment team received excellent cooperation from all parties it met.

B. Main findings

8. The BoE was found to have a competent, professional, but somewhat inexperienced supervisory staff. The quality of banking supervision has improved markedly in the last several years as a result of a concerted effort on the part of the BoE to strengthen the management and staff of its banking supervision function, and to improve the regulatory framework in order to bring it up, not only to EU minimum standards, but also to a level consistent with international best practices. At the same time, the burden on the BSD has been eased somewhat as a result of the restructuring and consolidation of the Estonian banking system. However, while the overall supervisory framework appears to be much stronger, it has not been fully tested to establish whether the BoE's powers will be used in practice and that forbearance will not undermine its effectiveness. Furthermore, the BSD staff will need additional training once the market activities of credit institutions become more complex and credit institutions begin using sophisticated risk management systems. In this regard, there have been some signs that qualified personnel—particularly those with experience—are scarce.

9. Estonia has established itself as a leader among transition economies in the implementation of structural reforms. This progress may be due, at least in part, to the goal of completing all EU accession requirements by early 2003. The objectives of swift and efficient transition and EU accession have resulted in rapid improvements in the legal and regulatory infrastructure of the financial system, which is now generally sound and is comparable to that of many industrial countries. For example, the legal basis for a functioning banking system is in place; commercial contracts are enforceable; foreclosure and bankruptcy procedures are in place and effective; and rules governing collateralization are established. Accounting and auditing standards are also reported to be generally good, although questions have at times arisen regarding the quality of some audits. However, these concerns appear to be waning. On the other hand, there is apparently a heavy court caseload, which may pose problems for the efficiency of the judicial process.

10. The Basel Core Principles are grouped into seven major categories: (i) preconditions for effective banking supervision; (ii) licensing and structure; (iii) prudential regulatory requirements; (iv) ongoing supervision; (v) information requirements; (vi) formal powers of supervisors; and (vii) cross-border banking. The following section assesses Estonia's compliance under these headings.

Preconditions for effective banking supervision (CP 1)

11. The basic legal framework is contained in the CI Act, and in the decrees and explanations made under it. These provide powers for the BoE to supervise credit institutions and permit the exchange of information with the Insurance and the Securities Inspectorates, the other main supervisory authorities in Estonia. The CI Act requires that credit institutions provide the BoE with all information it deems necessary. The CI Act also provides for the BoE to assess credit institutions' compliance with laws, and decrees made under the CI Act, as well as safety and soundness concerns. The BoE has a reasonable array of instruments to use to encourage compliance with prudential norms. There is no visible evidence of any government or industry interference in the work of the BoE.

Assessment: Even though the preconditions for effective banking supervision are met, several weaknesses were identified. These include: a lack of adequate training arrangements for supervisory staff for upgrading of skills to meet the demands of emerging products; a lack of protection of the BSD and its staff against lawsuits for actions taken while discharging their duties in good faith; and the absence of Memoranda of Understanding (MOUs) on cooperation and information sharing with key host and home foreign supervisory authorities, including Sweden and Lithuania. However, efforts are under way to finalize these agreements. While an MOU with the Securities Inspectorate (SI) is needed, it will need to await better controls on the use of internal information at the SI.

Licensing and structure (CPs 2-5)

12. The CI Act clearly defines the term "Credit Institution" and the permissible transactions for credit institutions. In the licensing process the applicant has to provide the BSD with every relevant piece of information (such as strategic and operational plan, fitness and propriety of manager and suitability of shareholders). The BSD has the authority to refuse to grant authorization for the acquisition of or increase in qualifying holdings. Investments in another company that is neither credit institutions, financial institutions, or ancillary banking undertakings, is restricted to 15 percent of the net own funds, while the total participation in such companies may not exceed 60 percent of the net own fund.

Assessment: The system is effective. The CI Act fully complies with these principles.

