Lombard Risk "Addressing regulatory risk"

7/30/2019 Lombard Risk "Addressing regulatory risk"

1/4

Event summary

www.lombardrisk.com Managing collateralised trading | Enabling regulatory compliance

Lombard Risk business and regulatory

experts summarise: Assessing

regulatory risk webinar -

5th

December 2012

Introduction

On 5th

December 2012 Lombard Risk held the 7th

in the

regulatory compliance series of webinars.

Speakers

The event commenced with Welcome and introduction

from Rebecca Bond, Group Marketing Director.

The key presentation, explaining

regulatory risk issues, was given by:

David Wilford

Director Compliance Products

Lombard Risk

The webinar focused on the BANKING

sector, having attracted the most publicity and not in a

good way, although the issues addressed apply equally to

insurance companies, asset managers anyone in the

financial sector or companies subject to considerable

regulatory demands and supervision.

Regulatory risk

Given the enormous task faced by compliance functions in

ensuring compliance in an ever-changing and demanding

regulatory environment, regulatory risk is the biggest

challenge firms now face. Defined as the risk to earnings,

capital and reputation associated with a failure to comply with

regulatory requirements and expectations.

The financial sector is subject to a plethora of regulations

governing every aspect of an institutions business.

Current challenges

Even smaller institutions are now subject to thousands of

regulations, and not surprisingly many are now having difficulty

in even keeping track of new and amended regulations, never

mind ensuring adequate compliance.

In a recent Thomson Reuters survey, when 500 compliance

professionals were surveyed, the results indicated that the

deluge of new rules, regulations and enhanced vigour of

regulators, coupled with a lack of additional internal resources

and headcount, has pushed compliance departments to the

breaking point.

The situation is set to deteriorate further, from a compliance

perspective, as the regulatory landscape is now undergoing a

radical change in response to political and regulatory pressures

and demands designed to restore economic and financial

stability, both here and abroad.

Clearly a major challenge is the need to increase both capital

and liquidity to levels deemed by the regulators to be sufficient

to weather another financial crisis no easy task given the

increasing scarcity of high-quality capital in a deteriorating

economic climate, particularly in Europe.

For firms deemed too-big-to-fail, these challenges are further

complicated by demands to restructure or even ring-fence their

retail and investment activities whilst remaining compliant with

all applicable regulations.

Firms also facing the challenge of both restoring and promoting

the sectors reputation and integrity, is helped in no small way

by the regulators who are demanding propriety, transparency,

better risk management and perhaps most important of all,

accountable governance.

And there is more to come:

IN CONCLUSION regulatory pressure is already severe but

unfortunately is destined to get much worse, which means that

many compliance functions are facing an extremely serioussituation, especially given the lack of investment in appropriate

resources. In fact, they themselves may become a risk to the

institution.


2/4

Event summary


Whats wrong with the current approach?

Compliance has moved from a tick-box

approach to being montiored and measured on

a RISK basis

As a result, firms focus on high-risk areas (where

non-compliance most impacts the bottom line)

and low-risk areas were moved off-the-radar

Compliance with new regulations embedded

within implementation

Reliance placed upon the majority of simple

business operations being inherently compliant

The result is that, even today, reliance is placed upon the

majority of simple business operations being inherently

compliant with applicable regulations and therefore off-the-

radar as far as a detailed examination - to determine the

state of compliance - is concerned.

All of the above processes were no doubt deemed simple and

straightforward and as a consequence, only warranted the

occasional cursory review, yet the financial and reputational

impact on individual banks for non-compliance with the

relevant regulations has been enormous.

And then we have UBS providing an additional $968minprovisions during the first 9 months of this year for litigation

and regulatory matters alone! And so it goes on

And then to aggravate the situation, many compliance

functions are expected to work with hard copies of the

regulations, manual files and spreadsheets (which the FSA is

introducing demands be subject to strict governance).

Whats the new approach?

Prudential Regulation Authority (PRA), taking

over from the FSA, as per the joint Bank of

England/FSA paper issued last month entitled

The PRAs approach to banking supervision

Taking a judgemental approach to supervision:safety and soundness (a term that appears 52

times in the aforementioned paper)

Clause 69:

What are firms options?

A change of approach IS required but what to do?

Should the focus continue to be on high-risk

business areas, and run the risk of non-

compliance in low-risk areas?

OR

Should compliance functions restructure their

approach to address both the principles-based

and the rules-based regulatory requirements?

Regulators are clearly going to place more and more reliance

on a firms compliance and audit functions to enforce

compliance and where necessary, justify partial or non-

compliance.

They are also looking to the Board of Directors and seniormanagement to take responsibility possibly at a personal

level - for any failures in compliance.


3/4

Event summary


A new approach

Ensuring full compliance with every applicable prudential

and non-prudential regulation is obviously an impossible

task given the sheer quantity of the regulations, the

dynamics of the financial institution and the resources

available to compliance and audit functions who, historically,have suffered from a lack of investment.

The answer may therefore be to assess regulations not only in

terms of the impact on the bottom line, but also in terms of

the regulatory consequences of non-compliance. In other

words, a regulation may be deemed low-risk if the institution

believes that the consequences of non-compliance would just

be a disapproving look from the regulator, whilst non-

compliance with a high-risk regulation may prompt a Pillar 2

capital levy or drop in share price as a result of reputational

damage.

