Monday January 21 2013 Top 10 Risk Compliance News Events

140
Page | 1 _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com International Association of Risk and Compliance Professionals (IARCP) 1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next Dear Member, If I tell you that this paper from the Basel Committee starts with a poem, will you believe me? It is true! I saw it and I immediately thought… Oh, it’s going to be a bad day. In the past, I sometimes had to spend one hour per page to understand some Basel ii/iii papers… now that they need a poem to start, what is going to happen? I know you ask… what poem George? “Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?” T. S. Eliot. The Rock (1934) Now I am sure: T.S Eliot could become a risk management expert. I always investigate every section, reference and past paper mentioned to any paper from the Basel committee (this is how I spend one hour per page average), so I want to read all the poem, not only this part. It may be important in order to understand the regulation! Otherwise, why would they start with a poem? I found the part of the poem that was written in the paper:

description

Monday January 21 2013 Top 10 Risk Compliance News Events

Transcript of Monday January 21 2013 Top 10 Risk Compliance News Events

Page 1: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 1

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

International Association of Risk and Compliance Professionals (IARCP)

1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com

Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the

week's agenda, and what is next

Dear Member, If I tell you that this paper from the Basel Committee starts with a poem, will you believe me? It is true! I saw it and I immediately thought… Oh, it’s going to be a bad day. In the past, I sometimes had to spend one hour per page to understand some Basel ii/iii papers… now that they need a poem to start, what is going to happen? I know you ask… what poem George?

“Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?” T. S. Eliot. The Rock (1934) Now I am sure: T.S Eliot could become a risk management expert. I always investigate every section, reference and past paper mentioned to any paper from the Basel committee (this is how I spend one hour per page average), so I want to read all the poem, not only this part. It may be important in order to understand the regulation! Otherwise, why would they start with a poem? I found the part of the poem that was written in the paper:

Page 2: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 2

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Where is the Life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information? Now I wonder why they ignored the first part “Where is the Life we have lost in living?” Perhaps they know the answer… trying to comply with Basel {1, 2, 3…} I called a friend, attorney and lobbyist in Washington DC and I asked him about the poem… well, he knew it very well, and he told me that the poem is about a life lived without religion; it is against communism and fascism, against totalitarian regimes. (My first thought: Did I mention which poem?) Oh, perhaps I must call another friend, a university professor in Harvard, to have another opinion and to keep somewhere in the middle? No, it is too much for a day, I will better read the poem. The poem… The Eagle soars in the summit of Heaven, The Hunter with his dogs pursues his circuit. О perpetual revolution of configured stars, О perpetual recurrence of determined seasons, О world of spring and autumn, birth and dying! ***

Where is the Life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?

Page 3: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 3

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

***

I journeyed to London, to the timekept City, Where the River flows, with foreign flotations. There I was told: we have too many churches, And too few chop-houses. There I was told: Let the vicars retire. Men do not need the Church In the place where they work, but where they spend their Sundays. In the City, we need no bells: Let them waken the suburbs. I journeyed to the suburbs, and there I was told: We toil for six days, on the seventh we must motor To Hindhead, or Maidenhead. If the weather is foul we stay at home and read the papers. In industrial districts, there I was told Of economic laws. In the pleasant countryside, there it seemed That the country now is only fit for picnics. And the Church does not seem to be wanted In country or in suburbs; and in the town

Page 4: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 4

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Only for important weddings. ***

The world turns and the world changes, But one thing does not change. In all of my years, one thing does not change. However you disguise it, this thing does not change: The perpetual struggle of Good and Evil. *** The desert is not remote in southern tropics, The desert is not only around the corner, The desert is squeezed in the tube-train next to you. The desert is in the heart of your brother. *** The voices of the Unemployed: No man has hired us With pocketed hands And lowered faces We stand about in open places And shiver in unlit rooms.

Page 5: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 5

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Only the wind moves Over empty fields, untilled Where the plough rests, at an angle To the furrow. In this land There shall be one cigarette to two men, To two women one half pint of bitter Ale. In this land No man has hired us. Our life is unwelcome, our death Unmentioned in “The Times.” *** What life have you if you have not life together? There is no life that is not in community, And no community not lived in praise of God. *** And now you live dispersed on ribbon roads. And no man knows or cares who is his neighbour Unless his neighbour makes too much disturbance, But all dash to and fro in motor cars,

Page 6: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 6

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Familiar with the roads and settled nowhere. Nor does the family even move about together. But every son would have his motor cycle, And daughters ride away on casual pillions. *** In the land of lobelias and tennis flannels The rabbit shall burrow and the thorn revisit, The nettle shall flourish on the gravel court, And the wind shall say: “Here were decent godless people: Their only monument the asphalt road And a thousand lost golf balls.” *** When the Stranger says: “What is the meaning of this city? Do you huddle close together because you love each other?” What will you answer? “We all dwell together To make money from each other”? or “This is a community”? And the Stranger will depart and return to the desert. О my soul, be prepared for the coming of the Stranger, Be prepared for him who knows how to ask questions. О weariness of men who turn from God

Page 7: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 7

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

To the grandeur of your mind and the glory of your action, To arts and inventions and daring enterprises. To schemes of human greatness thoroughly discredited. Binding the earth and the water to your service, Exploiting the seas and developing the mountains, Dividing the stars into common and preferred. Engaged in devising the perfect refrigerator, Engaged in working out a rational morality, Engaged in printing as many books as possible, Plotting of happiness and flinging empty bottles, Turning from your vacancy to fevered enthusiasm For nation or race or what you call humanity; Though you forget the way to the Temple, There is one who remembers the way to your door: Life you may evade, but Death you shall not. You shall not deny the Stranger. *** But it seems that something has happened that has never happened before: though we know not just when, or why, or

Page 8: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 8

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

how, or where. Men have left God not for other gods, they say, but for no god; and this has never happened before That men both deny gods and worship gods, professing first Reason, And then Money, and Power, and what they call Life, or Race, or Dialectic. The Church disowned, the tower overthrown, the bells up- turned, what have we to do But stand with empty hands and palms turned upwards In an age which advances progressively backwards? *** T.S. Eliot Ok, Now I feel that I will understand the paper from the Basel Committee. I also found another part of the poem that is suitable to start another Basel iii paper: “Be prepared for him who knows how to ask questions”. Read more (about the paper, not the poem) at number 1 below. Welcome to the Top 10 list.

Page 9: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 9

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Principles for effective risk data aggregation and risk reporting January 2013 The financial crisis that began in 2007 revealed that many banks, including global systemically important banks (G-SIBs), were unable to aggregate risk exposures and identify concentrations fully, quickly and accurately. This meant that banks' ability to take risk decisions in a timely fashion was seriously impaired with wide-ranging consequences for the banks themselves and for the stability of the financial system as a whole.

Vice Chair Janet L. Yellen At the American Economic Association/American Finance Association Joint Luncheon, San Diego, California

Interconnectedness and Systemic Risk: Lessons from the Financial Crisis and Policy Implications

Page 10: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 10

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Islamic finance industry needs transformation The Islamic financial services industry needs to undergo a complete transformation in order to be recognized and respected as a major global player, a key conference in Bahrain heard.

ESMA and the EBA take action to strengthen Euribor and benchmark rate-setting processes

The European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) published the results of their joint work on Euribor and propose principles for benchmark rate-setting processes. The publications include:

Report from the Commission to the European Parliament and the Council

The review of the Directive 2002/87/EC of the European Parliament and the Council on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate

Page 11: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 11

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

ESMA to provide technical advice on possible delegated acts concerning the Prospectus Directive The European Commission sent a formal request on 20 January 2011 to ESMA to provide technical advice on possible delegated acts concerning the Prospectus Directive as amended by Directive 2010/73/EU (the Mandate).

Regulatory Resolutions for 2013 Remarks by Assistant Superintendent Mark Zelmer, Office of the Superintendent of Financial Institutions Canada (OSFI) to the 2013 RBC Capital Markets Canadian Bank CEO Conference

Fifth progress note on the Global LEI Initiative

This is the fifth of a series of notes on the implementation of the legal entity identifier (LEI) initiative.

Page 12: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 12

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Corporate governance Address by Mr Yandraduth Googoolye, First Deputy Governor of the Bank of Mauritius, at the workshop on “Corporate governance”, organised by the Mauritius Institute of Directors, Port-Louis

'Standard Quantum Limit' Smashed, Could Mean Better Fiber-Optic Comms

From NIST Tech Beat

Communicating with light may soon get a lot easier, hints recent research from the National Institute of Standards and Technology (NIST) and the University of Maryland's Joint Quantum Institute (JQI), where scientists have potentially found a way to overcome a longstanding barrier to cleaner signals.

Page 13: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 13

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Principles for effective risk data aggregation and risk reporting January 2013 The financial crisis that began in 2007 revealed that many banks, including global systemically important banks (G-SIBs), were unable to aggregate risk exposures and identify concentrations fully, quickly and accurately. This meant that banks' ability to take risk decisions in a timely fashion was seriously impaired with wide-ranging consequences for the banks themselves and for the stability of the financial system as a whole. The Basel Committee's Principles for effective risk data aggregation will strengthen banks' risk data aggregation capabilities and internal risk reporting practices. Implementation of the principles will strengthen risk management at banks - in particular, G-SIBs - thereby enhancing their ability to cope with stress and crisis situations. An earlier version of the principles published today was issued for consultation in June 2012. The Committee wishes to thank those who provided feedback and comments as these were instrumental in revising and finalising the principles.

Page 14: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 14

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Principles for effective risk data aggregation and risk reporting

Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information? T. S. Eliot. The Rock (1934)

Introduction 1. One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identify concentrations quickly and accurately at the bank group level, across business lines and between legal entities. Some banks were unable to manage their risks properly because of weak risk data aggregation capabilities and risk reporting practices. This had severe consequences to the banks themselves and to the stability of the financial system as a whole. 2. In response, the Basel Committee issued supplemental Pillar 2 (supervisory review process) guidance to enhance banks’ ability to identify and manage bank-wide risks. In particular, the Committee emphasised that a sound risk management system should have appropriate management information systems (MIS) at the business and bank-wide level. The Basel Committee also included references to data aggregation as part of its guidance on corporate governance. 3. Improving banks’ ability to aggregate risk data will improve their resolvability.

Page 15: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 15

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

For global systemically important banks (G-SIBs) in particular, it is essential that resolution authorities have access to aggregate risk data that complies with the FSB’s Key Attributes of Effective Resolution Regimes for Financial Institutions as well as the principles set out below. For recovery, a robust data framework will help banks and supervisors anticipate problems ahead. It will also improve the prospects of finding alternative options to restore financial strength and viability when the firm comes under severe stress. For example, it could improve the prospects of finding a suitable merger partner. 4. Many in the banking industry recognise the benefits of improving their risk data aggregation capabilities and are working towards this goal. They see the improvements in terms of strengthening the capability and the status of the risk function to make judgements. This leads to gains in efficiency, reduced probability of losses and enhanced strategic decision-making, and ultimately increased profitability. 5. Supervisors observe that making improvements in risk data aggregation capabilities and risk reporting practices remains a challenge for banks, and supervisors would like to see more progress, in particular, at G-SIBs. Moreover, as the memories of the crisis fade over time, there is a danger that the enhancement of banks’ capabilities in these areas may receive a slower-track treatment. This is because IT systems, data and reporting processes require significant investments of financial and human resources with benefits that may only be realised over the long-term.

Page 16: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 16

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

6. The Financial Stability Board (FSB) has several international initiatives underway to ensure continued progress is made in strengthening firms’ risk data aggregation capabilities and risk reporting practices, which is essential to support financial stability. These include: • The development of the Principles for effective risk data aggregation and risk reporting included in this report. This work stems from a recommendation in the FSB’s Progress report on implementing the recommendations on enhanced supervision, issued on 4 November 2011: “The FSB, in collaboration with the standard setters, will develop a set of supervisory expectations to move firms’, particularly SIFIs, data aggregation capabilities to a level where supervisors, firms, and other users (eg resolution authorities) of the data are confident that the MIS reports accurately capture the risks. A timeline should be set for all SIFIs to meet supervisory expectations; the deadline for G-SIBs to meet these expectations should be the beginning of 2016, which is the date when the added loss absorbency requirement begins to be phased in for G-SIBs.”

• The development of a new common data template for global systemically important financial institutions (G-SIFIs) in order to address key information gaps identified during the crisis, such as bi-lateral exposures and exposures to countries/sectors/instruments.

This should provide the authorities with a stronger framework for assessing potential systemic risks.

• A public-private sector initiative to develop a Legal Entity Identifier (LEI) system.

Page 17: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 17

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The LEI system will identify unique parties to financial transactions across the globe and is designed to be a key building block for improvements in the quality of financial data across the globe. 7. There are also other initiatives and requirements relating to data that will have to be implemented in the following years. The Committee considers that upgraded risk data aggregation and risk reporting practices will allow banks to comply effectively with those initiatives.

Definition 8. For the purpose of this paper, the term “risk data aggregation” means defining, gathering and processing risk data according to the bank’s risk reporting requirements to enable the bank to measure its performance against its risk tolerance/appetite. This includes sorting, merging or breaking down sets of data.

