Regulatory-Risk

You are here: Home / Archives for Risk management

Positioning technology with risk management and compliance

Filed Under: Compliance, Risk management

On the one hand the fast evolving field of technology and on the other, risk management and compliance. How these functions are brought together and managed can create strategic advantages.

The evolution of banking

Looking back at banking in the 1980’s, banks were focused mostly on taking deposits and making loans provided through a branch network emphasising face to face contact with customers. These customers were not sophisticated and trusted their bankers to act in their best interest.

With the dramatic advancement in technology though the 1990’s and beyond, customers have become increasingly sophisticated and now demand an ever-increasing variety of products from their bank.

In response to this demand, traditional banking services have evolved to include diverse offerings such as stock trading, mutual funds, credit cards, mortgages, investment advice, financial news, payment services and even the ability to buy your cellphone airtime or Lotto tickets online from some banks.

These changes that have been brought about by new products, more sophisticated customers, changing cost structures, and enhanced competitive pressures that have all joined to transform the structure and risk profile of the banking industry.

The recent financial market crisis resulted in the global economic meltdown of 2008-2009. Following the crisis, banks have been thrust into an ever-intensifying regulatory environment and face a whole host of new compliance requirements pertaining to risk management.

A seemingly endless string of new regulatory guidelines means the compliance baselines a bank must meet are now a moving target and this places the risk management profession under much scrutiny.

Risk management and compliance

The challenge faced by risk management and compliance is to keep pace with the evolutionary change in the nature of banking business.  One way to meet this is to leverage upon the strengths inherent in technology, such as its ability to adapt to changing circumstances.

Changes that are introduced by new regulations can create opportunity if a bank is able to adapt to them quickly enough and implement risk management and compliance controls to strategically manage these changes ahead of its competitors.

Technology if used wisely can help banks to meet compliance requirements with beneficial side effects such as improved efficiencies. However, with so many of the new regulations still lacking clarity and due to cross jurisdictional differences in the implementation of new requirements and standards, many banks have been cautious about investing in group-wide systems intended to ensure compliance.

Not withstanding these challenges, banks must take account of an increasingly important requirement for achieving effective risk management and compliance, which is real-time data monitoring and retention.

Systems and technology acquired or adapted by banks to meet the new challenges in risk management and compliance introduced by a host of revised regulatory requirements, must take account of this. Real-time data monitoring and retention will become key to successfully meeting the new and varied risk management and compliance standards. This is regardless of the extent of their implementation in different jurisdictions.

It has become sound risk management and compliance practise to have access to real-time data in a form that is relevant to the management of the bank and regulatory risks.

Taking cognisance of these changes and requirements for successful risk management and compliance, success can be distilled to a question of whether a bank can prove that they know X?  The factor X could be anything from a banks exposure to counterparty risk, liquidity risk, a capital adequacy ratio or whatever risk factor it might be.  A bank will be required to validate and substantiate the results of its risk management and compliance monitoring.  Metaphorically, the proof of the pudding will be in the tasting.

Therefore, to achieve effective risk management and compliance standards in a bank, exposures must be measured in real-time and the information provided usable and relevant to risk management and compliance.

Technology is suitably positioned to play a critical role in achieving high risk management compliance standards.

Governance, Risk Management and Compliance

Filed Under: Compliance, Risk management

What is the difference between GovernanceRisk Management, and Compliance?

They have become an accepted terms that describe similar related actions and procedures by an organisation.

The three terms are closely related, and are increasingly integrated and aligned by business wherever it is practically possible so as to avoid conflicts, wastefulness and gaps.

Organisations typically interpret the three terms differently. Differences in interpretation also occur across divergent international jurisdictions.

Generally, the terms typically relate to activities such as corporate governance, enterprise risk management and corporate compliance with applicable laws and regulations.

The application of good governance, effective risk management and compliance with laws and regulations are contributing toward a new way in which businesses are adopting an integrated approach to management.

To illustrate the difference between governance, risk management and compliance the terms have been broken down into their core purposes.

Governance

  1. The overall management approach through which senior executives ethically direct and control an organisation.
  2. Integrates management information reporting with management control structures.
  3. Governance ensures that important information reaches the proper organisational level and it is complete, correct and timely thus allowing for management decision-making.
  4. Instills control mechanisms to make sure that strategies, directions and instructions from management are carried out systematically and effectively.