Certainly, it would be inappropriate to focus simply on high-

risk regulations for exactly the same reason as focusing on

high-risk business areas diverted attention from areas that

subsequently proved to be costly when breaches in

compliance were uncovered. However, combining the two

approaches may assist an institution in avoiding the same

mistakes made by some institutions this year.

Compliance and

audit functions are

clearly caught

between a rockand a hard place,

having respon-

sibility for

compliance with

thousands of

regulations but often restricted as to appropriate resources,

on the grounds of cost. Indeed, it is fair to say that these

functions have in the past been deemed to be a necessary evil,

costing an institution money to run but with no apparent

benefit.

Unfortunately, it is failures in compliance that are

headlined, not the success of ensuring compliance.

Deficiencies in compliance and audit functions

in terms of both approach and resources - must be

addressed if a firm is to minimise regulatory risk

and avoid the consequences of non-compliance

Tactical vs strategic

Tactical solutions are no longer viable. Firms require a

strategic solution to address the PRAs approach to supervision:

All-encompassing, demanding firms not only comply with the

spirit of the regulations but also each and every applicable

regulation.

Lombard Risk solution

ComplianceASSESSOR has been designed to address these

requirements by:

Accommodating an unlimited and searchable library of

multi-jurisdictional prudential and non-prudential

regulatory books applicable to the firms businesses,

including internal regulations e.g. the FSA Prudential

Sourcebooks, European Directives, Sarbanes Oxley and

even the various UK laws applicable to in this case - the

financial sector

Accommodating four categories of book that cover

business and governance regulations, training material and

consultative / discussion documents


4/4

Event summary


Highlighting new and amended regulations for review

and / or possible assessment, thereby avoiding

inadvertent breaches in compliance

Identifying a change to a policy or procedure that

may inadvertently result in a breach in compliance

Mapping policies & procedures, or indeed anydocuments, to the relevant regulations in order to

evidence compliance with the relevant regulations

on the assumption that policies & procedures are

adhered to in practice. Providing that the institution

maintains strict version control over such documents,

any changes to the mapping are identified and the

relevant regulations highlighted for review and

possible re-assessment

Accommodating an assessment process where not

only are policies & procedures mapped to the

relevant regulations, but action plans may be

established to address deficiencies in compliance,

each action plan being documented where

appropriate

Accommodating the four-eyes approach by

requiring assessments to be approved by an

independent officer

The ability to code the regulations in terms of the

consequences of non-compliance, as mentioned

previously. And more importantly, requiringassessments relating to high risk regulations to be

approved not only by an independent officer but

also by an appropriate executive or senior manager

which should prove a useful tool given the PRAs

intended approach to executive responsibility. This

Risk Severity Indicator (RSI) is also used extensively

in the dashboard to highlight, for example, action

plans associated with the assessment of high-risk

regulations that exceed their anticipated

completion date or where confidence in achieving

compliance moves to red on a RAG code.

As one would expect, all of this information and

much more is captured and displayed, focusing

attention on compliance issues and enabling senior

management to monitor and manage compliance

more efficiently throughout the organisation.

And finally, all of this information - relating to the

assessment of applicable regulations, including all

supporting documentation and reports - is

immediately identifiable and retrieval, saving

considerable time and expense when responding to

a query or demand.

Questions from the audience

1. How will the PRA and FCA exercise ajudgemental approach?

We understand that the PRA's approach will be

based on empirical evidence e.g. the FSA's past

experience with the particular institution and experience

with institutions within the same peer group. The PRA will

also look at the position occupied by the institution withinthe marketplace (degree of influence / importance) in

determining the extent of compliance expected of the

institution. The difficulty lies in the interpretation of the

empirical evidence!

2. Will we ever get out of this situation?The simple answer is 'No' - for the simple reason that there

are far too many regulations to ensure compliance against.

There will therefore always be some possibility of non-

compliance as in the example of rogue traders.

Consequently, the only solution is to adequately resource

compliance functions, and ensure the capture of evidentialdocumentation to show that at least best efforts have

been made to comply.

Online survey

The audience were polled 3 times to gain their input:

1. Do you think your compliance team will be able tohandle compliance with regulations in the future, given

the anticipated changes in the regulatory landscape?

Nearly 40% of respondents did not think the compliance

department could manage without additional resources.

2. To what extent does your firm hold applicableregulations in electronic format?

NOBODY could say that their firm was paper-free: but

86% indicated that MOST of the documents were now

stored in electronic format.

3. What do you use to maintain a record of complianceagainst current regulations?

An overwhelming 70% indicated that they use

SPREADSHEETS to maintain compliance records.

For more information visitwww.lombardrisk.comand / or [email protected]
http://www.lombardrisk.com/http://www.lombardrisk.com/http://www.lombardrisk.com/mailto:[email protected]:[email protected]:[email protected]:[email protected]://www.lombardrisk.com/

Lombard Risk "Addressing regulatory risk"

Documents

Transcript of Lombard Risk "Addressing regulatory risk"