Objectives 9. This paper presents a set of principles to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices (the Principles). In turn, effective implementation of the Principles is expected to enhance risk management and decision-making processes at banks. 10. The adoption of these Principles will enable fundamental improvements to the management of banks. The Principles are expected to support a bank’s efforts to: • Enhance the infrastructure for reporting key information, particularly that used by the board and senior management to identify, monitor and manage risks;

Page 18: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 18

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

• Improve the decision-making process throughout the banking organisation; • Enhance the management of information across legal entities, while facilitating a comprehensive assessment of risk exposures at the global consolidated level; • Reduce the probability and severity of losses resulting from risk management weaknesses; • Improve the speed at which information is available and hence decisions can be made; and • Improve the organisation’s quality of strategic planning and the ability to manage the risk of new products and services. 11. Strong risk management capabilities are an integral part of the franchise value of a bank. Effective implementation of the Principles should increase the value of the bank. The Committee believes that the long-term benefits of improved risk data aggregation capabilities and risk reporting practices will outweigh the investment costs incurred by banks. 12. For bank supervisors, these Principles will complement other efforts to improve the intensity and effectiveness of bank supervision. For resolution authorities, improved risk data aggregation should enable smoother bank resolution, thereby reducing the potential recourse to taxpayers.

Scope and initial considerations 13. These Principles are initially addressed to SIBs and apply at both the banking group and on a solo basis.

Page 19: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 19

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Common and clearly stated supervisory expectations regarding risk data aggregation and risk reporting are necessary for these institutions. National supervisors may nevertheless choose to apply the Principles to a wider range of banks, in a way that is proportionate to the size, nature and complexity of these banks’ operations. 14. Banks identified as G-SIBs by the FSB in November 2011 or November 2012 must meet these Principles by January 2016; G-SIBs designated in subsequent annual updates will need to meet the Principles within three years of their designation. G-SIBs subject to the 2016 timeline are expected to start making progress towards effectively implementing the Principles from early 2013. National supervisors and the Basel Committee will monitor and assess this progress in accordance with section V of this document. 15. It is strongly suggested that national supervisors also apply these Principles to banks identified as D-SIBs by their national supervisors three years after their designation as D-SIBs. 16. The Principles and supervisory expectations contained in this paper apply to a bank’s risk management data. This includes data that is critical to enabling the bank to manage the risks it faces. Risk data and reports should provide management with the ability to monitor and track risks relative to the bank’s risk tolerance/appetite. 17. These Principles also apply to all key internal risk management models, including but not limited to, Pillar 1 regulatory capital models (eg internal ratings-based approaches for credit risk and advanced measurement approaches for operational risk), Pillar 2 capital models and other key risk management models (eg value-at-risk).

Page 20: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 20

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

18. The Principles apply to a bank’s group risk management processes. However, banks may also benefit from applying the Principles to other processes, such as financial and operational processes, as well as supervisory reporting. 19. All the Principles included in this paper are also applicable to processes that have been outsourced to third parties. 20. The Principles cover four closely related topics: • Overarching governance and infrastructure • Risk data aggregation capabilities • Risk reporting practices • Supervisory review, tools and cooperation 21. Risk data aggregation capabilities and risk reporting practices are considered separately in this paper, but they are clearly inter-linked and cannot exist in isolation. High quality risk management reports rely on the existence of strong risk data aggregation capabilities, and sound infrastructure and governance ensures the information flow from one to the other. 22. Banks should meet all risk data aggregation and risk reporting principles simultaneously. However, trade-offs among Principles could be accepted in exceptional circumstances such as urgent/ad hoc requests of information on new or unknown areas of risk. There should be no trade-offs that materially impact risk management decisions.

Page 21: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 21

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Decision-makers at banks, in particular the board and senior management, should be aware of these trade-offs and the limitations or shortcomings associated with them. Supervisors expect banks to have policies and processes in place regarding the application of trade-offs. Banks should be able to explain the impact of these trade-offs on their decision- making process through qualitative reports and, to the extent possible, quantitative measures. 23. The concept of materiality used in this paper means that data and reports can exceptionally exclude information only if it does not affect the decision-making process in a bank (ie decision-makers, in particular the board and senior management, would have been influenced by the omitted information or made a different judgment if the correct information had been known). In applying the materiality concept, banks will take into account considerations that go beyond the number or size of the exposures not included, such as the type of risks involved, or the evolving and dynamic nature of the banking business. Banks should also take into account the potential future impact of the information excluded on the decision-making process at their institutions. Supervisors expect banks to be able to explain the omissions of information as a result of applying the materiality concept. 24. Banks should develop forward looking reporting capabilities to provide early warnings of any potential breaches of risk limits that may exceed the bank’s risk tolerance/appetite. These risk reporting capabilities should also allow banks to conduct a flexible and effective stress testing which is capable of providing forward-looking risk assessments.

Page 22: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 22

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Supervisors expect risk management reports to enable banks to anticipate problems and provide a forward looking assessment of risk. 25. Expert judgment may occasionally be applied to incomplete data to facilitate the aggregation process, as well as the interpretation of results within the risk reporting process. Reliance on expert judgment in place of complete and accurate data should occur only on an exception basis, and should not materially impact the bank’s compliance with the Principles. When expert judgment is applied, supervisors expect that the process be clearly documented and transparent so as to allow for an independent review of the process followed and the criteria used in the decision-making process.

I. Overarching governance and infrastructure 26. A bank should have in place a strong governance framework, risk data architecture and IT infrastructure. These are preconditions to ensure compliance with the other Principles included in this document. In particular, a bank’s board should oversee senior management’s ownership of implementing all the risk data aggregation and risk reporting principles and the strategy to meet them within a timeframe agreed with their supervisors.

Principle 1 Governance – A bank’s risk data aggregation capabilities and risk reporting practices should be subject to strong governance arrangements consistent with other principles and guidance established by the Basel Committee.

Page 23: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 23

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

27. A bank’s board and senior management should promote the identification, assessment and management of data quality risks as part of its overall risk management framework. The framework should include agreed service level standards for both outsourced and in-house risk data-related processes, and a firm’s policies on data confidentiality, integrity and availability, as well as risk management policies. 28. A bank’s board and senior management should review and approve the bank’s group risk data aggregation and risk reporting framework and ensure that adequate resources are deployed. 29. A bank’s risk data aggregation capabilities and risk reporting practices should be: (a) Fully documented and subject to high standards of validation. This validation should be independent and review the bank’s compliance with the Principles in this document. The primary purpose of the independent validation is to ensure that a bank's risk data aggregation and reporting processes are functioning as intended and are appropriate for the bank's risk profile. Independent validation activities should be aligned and integrated with the other independent review activities within the bank's risk management program, and encompass all components of the bank's risk data aggregation and reporting processes. Common practices suggest that the independent validation of risk data aggregation and risk reporting practices should be conducted using staff with specific IT, data and reporting expertise. (b) Considered as part of any new initiatives, including acquisitions and/or divestitures, new product development, as well as broader process and IT change initiatives.

Page 24: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 24

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

When considering a material acquisition, a bank’s due diligence process should assess the risk data aggregation capabilities and risk reporting practices of the acquired entity, as well as the impact on its own risk data aggregation capabilities and risk reporting practices. The impact on risk data aggregation should be considered explicitly by the board and inform the decision to proceed. The bank should establish a timeframe to integrate and align the acquired risk data aggregation capabilities and risk reporting practices within its own framework. (c) Unaffected by the bank’s group structure. The group structure should not hinder risk data aggregation capabilities at a consolidated level or at any relevant level within the organisation (eg sub-consolidated level, jurisdiction of operation level). In particular, risk data aggregation capabilities should be independent from the choices a bank makes regarding its legal organisation and geographical presence. 30. A bank’s senior management should be fully aware of and understand the limitations that prevent full risk data aggregation, in terms of coverage (eg risks not captured or subsidiaries not included), in technical terms (eg model performance indicators or degree of reliance on manual processes) or in legal terms (legal impediments to data sharing across jurisdictions). Senior management should ensure that the bank’s IT strategy includes ways to improve risk data aggregation capabilities and risk reporting practices and to remedy any shortcomings against the Principles set forth in this document taking into account the evolving needs of the business. Senior management should also identify data critical to risk data aggregation and IT infrastructure initiatives through its strategic IT planning process, and support these initiatives through the allocation of appropriate levels of financial and human resources.

Page 25: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 25

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

31. A bank’s board is responsible for determining its own risk reporting requirements and should be aware of limitations that prevent full risk data aggregation in the reports it receives. The board should also be aware of the bank’s implementation of, and ongoing compliance with the Principles set out in this document.

Principle 2 Data architecture and IT infrastructure – A bank should design, build and maintain data architecture and IT infrastructure which fully supports its risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis, while still meeting the other Principles. 32. Risk data aggregation capabilities and risk reporting practices should be given direct consideration as part of a bank’s business continuity planning processes and be subject to a business impact analysis. 33. A bank should establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data (metadata), as well as use of single identifiers and/or unified naming conventions for data including legal entities, counterparties, customers and accounts. 34. Roles and responsibilities should be established as they relate to the ownership and quality of risk data and information for both the business and IT functions. The owners (business and IT functions), in partnership with risk managers, should ensure there are adequate controls throughout the lifecycle of the data and for all aspects of the technology infrastructure. The role of the business owner includes ensuring data is correctly entered by the relevant front office unit, kept current and aligned with the data definitions, and also ensuring that risk data aggregation capabilities and risk reporting practices are consistent with firms’ policies.

Page 26: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 26

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

II. Risk data aggregation capabilities 35. Banks should develop and maintain strong risk data aggregation capabilities to ensure that risk management reports reflect the risks in a reliable way (ie meeting data aggregation expectations is necessary to meet reporting expectations). Compliance with these Principles should not be at the expense of each other. These risk data aggregation capabilities should meet all Principles below simultaneously in accordance with paragraph 22 of this document.

Principle 3 Accuracy and Integrity – A bank should be able to generate accurate and reliable risk data to meet normal and stress/crisis reporting accuracy requirements. Data should be aggregated on a largely automated basis so as to minimise the probability of errors. 36. A bank should aggregate risk data in a way that is accurate and reliable. (a) Controls surrounding risk data should be as robust as those applicable to accounting data. (b) Where a bank relies on manual processes and desktop applications (eg spreadsheets, databases) and has specific risk units that use these applications for software development, it should have effective mitigants in place (eg end-user computing policies and procedures) and other effective controls that are consistently applied across the bank’s processes.

Page 27: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 27

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

(c) Risk data should be reconciled with bank’s sources, including accounting data where appropriate, to ensure that the risk data is accurate. (d) A bank should strive towards a single authoritative source for risk data per each type of risk. (e) A bank’s risk personnel should have sufficient access to risk data to ensure they can appropriately aggregate, validate and reconcile the data to risk reports. 37. As a precondition, a bank should have a “dictionary” of the concepts used, such that data is defined consistently across an organisation. 38. There should be an appropriate balance between automated and manual systems. Where professional judgements are required, human intervention may be appropriate. For many other processes, a higher degree of automation is desirable to reduce the risk of errors. 39. Supervisors expect banks to document and explain all of their risk data aggregation processes whether automated or manual (judgement based or otherwise). Documentation should include an explanation of the appropriateness of any manual workarounds, a description of their criticality to the accuracy of risk data aggregation and proposed actions to reduce the impact. 40. Supervisors expect banks to measure and monitor the accuracy of data and to develop appropriate escalation channels and action plans to be in place to rectify poor data quality.

Page 28: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 28

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Principle 4 Completeness – A bank should be able to capture and aggregate all material risk data across the banking group. Data should be available by business line, legal entity, asset type, industry, region and other groupings, as relevant for the risk in question, that permit identifying and reporting risk exposures, concentrations and emerging risks. 41. A bank’s risk data aggregation capabilities should include all material risk exposures, including those that are off-balance sheet. 42. A banking organisation is not required to express all forms of risk in a common metric or basis, but risk data aggregation capabilities should be the same regardless of the choice of risk aggregation systems implemented. However, each system should make clear the specific approach used to aggregate exposures for any given risk measure, in order to allow the board and senior management to assess the results properly. 43. Supervisors expect banks to produce aggregated risk data that is complete and to measure and monitor the completeness of their risk data. Where risk data is not entirely complete, the impact should not be critical to the bank’s ability to manage its risks effectively. Supervisors expect banks’ data to be materially complete, with any exceptions identified and explained.

Principle 5 Timeliness – A bank should be able to generate aggregate and up-to-date risk data in a timely manner while also meeting the principles relating to accuracy and integrity, completeness and adaptability.

Page 29: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 29

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The precise timing will depend upon the nature and potential volatility of the risk being measured as well as its criticality to the overall risk profile of the bank. The precise timing will also depend on the bank-specific frequency requirements for risk management reporting, under both normal and stress/crisis situations, set based on the characteristics and overall risk profile of the bank. 44. A bank’s risk data aggregation capabilities should ensure that it is able to produce aggregate risk information on a timely basis to meet all risk management reporting requirements. 45. The Basel Committee acknowledges that different types of data will be required at different speeds, depending on the type of risk, and that certain risk data may be needed faster in a stress/crisis situation. Banks need to build their risk systems to be capable of producing aggregated risk data rapidly during times of stress/crisis for all critical risks. 46. Critical risks include but are not limited to: (a) The aggregated credit exposure to a large corporate borrower. By comparison, groups of retail exposures may not change as critically in a short period of time but may still include significant concentrations; (b) Counterparty credit risk exposures, including, for example, derivatives; (c) Trading exposures, positions, operating limits, and market concentrations by sector and region data; (d) Liquidity risk indicators such as cash flows/settlements and funding; and

Page 30: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 30

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

(e) Operational risk indicators that are time-critical (eg systems availability, unauthorised access). 47. Supervisors will review that the bank specific frequency requirements, for both normal and stress/crisis situations, generate aggregate and up-to-date risk data in a timely manner.

Principle 6 Adaptability – A bank should be able to generate aggregate risk data to meet a broad range of on-demand, ad hoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries. 48. A bank’s risk data aggregation capabilities should be flexible and adaptable to meet ad hoc data requests, as needed, and to assess emerging risks. Adaptability will enable banks to conduct better risk management, including forecasting information, as well as to support stress testing and scenario analyses. 49. Adaptability includes: (a) Data aggregation processes that are flexible and enable risk data to be aggregated for assessment and quick decision-making; (b) Capabilities for data customisation to users’ needs (eg dashboards, key takeaways, anomalies), to drill down as needed, and to produce quick summary reports; (c) Capabilities to incorporate new developments on the organisation of the business and/or external factors that influence the bank’s risk profile; and (d) Capabilities to incorporate changes in the regulatory framework.

