Lombard Risk "Addressing regulatory risk"
-
Upload
lombard-risk -
Category
Documents
-
view
217 -
download
0
Transcript of Lombard Risk "Addressing regulatory risk"
-
7/30/2019 Lombard Risk "Addressing regulatory risk"
1/4
Event summary
www.lombardrisk.com Managing collateralised trading | Enabling regulatory compliance
Lombard Risk business and regulatory
experts summarise: Assessing
regulatory risk webinar -
5th
December 2012
Introduction
On 5th
December 2012 Lombard Risk held the 7th
in the
regulatory compliance series of webinars.
Speakers
The event commenced with Welcome and introduction
from Rebecca Bond, Group Marketing Director.
The key presentation, explaining
regulatory risk issues, was given by:
David Wilford
Director Compliance Products
Lombard Risk
The webinar focused on the BANKING
sector, having attracted the most publicity and not in a
good way, although the issues addressed apply equally to
insurance companies, asset managers anyone in the
financial sector or companies subject to considerable
regulatory demands and supervision.
Regulatory risk
Given the enormous task faced by compliance functions in
ensuring compliance in an ever-changing and demanding
regulatory environment, regulatory risk is the biggest
challenge firms now face. Defined as the risk to earnings,
capital and reputation associated with a failure to comply with
regulatory requirements and expectations.
The financial sector is subject to a plethora of regulations
governing every aspect of an institutions business.
Current challenges
Even smaller institutions are now subject to thousands of
regulations, and not surprisingly many are now having difficulty
in even keeping track of new and amended regulations, never
mind ensuring adequate compliance.
In a recent Thomson Reuters survey, when 500 compliance
professionals were surveyed, the results indicated that the
deluge of new rules, regulations and enhanced vigour of
regulators, coupled with a lack of additional internal resources
and headcount, has pushed compliance departments to the
breaking point.
The situation is set to deteriorate further, from a compliance
perspective, as the regulatory landscape is now undergoing a
radical change in response to political and regulatory pressures
and demands designed to restore economic and financial
stability, both here and abroad.
Clearly a major challenge is the need to increase both capital
and liquidity to levels deemed by the regulators to be sufficient
to weather another financial crisis no easy task given the
increasing scarcity of high-quality capital in a deteriorating
economic climate, particularly in Europe.
For firms deemed too-big-to-fail, these challenges are further
complicated by demands to restructure or even ring-fence their
retail and investment activities whilst remaining compliant with
all applicable regulations.
Firms also facing the challenge of both restoring and promoting
the sectors reputation and integrity, is helped in no small way
by the regulators who are demanding propriety, transparency,
better risk management and perhaps most important of all,
accountable governance.
And there is more to come:
IN CONCLUSION regulatory pressure is already severe but
unfortunately is destined to get much worse, which means that
many compliance functions are facing an extremely serioussituation, especially given the lack of investment in appropriate
resources. In fact, they themselves may become a risk to the
institution.
-
7/30/2019 Lombard Risk "Addressing regulatory risk"
2/4
Event summary
www.lombardrisk.com Managing collateralised trading | Enabling regulatory compliance
Whats wrong with the current approach?
Compliance has moved from a tick-box
approach to being montiored and measured on
a RISK basis
As a result, firms focus on high-risk areas (where
non-compliance most impacts the bottom line)
and low-risk areas were moved off-the-radar
Compliance with new regulations embedded
within implementation
Reliance placed upon the majority of simple
business operations being inherently compliant
The result is that, even today, reliance is placed upon the
majority of simple business operations being inherently
compliant with applicable regulations and therefore off-the-
radar as far as a detailed examination - to determine the
state of compliance - is concerned.
All of the above processes were no doubt deemed simple and
straightforward and as a consequence, only warranted the
occasional cursory review, yet the financial and reputational
impact on individual banks for non-compliance with the
relevant regulations has been enormous.
And then we have UBS providing an additional $968minprovisions during the first 9 months of this year for litigation
and regulatory matters alone! And so it goes on
And then to aggravate the situation, many compliance
functions are expected to work with hard copies of the
regulations, manual files and spreadsheets (which the FSA is
introducing demands be subject to strict governance).
Whats the new approach?
Prudential Regulation Authority (PRA), taking
over from the FSA, as per the joint Bank of
England/FSA paper issued last month entitled
The PRAs approach to banking supervision
Taking a judgemental approach to supervision:safety and soundness (a term that appears 52
times in the aforementioned paper)
Clause 69:
What are firms options?
A change of approach IS required but what to do?
Should the focus continue to be on high-risk
business areas, and run the risk of non-
compliance in low-risk areas?
OR
Should compliance functions restructure their
approach to address both the principles-based
and the rules-based regulatory requirements?
Regulators are clearly going to place more and more reliance
on a firms compliance and audit functions to enforce
compliance and where necessary, justify partial or non-
compliance.
They are also looking to the Board of Directors and seniormanagement to take responsibility possibly at a personal
level - for any failures in compliance.
-
7/30/2019 Lombard Risk "Addressing regulatory risk"
3/4
Event summary
www.lombardrisk.com Managing collateralised trading | Enabling regulatory compliance
A new approach
Ensuring full compliance with every applicable prudential
and non-prudential regulation is obviously an impossible
task given the sheer quantity of the regulations, the
dynamics of the financial institution and the resources
available to compliance and audit functions who, historically,have suffered from a lack of investment.
