Arne Hoel, The World Bank

CAO Compliance Audit of IFC's Financial Sector Investments

CAO released its audit of IFC's financial sector investments on February 5, 2013. The key CAO findings are summarized below, and relevant documents, including the CAO Audit », IFC's Response », IFC's action plan and CAO's monitoring report(s) are available at the links below.


In 2011, the CAO VP initiated a compliance appraisal of IFC’s financial sector investments. CAO analysis had indicated that IFC’s less visible activities in the financial sector are a risk for IFC since their funding potentially causes environmental and/or social (E&S) harm. CAO identified 844 separate financial sector investments and reviewed their respective Board Papers. CAO then refined the sample and audited 188 investments related to 63 clients. IFC has constructively interacted and engaged during the audit, while respecting CAO’s independence and integrity.

  • IFC has processed the majority of its investments in the audit sample in compliance with the applicable environmental and social policy and procedural requirements. The additional IFC environmental and social staff resources allocated from 2008 have had a significant positive effect on the level and quality of client engagement and compliance. The procedures applied by IFC to its clients for screening subclients are aligned, and in compliance, with intentions stated in Board Papers and strategies focused on increasing financial penetration by investing in intermediaries.
  • However, IFC does not have a methodology for determining whether its principle requirement on clients — the implementation of an environmental and social management system—achieves the core objective of ‘doing no harm’ or improving environmental and social outcomes at the subclient level. This means that IFC has no quantitative or qualitative basis on which to assert that its financial intermediation investments achieve such outcomes, which are a crucial part of its strategy and central to IFC’s Sustainability Framework.
  • CAO further finds that IFC procedures are not designed to support the broader environmental and social outcomes that are commensurate with IFC’s prominent leadership role as a promoter of environmental and social responsibility. Achieving those broader objectives would require IFC to expand its approach. IFC would need to focus on facilitating a self-sustaining cultural change within its clients’ organizations. This approach would be more aligned to the aspirational objectives within IFC’s Sustainability Framework, as well as the expectations of stakeholders.

The CAO has made further observations and conclusions which it hopes will support IFC in addressing this central tenet of its analysis. These include: Providing more of a leadership role in the development of international standards and in supporting existing initiatives in reporting and disclosure; ensuring consistency with other Development Finance Institutions (DFIs); achieving clarity in terms of the E&S risks it is seeking to manage; and developing its analysis and approach to resource deployment.



  • The quality of E&S assessment has improved.
  • The allocation of E&S resources is not cost-based.


  • IFC’s focus on the SEMS does not necessarily achieve a broader management and cultural change process.
  • IFC’s E&S requirements have not been adapted for FM clients.
  • IFC’s approach to E&S Requirements has precluded a structured approach to assessing two key elements of a successful E&S program: Client capacity and commitment.
  • Standardized implementation requirements do not accommodate different levels of E&S development.


  • IFC’s E&S processes and results do not fully correspond to IFC’s corporate message.
  • IFC applies two different concepts of E&S risk: Do No Harm and Credit Risk.
  • IFC has three different types of E&S objectives.


  • Despite interaction between IFC and other DFIs, differing standards are a burden for clients.
  • IFC has further opportunities to encourage the adoption of a shared vision and industry standards.


IFC provided CAO with its Action Plan in response to the CAO audit in September 2013. While IFC's Action Plan will inform CAO's monitoring of the audit, CAO will monitor to its audit findings and not exclusively to IFC's Action Plan. 


CAO released its first and second compliance monitoring report in relation to the FI Audit in October 2014 and October 2015. These reports considered actions taken by IFC in response to the findings of the audit.


On March 8, 2017, CAO released its third compliance monitoring report in relation to the FI Audit. In preparing this report, CAO reviewed a sample of active FI investments committed under the 2012 Sustainability Framework in order to provide an enhanced measure of the effectiveness of IFC’s response to the FI Audit.

This monitoring report confirms that the quality and intensity of IFC’s review and supervision of FI investments have improved since the release of CAO’s FI Audit. However, it also flags ongoing concerns that IFC does not, in general, have a basis to assess FI clients’ compliance with its E&S requirements. This is of particular concern in relation to FI clients that are supporting projects with high E&S risks, and where IFC does not have assurance that the development of a client’s E&S Management System (ESMS) is leading to implementation of IFC’s Performance Standards at the sub-project level.

At the same time, CAO notes a number of good practice examples and tools which could be built upon and expanded. Well implemented, these tools provide IFC with a better understanding of its FI clients’ ESMS and ESMS implementation capacity. They also provide a framework for developing tailored mitigation measures to support compliance.

While CAO’s review has documented gaps in IFC’s approach to ensuring that people affected by the business activities of its FI clients have ready access to external communications and grievance mechanisms, CAO welcomes IFC’s recent commitment to promoting sub-project disclosure among its FI clients. Clarifying the content of this commitment and establishing benchmarks for improved disclosure will be important next steps in this respect.



CAO’s mandate requires monitoring until actions taken by IFC assure CAO that IFC is addressing its compliance findings. In relation to the FI Audit, CAO acknowledges steps IFC has taken to improve its approach to E&S risk management, while, at the same time, concluding that the measures taken and proposed by IFC do not provide assurance of compliance. Accordingly, CAO will keep this monitoring process open. Due to the nature of the issues, and the systemic changes that are required to address the findings, CAO expects to carry out its next FI monitoring exercise in 2019.