Page 31: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 31

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

50. Supervisors expect banks to be able to generate subsets of data based on requested scenarios or resulting from economic events. For example, a bank should be able to aggregate risk data quickly on country credit exposures as of a specified date based on a list of countries, as well as industry credit exposures as of a specified date based on a list of industry types across all business lines and geographic areas.

III. Risk reporting practices 51. Accurate, complete and timely data is a foundation for effective risk management. However, data alone does not guarantee that the board and senior management will receive appropriate information to make effective decisions about risk. To manage risk effectively, the right information needs to be presented to the right people at the right time. Risk reports based on risk data should be accurate, clear and complete. They should contain the correct content and be presented to the appropriate decision-makers in a time that allows for an appropriate response. To effectively achieve their objectives, risk reports should comply with the following principles. Compliance with these principles should not be at the expense of each other in accordance with paragraph 22 of this document.

Principle 7 Accuracy - Risk management reports should accurately and precisely convey aggregated risk data and reflect risk in an exact manner. Reports should be reconciled and validated.

Page 32: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 32

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

52. Risk management reports should be accurate and precise to ensure a bank’s board and senior management can rely with confidence on the aggregated information to make critical decisions about risk. 53. To ensure the accuracy of the reports, a bank should maintain, at a minimum, the following: (a) Defined requirements and processes to reconcile reports to risk data; (b) Automated and manual edit and reasonableness checks, including an inventory of the validation rules that are applied to quantitative information. The inventory should include explanations of the conventions used to describe any mathematical or logical relationships that should be verified through these validations or checks; and (c) Integrated procedures for identifying, reporting and explaining data errors or weaknesses in data integrity via exceptions reports. 54. Approximations are an integral part of risk reporting and risk management. Results from models, scenario analyses, and stress testing are examples of approximations that provide critical information for managing risk. While the expectations for approximations may be different than for other types of risk reporting, banks should follow the reporting principles in this document and establish expectations for the reliability of approximations (accuracy, timeliness, etc) to ensure that management can rely with confidence on the information to make critical decisions about risk. This includes principles regarding data used to drive these approximations.

Page 33: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 33

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

55. Supervisors expect that a bank’s senior management should establish accuracy and precision requirements for both regular and stress/crisis reporting, including critical position and exposure information. These requirements should reflect the criticality of decisions that will be based on this information. 56. Supervisors expect banks to consider accuracy requirements analogous to accounting materiality. For example, if omission or misstatement could influence the risk decisions of users, this may be considered material. A bank should be able to support the rationale for accuracy requirements. Supervisors expect a bank to consider precision requirements based on validation, testing or reconciliation processes and results.

Principle 8 Comprehensiveness - Risk management reports should cover all material risk areas within the organisation. The depth and scope of these reports should be consistent with the size and complexity of the bank’s operations and risk profile, as well as the requirements of the recipients. 57. Risk management reports should include exposure and position information for all significant risk areas (eg credit risk, market risk, liquidity risk, operational risk) and all significant components of those risk areas (eg single name, country and industry sector for credit risk). Risk management reports should also cover risk-related measures (eg regulatory and economic capital). 58. Reports should identify emerging risk concentrations, provide information in the context of limits and risk appetite/tolerance and propose recommendations for action where appropriate.

Page 34: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 34

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Risk reports should include the current status of measures agreed by the board or senior management to reduce risk or deal with specific risk situations. This includes providing the ability to monitor emerging trends through forward-looking forecasts and stress tests. 59. Supervisors expect banks to determine risk reporting requirements that best suit their own business models and risk profiles. Supervisors will need to be satisfied with the choices a bank makes in terms of risk coverage, analysis and interpretation, scalability and comparability across group institutions. For example, an aggregated risk report should include, but not be limited to, the following information: capital adequacy, regulatory capital, capital and liquidity ratio projections, credit risk, market risk, operational risk, liquidity risk, stress testing results, inter- and intra-risk concentrations, and funding positions and plans. 60. Supervisors expect that risk management reports to the board and senior management provide a forward-looking assessment of risk and should not just rely on current and past data. The reports should contain forecasts or scenarios for key market variables and the effects on the bank so as to inform the board and senior management of the likely trajectory of the bank’s capital and risk profile in the future.

Principle 9 Clarity and usefulness - Risk management reports should communicate information in a clear and concise manner. Reports should be easy to understand yet comprehensive enough to facilitate informed decision-making.

Page 35: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 35

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Reports should include meaningful information tailored to the needs of the recipients. 61. A bank’s risk reports should contribute to sound risk management and decision-making by their relevant recipients, including, in particular, the board and senior management. Risk reports should ensure that information is meaningful and tailored to the needs of the recipients. 62. Reports should include an appropriate balance between risk data, analysis and interpretation, and qualitative explanations. The balance of qualitative versus quantitative information will vary at different levels within the organisation and will also depend on the level of aggregation that is applied to the reports. Higher up in the organisation, more aggregation is expected and therefore a greater degree of qualitative interpretation will be necessary. 63. Reporting policies and procedures should recognise the differing information needs of the board, senior management, and the other levels of the organisation (for example risk committees). 64. As one of the key recipients of risk management reports, the bank’s board is responsible for determining its own risk reporting requirements and complying with its obligations to shareholders and other relevant stakeholders. The board should ensure that it is asking for and receiving relevant information that will allow it to fulfil its governance mandate relating to the bank and the risks to which it is exposed. This will allow the board to ensure it is operating within its risk tolerance/appetite. 65. The board should alert senior management when risk reports do not meet its requirements and do not provide the right level and type of

Page 36: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 36

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

information to set and monitor adherence to the bank’s risk tolerance/appetite. The board should indicate whether it is receiving the right balance of detail and quantitative versus qualitative information. 66. Senior management is also a key recipient of risk reports and it is responsible for determining its own risk reporting requirements. Senior management should ensure that it is receiving relevant information that will allow it to fulfil its management mandate relative to the bank and the risks to which it is exposed. 67. A bank should develop an inventory and classification of risk data items which includes a reference to the concepts used to elaborate the reports. 68. Supervisors expect that reports will be clear and useful. Reports should reflect an appropriate balance between detailed data, qualitative discussion, explanation and recommended conclusions. Interpretation and explanations of the data, including observed trends, should be clear. 69. Supervisors expect a bank to confirm periodically with recipients that the information aggregated and reported is relevant and appropriate, in terms of both amount and quality, to the governance and decision-making process.

Principle 10 Frequency – The board and senior management (or other recipients as appropriate) should set the frequency of risk management report production and distribution. Frequency requirements should reflect the needs of the recipients, the nature of the risk reported, and the speed, at which the risk can change, as

Page 37: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 37

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

well as the importance of reports in contributing to sound risk management and effective and efficient decision-making across the bank. The frequency of reports should be increased during times of stress/crisis. 70. The frequency of risk reports will vary according to the type of risk, purpose and recipients. A bank should assess periodically the purpose of each report and set requirements for how quickly the reports need to be produced in both normal and stress/crisis situations. A bank should routinely test its ability to produce accurate reports within established timeframes, particularly in stress/crisis situations. 71. Supervisors expect that in times of stress/crisis all relevant and critical credit, market and liquidity position/exposure reports are available within a very short period of time to react effectively to evolving risks. Some position/exposure information may be needed immediately (intraday) to allow for timely and effective reactions.

Principle 11 Distribution - Risk management reports should be distributed to the relevant parties while ensuring confidentiality is maintained. 72. Procedures should be in place to allow for rapid collection and analysis of risk data and timely dissemination of reports to all appropriate recipients. This should be balanced with the need to ensure confidentiality as appropriate. 73. Supervisors expect a bank to confirm periodically that the relevant recipients receive timely reports.

Page 38: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 38

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

IV. Supervisory review, tools and cooperation 74. Supervisors will have an important role to play in monitoring and providing incentives for a bank’s implementation of, and ongoing compliance with the Principles. They should also review compliance with the Principles across banks to determine whether the Principles themselves are achieving their desired outcome and whether further enhancements are required.

Principle 12 Review - Supervisors should periodically review and evaluate a bank’s compliance with the eleven Principles above. 75. Supervisors should review a bank’s compliance with the Principles in the preceding sections. Reviews should be incorporated into the regular programme of supervisory reviews and may be supplemented by thematic reviews covering multiple banks with respect to a single or selected issue. Supervisors may test a bank’s compliance with the Principles through occasional requests for information to be provided on selected risk issues (for example, exposures to certain risk factors) within short deadlines, thereby testing the capacity of a bank to aggregate risk data rapidly and produce risk reports. Supervisors should have access to the appropriate reports to be able to perform this review. 76. Supervisors should draw on reviews conducted by the internal or external auditors to inform their assessments of compliance with the Principles. Supervisors may require work to be carried out by a bank’s internal audit functions or by experts independent from the bank.

Page 39: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 39

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Supervisors must have access to all appropriate documents such as internal validation and audit reports, and should be able to meet with and discuss risk data aggregation capabilities with the external auditors or independent experts from the bank, when appropriate. 77. Supervisors should test a bank’s capabilities to aggregate data and produce reports in both stress/crisis and steady-state environments, including sudden sharp increases in business volumes.

Principle 13 Remedial actions and supervisory measures - Supervisors should have and use the appropriate tools and resources to require effective and timely remedial action by a bank to address deficiencies in its risk data aggregation capabilities and risk reporting practices. Supervisors should have the ability to use a range of tools, including Pillar 2. 78. Supervisors should require effective and timely remedial action by a bank to address deficiencies in its risk data aggregation capabilities and risk reporting practices and internal controls. 79. Supervisors should have a range of tools at their disposal to address material deficiencies in a bank’s risk data aggregation and reporting capabilities. Such tools may include, but are not limited to, requiring a bank to take remedial action; increasing the intensity of supervision; requiring an independent review by a third party, such as external auditors; and the possible use of capital add-ons as both a risk mitigant and incentive under Pillar 2. 80. Supervisors should be able to set limits on a bank’s risks or the growth in their activities where deficiencies in risk data aggregation and reporting are assessed as causing significant weaknesses in risk management capabilities.

Page 40: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 40

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

81. For new business initiatives, supervisors may require that banks’ implementation plans ensure that robust risk data aggregation is possible before allowing a new business venture or acquisition to proceed. 82. When a supervisor requires a bank to take remedial action, the supervisor should set a timetable for completion of the action. Supervisors should have escalation procedures in place to require more stringent or accelerated remedial action in the event that a bank does not adequately address the deficiencies identified, or in the case that supervisors deem further action is warranted.

Principle 14 Home/host cooperation - Supervisors should cooperate with relevant supervisors in other jurisdictions regarding the supervision and review of the Principles, and the implementation of any remedial action if necessary. 83. Effective cooperation and appropriate information sharing between the home and host supervisory authorities should contribute to the robustness of a bank’s risk management practices across a bank’s operations in multiple jurisdictions. Wherever possible, supervisors should avoid performing redundant and uncoordinated reviews related to risk data aggregation and risk reporting. 84. Cooperation can take the form of sharing of information within the constraints of applicable laws, as well as discussion between supervisors on a bilateral or multilateral basis (eg through colleges of supervisors), including, but not limited to, regular meetings. Communication by conference call and email may be particularly useful in tracking required remedial actions. Cooperation through colleges should be in line with the Basel Committee’s Good practice principles on supervisory colleges.

Page 41: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 41

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

85. Supervisors should discuss their experiences regarding the quality of risk data aggregation capabilities and risk reporting practices in different parts of the group. This should include any impediments to risk data aggregation and risk reporting arising from cross-border issues and also whether risk data is distributed appropriately across the group. Such exchanges will enable supervisors to identify significant concerns at an early stage and to respond promptly and effectively.

V. Implementation timeline and transitional arrangements 86. Supervisors expect that a bank’s data and IT infrastructures will be enhanced in the coming years to ensure that its risk data aggregation capabilities and risk reporting practices are sufficiently robust and flexible enough to address their potential needs in normal times and particularly during times of stress/crisis. 87. National banking supervisors will start discussing implementation of the Principles with G-SIB’s senior management in early 2013. This will ensure that banks they develop a strategy to meet the Principles by 2016. 88. In order for G-SIBs to meet the Principles in accordance with the 2016 timeline, national banking supervisors will discuss banks’ analysis of risk data aggregation capabilities with their senior management and agree to timelines for required improvements. Supervisory approaches are likely to include requiring self-assessments by G-SIBs against these expectations in early 2013, with the goal of closing significant gaps before 2016. Supervisors may also engage technical experts to support their assessments of banks’ plans in respect of the 2016 deadline.

Page 42: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 42

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

89. The Basel Committee will track G-SIBs progress towards complying with the Principles through its Standards Implementation Group (SIG) from 2013 onwards. This will include any observations on the effectiveness of the Principles themselves and whether any enhancements or other revisions of the Principles are necessary in order to achieve the desired outcomes. The Basel Committee will share its findings with the FSB at least annually starting from the end of 2013.

Annex 1 Terms used in the document Accuracy Closeness of agreement between a measurement or record or representation and the value to be measured, recorded or represented. This definition applies to both risk data aggregation and risk reports.

Adaptability The ability of risk data aggregation capabilities to change (or be changed) in response to changed circumstances (internal or external).

Approximation A result that is not necessarily exact, but acceptable for its given purpose.

Clarity The ability of risk reporting to be easily understood and free from indistinctness or ambiguity.

