must be analyzed and must inform management decisions at all levels in the central bank. Risk factors for a central bank as a whole require the attention of the board of governors and the appropriate levels of management, including a Chief Risk Officer CRO or risk management committee RMC or equivalent. A safeguards assessment should determine whether the CRORMC operates with clear and independent lines of reporting to the board, and that it focuses on high priority items: critical success factors and risk performance indicators in the context of the bank’s established mission, strategic goals, and operational objectives. 20 20. The safeguards assessment methodology should consider whether a central bank establishes a benchmark and framework for assessing risk, and whether the risk management system operates effectively. The panel heard during its interviews with central banks that any risk management assessment will need to be based on a reasonable framework or benchmark, and the panel agrees. Risk management could follow international guidelines, such as ISO 31000, which “provides principles and generic guidelines on risk management,… can be applied throughout the life of an organization, and to a wide range of activities,… [and is intended to] be utilized to harmonize risk management processes in existing and future standards.” 21 Risk management could use a framework such as that developed by the Committee of European Banking Supervisors CEBS or the Committee of Sponsoring Organizations COSO. CEBS has established a set of high-level principles for risk management that include: i governance and risk culture, ii risk appetite and risk tolerance, iii the role of the Chief Risk Officer and risk management function, and iv risk models and integration of risk management areas and a new product approval policy and process. 22 COSO identifies the components of risk management as: i internal environment, ii objective setting, iii event identification, iv risk assessment, v risk response, vi control activities, vii information and communication, and viii monitoring. The safeguards assessment would judge the effectiveness of risk management based on whether all components of risk management are present and functioning effectively. 23

C. Transparency in the Safeguards Program

21. The panel believes that, with the established credibility of the safeguards program, it is time to begin a gradual move toward increased transparency in the 20 “High Levels of Risk Management,” Committee of European Banking Supervisors, 2010, provides guidelines for establishing a risk management function. 21 “Abstract.” ISO 31000: 2009. International Organization for Standardization, 2009. 22 High Level Principles of Risk Management.CEBS, 2010. 23 Enterprise Risk Management – Integrated Framework. COSO, 2004. safeguards program over the next decade. Confidentiality in safeguards reports during the first decade of the policy has served the Fund and its members well. Confidentiality has helped to build members’ trust in the policy and has provided the context for staff to develop detailed, objective, and candid safeguards reports. However, transparency in governments and the public sector has proven useful and beneficial. Transparency is expected more now than it was ten years ago, and the justification for it is solid: to encourage good governance and accountability in central banks, a goal that is in line with the mission of Transparency International, which is “to create change towards a world free of corruption.” 24 22. The panel is aware that obtaining support for transparency will prove to be a challenge. Some central banks are not ready for it, and some staff members believe it will strain relations between the Fund and its member countries. However, there is precedence for greater transparency in other Fund and World Bank papers: country reports, portions of reports created under the Financial Sector Assessment Program FSAP, Reports on the Observance of Standards and Codes ROSC, and Public Expenditure and Financial Accountability PEFA reports are currently published. The safeguards policy should work toward a similar level of publication of safeguards information. The panel understands that transparency tends to be an evolutionary process and recognizes that initially some safeguards information may be made transparent in a summary form in a manner consistent with the goals of the IMF Code of Good Practices on Fiscal Transparency and the IMF Code of Good Practices on Transparency in Monetary and Financial Policies. Then, over time, greater amounts of information in greater detail can be made transparent. 23. To accomplish what is expected to be a reasoned and gradual move toward transparency, specific recommendations include:  That as a first step, the safeguards assessment report format include a bulleted list at the beginning that identifies the top few safeguards-related risk factors for lending, and that the bulleted list be published in the country staff report. During safeguards monitoring, any updates to the list of risk factors would similarly be published in the program review staff reports. Such information would better inform the Executive Board when making lending decisions, and would better inform the public, as country reports are circulated to the Board and are typically published.  That periodically, but no less than every other year, the Fund publish safeguards findings in aggregate, anonymous form that reveal issues, not central banks, and indicate corrective actions taken. Such information could serve as an educational tool for all central banks and other interested parties, such as external auditors and donors. It would complement the safeguards seminars as a forum for the exchange of 24 “What Is Transparency International?” http:www.transparency.orgabout_us 22 June 2010. lessons learned and promote the understanding of the safeguards policy and its value to a broader audience. The aggregate reports should indicate the effectiveness of governance practices and risk mitigation methods in exemplary countries.  That central banks be encouraged to voluntarily publish their own safeguards action plans and accomplishments. This practice would help them strengthen credibility with their constituency and could foster a “race to the top” by banks. By contrast, maintaining confidentiality enables the poorest performers implicitly to set the standard.

D. Transparency in Financial Reporting