Risk management

  1. Processes through which management identifies, analyses and where necessary responds to risks that may derail the organisation’s business goals.
  2. Response to risks depends on their perceived gravity and involves controlling, avoiding, accepting or transferring the risk to a third-party.
  3. Organisations manage their exposure to a range of risks (e.g. technology risk, financial risk, information security risk etc.).
  4. Currently it is arguable that legal and regulatory compliance risks are the most important for organisations.

Compliance

  1. Conforming to stated requirements.
  2. Compliance is achieved through processes that identify certain requirements in laws, regulations, contracts, strategies and policies.
  3. Assessments determine the extent of compliance and take account of the potential costs of non-compliance verses the projected cost incurred to achieve compliance.
  4. Prioritize, fund and start any corrective actions deemed necessary.

Governance, risk management and compliance are not recent inventions but in the United States the promulgation of the Sarbanes-Oxley Act was the catalyst for interest. Listed companies became obligated to comply with the provisions of this Act once it was introduced and to design and carry out suitable governance controls to comply.

Governance, risk management and compliance have however since shifted significantly towards adding business value by improving operational decision-making and strategic planning.

What is liquidity risk management?

Filed Under: Liquidity Risk, Risk management

At the onset of the financial market crisis in 2007, many banks had adequate capital levels but they still ended up experiencing serious difficulties when it came to liquidity risk management.   They had failed to sufficiently accounted for their exposure to liquidity risk.

Before the crisis, funding was readily available and cheap.  This created the impression that markets were safe and that liquidity for funding purposes would always be plentiful and available.

However, the uncertainty that the financial market crisis had created rapidly caused cheap funding that had been used by banks to manage their liquidity risk to evaporate as lending rates repriced.  Eventually nobody would lend and the loans that were made in the good times of abundant liquidity were no longer rolled-over, they had to be repaid. 

Consequently, banks came under severe stress.  This resulted in regulators providing support by introducing additional liquidity to money markets and eventually also to individual institutions as they also came under stress.

It’s not surprising that under these conditions the question of what is liquidity risk management? and how should it be managed? was increasingly asked as regulators honed in on this particular risk.

What is liquidity risk management?

Liquidity risk management is a key banking function and an integral part of the asset and liability management process.

The fundamental role of banks is the maturity transformation of short-term deposits (liabilities) into long-term loans (assets) and this makes banks inherently vulnerable to liquidity risk.  The transformation process creates asset and liability maturity mismatches on a banks balance sheet that must be actively managed with available liquidity.  This is the process known as liquidity risk management.

The availability of liquidity either internally or externally is thus paramount in the management of these maturity mismatches.  The effective management of liquidity allows a bank to fund increases in its assets (loans and investments) and to meet obligations as they come due (withdrawal of deposits).

A failure in liquidity risk management may result in a bank becoming unable to meet its obligations.  This scenario if played out, could easily cause a bank to fail.

A bank can continue to meet its uncertain cash flow obligations and stay healthy by managing liquidity risk prudently.

How should liquidity risk be managed?

A banks liquidity risk management policies should be set down clearly and communicated to key decision makers in the bank.

The risk management process should make up the following broad minimum requirements.

  • The risk must be managed within a defined risk management framework (decision-making)
  • A clear liquidity risk management and funding strategy must be agreed at an executive and non-executive board level
  • Operating limits to liquidity risk exposures must be set and adhered to
  • Procedures for liquidity planning under alternative scenarios must be agreed, including crisis situations

Some common failures have been identified in banks liquidity risk management processes, which have contributed to serious sustainability issues.

  • A weak liquidity risk management framework that did not account for the risks posed by products and business lines
  • Business incentives that were misaligned with the risk tolerance level of the bank
  • Misjudging unexpected contingent obligations and the liquidity that would be required by the bank to meet these obligations
  • The belief that prolonged liquidity disruptions as experienced during the financial market crisis, were improbable
  • Stress tests that failed to account for possible market wide global strain or the severity and duration of disruptions

Some regulatory wisdom

In September 2008, the Basel Committee on Banking Supervision revised their document “Principles for Sound Liquidity Risk Management and Supervision”, by providing more guidance on the following.