Completeness Availability of relevant risk data aggregated across all firm's constituent units (eg legal entities, business lines, jurisdictions, etc)

Comprehensiveness Extent to which risk reports include or deal with all risks relevant to the firm.

Page 43: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 43

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Distribution Ensuring that the adequate people or groups receive the appropriate risk reports.

Frequency The rate at which risk reports are produced over time.

Integrity Freedom of risk data from unauthorised alteration and unauthorised manipulation that compromise its accuracy, completeness and reliability.

Manual workarounds Employing human-based processes and tools to transfer, manipulate or alter data used to be aggregated or reported.

Precision Closeness of agreement between indications or measured quantity values obtained by replicating measurements on the same or similar objects under specified conditions.

Reconciliation The process of comparing items or outcomes and explaining the differences.

Risk tolerance/appetite The level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business and obligations to stakeholders. It is generally expressed through both quantitative and qualitative means.

Risk Data aggregation Defining, gathering, and processing risk data according to the bank’s risk reporting requirements to enable the bank to measure its performance against its risk tolerance/appetite. This includes sorting, merging or breaking down sets of data.

Page 44: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 44

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Timeliness Availability of aggregated risk data within such a timeframe as to enable a bank to produce risk reports at an established frequency.

Validation The process by which the correctness (or not) of inputs, processing, and outputs is identified and quantified.

Page 45: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 45

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Vice Chair Janet L. Yellen At the American Economic Association/American Finance Association Joint Luncheon, San Diego, California

Interconnectedness and Systemic Risk: Lessons from the Financial Crisis and Policy Implications Thank you, Claudia, and thanks to the American Economic Association and the American Finance Association for the opportunity to speak to you on a topic of growing interest to our profession and of great importance to understanding the causes and implications of the financial crisis. Everyone here today, I'm sure, is familiar with the tumultuous events that introduced many Americans to the concept of systemic risk. To recap briefly, losses arising from leveraged investments caused a few important, but perhaps not essential, financial institutions to fail. At first, the damage appeared to be contained, but the resulting stresses revealed extensive interconnections among traditional banks, investment houses, and the rapidly growing and less regulated shadow banking sector. Market participants lost confidence in their trading partners, and, as the crisis unfolded, the financial sector struggled to cope with a massive withdrawal of liquidity, the collapse of one of its most prominent institutions, and a 40 percent drop in equity prices. The effects of the crisis were felt far beyond the financial sector as credit dried up and a mild recession became something far worse. You are also, no doubt, familiar with the political response to that crisis. After considerable debate, the Congress passed sweeping reform

Page 46: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 46

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

legislation designed to place the nation's financial infrastructure on a more solid foundation. I'm referring, of course, to the banking panic of 1907. The legislation that President Wilson signed in December 1913 created the Federal Reserve, providing the nation with a lender of last resort to respond to such crises. As we approach the centennial of the Federal Reserve System, it is striking how many of the challenges of that era remain with us today. In 1907, the correspondent banking networks that helped concentrate reserves in New York and other money centers also made the banking system highly interconnected. Today, our capability to monitor and model financial outcomes is vastly greater, and the tools available to the Federal Reserve are vastly more powerful, than the private capital and moral suasion that financier J. P. Morgan summoned in 1907 to stabilize the banks and trusts. But as we learned during the recent crisis, the financial system has also grown much larger and more complex, and our efforts to understand and influence it have, at best, only kept pace. Complex links among financial market participants and institutions are a hallmark of the modern global financial system. Across geographic and market boundaries, agents within the financial system engage in a diverse array of transactions and relationships that connect them to other participants. Indeed, much of the financial innovation that preceded the most recent financial crisis increased both the number and types of connections that linked borrowers and lenders in the economy. The rapid growth in securitization and derivatives markets prior to the crisis provides a stark example of this phenomenon.

Page 47: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 47

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

As shown in figure 1, between 2000 and 2007, the notional value of collateralized debt obligations outstanding increased from less than $300 billion to more than $1.4 trillion. From 2004, the earliest date for which comprehensive data are available, to 2007, the outstanding notional amount of credit default swap (CDS) contracts increased tenfold, from $6 trillion to $60 trillion. This incredible growth in securitization and derivatives markets reflects a significant increase in the number, types, and complexity of network connections in the financial system. Financial economists have long stressed the benefits of interactions among financial intermediaries, and there is little doubt that some degree of interconnectedness is vital to the functioning of our financial system.

Page 48: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 48

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Economists take a well-reasoned and dim view of autarky as the path to growth and stability. Banks and other financial intermediaries channel capital from savers, who often have short-term liquidity demands, into productive investments that typically require stable, long-term funding. Financial intermediaries work with one another because no single institution can hope to access the full range of available capital and investment opportunities in our complex economy. Connections among market actors also facilitate risk sharing, which can help minimize (though not eliminate) the uncertainty faced by individual agents. Yet experience--most importantly, our recent financial crisis--as well as a growing body of academic research suggests that interconnections among financial intermediaries are not an unalloyed good. Complex interactions among market actors may serve to amplify existing market frictions, information asymmetries, or other externalities. The difficult task before market participants, policymakers, and regulators with systemic risk responsibilities such as the Federal Reserve is to find ways to preserve the benefits of interconnectedness in financial markets while managing the potentially harmful side effects. Indeed, new regulations required by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) and changes in supervisory practices by the Federal Reserve and other financial regulators are intended to do just that. In my remarks, I will discuss a few of the major regulatory and supervisory changes under way to address the potential for excessive systemic risk arising from the complexity and interconnectedness that characterize our financial system.

Page 49: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 49

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The design of an appropriate regulatory framework entails tradeoffs between costs and benefits, and to illustrate them, I will discuss in some detail proposals currently under consideration to mitigate risk in over-the-counter (OTC) derivatives, which proved to be an important channel for the transmission of risk during the recent crisis. I am quite aware that some reforms in the wake of the financial crisis, including those pertaining to derivatives, have been controversial. In connection with recent rulemakings--and, more broadly, in the arena of public debate--critics have asked whether complexity and interconnectedness should be treated as potential sources of systemic risk. This is a legitimate question that the Federal Reserve welcomes and itself seeks to answer in its roles of researcher, regulator, and supervisor. Let me say at the outset, though, that a lack of complete certainty about potential outcomes is not a justification for inaction, considering the size of the threat encountered in the recent crisis. Responsible policymakers try to make decisions with the best information available but would always like to know more. With that in mind, I'll begin by briefly surveying research that highlights ways in which network structure and interconnectedness can give rise to or exacerbate systemic risk in the financial system.

The Economics of Interconnectedness and Systemic Risk Academic research that explores the relationship between network structure and systemic risk is relatively new. Not surprisingly, interest in this field has increased considerably since the financial crisis.

Page 50: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 50

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

A search of economics research focusing on "systemic risk" or "interconnectedness" since 2007 yields 624 publications, twice as many as were produced in the previous 25 years. That's not to say that economists were blind to the importance of networks before the financial crisis. In 2000, Franklin Allen and Douglas Gale, for example, developed an important model of financial networks that provides insight into how networks can influence systemic risk. In the model studied by Allen and Gale, systemic risk arises through liquidity shocks that can have a domino effect, causing a problem at one bank to spread to others, potentially leading to failures throughout the system. In their model, interbank deposits are a primary mechanism for the transmission of liquidity shocks from one bank to another. Allen and Gale compare two canonical network structures: a "complete" network, in which all banks lend to and borrow from all other banks, and an "incomplete" network, in which each bank borrows from only one neighbor and lends to only one other neighbor.

Page 51: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 51

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Figure 2, panel A, presents an example of a complete network, and figure 2, panel B, an example of an incomplete network. In the case of the complete network, banks benefit from diversified funding streams.

Page 52: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 52

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

A liquidity shock at one bank is less likely to cause the bankruptcy of another bank since the shock can be distributed among all banks in the system. In the incomplete network, funding is not diversified. A liquidity shock at one bank is more likely to cause liquidity problems at other connected banks because the same shock is spread over fewer banks and is therefore larger and more destabilizing. The principle behind this result is familiar and basic to economics: Diversification reduces risk and improves stability. While this idea is compelling, both economic research and the events of the financial crisis suggest that it is incomplete. In their classic paper on bank runs, Douglas Diamond and Philip Dybvig showed how rational and prudent actions by individual depositors to limit their own risks may be highly destabilizing to an institution designed to transform short-term liabilities into long-term assets. Xavier Freixas, Bruno Parigi, and Jean-Charles Rochet show that a similar kind of collective action problem can arise in a network akin to a modern check-clearing system in which credit extensions among banks allow claims on one institution to be fulfilled by another. Such a system is socially useful because it allows depositors to shift funds among banks without forcing banks to sell illiquid assets, thus enabling society as a whole to undertake more productive, long-term investment. But in times of stress or uncertainty, such systems can be subject to coordination failures: A "gridlock" equilibrium can arise in which depositors at each bank withdraw funds early in order to avoid losses arising from credit extensions to other banks whose depositors are also expected to force an early liquidation of assets.

Page 53: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 53

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

In Freixas, Parigi, and Rochet (2000), interbank credit extensions, while useful, can result in institutions that are "too interconnected to fail." These models underscore that the pattern of connections throughout a financial network determines the systemwide implications of liquidity shocks or other financial stresses in one part of the network. This finding is one reason why efforts to collect more and better data on the precise linkages among financial institutions are so important. Without such comprehensive and detailed data, it is simply not possible to understand how stress in one part of the network may spread and affect the entire system. Networks that are more interconnected are inherently more complex than those in which market participants have fewer links to one another, and complexity can exacerbate the kinds of coordination problems highlighted by Diamond and Dybvig and by Freixas, Parigi, and Rochet. Of course, "complexity" is difficult to define in a completely systematic and satisfactory manner, but one way emphasized in recent work by Hyun Song Shin is to consider the number of links required to connect savers to borrowers. Shin's analysis of interconnectedness among financial institutions is based on the idea that the ultimate amount of lending and borrowing that can occur in an economy is determined by economic fundamentals such as income growth, which change only slowly over time, whereas interbank claims can grow or contract far more quickly. Of course, claims within the entire financial system net out to zero, but they do affect the leverage of the institutions involved. In Shin's model, financial institutions seek to take on more leverage during a boom, when banks have strong capital positions and risks are perceived to be low, but can increase leverage, in the aggregate, only by borrowing and lending more intensively to each other.

Page 54: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 54

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

This causes the resulting network of intertwining claims to extend further and further. Conversely, when fundamental conditions or market sentiments change and financial institutions prefer to shed risk, they can deleverage in the short term only by withdrawing credit from one another. Such deleveraging can be particularly destabilizing in longer intermediation chains as debt claims that are called by one financial intermediary to shore up its own assets adversely affect the liability sides of other institutions' balance sheets. As deleveraging accelerates and more and more financial institutions hoard liquidity, other institutions may become concerned that their own funding may dry up and may preemptively withdraw funding from others. Fundamentally strong institutions are forced to liquidate assets at fire sale prices, which results in more deleveraging and instability. More-complex network structures are likely to be more opaque than less complex ones. For example, as the number of intermediaries standing between borrowers and lenders grows, it becomes increasingly difficult to understand how one member of the network fits into the overall system. The well-publicized difficulties that some mortgage borrowers have had in simply figuring out who owns their mortgages illustrates the extent to which lengthening intermediation chains have increased the complexity of the financial system. Moreover, in many cases, market participants may have strong incentives not to disclose their connections to one another. If a bank has a profitable relationship with a borrower, it may be unwilling to disclose it to other banks for fear that competitors will reduce or eliminate the rents that it earns.

Page 55: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 55

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Ricardo Caballero and Alp Simsek illustrate how a lack of information can create systemic risk in financial networks. In a model that is structurally similar to the incomplete interbank network model of Allen and Gale, Caballero and Simsek examine how banks might respond to news of a liquidity shock when each bank knows the identities of its own counterparties but not the identities of its counterparties' counterparties. The authors posit that banks deal with this uncertainty by appealing to the "maximin principle": Each seeks to maximize profits under the assumption that the network is configured in the worst possible manner from its own perspective. Because each behaves as though the network structure is "stacked against it," when banks learn of an adverse liquidity shock, each tends to sell more of its illiquid assets and withdraw more funding from its counterparties than it would if it had access to complete information about the structure of interbank credit relationships. As in Shin's model, this excessive deleveraging can create a vicious cycle, magnifying the effects of the initial shock. The four models we've discussed thus far are aimed at exploring general features of financial networks. As such, they are necessarily somewhat abstract. With a few narrow exceptions, they treat all market participants as similar in size and in range of activities, and they use relatively simplistic network structures. In the past few years, research on financial networks has moved beyond stylized models of interbank relationships to examine the propagation of shocks in more-realistic settings.

Page 56: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 56

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Recent research by Gai, Haldane, and Kapadia and by Cont, Moussa, and Santos examines how shocks propagate in network structures in which some banks are larger and more interconnected than others. Using numerical simulations, Gai, Haldane, and Kapadia show that, in concentrated networks, contagion occurs less frequently and is less severe for low degrees of network connectivity. Contagion is significantly more likely at higher levels of connectivity. In a concentrated financial network with a few key players, and when liquidity shocks are targeted at the most connected institutions, distress at highly connected banks spreads widely through the rest of the system. In this sense, the intuition of Allen and Gale--that highly connected networks are resilient to systemic shocks--can be misleading. In an empirical study of 3,000 Brazilian banks, Cont, Moussa, and Santos find that, not surprisingly, institutions with larger interbank exposures tend to be more systemically important. But, critically, they also find that an institution's position within the financial network plays a significant role. A bank that does business with a large number of relatively weak counterparties may have greater systemic importance than an institution with a similar number of counterparties that are better equipped to manage potential losses. The work of Gai, Haldane, and Kapadia and that of Cont, Moussa, and Santos suggest that detailed and comprehensive data on the structure of financial networks is needed to understand the systemic risks facing the financial system and to gauge the contributions to systemic risk by individual institutions. I will describe in a moment how the Federal Reserve is using such data to enhance its understanding of the OTC derivatives market.