Prudential regulation and requirements (CPs 6-15)

13. With the implementation of the EU Capital Adequacy Directive through Decree No. 19 of the President of the BoE in June 1999, the capital adequacy requirements are in line with the CPs. However, the BSD has no expertise in assessing risk models that are used by some credit institutions to calculate the market risk in their trading books. The large-exposure regulation, including its definition of connected parties, conforms to EU law. However, the definition of parties related to credit institutions is narrow and may need to be extended.

14. The CI Act puts the onus on the management of the credit institutions to identify, assess, monitor, and control all risks in the activities of the credit institutions (§ 55 of the CI Act). A credit institution must have an independent internal audit unit that monitors the activities of the whole credit institution and their compliance with the law, the principles of sound banking management, and precepts issued by the BoE. It should also assess the suitability and sufficiency of the internal rules and procedures of the credit institution, and regularly monitor compliance with the requirements, procedures, limitations, and other rules established by the supervisory or management board, in addition to ensuring that the internal audit unit has sufficient resources and staff.

15. A greater concern is that the BSD has not issued a decree on minimum rules for loan classification and loan loss provisioning. Hence, the practice of the credit institutions vary, and instead they follow norms prescribed by parent credit institutions or auditors (subject to the approval of the BoE). The BoE also has not yet issued guidance on the management of country and transfer risk, or on operational risk. Moreover, there are no other special procedures prescribed by the BoE for countering fraud. Accordingly, supervisory procedures have focused largely on the BSD's assessment of internal policies that have been formulated and maintained by the banks.

16. Money laundering is beyond the domain of the BoE. The institutional arrangements to address this problem have some shortcomings, notably the anti-money laundering authority in Estonia—the Financial Intelligence Unit—has neither the right to conduct verification of reported data nor the right to share its information with other agencies. However, a working group on improving the Money Laundering Prevention Act (MLPA) is addressing this shortcoming, and it is also expected to make recommendations to improve the "know-your-customer" principle.

Assessment: The basic requirements are sound, although some deficiencies remain. Once the BoE has issued the decrees on loan classification and loan loss provisioning, on country and transfer risk, as well as the explanation on internal controls, it will observe with these principles. Regarding the "know-your-customer" principle, an amendment of the MLPA is necessary.

Methods of ongoing supervision (CPs 16-20)

17. The BSD has a team of on-site inspectors and off-site supervisors, who meet regularly to discuss the developments in the credit institutions and make plans on what to emphasize in the upcoming on-site inspections. In addition, the BSD can use external auditors to examine specific aspects of credit institutions' operations. External auditors must also review the financial statements of credit institutions' annual reports and notify the BSD promptly about material violations of prudential rules and regulations. While the BSD, or persons authorized by the BSD, have unlimited access to all documents of the credit institutions, there are no specific provisions on giving BSD staff full access to the management and supervisory board or to the staff.

18. Prudential data reporting is adequate. Among the main reports are: balance sheets (every 10 days); profit and loss account; and data on credit and investments, large exposures and related lending, as well as capital adequacy (monthly). The BoE has the authority to request and receive any relevant information from banks, as well as from their related companies, irrespective of their activities. In order to make meaningful comparisons among banking organizations, the BoE collects data from all banks and all other relevant entities within a banking organization on a comparable basis and related to the same dates (stock data) and periods (flow data). Overall, off-site supervision is thorough and the extent and frequency of the required data are commensurate with the nature and size of the credit institutions in Estonia.

19. In addition, the legal basis for consolidated supervision by the means of off-site and on-site supervision is in place, except for the supervision of the overseas subsidiaries of the Estonian credit institutions operating in Lithuania, where an MOU on information sharing is yet to be signed. Furthermore, the only reason the BoE may use to limit the range of activities that the consolidated banking group may conduct is that its organizational structure is not suitable for the intended activities.

Assessment: To reach full compliance with these principles, the BoE needs to sign an MOU with Lithuania to conduct consolidated on-site supervision and to enhance the present authority to review the activities of parent companies and of companies affiliated with the parent companies.