  • Liquidity risk tolerance
  • Maintaining adequate levels of liquidity
  • Allocating liquidity costs, benefits and risks to business
  • Identification and measurement of contingent liquidity risks
  • Design and use of severe stress test scenarios
  • A contingency funding plan
  • Intraday liquidity risk and collateral
  • Public disclosure in promoting market discipline

The published document is arranged around seventeen principles that set out guidance to bank regulators on best practice liquidity risk management in banks.  Because of the importance of managing liquidity risks in banks, the principles proposed are valuable and may be found useful regardless of what financial market sector your business is in.

This document can be viewed or downloaded here: Liquidity risk

Systemic risk in financial markets

Filed Under: Regulation, Risk management

Introduction

The International Monetary Fund (“IMF”) has summarised the causes of the global financial crisis in three dimensions:

  1. Flaws in financial “regulation” and “supervision”.
  2. Failure of monetary “policy” to address the build-up of systemic risk.
  3. Weak global “financial architecture”.

Set out below is an analysis of these dimensions and a review of systemic risk, including what steps Regulators can take to mitigate the effect of systemic risk.

1.  Flaws in financial regulation and supervision

What has become known as the “shadow banking system” became larger as it was wedged in among lightly regulated financial services businesses such as Investment Banks and Mortgage Originators. At the time traditional financial services businesses were lightly regulated by a disjointed assortment of regulators. The process of deregulating financial markets had begun in ernest during the 1980’s and steadfastly increased in pace as prosperity and the good times seemed to be here to stay.

By 2008, it was estimate that in the United States the shadow banking system was as large as USD 10.5 trillion. It was made up of USD 4 trillion in assets from large investment banks, USD 2.5 trillion in overnight repos, USD 2.2 trillion in structured investment vehicles, and another USD 1.8 trillion in hedge fund assets. This should be compared with the USD 10 trillion in assets held in the conventional United States banking system.

Regulators were focused on individual institutions, without regard for the impact on the wider financial system. There is therefore a realisation by supervisors today that a macro-prudential approach to the supervision of financial markets is necessary.

2.  Failure of monetary policy to address the build-up of systemic risk

The latest IMF analysis points to “macroeconomic policies, which did not take into account rising systemic risks and states that a key failure during the boom period was the inability to spot the big picture threat of a growing asset price bubble” (IMF, 2009b).

Clearly, the U.S. Federal Reserve underestimated the build-up of financial imbalances coming from housing price bubbles, high leverage of financial institutions, and interconnections between financial markets. In addition, Taylor (2009) argues that the Federal Reserve policies brought excessive liquidity and low interest rates to the U.S. and that the federal funds rate was kept too low for too long, fuelling the housing boom and other economic imbalances. The Federal Reserve may well have assumed that, even if the asset price boom collapsed, the impacts on the financial system and the economy could be mitigated by lower interest rates.

In theory, tighter prudential regulation could have been mobilised to contain systemic risk; but in practice, before the authorities realised, huge systemic risks had accumulated below the regulators’ radar in the shadow banking system.

Given the failure of prudential supervisory action to prevent a build-up of systemic risk, the central bank — as a macro-supervisor — should have reacted to credit booms, rising leverage, sharp asset price increases, and the build-up of systemic vulnerabilities by adopting tighter monetary policy.

3.  Weak global financial architecture

There were also deficiencies in the global financial architecture the official structure that facilitates global financial stability and the smooth flow of goods, services, and capital across countries. There are three issues.

First, global institutions like the IMF, the Bank for International Settlements, and the Financial Stability Forum failed to conduct effective macroeconomic and financial surveillance of systemically important economies. That is, they did not clearly identify the emerging systemic risk in the U.S., the U.K., and the euro area; send clear warnings to policymakers; or provide practical policy advice on concrete measures to reduce the systemic risk. Their analysis clearly underestimated the looming risk in the shadow banking system; interconnections across financial institutions, markets, and countries; and global macroeconomic-financial links.

There was considerable discussion of global payments imbalances during 2002–2007. The IMF in particular warned repeatedly, especially through the newly established multilateral consultation process, that global imbalances posed a serious risk to global financial stability. However, the global imbalance discussion may have diverted policymakers’ attention away from U.S. domestic financial imbalances, the risk of U.S. dollar collapse, and the need to revalue the Chinese currency.