Page 57: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 57

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

This line of research suggests that a one-size-fits-all approach to the regulation of financial intermediaries may not be appropriate. So, what have we learned from this brief tour through recent research on interconnectedness and systemic risk? We have seen how interconnectedness can be a source of strength for financial institutions, allowing them to diversify risk while providing liquidity and investment opportunities to savers that would not be available otherwise. But more-numerous and more-complex linkages also appear to make it more difficult for institutions to address certain types of externalities, such as those arising from incomplete information or a lack of coordination among market participants. These externalities may do little harm or may even be irrelevant in normal times, but they can be devastating during a crisis.

The Global Policy Response to Reduce Systemic Risk Governments around the globe have responded to the financial crisis by adopting a strong, multifaceted, and coordinated reform agenda aimed at reducing systemic risk. At a meeting in Pittsburgh in September 2009, governments in the Group of Twenty (G-20) endorsed work already under way in the Basel Committee on Banking Supervision to improve capital and the management of liquidity risk in the banking system. I'll briefly review several Basel Committee initiatives that address interconnectedness and systemic risk, but first, let me focus on one in particular: higher capital requirements for global systemically important banks (GSIBs). Enhanced capital standards for GSIBs serve to limit the risks undertaken by the largest, most interconnected institutions whose distress has the

Page 58: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 58

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

greatest potential to impose negative externalities on the broader financial system. A framework of higher minimum regulatory capital standards for these institutions was issued by the Basel Committee in November 2011, and indicators of interconnectedness account for a significant proportion of the overall score used to determine whether a bank will be subject to higher standards. As shown by Gai, Haldane, and Kapadia, among others, highly interconnected firms can transmit shocks widely, impairing the rest of the financial system and the economy. We saw, for example, that when Lehman Brothers failed, the shock was transmitted through money market mutual funds to the short-term funding and interbank markets. While some participants in each of these sectors had direct exposures to Lehman, many more did not. Moreover, even in cases in which direct exposures to Lehman were manageable, the turmoil caused by Lehman's failure added stress to the system at a particularly unwelcome time. In this way, the failure of a highly interconnected institution such as Lehman imposes costs on society well in excess of those borne by the firm's shareholders and direct creditors. Accordingly, tying enhanced capital requirements to interconnectedness improves the resilience of the system. Of course, higher capital requirements are not costless; they may raise financing costs for some borrowers, and they have the potential to induce institutions to engage in regulatory arbitrage. An important ongoing agenda for research and policy is the design and implementation of data-based measures of interconnectedness to ensure

Page 59: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 59

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

that our understanding of financial system interconnections evolves in tandem with financial innovation. While enhanced capital standards for GSIBs are an important tool for managing systemic risk that arises through interconnectedness, they are not the only tool. The Basel Committee's program contains a number of initiatives that will help manage interconnectedness and systemic risk. These measures include countercyclical capital buffers, liquidity requirements, increased capital charges for exposures to large financial institutions, large exposure rules, and deductions from capital for equity investments in banks. These and other initiatives will all play a role in managing the effect of complexity and interconnectedness on financial stability. In fact, the multifaceted nature of the reform program is an important design principle. One of the lessons of the recent financial crisis was that capital alone is not sufficient to prevent or stem a crisis. Multiple channels for reform initiatives will enhance systemic stability.

Managing Tradeoffs between Reducing Systemic Risk and Increasing Costs: OTC Derivatives Market Reforms In addition to the banking reforms I just discussed, the G-20 also committed to reduce risk in OTC derivatives markets by enacting reforms to improve transparency and decrease counterparty exposures among market participants. These policies must be considered carefully, as they are apt to increase the cost of financial intermediation and that of hedging risk. To illustrate the tradeoffs policymakers and regulators must manage when crafting such policies, I'll next discuss in some detail a set of

Page 60: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 60

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

initiatives currently being implemented by prudential, market, and systemic risk regulators around the world to address weaknesses in OTC derivatives markets. An OTC derivative is a privately negotiated contract between a pair of counterparties to exchange future cash flows that depend on the performance of an underlying asset or benchmark index. Unlike an immediate purchase or sale of assets, OTC derivatives require one or both sides of the transaction to make payments in the future. Counterparty risk is therefore a key element of OTC derivatives transactions. The scale and significance of counterparty risks in the OTC derivatives markets are large and, as we saw, can have economy-wide implications. The prudent management, regulation, and oversight of these risks are critical to ensuring that derivatives markets serve to diversify, rather than exacerbate, systemic risk. Significant problems with the functioning, regulation, and oversight of derivatives markets became apparent during the financial crisis. These problems are perhaps best exemplified by the widespread effects of large losses by American International Group, Inc. (AIG), on its OTC structured finance and credit derivatives positions. In the absence of government intervention, AIG's failure would have exposed its counterparties to substantial losses at a time of significant financial stress and uncertainty for them and the financial system. Indeed, for a time, the prospect of AIG's failure exacerbated the already impaired functioning in important segments of the OTC market, and, as that happened, it became more costly or even impossible for firms to manage financial risks.

Page 61: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 61

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Derivatives positions originally undertaken by some firms to hedge risk could not be unwound and instead became sources of risk. AIG's failure revealed, in stark and spectacular fashion, systemic problems inherent in the structure and functioning of OTC derivatives markets that had increased the fragility of the financial system, exposing the rest of the economy to unnecessary systemic risks. Central clearing mandates, minimum margin standards, and data reporting requirements are among the tools that regulators now intend to use to mitigate counterparty risk and improve transparency, thus reducing uncertainty. The September 2009 commitment of the G-20 to require that standardized OTC derivatives be cleared through central counterparties is directly aimed at reducing systemic risk by changing the structure of the network of derivatives counterparty exposures. In the absence of a central counterparty, the network of counterparty exposures associated with a class of OTC contracts might look something like panel A in figure 3. Each market participant has counterparty risk exposures to one or more other market participants. Although each participant knows its own risk exposure, it is unlikely to have complete information on its counterparties' exposures to others. Such opacity can engender the kind of information-related gridlock that we observed in the fall of 2008 and that is explored in the research of Caballero and Simsek. Moreover, because market participants commonly have partially or fully offsetting positions with multiple counterparties, a fully bilateral network is inefficient from a risk-management standpoint: Gains in the value of positions with one counterparty cannot be netted against losses in the value of positions with other counterparties.

Page 62: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 62

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

By taking one side of every trade, a central counterparty serves to transform the mesh network shown in panel A of figure 3 into something that looks more like the hub-and-spoke network illustrated in panel B. This network structure has no effect on the exposure of individual market participants to the assets or indexes underlying the derivatives contracts in question, but it dramatically simplifies and improves the transparency of the network of counterparty risk exposures. Central clearing can yield important advantages over a fully bilateral market structure. The simpler hub-and-spoke network structure is more transparent, and the central counterparty is well positioned to impose common margin requirements on all market participants. Central clearing facilitates the netting of gains and losses across multiple market participants, which has the potential to significantly reduce each participant's aggregate counterparty risk exposure. Rather than managing its counterparty risk exposure to all other trading partners, a market participant needs to manage only its exposure to the central counterparty. The central counterparty acts as a pure intermediary and takes no net position in any of the underlying contracts that it clears, so it can experience losses only when a clearing member defaults and has posted insufficient margin to cover the cost of replacing its open positions. Central counterparties are typically designed to distribute any losses they do incur in a relatively predictable way across all clearing members. In this way, central clearing provides for a transparent mutualization of counterparty risks among participants. Central counterparties are designed to be narrowly focused on intermediation and not the provision of credit and liquidity.

Page 63: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 63

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

This structure improves the chances that, in the event of a significant market stress, market functioning will not be threatened by the failure of market infrastructure itself. Of course, the other side of this coin is that adding a central counterparty introduces a single point of failure for the network, making it critical that the central counterparty itself be well managed and well regulated. To help ensure this result, title VII of the Dodd-Frank Act adopted stronger safeguards than in the past for central counterparties that clear OTC derivatives. Title VIII aimed at strengthening the supervision of financial market utilities, including central counterparties designated as systemically important, by requiring annual examinations as well as ex ante reviews of material rule and operational changes. In April 2012, the international organizations that set standards for financial market infrastructures such as central counterparties published new and stronger standards for these entities. U.S. regulators, including the Federal Reserve, participated actively in this work and are expected to make formal proposals for incorporating the new standards into U.S. regulations as soon as possible. More fundamentally, however, a central counterparty's ability to manage risk is determined by its ability to accurately value the contracts it clears on a frequent and possibly real-time basis and to rapidly replace open positions at or near current prices in the event that a clearing member defaults. Requiring less-liquid and highly customized derivatives to be cleared would likely increase systemic risks, as clearinghouses would not be well positioned to manage the complex risks of such derivatives. The G-20 mandate explicitly recognizes this important limitation on the benefits of central clearing, and it requires only that standardized OTC derivatives be centrally cleared.

Page 64: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 64

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Accordingly, the G-20 commitment has effectively managed the costs and benefits of central clearing in establishing a global clearing mandate. However, limiting central clearing to standardized derivatives means that a significant proportion of less standardized OTC contracts will continue to be written on a bilateral basis without the benefit of a central counterparty. The International Monetary Fund estimates that one-third of interest rate and credit derivatives and two-thirds of equity, commodity, and foreign exchange derivatives will not be suited to standardization and will remain non-centrally cleared. As more-standardized derivatives migrate to central clearing, it will be important to remain vigilant in managing the risks from non - centrally-cleared derivatives exposures. One important tool for managing the systemic risks of non - centrally-cleared derivatives is margin requirements. Globally, regulators have been working on standards for margin requirements on non-centrally-cleared derivatives that would provide for harmonized rules and a level playing field, which is crucial given the global nature of derivatives markets. In July, the Basel Committee and the International Organization of Securities Commissions proposed a framework for margin requirements on non-centrally-cleared derivatives. The finalized framework will inform rulemakings of the Federal Reserve and other U.S. regulators. The proposed framework would require financial firms and systemically important nonfinancial firms to collect two types of margin. First, they would be obligated to collect variation margin on a regular basis, so if a derivative loses market value, the party experiencing a loss must realize the loss immediately.

Page 65: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 65

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

This requirement codifies current best market practice, since the largest derivatives dealers already exchange variation margin daily. However, and importantly, the framework extends this prudent risk-management practice to other derivatives counterparties. Requiring timely payment of variation margin will go a long way toward ensuring that an AIG-like event will not happen again, since current exposures will not be allowed to build over time to unmanageable levels. Moreover, variation margin requirements will ensure that market participants will know that counterparties that they deal with will not be carrying large uncollateralized exposures that could impair their ability to perform in the future. Those requirements diminish the likelihood of the kind of information gridlock explored by Caballero and Simsek. More controversially, the proposed framework requires the collection of initial margin. While variation margin collateralizes current derivatives losses, initial margin collateralizes future losses that could occur in the event of a counterparty's default. In essence, initial margin is a kind of performance bond. In the event that a counterparty does not perform as required, the initial margin is used to replace the position with a new counterparty. It is here that some of the most significant policy tradeoffs arise, because higher initial margin requirements will make it more costly for market participants to use derivatives to hedge risk. Liquid resources that are set aside as initial margin cannot be deployed for other purposes.

Page 66: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 66

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Given the sheer size and scope of derivatives markets, requiring initial margin on all derivatives transactions could result in significant opportunity and liquidity costs. In a public comment letter to the Federal Reserve and other regulators, the International Swaps and Derivatives Association estimated that initial margin requirements could lock up as much as $1.7 trillion in liquid assets globally. This number is eye opening, to say the least. In an effort to better gauge the liquidity costs of initial margin requirements, the Federal Reserve, as part of the international group of prudential and market regulators that issued the July proposal, has conducted a detailed impact study to quantify the liquidity costs associated with initial margin requirements. The results of this study, as well as comments received on the proposal, will help ensure that in the final framework, the need to reduce systemic risk is appropriately balanced against the resulting liquidity costs. Even in light of the significant costs of initial margin, it seems clear that some requirements are needed. The current use and application of initial margin is inconsistent, and a more robust and consistent margin regime for non-centrally-cleared derivatives will not only reduce systemic risk, but will also diminish the incentive to tinker with contract language as a way to evade clearing requirements. Robust and consistent initial margin requirements will help prevent the kind of contagion that was sparked by AIG: They would serve, in effect, to limit the effects of interconnectedness within the financial network. The failure of a financial counterparty could be contained in the manner described by Allen and Gale.