The answer may therefore be to assess regulations not only in
terms of the impact on the bottom line, but also in terms of
the regulatory consequences of non-compliance. In other
words, a regulation may be deemed low-risk if the institution
believes that the consequences of non-compliance would just
be a disapproving look from the regulator, whilst non-
compliance with a high-risk regulation may prompt a Pillar 2
capital levy or drop in share price as a result of reputational
damage.
Certainly, it would be inappropriate to focus simply on high-
risk regulations for exactly the same reason as focusing on
high-risk business areas diverted attention from areas that
subsequently proved to be costly when breaches in
compliance were uncovered. However, combining the two
approaches may assist an institution in avoiding the same
mistakes made by some institutions this year.
Compliance and
audit functions are
clearly caught
between a rockand a hard place,
having respon-
sibility for
compliance with
thousands of
regulations but often restricted as to appropriate resources,
on the grounds of cost. Indeed, it is fair to say that these
functions have in the past been deemed to be a necessary evil,
costing an institution money to run but with no apparent
benefit.
Unfortunately, it is failures in compliance that are
headlined, not the success of ensuring compliance.
Deficiencies in compliance and audit functions
in terms of both approach and resources - must be
addressed if a firm is to minimise regulatory risk
and avoid the consequences of non-compliance
Tactical vs strategic
Tactical solutions are no longer viable. Firms require a
strategic solution to address the PRAs approach to supervision:
All-encompassing, demanding firms not only comply with the
spirit of the regulations but also each and every applicable
regulation.
Lombard Risk solution
ComplianceASSESSOR has been designed to address these
requirements by:
Accommodating an unlimited and searchable library of
multi-jurisdictional prudential and non-prudential
regulatory books applicable to the firms businesses,
including internal regulations e.g. the FSA Prudential
Sourcebooks, European Directives, Sarbanes Oxley and
even the various UK laws applicable to in this case - the
financial sector
Accommodating four categories of book that cover
business and governance regulations, training material and
consultative / discussion documents
-
7/30/2019 Lombard Risk "Addressing regulatory risk"
4/4
Event summary
www.lombardrisk.com Managing collateralised trading | Enabling regulatory compliance
Highlighting new and amended regulations for review
and / or possible assessment, thereby avoiding
inadvertent breaches in compliance
Identifying a change to a policy or procedure that
may inadvertently result in a breach in compliance
Mapping policies & procedures, or indeed anydocuments, to the relevant regulations in order to
evidence compliance with the relevant regulations
on the assumption that policies & procedures are
adhered to in practice. Providing that the institution
maintains strict version control over such documents,
any changes to the mapping are identified and the
relevant regulations highlighted for review and
possible re-assessment
Accommodating an assessment process where not
only are policies & procedures mapped to the
relevant regulations, but action plans may be
established to address deficiencies in compliance,
each action plan being documented where
appropriate
Accommodating the four-eyes approach by
requiring assessments to be approved by an
independent officer
The ability to code the regulations in terms of the
consequences of non-compliance, as mentioned
previously. And more importantly, requiringassessments relating to high risk regulations to be
approved not only by an independent officer but
also by an appropriate executive or senior manager
which should prove a useful tool given the PRAs
intended approach to executive responsibility. This
Risk Severity Indicator (RSI) is also used extensively
in the dashboard to highlight, for example, action
plans associated with the assessment of high-risk
regulations that exceed their anticipated
completion date or where confidence in achieving
compliance moves to red on a RAG code.
As one would expect, all of this information and
much more is captured and displayed, focusing
attention on compliance issues and enabling senior
management to monitor and manage compliance
more efficiently throughout the organisation.
And finally, all of this information - relating to the
assessment of applicable regulations, including all
supporting documentation and reports - is
immediately identifiable and retrieval, saving
considerable time and expense when responding to
a query or demand.
Questions from the audience
1. How will the PRA and FCA exercise ajudgemental approach?
We understand that the PRA's approach will be
based on empirical evidence e.g. the FSA's past
experience with the particular institution and experience
with institutions within the same peer group. The PRA will
also look at the position occupied by the institution withinthe marketplace (degree of influence / importance) in
determining the extent of compliance expected of the
institution. The difficulty lies in the interpretation of the
empirical evidence!
2. Will we ever get out of this situation?The simple answer is 'No' - for the simple reason that there
are far too many regulations to ensure compliance against.
There will therefore always be some possibility of non-
compliance as in the example of rogue traders.
Consequently, the only solution is to adequately resource
compliance functions, and ensure the capture of evidentialdocumentation to show that at least best efforts have
been made to comply.
Online survey
The audience were polled 3 times to gain their input:
1. Do you think your compliance team will be able tohandle compliance with regulations in the future, given
the anticipated changes in the regulatory landscape?
Nearly 40% of respondents did not think the compliance
department could manage without additional resources.
2. To what extent does your firm hold applicableregulations in electronic format?
NOBODY could say that their firm was paper-free: but
86% indicated that MOST of the documents were now
stored in electronic format.
3. What do you use to maintain a record of complianceagainst current regulations?
An overwhelming 70% indicated that they use
SPREADSHEETS to maintain compliance records.
For more information visitwww.lombardrisk.comand / or [email protected]
http://www.lombardrisk.com/http://www.lombardrisk.com/http://www.lombardrisk.com/mailto:[email protected]:[email protected]:[email protected]:[email protected]://www.lombardrisk.com/