Information requirements (CP 21)

20. Reporting requirements are based mainly on the Accounting Act, the Establishment of Personal Liability for Accounting and Correctness of Accounting Information Act, and on the Balance Sheet Manual (BoE Decree No. 2). Accounting Standards are established by the Accounting Board in the Ministry of Finance, on which the BoE is represented. The annual reports of credit institutions must be audited in accordance with international auditing standards. Auditing standards are high and the BSD has powers to remove and replace an auditor. However, as noted, in the past there were cases where audit results were of dubious quality.

Assessment: The CI Act complies fully with this principle. Improvements could be achieved by giving the BoE the right to approve external auditors and a greater input into the work of the Accounting Board on issues relating to accounting standards for credit institutions.

Remedial measures and exit policy (CP 22)

21. As noted, the banking system has been undergoing a major consolidation process in Estonia, with the number of domestic credit institutions falling from 22 in 1995 to 6 in 1999, as a result of mergers and bank failures. In one case, the BoE acquired a majority in a credit institution to facilitate the merger of two weak institutions. In the two latest failures, the losses of depositors were covered by the newly created Deposit Guarantee Fund, which had to borrow to cover the losses. Although the BSD has generally dealt with problems in the banking sector promptly and comprehensively, there have been cases of forbearance. The CI Act provides for a wide range of remedial actions, including the withdrawing of the license of a credit institution.

Assessment: The CI Act provides the BoE with the necessary tools to take timely corrective actions. However, to mitigate the risk of forbearance the BoE should issue guidelines that specify the sanctions applicable for different levels of shortfalls (e.g., in meeting the capital adequacy ratio requirements).

Cross-border banking (CP 23-25)

22. The BoE has the authority to supervise the overseas activities of locally incorporated banks. The CI Act stipulates that the organizational structure of the branch must be suitable for the intended activities, and that the managers of the subsidiary or directors of the branch must meet the same requirements applicable to managers of credit institutions. While the BoE can prohibit the foundation of new branches, it cannot demand the closure of existing ones. The BoE has a policy for assessing whether it needs to conduct on-site examinations or require additional reporting, and it has the legal authority and resources to take those steps as and when appropriate. Because no Estonian bank has overseas branches, the BoE's oversight of foreign operations of the subsidiaries of Estonian credit institutions and its assessment of the quality of supervision conducted in the countries in which its banks have material operations remains untried. The proper supervision of the foreign bank branches/subsidiaries in Estonia and Estonian banks' overseas subsidiaries requires close international cooperation, ideally based on MOUs. To date, the BoE has signed MOUs with Finland and Latvia, and it is in the process of concluding MOUs with Lithuania and Sweden.

23. The BoE may provide information to host country supervisors concerning the overall framework of supervision in which the banking group operates and, to the extent appropriate, concerning significant problems arising in the head office or in the group as a whole. The BoE is required to receive a "no objection" response or, preferably, the approval of the home supervisor before considering the requests of overseas banks of non-EU countries to open branches in Estonia.

Assessment: The CI Act provides the BoE with all means to conduct the supervision of credit institutions on a consolidated basis. Thus far the BoE has signed MOUs only with the Finnish and Latvian authorities, but it is in the process of drafting MOUs with Sweden and Lithuania. Once these are signed, the BoE will also be able to use on-site inspections as a tool in carrying out supervision on a consolidated basis. Full compliance will be reached once the BoE is empowered to demand the closing of overseas branches.

Priorities for further action

24. The overall findings are summarized in Table 1. Against this background, the BoE, in consultation with the assessment team, developed the following prioritized action plan.

Table 1. Estonia: Compliance with the Basel Core Principles

(Assessment of February/March 2000)

Core Principle

C 1/

LC 2/

MNC 3/

NC 4/

Corrective Actions

1(1) Objectives



1(2) Independence




Supervisors need training.

1(3) Legal framework



1(4) Enforcement powers



1(5) Legal protection



Legal protection is lacking.

1(6) Information sharing




No Memorandum of Understanding with Securities Inspectorate.

2. Permissible activities



3. Scope of licensing



4. Ownership



5. Investment criteria



6. Capital adequacy



7. Loan & investment policy



8. Asset quality




Decree on loan classification and loan loss provisioning to be issued by end-March 2000.