Page 67: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 67

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

As I noted in connection with variation margins, initial margin requirements would also improve transparency because derivative market participants will know that their counterparties are at least partially insulated from defaults. Of course, these benefits need to be appropriately balanced against the burdens imposed by initial margin. But it seems highly unlikely that the status quo is consistent with achieving the goals of the G-20 to reduce the potential for systemic risk in the OTC derivatives markets that could threaten the financial system. Finally, let me turn to data requirements. Both the research that I have highlighted today and practical experience demonstrate that market, prudential, and systemic risk authorities need detailed information on derivatives transactions and bilateral positions to assess evolving market risks and to execute their financial stability responsibilities. Indeed, the Federal Reserve has already used preliminary information from the Depository Trust & Clearing Corporation's Trade Information Warehouse to construct network graphs of the CDS market such as the one illustrated in figure 4. The data enable identification, for example, of firms, such as A and B in figure 4, that are large net sellers of protection. Such information can play a valuable role in supervision. Moreover, the analyses for monitoring and measuring systemic risks suggested and described by Gai, Haldane, and Kapadia and by Cont, Moussa, and Santos require this kind of detailed data to gain a holistic view of systemic risk. Title VII of the Dodd-Frank Act requires that data on U.S. swaps transactions be reported to swaps data repositories regulated by the Commodity Futures Trading Commission or to securities-based swaps

Page 68: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 68

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

data repositories regulated by the Securities and Exchange Commission. Similar European regulations impose trade reporting requirements on swaps transacted in Europe. But there is still no guarantee, due to confidentiality concerns and legal barriers to data sharing, that the data reported into these trade repositories will ultimately be accessible to all of the regulators who require the data to obtain a holistic view of the derivatives market. Given that the derivatives market is global in scope, access to those data is essential for authorities with systemic risk responsibilities, such as the Federal Reserve, to monitor and respond to risks. To make this point concrete, it is unclear whether we will be able, on a regular and comprehensive basis, to produce the sort of analysis illustrated by figure 4. In order to effectively monitor market developments and systemic risks, it is crucial that regulators across jurisdictions and countries share data on a consistent and regular basis. While better data and more transparency are important for monitoring and responding to the buildup of systemic risks, we do, of course, also recognize the confidentiality concerns. Information is a valuable resource to most financial market participants, and unnecessarily burdensome or overly revealing information disclosures could compromise the position of market participants and reduce incentives for trade, thus decreasing liquidity and market efficiency. Dodd-Frank's real-time reporting requirements for swaps transactions recognize this important point by allowing for delayed reporting of large "block trades" where immediate reporting could reveal and undermine a participant's position and ultimately discourage market transactions, depth, and liquidity.

Page 69: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 69

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

In this way, enhanced reporting and transparency requirements are being set to provide the public and regulators with useful information without compromising market integrity. Moreover, while market integrity and appropriate confidentiality are important considerations, the events of the financial crisis have clearly shown that effective systemic risk management demands more, and not less, data disclosure.

Concluding Remarks I began this talk by describing the events surrounding the banking panic of 1907 and the founding of the Federal Reserve. A lesson from that episode, as relevant today as it was then, was that financial stability is essential to sustained economic growth and prosperity. Just as the banking panic of 1907 revealed fundamental weaknesses in our financial system, so, too, did the financial crisis of 2007 and 2008. The recent crisis showed that some financial innovations, over time, increased the system's vulnerability to financial shocks that could be transmitted throughout the entire economy with immediate and sustained consequences that we are still working through today. Some of these vulnerabilities were a consequence of innovations that increased the complexity and interconnectedness of aspects of the financial system. In response to the crisis and the weaknesses it revealed, governments around the globe are acting to improve financial stability and reduce the risks posed by a highly interconnected financial system. These efforts, of course, must account for the costs of new rules and ensure that these costs are clearly outweighed by the benefits.

Page 70: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 70

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

I am confident that the policies I have described today will make the economy more resilient to financial shocks and help reduce the risk of another crisis, while properly balancing these important benefits against the necessary costs. In striking this balance, government has been guided by new research that has added to our understanding of systemic risk. And this work continues. I have no doubt that some of you here today will perform that research and make those discoveries. So, allow me to close by offering my thanks, in advance, for those contributions. I hope my talk today has made it clear that the work of safeguarding our financial system will depend on these efforts and insights, which will empower policymakers to make the right decisions.

Page 71: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 71

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Page 72: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 72

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Page 73: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 73

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Islamic finance industry needs transformation

The Islamic financial services industry needs to undergo a complete transformation in order to be recognized and respected as a major global player, a key conference in Bahrain heard. Industry leaders also need a new mindset to confront the challenges and take advantage of the opportunities ahead, said Mr. Rasheed Al Maraj, Governor of the Central Bank of Bahrain (CBB). He was speaking at the 19th annual World Islamic Banking Conference (WIBC), held in Bahrain. Over 1,100 participants attended the event, held under the theme ‘Islamic Finance: Adapting to the New Dynamics of Global Finance’, and organized under the patronage of the CBB. In his keynote address on the opening day, Mr. Al Maraj pointed to the significant changes being undertaken by the global financial industry in general and the Islamic financial industry. The changes were partly due to the continuing developments required in the industry as it comes to terms with rebuilding customer confidence, which was so badly damaged by the global financial crisis. “In addition, the Islamic financial services industry needs to come to terms with the need to make significant changes to the traditional business model, which has primarily been based on investment in real estate,” said Mr. Al Maraj. “But the Islamic financial industry does not require change – it requires both a transformation and a new mindset.

Page 74: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 74

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

“At the foundation level, there are simply too many small to medium sized Islamic financial institutions. The risks inherent in that scenario are clear – Islamic banks cannot play with the big boys. Smaller banks will find it very difficult to combine the increased capital requirements with the ability to participate in the market,” said Mr. Al Maraj. The larger and, often, more lucrative deals are frequently beyond the reach of Islamic banks, and without major changes this will become more acute. Leaving aside the debate about the quality of assets, the importance of holding a larger amount of liquid assets cannot be ignored, and small banks will find this almost impossible. “There are a number of steps which need to be taken to achieve this. The first is to build a range of Islamic institutions which are well capitalized, continuously highly profitable, and which have a balance sheet size which places them within the top ten in their sphere in the world,” said Mr. Al Maraj. There are various options to achieve this aim, including by way of mergers and acquisitions, which has been a slow and cumbersome path. “It is no longer appropriate to have only small, local financial institutions which are fundamentally and practically restricted in terms of the markets in which they can compete and the deals they can underwrite. Personal interest and a local or regional mindset must be replaced with a 'big picture' mentality; a mentality which emphasizes and works towards the global contribution Islamic institutions can make for the benefit of all,” said Mr. Al Maraj.

Page 75: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 75

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

On its part, the CBB has successfully worked with many stakeholders in Bahrain to encourage and facilitate mergers. During 2012, one Islamic bank successfully completed the acquisition of a conventional bank. This will soon be followed by the merger of three Islamic banks into one entity, with a third merger of two banks in the pipeline. “We continuously work quietly and effectively to influence, persuade, and guide licensees to grow and develop. This is only the beginning of what we consider to be an essential ingredient in the transformation of Islamic finance,” said Mr. Al Maraj. A further challenge is that the business model has to change from the current over-reliance on a model built on real estate. “If the Islamic financial industry is to be successful at each stage of any economic cycle, the model needs to implement and demonstrate diversity in the asset portfolio. This, in turn, needs to be coupled with investment in a much wider range of economic sectors,” said Mr. Al Maraj.

Islamic banks urged to prepare for new, rigorous rules

Islamic banks are being urged to prepare for new international regulatory standards, coming into force in Bahrain and elsewhere in the world from 2013.

The Central Bank of Bahrain (CBB) is working with Bahrain’s Islamic banks to help them prepare for these new standards, which will change the way banks do business.

Islamic banks must prepare now for these changes, or risk being left behind, said Mr. Rasheed Al Maraj, Governor of the CBB.

Page 76: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 76

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

“Perhaps the most important subject in the global financial industry at present is the proposed implementation of Basel III,” said Mr. Al Maraj in his keynote address on the opening day of the conference.

The primary intention of Basel III, the new global regulatory standards related to capital adequacy, stress-testing and market liquidity risk, is to mitigate the risks of a repeat of the global financial crisis, he pointed out.

Although the detail has yet to be finalised, there is no doubt that it will have a huge influence on the fundamentals of the global banking industry and the wider economic environment.

One of the major changes arising from Basel III is the definition of eligible Tier 1 capital, the ultimate result of which will be a higher Capital Adequacy Ratio.

Further substantial improvements to the risk management frameworks of banks will be required.

The methodology underpinning value-at-risk calculations will be strengthened, and the output from these calculations will be scrutinized in far more detail by a wide stakeholder audience.

“Regulators will also be required to improve their supervisory review processes, and in so doing these will become increasingly stringent,” Mr. Al Maraj said.

Whereas in the past, jurisdictional judgment has played a prominent role in the implementation of regulation, this will be largely replaced by reforms which will be consistent in the manner in which they aim to strengthen regulation, and raise the resilience of individual banking institutions to periods of stress.

These reforms will also have a macro-prudential focus, and will address system-wide risks that can build up across the banking sector, thereby ultimately amplifying these risks over time.

In tandem with Basel III, accounting rules are changing.

Moreover, the way in which banks can remunerate staff, and the level of remuneration they can provide, will be subject to increasing regulation.

“The CBB has already published papers detailing what policies and practices will be considered as acceptable.

Page 77: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 77

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The public and other stakeholders have spoken clearly on this subject, and their opinions that the current levels of remuneration are extreme, reflect the view that they are also unsustainable,” said Mr. Al Maraj.

“All of this will change the way banks do business. Islamic banks must prepare now for these changes, or risk being left behind.”

The CBB is playing its part in helping banks prepare for the new regulatory landscape and business environment.

“We encourage and facilitate constructive dialogue aimed at transforming the industry,” said Mr. Al Maraj.

The CBB’s efforts include working with industry to develop and expand the range of products and services which can be made available.

The range of available products must be increased in line with Shari’a principles and they must be competitively priced and marketed such that they appeal to the broadest possible community of clients.

“We are also tireless in our pursuit of improving regulatory standards. The CBB Rulebooks are continuously refined to reflect market and other changes.

We actively participate with other financial regulators and such bodies as the International Islamic Financial Market (IIFM), Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI), Islamic Financial Services Board (IFSB), and the Basel Committee on Banking Supervision.

“This is a time of great opportunity, I urge you to embrace the challenges,” Mr. Al Maraj told conference delegates.

“I hope my words will encourage an increase in prompt and practical actions which will transform the Islamic financial industry from a growing, developing aspect of the world economy into a world leader in its spheres of influence in the very near future.”

Need for sound risk management stressed

Financial institutions must adopt stricter auditing practices in order to manage the risks they face, said Mr. Rasheed Mohammed Al Maraj, Governor of the Central Bank of Bahrain (CBB).

Page 78: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 78

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The sound management of risk is the biggest challenge facing financial institutions today, he said at the opening of the annual conference of the Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI) and the World Bank, held in Bahrain on 3 and 4 December 2012.

The event was attended by over 350 people, including Shari’a scholars and professionals, representatives of central banks, regulatory authorities and industry development bodies, as well as representatives of Islamic financial institutions, accounting and auditing firms, legal firms, besides academicians and students.

Discussions focused on a number of topical issues, including Islamic finance in overall economic systems.

During this session, speakers addressed the questions of what is an Islamic economic model, what are key lessons for Islamic finance from the economic and financial crisis, and whether Islamic finance can be applied in monetary and fiscal policies to manage economic growth.

“Risk management is a big challenge for all financial institutions today and they must adopt stricter auditing systems with more constraints on activities and practices to cope in the coming period,” said Mr. Al Maraj.

“These developments and trends reflect the dire need to consolidate confidence and create a safe and secure environment.”

He praised amendments approved by AAOIFI to strengthen financial institutions and empower them to better adapt to economic fluctuations and operational risks.

Mr. Al Maraj pointed out other challenges relating to the Islamic aspects of finance and management of investment accounts, adding that these practices are not found in conventional banking practices.

He stressed the necessity to review all constraints in the light of local and global banking developments to ensure more transparency and reduce operational risks.

Mr. Al Maraj underscored the importance of sound management of capital and liquidity for any firm to continue surviving in the financial services sector.

He urged Islamic banks and institutions to abide by these criteria to preserve their achievements over the past decades.

Page 79: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 79

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Mr. Al Maraj pointed to the importance for Islamic financial institutions to ensure a solid capital base to be able to withstand fluctuations and to gain lucrative dividends.

He highlighted the importance of promoting innovative tools for managing liquidity, taking into account the new auditing constraints and stressed the need to provide products compliant with Shari’a precepts and changing trends.

Dr. Khaled Al Fakih, Secretary General and Chief Executive of AAOIFI, said over the past few months, the organisation had issued seven new Shari’a standards covering a range of issues including liquidity management and capital and investment protection.

“Liquidity management is a critical area for both conventional and Islamic financial institutions,” he said.

“The importance of liquidity management has been further highlighted through lessons from the recent global financial crisis, including that all financial institutions must not over-rely on leveraging.”

He added that a new standard had been issued covering capital and investment protection which gives guidance on Shari’a permissibility on tools and measures that may be applied in protecting investment capital.

Takaful regulators need to harmonise rules

Regulators of takaful (Islamic insurance) operators around the world should work to harmonise their rules, to provide an even and standardised regulatory environment, to enable the growth and advancement of the takaful industry.

And, takaful firms need to take proactive steps and rethink strategies to overcome the diverse challenges facing the industry, including a shortage of investment avenues and qualified human resources, said Mr. Abdul Rahman Al Baker, Executive Director, Financial Institutions Supervision, at the Central Bank of Bahrain (CBB).

He was speaking at the opening plenary session of the first Middle East Takaful Forum, held in Bahrain on 17 and 18 October 2012.

The event, which was hosted by the CBB and organised by MEGA, was held under the theme ‘Adapting to Change: Regulatory Priorities to Sustain a Successful Takaful Industry in the Middle East’.

Page 80: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 80

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Noting the importance and timeliness of the theme for the global takaful industry, in general, and in the Middle East and North Africa (MENA) region, in particular, Mr. Al Baker pointed to the tremendous growth of the industry in recent years.

“As you may be aware, the global takaful industry has been experiencing double digit growth of around 19 percent, with the GCC and South East Asia being the major contributors of the US$9 billion global gross takaful premiums,” he said.

Overall, the GCC market remains at the top in terms of overall contribution.

The latest industry data reveals that the region contributes more than 62 percent of the gross takaful premiums globally.

However, a critical factor that will determine success in taking the industry to the next level of development is the existence of market players of the right quality and caliber, as well as their readiness in terms of capacity and capability to formulate and execute successful strategies in response to new market opportunities, said Mr. Al Baker.

