Risk-Based Supervision Does it Work?
By Ali Hassan
• Describe the Rationale and its relevance to securities regulators
• Identify the Pitfalls
• Discuss the Approach Adopted by the DFSA
• Share Experiences and Thoughts
Canada (Late 1990s)
• 1980s Failure of 2 banks
• 1990s numerous financial institutions fail bringing down a major life insurance company
• OSFI (Canadian Office of the Superintendent of Financial Institutions) had been established in 1980s but needed more integration (banking and insurance)
• Demand for interventionist approach; drive cultural change
• Also to optimise resource allocation and enhance effectiveness
Australia (Early 2000s)
• APRA (Australian Prudential Regulatory Authority)
formed in 1998 as an integrated Federal prudential
regulator (Banking and Insurance)
• March 2001 HIH Insurance collapse
• More intervention, higher risk focus, efficiency
United Kingdom (1990s)
• FSA (Financial Services Authority) formed in
1997
• Failures of BCCI and Barings, the collapse of
Equitable Life
• Address complexity in firms
• Encourage new cohesive culture
• Seek a systematic approach that could defend
the institutions from attack by politicians Ireland (2011)
• Systematic risk based supervision as best route to
protecting financial stability and consumers
IOSCO (2009)
• Report: Guidelines on continuous risk based
supervision of market intermediaries
• Response to Regulatory failure - systematic approach to ward off political interference and blame Regulatory failure
• IOSCO a move away from ‘rules-based’ to an approach reliant on judgement and discretion. Demanding a tougher supervisory culture – more challenge
Judgement
• Shift to a more proactive stance to intervene and prevent financial stability and investor protection issues crystallising
Shift to a more proactive stance
• Resources allocated to greatest effect with a focus on the higher risks – a demand for efficiency and effectiveness
Resources allocated to greatest effect
• IOSCO-complexity in firms and products demands a more sophisticated risk management approach by regulators with capacity to respond quickly to market developments
Complexity in firms
• Framework that provides a basis for analysis and action and facilitates valid comparisons across sectors and firms (supervisory response)
Cohesiveness & Consistency
• A capability to involve subject matter experts on components of a modular risk framework
Specialist expertise utilisation
• Misalignment with senior management/board strategy
• Process Centric – Another Form of ‘Tick Box’, with loss of outcomes
• Lose sight of Systemic/Macro Risks – e.g. supervision of banks in the UK
• Miss changes in risk profile
• Neglect firms identified as low risk
• Gaming – scores derived to support approach
• Resources ‘stubborn’ to alignment to risk
• Supervisors challenged and not supported
Safeguards In Implementing a Risk Based
Approach
Enterprise wide risk
management
Board articulation of risk appetite
Risk Inventory
Inputs into Business Planning
Supervision
Risk analysis tool aligned to
international standards
The right metrics to identify where
risks lie
Guidance for supervisors
Quality of supervisors
Monitoring risk using intelligent
systems
Quality Assurance
Supervisory risk committee
Internal audit of risk ratings
Continuous process improvement
Cata
str
op
hic
5
Insig
nific
an
t M
ino
r M
od
era
te
Ma
jor
4
3
2
1
Rare Unlikely Possible Likely Almost Certain
5 4 3 2 1
16.
4.
5.
8. 2. 9.
14. 7. 3.
23.
12.
21. 17.
6.
11.
20.
18.
15.
13.
1.
10.
22.
19.
PR
OB
AB
ILIT
Y
IMPACT
(1)
(2)
(3)
(4)
Comfortable if this occurs
Some concerns
Concerned
Significant concerns
Extremely concerned (5)
Risk Appetite Key
Board Risk Appetite –
Creating a risk map for
regulatory action
Risk Scenario (18) Related Risk Appetite
Brokerage firm branch (5) Extremely concerned
A brokerage firm, which is a branch of a UK
FSA regulated entity, is rated as low risk by
the DFSA and so is subject to lower
supervisory scrutiny with risk assessment
cycles out to 5 years.
During the period between risk assessments it
transpires that a representative of the firm had
been conducting unauthorised trades for client
accounts. 5 clients have lost US $100,000 in
aggregate.
(4) Significant concerns
(3) Concerned
(2) Some concerns
(1) Comfortable if this occurs
• Solicit wider views from senior regulators across the
organisation
• Articulate a risk and allocate it to one of 4 categories
(Regulatory, Operational, External, and People) setting
out nature, cause and effect
• Whole group votes on all risks submitted scoring an
impact and probability with a 1-5 range
• Produce a top 20 of risks by ranking and ratification by
the Board Risk Committee
• Agree mitigating actions and incorporate into the
business planning process
Enterprise wide risk approach
Align Regulatory Risks with Strategic Planning
Business Planning
Board Risk Appetite
‘Bottom-up’ Risk
Inventory
Impact Metrics – Which firms are more risky?
