Risk-Based Supervision Does it Work?

By Ali Hassan

• Describe the Rationale and its relevance to securities regulators

• Identify the Pitfalls

• Discuss the Approach Adopted by the DFSA

• Share Experiences and Thoughts

Canada (Late 1990s)

• 1980s Failure of 2 banks

• 1990s numerous financial institutions fail bringing down a major life insurance company

• OSFI (Canadian Office of the Superintendent of Financial Institutions) had been established in 1980s but needed more integration (banking and insurance)

• Demand for interventionist approach; drive cultural change

• Also to optimise resource allocation and enhance effectiveness

Australia (Early 2000s)

• APRA (Australian Prudential Regulatory Authority)

formed in 1998 as an integrated Federal prudential

regulator (Banking and Insurance)

• March 2001 HIH Insurance collapse

• More intervention, higher risk focus, efficiency

United Kingdom (1990s)

• FSA (Financial Services Authority) formed in

1997

• Failures of BCCI and Barings, the collapse of

Equitable Life

• Address complexity in firms

• Encourage new cohesive culture

• Seek a systematic approach that could defend

the institutions from attack by politicians Ireland (2011)

• Systematic risk based supervision as best route to

protecting financial stability and consumers

IOSCO (2009)

• Report: Guidelines on continuous risk based

supervision of market intermediaries

• Response to Regulatory failure - systematic approach to ward off political interference and blame Regulatory failure

• IOSCO a move away from ‘rules-based’ to an approach reliant on judgement and discretion. Demanding a tougher supervisory culture – more challenge

Judgement

• Shift to a more proactive stance to intervene and prevent financial stability and investor protection issues crystallising

Shift to a more proactive stance

• Resources allocated to greatest effect with a focus on the higher risks – a demand for efficiency and effectiveness

Resources allocated to greatest effect

• IOSCO-complexity in firms and products demands a more sophisticated risk management approach by regulators with capacity to respond quickly to market developments

Complexity in firms

• Framework that provides a basis for analysis and action and facilitates valid comparisons across sectors and firms (supervisory response)

Cohesiveness & Consistency

• A capability to involve subject matter experts on components of a modular risk framework

Specialist expertise utilisation

• Misalignment with senior management/board strategy

• Process Centric – Another Form of ‘Tick Box’, with loss of outcomes

• Lose sight of Systemic/Macro Risks – e.g. supervision of banks in the UK

• Miss changes in risk profile

• Neglect firms identified as low risk

• Gaming – scores derived to support approach

• Resources ‘stubborn’ to alignment to risk

• Supervisors challenged and not supported

Safeguards In Implementing a Risk Based

Approach

Enterprise wide risk

management

Board articulation of risk appetite

Risk Inventory

Inputs into Business Planning

Supervision

Risk analysis tool aligned to

international standards

The right metrics to identify where

risks lie

Guidance for supervisors

Quality of supervisors

Monitoring risk using intelligent

systems

Quality Assurance

Supervisory risk committee

Internal audit of risk ratings

Continuous process improvement

Cata

str

op

hic

5

Insig

nific

an

t M

ino

r M

od

era

te

Ma

jor

4

3

2

1

Rare Unlikely Possible Likely Almost Certain

5 4 3 2 1

16.

4.

5.

8. 2. 9.

14. 7. 3.

23.

12.

21. 17.

6.

11.

20.

18.

15.

13.

1.

10.

22.

19.

PR

OB

AB

ILIT

Y

IMPACT

(1)

(2)

(3)

(4)

Comfortable if this occurs

Some concerns

Concerned

Significant concerns

Extremely concerned (5)

Risk Appetite Key

Board Risk Appetite –

Creating a risk map for

regulatory action

Risk Scenario (18) Related Risk Appetite

Brokerage firm branch (5) Extremely concerned

A brokerage firm, which is a branch of a UK

FSA regulated entity, is rated as low risk by

the DFSA and so is subject to lower

supervisory scrutiny with risk assessment

cycles out to 5 years.

During the period between risk assessments it

transpires that a representative of the firm had

been conducting unauthorised trades for client

accounts. 5 clients have lost US $100,000 in

aggregate.

(4) Significant concerns

(3) Concerned

(2) Some concerns

(1) Comfortable if this occurs

• Solicit wider views from senior regulators across the

organisation

• Articulate a risk and allocate it to one of 4 categories

(Regulatory, Operational, External, and People) setting

out nature, cause and effect

• Whole group votes on all risks submitted scoring an

impact and probability with a 1-5 range

• Produce a top 20 of risks by ranking and ratification by

the Board Risk Committee

• Agree mitigating actions and incorporate into the

business planning process

Enterprise wide risk approach

Align Regulatory Risks with Strategic Planning

Business Planning

Board Risk Appetite

‘Bottom-up’ Risk

Inventory

Impact Metrics – Which firms are more risky?