To achieve this, it is essential that key players in the industry remain profitable in the long run.

“The current market situation makes it even more challenging for takaful operators to maintain momentum while boosting profitability,” he said.

“This calls for taking proactive steps and rethinking strategies to overcome diverse challenges in order to sustain growth momentum.

I hope conference discussions will seek to address the critical issues that the industry is currently facing and provide fresh perspectives on how to overcome these challenges.”

While the takaful industry has been expanding at a fast pace, takaful operators are faced with a number of challenges, he said.

First, regulations related to takaful business vary across jurisdictions and such variances in regulations make it difficult for takaful operators to function across borders and regions.

This could create challenges for the industry to achieve sufficient scale and critical mass necessary to compete with their conventional counterparts.

Page 81: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 81

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

“It is, therefore, pertinent that regulatory regimes should be harmonised and standardised, at least on a regional level, on critical issues such as solvency requirements and key performance indicators, in order for the industry to prosper and be able to compete effectively,” said Mr. Al Baker.

Second, takaful operators are subject to the same corporate governance requirements as their conventional counterparts.

However, takaful operators have an additional layer of governance in order to ensure that they operate in accordance with the requirements of the Shari’a.

The ultimate responsibility for Shari’a compliance of a takaful operator lies with the directors and senior management of the firm, with the Shari’a Supervisory Board providing independent opinion on the Shari’a requirements.

“It is, therefore, essential that appropriate policies and procedures are established and maintained by the takaful operator in order to ensure and facilitate compliance on an ongoing basis,” said Mr. Al Baker.

One of the issues that has been a cause of concern with respect to the profitability of the takaful industry is the insufficient availability of Shari’a compliant financial instruments, he said.

Large allocation to high-risk asset classes to maximise returns and an ad-hoc approach to portfolio management has also not helped the industry.

“There is an urgent need to develop more Shari’a compliant investment avenues and work on deepening the existing Islamic financial markets.

This could be achieved by allocating the necessary resources to carry out research and development on comprehensive strategies to further enhance and widen the Islamic financial markets regionally and globally,” said Mr. Al Baker.

Availability of a qualified talent pool remains a key area of concern for the takaful industry as the industry continues to suffer from a shortage of human resources with requisite expertise.

The industry must focus on enhancing retention by developing long-term incentive schemes and training programs, he said.

Regional regulators should encourage the building of a talent base and strive to enhance universities and private training centers to offer degrees

Page 82: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 82

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

and certificates in Islamic finance and takaful, to accommodate the needs of students and professionals and to target a wider range of individuals interested in pursuing insurance studies.

This will guarantee the necessary supply of highly qualified talented personnel to meet the growing demands of the market.

“As a regulator, the CBB believes in continual enhancement and improvement of its regulatory infrastructure for the growth and betterment of industry,” Mr. Al Baker pointed out.

“Currently, we are working on updating and expanding rules related to takaful business, in order to facilitate and further enhance the growth of the takaful industry.”

Part of the enhancement to the rules relates to the solvency margin requirements in terms of its calculation and treatment.

The CBB has been working closely with licensed takaful entities and their respective Shari’a Boards to ensure that the rules are in line with the best international standards and that they adequately protect the interests of all stakeholders.

“Looking ahead, we see great new and untapped potential for the takaful industry in the GCC, especially in the family takaful line of business which is currently underpenetrated and needs effective distribution channels,” said Mr. Al Baker.

“Furthermore, we believe that takaful markets will grow significantly in the coming five years to reach US$20 billion by 2017, with the GCC contributing more than 60 percent to the global takaful industry.

Page 83: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 83

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

ESMA and the EBA take action to strengthen Euribor and benchmark rate-setting processes

The European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) published the results of their joint work on Euribor and propose principles for benchmark rate-setting processes. The publications include:

A review of Euribor’s administration and management and clear

recommendations to the Euribor-European Banking Federation (EEBF)

to improve the governance and transparency of the rate-setting process;

Formal EBA Recommendations to national authorities on the

supervisory oversight of banks participating in the Euribor panel; and

A joint ESMA-EBA consultation on Principles for Benchmark Setting Processes in the EU which establish a framework for the conduct

of benchmark rate-setting and the activities of participants in the process.

Steven Maijoor, ESMA Chair, said:

“The proposed Principles, which are aligned with on-going EU and

international work, will give clarity to benchmark providers and users,

and are an immediate step to be taken in advance of potential wider

changes in the supervisory and regulatory framework for financial

benchmarks.”

Andrea Enria, EBA Chair, said:

“ESMA and the EBA are convinced that the prompt and full

implementation of today’s recommendations is an important step

towards ensuring that Euribor represents a transparent and reliable

benchmark for financial transactions within the European Union.”

Page 84: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 84

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Findings & Recommendations

ESMA and the EBA have identified significant weaknesses and

insufficiencies in the governance of the Euribor rate-setting mechanism

and have made a number of recommendations to EEBF.

These are aimed at improving the governance of the rate-setting process,

which would contribute to a transparent and reliable benchmark for

financial transactions.

The recommendations are made within the current legislative setting,

while the need for broader structural changes is being assessed by the

European Commission.

The work carried out by ESMA and the EBA focuses on the governance

aspects of the Euribor rate setting mechanism and complements the

current legal investigations related to Euribor being conducted by

competent authorities within the EU, without pre-empting their final

outcome.

The main weaknesses and insufficiencies in the current rate-setting

process are the following:

- The Steering Committee, responsible for the governance of the

rate-setting process, is not sufficiently independent as a majority of its

members come from the panel banks;

- EEBF, as manager and administrator, does not assume sufficient direct

responsibility for, and exercise direct control on, the rate-setting process,

including the calculation agent (currently Thomson Reuters);

- No formal requirements exist for Euribor panel banks to have adequate

internal governance, a code of conduct and conflicts of interest

management in relation to the submission process;

- The definition of Euribor is not sufficiently clear as it is based on terms

which create ambiguity; and

Page 85: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 85

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

- The rates being quoted are not assessed sufficiently against evidence

from real transactions.

ESMA and the EBA have made a number of recommendations aimed at

addressing the current weaknesses and insufficiencies in the Euribor

rate-setting process.

ESMA and the EBA are calling for a prompt and full implementation of

these recommendations to ensure Euribor is a reliable benchmark for

financial transactions.

These are:

1. Governance must improve immediately including increasing the

independence of the Euribor Steering Committee from the banking

industry by diversifying its membership;

2. The Steering Committee should hold more regular meetings and

publish its minutes promptly;

3. The references for Euribor should focus on maturities with the highest usage and volume of underlying transactions. Rates should be

scaled down from the current 15 (1-3 weeks and 1-12 months) to no

more than 7 (1 and 2 weeks, 1, 3, 6, 9 and 12 months);

4. The definition of Euribor should be clearer, i.e. detailing

definitions of prime bank and interbank transactions;

5. EEBF should assume responsibility for the quality of the data

being submitted by the panel banks and subsequently being collated,

calculated and distributed;

6. EEBF’s governance and code of conduct need to be improved and reinforced, specifically with regards to the identification and

management of conflicts of interest;

7. EEBF should perform internal audits. External audits with public

disclosure of the results should follow;

Page 86: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 86

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

8. EEBF should clearly define its minimum expectations regarding

the internal procedures and controls being applied by the calculation

agent;

9. The calculation agent should have its own code of conduct related to reference-rate setting, perform internal audits and be subject to an

annual EEBF audit; and

10. Both EEBF and the calculation agent should keep complete

record of all submissions.

ESMA and the EBA will review the implementation of these

recommendations by EEBF within six months.

EBA Recommendations on Supervisory Oversight of activities related to banks’ participation in the Euribor panel

To ensure appropriate internal governance processes are also in place

within the banks participating in the Euribor panel, the EBA adopted a

set of formal Recommendations addressed to national supervisory

authorities aiming at setting consistent supervisory practices for the

oversight of the Euribor submission process.

The Recommendations focus on strengthening the panel banks’ internal

governance arrangements, including a code of conduct. This should

improve the identification and management of conflicts of interest,

internal control arrangements including audits, record keeping and

comparison with actual transactions.

Consultation on Principles for Benchmark Setting Processes in the EU

In response to concerns regarding the perceived weaknesses in current

arrangements for benchmark rate-setting, ESMA and the EBA have also

developed a set of Principles to address the activities of reference-rate and

other benchmark providers, administrators, publishers and market

participants who submit data.

Page 87: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 87

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The Principles are designed as a first step towards a potential formal

regulatory and supervisory framework for benchmarks to be developed in

the EU and also take into account other international efforts in this field.

The proposed Principles include a general framework for benchmarks

settings (calculation methodology, governance, supervision, transparency

of the methodology, contingency plans, etc.). They also provide guidance

to firms involved in benchmark data submissions and to benchmark

administrators, calculation agents, publishers and users.

The deadline for submission of responses to this consultation is 15

February 2013.

Notes

1. ESMA is an independent EU Authority that was established on 1

January 2011 and works closely with the other European Supervisory

Authorities responsible for banking (EBA), and insurance and

occupational pensions (EIOPA), and the European Systemic Risk Board

(ESRB).

2. ESMA’s mission is to enhance the protection of investors and promote

stable and well-functioning financial markets in the European Union

(EU).

As an independent institution, ESMA achieves this aim by building a

single rule book for EU financial markets and ensuring its consistent

application across the EU. ESMA contributes to the regulation of

financial services firms with a pan-European reach, either through direct

supervision or through the active co-ordination of national supervisory

activity.

3. The EBA is an independent EU Authority established on 1 January

2011.

As part of the European System of Financial Supervision, it works closely

with the other European Supervisory Authorities responsible for market

Page 88: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 88

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

(ESMA), insurance and occupational pensions (EIOPA), and the

European Systemic Risk Board (ESRB).

The EBA has a broad remitin the areas of banking, payments and

e-money regulation, as well as on issues related to corporate governance,

auditing and financial reporting.

Its tasks include preventing regulatory arbitrage, guaranteeing a level

playing field (especially by building a single rule book for the European

banking system) strengthening international supervisory coordination,

promoting supervisory convergence and providing advice to EU

institutions.

Page 89: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 89

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Christian Clausen President, EBF Wim Mijs, Chair, Executive Committee EBF Guido Ravoet Chief Executive EURIBOR-EBF Avenue des Arts, 56 1000 Brussels Dear Messrs Clausen, Mijs and Ravoet, Following a joint review by the EBA-ESMA team in October-November 2012, which included meetings with Euribor-EBF, the Boards of Supervisors of EBA and ESMA have agreed on a set of recommendations related to Euribor. These recommendations are focused on immediate steps to be taken to address what in our opinion are weaknesses and insufficiencies. The review was not a full supervisory or enforcement investigation under formal powers and therefore is without prejudice to the possible findings of such investigations. Also, they do not cover the possibility of more structural changes to the framework of Euribor and other financial benchmarks, which are being assessed in a broader context involving international, EU, and national public authorities as well as relevant market participants. Hence, the recommendations are immediate steps in advance of potential wider changes in the supervisory and regulatory framework for financial benchmarks. We believe that in its current form the overall process of setting and disseminating Euribor displays weaknesses and insufficiencies related to governance at the level of Euribor-EBF, the Euribor

Page 90: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 90

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Steering committee and the banks participating in the Euribor rate setting process: (a) The Steering Committee, which has the main responsibility for the governance of the rate-setting process, is not sufficiently independent as it has a majority of its members coming from the panel banks.

(b) Euribor-EBF, as manager and administrator, does not assume sufficient direct responsibility for, and exercise direct control over, the rate-setting process, including the calculation agent (Thomson Reuters). Specifically, there are no written agreements in place between the manager/administrator and the calculation agent to ensure that adequate pre- and post submission controls are in place.

(c) There are no formal requirements for the Euribor panel banks to have adequate internal governance and there is no appropriate Code of Conduct for their submissions.

There are no specific requirements in place to ensure a sound rate-setting and submission process including the identification and management of conflicts of interest.

(d) The definition of Euribor is not sufficiently clear as it is based on terms which create ambiguity.

(e) The rates being quoted are not assessed sufficiently against evidence from real transactions. In view of the above considerations, EBA and ESMA jointly make a set of recommendations set out below in this letter. We believe that their prompt and full implementation is an important step towards ensuring that Euribor represents a transparent and reliable benchmark for financial transactions (lending, trading and

Page 91: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 91

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

investments) within the euro area and beyond. 1. The governance must improve immediately and the composition of the Euribor Steering Committee should be broadened to make it more independent of the banking industry and more diverse.

More specifically, it should include members who are not affiliated to panel banks (or to banks in general). Independent Steering Committee participants would inherently represent a counterbalance to panel bank committee members who currently represent a large majority.

The number of members from panel banks should be limited to a minority.

Details of the membership should be made public, along with any declarations of conflicts of interests and the processes for election or nomination of the Steering Committee members.

2. The Steering Committee should hold no less than one bi-monthly meeting and promptly thereafter should publish transparent minutes.

3. The references of Euribor should focus on maturities with the highest use and volume of underlying transactions.

Rates should be scaled down from 15 currently (1-3 weeks and 1-12 months) to no more than 7 (1 and 2 weeks, 1, 3, 6, 9 and 12 months) at the maximum and fewer if appropriate.

The reduction in the number of tenors would concentrate on eliminating those tenors that are already proven to be less used and of which fewer financial instruments are priced.

Such a reduction would therefore have the benefit of simplifying the submission process without creating major financial stability risks in

Page 92: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 92

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

the transition process.

4. The Euribor definition should be adjusted for more clarity. In particular, the term “prime bank” needs a clear definition.

The term “interbank transactions” also needs to be clarified and, if needed, to be broadened and adjusted.