• Significant Political Sensitivity (Controller, Clients, Connected Persons)
• Annual Revenue
• Total Capital in DIFC
• Number of DIFC Employees
• Entity Holds Client Monies
• Risk Profile of Clients
• Nature of Financial Services
• Contagion Potential
1 2 3 4 5
Ownership
diversified (e.g.
through a public
listing).
Linked to low risk
jurisdictions
Clients
may not include any
PEPs and may all be
based in low risk
jurisdictions.
Ownership
mostly diversified
links to medium to
low risk jurisdictions.
Clients
may include a low
number of PEPs
majority based in
medium to low risk
jurisdictions.
Ownership
linkages to third
country (outside the
GCC) national
governments,
high profile political or
commercial figures
links to medium to low
risk jurisdictions.
Clients
may include a low
number of PEPs
majority based in
medium to low risk
jurisdictions
dependency on key
individual for revenue
revenues volatile or
lower than forecast.
Ownership
direct linkages to
GCC Government,
GCC Government
Related Entities
high profile GCC
political, commercial
or Royal figures.
links to high to
medium risk
jurisdictions.
Clients
significant number of
PEPs (compared to
overall client
numbers)
high number based in
medium to high risk
jurisdictions.
Ownership
direct linkages to
UAE Government,
Dubai Government
Related Entities
(including DFSA and
DIFC)
high profile UAE
political, commercial
or Royal figures
links to higher risk
jurisdictions
Clients
high number of PEPs
(compared to overall
client numbers),
high number based in
high risk jurisdictions.
Corporate
Governance
Business
Strategy/Models
Finance &
Operational
Risks &
Soundness
Conduct of
Business
Anti Money
Laundering
1
Overall the firm’s
approach does not give
rise to concerns
2
Minor concerns
improvements required
3
Moderate concerns
4
Significant failings
5
Very significant failings
Business Strategy
Business Strategy is
clear, well planned and
well established.
sector it operates in is not
showing any particular
signs of stress.
the firm enjoys strong
position in the market
clients, products and
services are diversified
Business Strategy
Straight forward, well
established and
succeeding
plans to expand activities
which may include new
areas for the firm
Business Strategy
transaction spread across
jurisdictions which may
provide challenge to
effective supervision
rapid expansion or
aggressive growth
forecasts
growth/expansion not
matched with additional
resources for controls.
Business Strategy
strategy has not gained
traction
strategy is under severe
strain due to market
conditions
the Board and senior
management may not be
sufficiently engaged
material aspects test the
boundaries of the DFSA
regime or Federal Law
boundaries
Business Strategy
extended period of losses
with imminent risk of
financial failure
significant and abrupt
movement in strategic
direction with no planning
or rationale
focus on extremely high
risk
clients/products/services
Opportunity to update to flex with regulatory developments
Supervisory Guidelines to Assist Supervisors
Cover all 31 Risk Elements Considered in the Risk Matrix, the main supervisory tool for risk assessment
Captures Subject Matter Expertise in each area
Allows linkage to reference material and alignment with standard setting principles
Grade Number of staff Avg. years of regulatory
experience
EXCO 7 16.34
Directors 8 15.16
Associate Directors 7 13.84
Senior Managers 28 11.64
Managers 19 4.20
Total/ overall average 69 10.59
• Right Underlying Data; both financial and non-financial data from firms critical input in generating intelligence on changes in conduct and prudential risks
Data Capture
• Generation of flags and indicators that can help focus on potential material variations in a firm’s risk profile Data Analysis
• Set parameters to filter initial outputs and further refine the identification of firms for potential proactive supervisory action
Supervisory Judgement
• Set parameters to detect changing risk profiles
Management Information
1 1 1 2
1
3 2
3
8
10
29
12
37
19
47
22
29
4
8
11
6
35
1 1
0
5
10
15
20
25
30
35
40
45
50
34 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6
High Risk Medium Risk Low Risk
Total Number of Firms = 293
High Risk Firms = 11
Medium Risk Firm = 165
Low Risk Firms = 117
Av. Risk Score = 15
Av. Risk Score without Rep Offices = 16
0
100
200
300
8 13 18 23 28 33 38
Av.
SU
P H
ou
rs
Average Modified Risk Score
RO
PIB4
PIB3
PIN
PIB5
PIB1
PIB2
Bubble size: No. of Firms
Low Med High
CRA
Risk Based Supervision Does Work
• Offers a structured method for identifying, assessing and managing risk
• Allows scrutiny, consistency, and comparability and specific alignment of business strategies to higher risks
• Has survived the global financial crisis of 2008
But…
• Constant vigilance for ‘tick box’ supervisory behaviours?
• Regular re-setting of regulatory compass: focus on regulatory outcomes – are we focusing on the right risks?
• Experience of supervisors and support they are given
• Analysis of data critical element in identifying higher risks
Thoughts
Experiences
Questions
Thank You