The crisis has revealed the ineffectiveness of fragmented international arrangements for the regulation, supervision, and resolution of internationally active financial institutions. The problem became particularly acute when such institutions showed signs of failing. Although home-country authorities are mainly responsible for resolving insolvent institutions, host-country authorities were often quick to ring-fence assets in their jurisdictions because of the absence of clear international rules governing burden-sharing mechanisms for losses due to failure of financial firms with cross-border operations.

Addressing systemic risk

The purpose of macro and micro-prudential supervision is to preserve financial stability by identifying vulnerabilities in a financial system and calling for policy and regulatory actions to address those vulnerabilities in a timely and informed manner so as to prevent systemic risk and crisis.

What are micro and macro-prudential regulation?

  1. Micro-prudential supervision takes a bottom-up approach to analysis and preservation of systemic financial stability, focusing on the health and stability of individual institutions.
  2. Macro-prudential supervision takes a top-down approach to analysis of systemic risk with a focus on the economy-wide system in which financial institutions operate. This approach aids in the identification of risks and perverted incentives that could result in systemic instability. It requires the integration of detailed information on banks, non-bank financial institutions, corporations, households, and markets.

Taking into account the different approached of micro and macro-prudential regulation, what actual steps can be taken by Regulators.

Competition regulation

  1. Limits on the “too big to fail” or “too interconnected to fail” problem
  2. Market conduct regulation
  3. Enhanced transparency and competition Macro-prudential measures
  4. Higher standards on capital requirements and risk management for systemically important firms
  5. Limits on financial firms’ leverage, such as setting maximum leverage ratios and/or credit growth
  6. Efforts to mitigate procyclicality with automatic countercyclical provisioning, such as a form of dynamic provisioning
  7. Limits on sectoral exposure

Households

  1. Loan-to-value (LTV) restrictions for mortgages
  2. Limits on consumer debt, such as debt-to-income ratios

Corporations

  1. Limits on leverage, such as limits on debt/equity ratios
  2. Limits on tax advantages, such as disallowing interest deductibility for leverage exceeding a certain level or foreign currency-denominated loans External
  3. Limits on external debt
  4. Limits on currency and maturity mismatches

Positioning technology, risk management and compliance

Filed Under: Risk management, Technology

Certain facets of business if brought together effectively and managed well, can create an environment of strategic advantage.

  1. The fast evolving field of technology, and
  2. Risk management and compliance.

The evolution of banking:

Looking back at banking in the 1980’s, banks were focused primarily on taking deposits and making loans that were delivered via a branch emphasising face to face contact with customers. These customers were relatively unsophisticated and trusted their bankers to act in their best interest.

With dramatic advancements in technology, banking customers became increasingly sophisticated, demanding an ever increasing variety of products.

In response, traditional banking services have evolved to include diverse offerings such as stock trading, mutual funds, credit cards, mortgages, investment advice, financial news, payment services and even the ability to purchase online your cellphone airtime or Lotto tickets.

These changes brought about by new products, more sophisticated customers, changing cost structures, and enhanced competitive pressures have all combined to transform the structure and risk profile of the banking industry.

The recent financial market crisis resulted in the global economic meltdown of 2008-2009. Following the crisis banks have been thrust into an ever-intensifying regulatory environment and face a whole host of new compliance requirements pertaining to risk management.

A seemingly endless string of new regulatory guidelines means the compliance baselines a bank must meet are a moving target.

Risk management and compliance:

The challenge faced by risk management and compliance is to keep pace with the evolutionary change in the nature of banking business. One way to achieve this is to leverage upon the strengths inherent in technology, such as adaptability.

Change introduced through new regulations creates opportunity if a bank can adapt quickly enough and implement controls to manage the requirements ahead of their competitors. Technology if used wisely can help banks to meet its compliance requirements with added side effects such as the introduction of greater efficiencies. However, with so many of the new regulations still lacking clarity and due to cross jurisdictional differences in the implementation of the new requirements, many banks have been cautious about investing in systems intended to ensure compliance.

Not withstanding these challenges, an increasingly important area for risk management and compliance is real-time data monitoring and retention. This will become key to meeting the new and varied compliance standards regardless of the extent of their implementation in different jurisdictions.

Risk management and compliance has therefore become a question of, ‘Can you demonstrate that you know X?’, whether X is your exposure to counterparty risk, liquidity risk, your capital adequacy ratio or whatever it might be. You have to measure your exposure in real-time, and technology is suitably positioned to play a crucial role in achieving high risk management compliance standards.