• Significant Political Sensitivity (Controller, Clients, Connected Persons)

• Annual Revenue

• Total Capital in DIFC

• Number of DIFC Employees

• Entity Holds Client Monies

• Risk Profile of Clients

• Nature of Financial Services

• Contagion Potential

1 2 3 4 5

Ownership

diversified (e.g.

through a public

listing).

Linked to low risk

jurisdictions

Clients

may not include any

PEPs and may all be

based in low risk

jurisdictions.

Ownership

mostly diversified

links to medium to

low risk jurisdictions.

Clients

may include a low

number of PEPs

majority based in

medium to low risk

jurisdictions.

Ownership

linkages to third

country (outside the

GCC) national

governments,

high profile political or

commercial figures

links to medium to low

risk jurisdictions.

Clients

may include a low

number of PEPs

majority based in

medium to low risk

jurisdictions

dependency on key

individual for revenue

revenues volatile or

lower than forecast.

Ownership

direct linkages to

GCC Government,

GCC Government

Related Entities

high profile GCC

political, commercial

or Royal figures.

links to high to

medium risk

jurisdictions.

Clients

significant number of

PEPs (compared to

overall client

numbers)

high number based in

medium to high risk

jurisdictions.

Ownership

direct linkages to

UAE Government,

Dubai Government

Related Entities

(including DFSA and

DIFC)

high profile UAE

political, commercial

or Royal figures

links to higher risk

jurisdictions

Clients

high number of PEPs

(compared to overall

client numbers),

high number based in

high risk jurisdictions.

Corporate

Governance

Business

Strategy/Models

Finance &

Operational

Risks &

Soundness

Conduct of

Business

Anti Money

Laundering

1

Overall the firm’s

approach does not give

rise to concerns

2

Minor concerns

improvements required

3

Moderate concerns

4

Significant failings

5

Very significant failings

Business Strategy

Business Strategy is

clear, well planned and

well established.

sector it operates in is not

showing any particular

signs of stress.

the firm enjoys strong

position in the market

clients, products and

services are diversified

Business Strategy

Straight forward, well

established and

succeeding

plans to expand activities

which may include new

areas for the firm

Business Strategy

transaction spread across

jurisdictions which may

provide challenge to

effective supervision

rapid expansion or

aggressive growth

forecasts

growth/expansion not

matched with additional

resources for controls.

Business Strategy

strategy has not gained

traction

strategy is under severe

strain due to market

conditions

the Board and senior

management may not be

sufficiently engaged

material aspects test the

boundaries of the DFSA

regime or Federal Law

boundaries

Business Strategy

extended period of losses

with imminent risk of

financial failure

significant and abrupt

movement in strategic

direction with no planning

or rationale

focus on extremely high

risk

clients/products/services

Opportunity to update to flex with regulatory developments

Supervisory Guidelines to Assist Supervisors

Cover all 31 Risk Elements Considered in the Risk Matrix, the main supervisory tool for risk assessment

Captures Subject Matter Expertise in each area

Allows linkage to reference material and alignment with standard setting principles

Grade Number of staff Avg. years of regulatory

experience

EXCO 7 16.34

Directors 8 15.16

Associate Directors 7 13.84

Senior Managers 28 11.64

Managers 19 4.20

Total/ overall average 69 10.59

• Right Underlying Data; both financial and non-financial data from firms critical input in generating intelligence on changes in conduct and prudential risks

Data Capture

• Generation of flags and indicators that can help focus on potential material variations in a firm’s risk profile Data Analysis

• Set parameters to filter initial outputs and further refine the identification of firms for potential proactive supervisory action

Supervisory Judgement

• Set parameters to detect changing risk profiles

Management Information

1 1 1 2

1

3 2

3

8

10

29

12

37

19

47

22

29

4

8

11

6

35

1 1

0

5

10

15

20

25

30

35

40

45

50

34 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6

High Risk Medium Risk Low Risk

Total Number of Firms = 293

High Risk Firms = 11

Medium Risk Firm = 165

Low Risk Firms = 117

Av. Risk Score = 15

Av. Risk Score without Rep Offices = 16

0

100

200

300

8 13 18 23 28 33 38

Av.

SU

P H

ou

rs

Average Modified Risk Score

RO

PIB4

PIB3

PIN

PIB5

PIB1

PIB2

Bubble size: No. of Firms

Low Med High

CRA

Risk Based Supervision Does Work

• Offers a structured method for identifying, assessing and managing risk

• Allows scrutiny, consistency, and comparability and specific alignment of business strategies to higher risks

• Has survived the global financial crisis of 2008

But…

• Constant vigilance for ‘tick box’ supervisory behaviours?

• Regular re-setting of regulatory compass: focus on regulatory outcomes – are we focusing on the right risks?

• Experience of supervisors and support they are given

• Analysis of data critical element in identifying higher risks

Thoughts

Experiences

Questions

Thank You