9. Large exposures



10. Connected lending



Definition of connected parties should be extended to managers of shareholders and to companies in which managers hold a qualifying interest.

11. Country risk




Capital adequacy regulations to cover these risks to be issued by end-2000.

12. Market risk



BoE should seek external support, when assessing risk models.

13. Other risks




Need explanations on operational risk. Banks should establish information-sharing system on frauds.

14. Internal controls



15. Money laundering




No provision in Money Laundering Prevention Act for information sharing with other agencies.

16. On-site/off-site supervision



17. Bank management



Managers of credit institutions should inform BSD of any material changes in their organization.

18. Off-site supervision




Reporting rules for loan classification await decree by BoE on the subject.

19. Validation of information



On-site supervisors should have unlimited access to the management and staff of the supervised banks.

20. Consolidated supervision




BoE should have authority to review activities of parent companies and their affiliates.

21. Accounting



22. Corrective action



23. Global consolidation




BoE should have power to order closing of the overseas branches of Estonian banks.

24. Host country supervision




MOUs with other country regulators are in the final stages of execution.

25. Supervision of foreign establishments



Source: Mission's assessment.
1/ C: Compliant.
2/ LC: Largely compliant.
3/ MNC: Materially noncompliant.
4/ NC: Noncompliant.

Issues of highest priority

  • CP 1(5): The CI Act or any other law governing the supervision of credit institutions should be examined and amended to provide legal protection to the supervisory agency and its staff against lawsuits for action taken while discharging their duties in good faith, including the costs of defending their actions while discharging their duties.

  • CP 1(6): When feasible, conclude MOU with the Securities Inspectorate.

  • CP 1(6) and CP 24: Sign MOUs with Sweden and Lithuania on information sharing arrangements with home/host country supervisors as soon as feasible.

  • CP 8: Issue a decree concerning loan classification and loan loss provisioning.

Issues of medium-term priority

  • CP 10: Extend the definition of connected parties (e.g., to the managers of a shareholder) if the shareholder is a legal entity, or to companies in which managers hold a qualifying interest.

  • CP 11: Update the regulatory framework for monitoring and evaluating country and transfer risk in the exposure of credit institutions.

  • CP 13: Issue explanations on the management of operational risk, including internal audit, procedures to counter fraud, cross-checking ("four-eye principle"), sound business resumption plans, procedures covering major system modifications, and preparation for significant changes in the business environment.

  • CP 17: The managers of a credit institution should be required to inform the BSD of any substantive changes in their activities or of any materially adverse developments.

  • CP 19: The on-site inspectors must not only have the right to investigate all documents, but also unlimited access to the management and staff.

Issues to be addressed in the long term

  • CP 13: The BoE, together with the credit institutions, should establish a system of information sharing to counter fraud, with the credit institutions informing the BoE about any suspicious transaction that might have led to damage, and the BoE providing other credit institutions with information about these incidents while protecting anonymity.

Discussions with authorities

25. The findings of the CP assessment were discussed with the deputy governor in charge of banking supervision and other senior officials of the BSD. The BoE was in general agreement with the observations and a prioritized action plan was prepared. However, the BSD representatives thought their relationship with the Accounting Board was satisfactory, as was the system of informal coordination in the appointment of external auditors of banks.

1 The assessment was carried out in accordance with the methodology published by the Basel Committee in October 1999. This was the second CP Assessment (CPA). The earlier CPA was made by a Fund-led team in March 1998, and was the first CPA undertaken by the IMF.

2 The Basel Core Principles were issued in September 1997; a Core Principles Methodology was released in October 1999 by the Basel Committee on Banking Supervision. The Code of Good Practices on Transparency was adopted by the Interim Committee in September 1999; work on a supporting document is in progress. The IOSCO Objectives and Principles were issued in September 1998, and a detailed self-assessment methodology is being developed. A draft of the Core Principles for Systemically Important Payment Systems was issued for public comment in December 1999. The IAIS Insurance Supervisory Principles were issued in September 1997; a self-assessment program has been developed to assist member countries in evaluating compliance.


II. Insurance Supervision        Estonia ROSC