5. Euribor-EBF should assume responsibility for the quality of the data being submitted by the panel banks and subsequently being collated, calculated and distributed by Thomson Reuters. In this context, substantive back-testing of the quoted rates should be performed on a regular and consistent basis, with the results reported to the Euribor Steering Committee. 6. Euribor-EBF’s governance and Code of Conduct need to be improved and reinforced. A specific area for improvement is the identification and management of conflicts of interest.

These can arise at multiple levels: within Euribor-EBF itself; within the Euribor Steering Committee; between Euribor-EBF and the Euribor Steering Committee; between Euribor-EBF or the Steering Committee and various national banking associations or panel banks (whether they participate in the Steering Committee or not); among national banking associations or among panel banks; etc.

A new enhanced Code of Conduct should also refer to sanctions for breaching various clauses, including the manner in which they would be applied and enforced.

7. Euribor-EBF should perform internal audits. Furthermore, external audits should be carried out periodically, followed by public disclosure of the results.

8. Euribor-EBF should define clearly its minimum expectations

Page 93: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 93

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

regarding the internal procedures and controls being applied by the calculation agent (currently Thomson Reuters).

These expectations should include a clear definition of the checks to be performed by the calculation agent.

9. The calculation agent should have its own Code of Conduct related to reference-rate setting. It should also perform earmarked internal audits and undergo a once-a-year external audit carried out by Euribor-EBF.

10. Both Euribor-EBF and the calculation agent should keep complete, transparent and clear records of all submissions from each panel bank over the years, including data on panel banks which were either not submitting or were submitting flawed or questionable quotes over certain days or longer periods.

The EBF should maintain an ongoing record of individuals responsible for submissions in individual banks.

11. EBA and ESMA aim to review the implementation of the current recommendations by Euribor-EBF no more than six months after they are agreed upon by Euribor-EBF. Finally, let us take the opportunity to raise with you our concern over potential disruptions to the continuity of EURIBOR from the termination of contributions on the part of individual banks. Euribor needs to remain available as a reference rate as it is widely used as a benchmark by financial industry participants for both lending and primary/secondary market activities. Recognising that participation in EURIBOR panels is a voluntary act for banks, we encourage Euribor-EBF to work decisively towards ensuring panel representativeness and maintaining participation in the panel processes going forward.

Page 94: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 94

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Both EBA and ESMA are convinced that a speedy and comprehensive implementation of the above recommendations would contribute to enhancing the governance and process of Euribor-setting, aiding market participants to carry out financial transactions in a credible and transparent manner and supporting overall financial stability.

Page 95: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 95

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Report from the Commission to the European Parliament and the Council

The review of the Directive 2002/87/EC of the European Parliament and the Council on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate

1. Introduction and Objectives 1.1. Background The rapid development in financial markets in the 1990s led to the creation of financial groups providing services and products in different sectors of the financial markets, the so-called financial conglomerates. In 1999, the European Commission’s Financial Services Action Plan identified the need to supervise these conglomerates on a group-wide basis and announced the development of prudential legislation to supplement the sectoral legislation on banking, investment and insurance. This supplementary prudential supervision was introduced by the Financial Conglomerate Directive (FICOD) on 20 November 2002. The Directive follows the Joint Forum’s principles on financial conglomerates of 1999. The first revision of FICOD (FICOD1) was adopted in November 2011 following the lessons learnt during the financial crisis of 2007-2009. FICOD1 amended the sector-specific directives to enable supervisors to perform consolidated banking supervision and insurance group

Page 96: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 96

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

supervision at the level of the ultimate parent entity, even where that entity is a mixed financial holding company. On top of that, FICOD1 revised the rules for the identification of conglomerates, introduced a transparency requirement for the legal and operational structures of groups, and brought alternative investment fund managers within the scope of supplementary supervision in the same way as asset management companies. FICOD1’s Article 5 requires the Commission to deliver a review report before 31 December 2012 addressing in particular the scope of the Directive, the extension of its application to non-regulated entities, the criteria for identification of financial conglomerates owned by wider non-financial groups, systemically relevant financial conglomerates, and mandatory stress testing. The review was to be followed up by legislative proposals if deemed necessary. It should be noted that since the adoption of FICOD1 some issues, such as addressing systemic importance of complex groups, and recovery and resolution tools beyond the living wills requirement in FICOD1 have been or will be resolved in other contexts and have therefore become less relevant for this review.

1.2. The purpose of the review and the Joint Forum’s revised principles This review is guided by the objective of FICOD, which is to provide for the supplementary supervision of entities that form part of a conglomerate, with a focus on the potential risks of contagion, complexity and concentration — the so-called group risks — as well as the detection and correction of ‘double gearing’ — the multiple use of capital. The review aims to analyse whether the current provisions of

Page 97: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 97

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

FICOD, in conjunction with the relevant sectoral rules on group and consolidated supervision, are effective beyond the additional provisions introduced by FICOD1. The review is justified as the market dynamics in which conglomerates operate have changed substantially since the Directive entered into force in 2002. The financial crisis showed how group risks materialised across the entire financial sector. This demonstrates the importance of group-wide supervision of such inter-linkages within financial groups and among financial institutions, supplementing the sector specific prudential requirements. The limited approach of FICOD1 was partially based on the anticipation of the Joint Forum’s revised principles, which were due to be addressed in the present review. These principles were published in September 2012 with the two main issues being the inclusion of unregulated entities within the scope of supervision to cover the full spectrum of risks to which a financial group is or may be exposed and the need to identify the entity ultimately responsible for compliance with the group-wide requirements. This review takes the revised principles duly into account together with the evolving sectoral legislation as presented below.

1.3. Evolving regulatory and supervisory environment FICOD rules are supplementary in nature. They supplement the rules that credit institutions, insurance undertakings and investment firms are subject to according to the respective prudential regulations. Currently this sectoral legislation is being overhauled in a major way and the regulatory environment is evolving.

Page 98: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 98

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The CRD IV and Omnibus II are pending proposals before the European Parliament and the Council, and Solvency II includes enhanced group supervision provisions which are not yet applicable. Once these provisions are applicable, the Commission will closely monitor the implementation of these new frameworks, which also comprise a number of delegated and implementing acts, including regulatory technical standards to be developed over a number of years by the Commission and the European supervisory authorities (ESAs). In addition, the changes recently made to FICOD will not be in place before mid-2013, so cannot yet be fully examined in practice before late 2014. These include the regulatory and implementing technical standards and common guidelines to be issued by the ESAs. Finally, the Banking Union Regulation proposal calls for a major change in the supervision of European banks and will have an impact on the supervision of conglomerates as one of the tasks conferred to the European Central Bank would be to participate in supplementary supervision of a financial conglomerate. As this report shows, there are areas of supplementary supervision where improvements could be made. However, as with any legislation, the benefits of amending legislation always have to be weighed against the costs connected with legislative changes. According to the European Committee on Financial Conglomerates at its meeting on 21 September 2012, the supervisory community through the ESA’s advice to the Commission, and the industry in its responses to the consultation carried out by the Commission, the optimal timing for revising FICOD will only be once the sectoral legislation has been adopted and is applicable.

Page 99: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 99

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

2. The Scope of the Directive and the Legal Adressees of the Requirements 2.1. Scope 2.1.1. The scope of FICOD and the sectoral legislation Most of the groups operating in the financial sector have a broad spectrum of authorisations. Focusing on the supervision of only one type of authorised entity ignores other factors that may have a significant impact on the risk profile of the group as a whole. Fragmented supervisory approaches are not sufficient to cope with the challenges that current group structures pose to supervision. The supplementary supervision framework for conglomerates is meant to strengthen and complete the full set of rules applicable to financial groups, across sectors and across borders. However, from a regulatory standpoint, additional layers of supervision have to be avoided when the sectoral requirements already cover all the types of risk that may arise in a group.

2.1.2. Coverage of unregulated entities, including those not carrying out financial activities In order to address group risks, which was the original aim of FICOD and the Joint Forum principles, as re-affirmed by the revised principles, group supervision should cover all entities in the group which are relevant for the risk profile of the regulated entities in the group. This includes any entity not directly prudentially regulated, even if it carries out activities outside the financial sector, including non-regulated holding and parent companies at the top of the group.

Page 100: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 100

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Each unregulated entity may present different risks to a conglomerate and each may require separate consideration and treatment. Among unregulated entities, special importance is attached to special purpose entities (SPEs). The number of SPEs and the complexity of their structures increased significantly before the financial crisis, in conjunction with the growth of markets for securitisation and structured finance products, but have declined since then. While the use of SPEs yields benefits and may not be inherently problematic, the crisis has illustrated that poor risk management and a misunderstanding of the risks of SPEs can lead to disruption and failure. The need for enhanced monitoring of intra-group relationships with SPEs was highlighted in the Joint Forum’s 2009 SPE report.

2.1.3. Coverage of systemically relevant financial conglomerates The challenges of supervising conglomerates are most evident for groups whose size, inter-connectedness and complexity make them particularly vulnerable and a source of systemic risk. Any systemically important financial institution (SIFI) should in the first place be subject to more intense supervision through application of the CRD IV and Solvency II framework, both at individual and group /consolidated level. If the SIFI is also a conglomerate, supplementary supervision under FICOD would also be applicable. Although most SIFIs are conglomerates, this is not always the case. Also, systemic risks are not necessarily the same as group risks. Therefore, it does not seem meaningful to try to bring all SIFIs under FICOD.

Page 101: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 101

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Furthermore, discussions at international level are still continuing on insurance SIFIs, and the sectoral legislation, including the treatment of banking SIFIs, is not yet stable.

2.1.4. Thresholds for identifying a financial conglomerate All the issues mentioned above are linked to the definition of a conglomerate and the thresholds for identifying one. The two thresholds set out in Article 3 of FICOD take into account materiality and proportionality for identifying conglomerates that should be subject to supplementary supervision of group risks. The first threshold restricts supplementary supervision to those conglomerates that carry out business in the financial sector and the second restricts application to very large groups. The combined application of the two thresholds and the use of the available waiver by supervisors have led to a situation where very big banking groups that are also serious players in the European insurance market are not subject to supplementary supervision. Furthermore, the wording of the identification provision may leave room for different ways to determine the significance of cross-sectoral activities. It could be improved to ensure consistent application across sectors and borders. To ensure legal clarity, it is important to have easily understandable and applicable thresholds. However, the question remains whether the thresholds and the waivers should be amended or complemented to enable supervision in a proportionate and risk-based manner.

Page 102: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 102

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

2.1.5. Industrial groups owning financial conglomerates While there is agreement that regulated financial entities are exposed to group risks from the wider industrial group to which they might belong, no conclusion can be drawn at this stage as to how to extend the FICOD requirements to wider nonfinancial groups. The FICOD1 review clause required the Commission to assess whether the ESAs should, through the Joint Committee, issue guidelines for assessment of the material relevance of the activities of these conglomerates in the internal market for financial services. Currently there is no legislation on the supervision of industrial groups owning financial conglomerates and the ESAs have no empowerment to issue guidelines. Therefore, while the ESAs will certainly play a key role in ensuring the consistent application of FICOD, it is premature to reach any conclusions on the need for the ESAs to issue guidelines on this specific topic.

2.2. Entities responsible for meeting the group-level requirements Imposing requirements at group level will not ensure compliance unless this is accompanied by clear identification of the entity ultimately responsible in the financial group for controlling risks on a group-wide basis and for regulatory compliance with group requirements. This would allow more effective enforcement of the requirements by the supervisory authorities (discussed in section 4 below). Interaction with company law provisions governing the responsibilities of the ultimately responsible entity needs to be taken into consideration. This ultimate responsibility might need to be extended to non-operating holding companies at the head of conglomerates, even though a limited

Page 103: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 103

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

scope may be envisaged for those holding companies whose primary activity is not in the financial sector.

3. Provisions Needed to Ensure the Detection and Control of Group Risks The objective of supplementary supervision is to detect, monitor, manage and control group risks. The current requirements in FICOD concerning capital adequacy (Article 6), risk concentrations (Article 7), intra-group transactions (Article 8) and internal governance (Articles 9 and 13) are meant to achieve this objective. Amongst other criteria, they should be assessed against the need to strengthen the responsibility of the ultimate parent entity of conglomerates.

3.1. Capital (Article 6) The capital requirements for authorised entities on a stand-alone and consolidated basis are defined by the sectoral legislation dealing with the authorisation of financial firms. Article 6 of FICOD requires supervisors to check the capital adequacy of a conglomerate. The calculation methods defined in that Article aim to ensure that multiple use of capital is avoided. The JCFC’s Capital Advice from 2007 and 2008 revealed a wide range of practices among national supervisory authorities in calculating available and required capital at the level of the conglomerate. The draft regulatory technical standard (RTS) developed under FICOD Article 6(2), published for consultation on 31 August 2012, specifies the methods for calculating capital.

Page 104: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 104

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The technical standard is expected to deal sufficiently with the inconsistent use of capital calculation methods for the purpose of regulatory capital requirements and to ensure that only transferable capital is counted as available for the regulated entities of the group. Indeed, as this RTS should ensure a robust and consistent calculation of capital across Member States, when negotiating the CRD IV proposal, it appeared that no changes to FICOD to address Basel III objectives regarding a potential double counting of capital investments in unconsolidated insurance subsidiaries were necessary. However, the discussions accompanying the development of this technical standard revealed further concerns regarding group-wide capital policy. Supervisors sometimes lack insight into the availability of capital at the level of the conglomerate. This could be addressed by requesting the supervisory reporting and market disclosure of capital on an individual or sub-consolidated basis in addition to the consolidated level.

3.2. Risk concentrations (Article 7) and intra-group transactions (Article 8) Articles 7 and 8 on risk concentrations and intra-group transactions set out reporting requirements for undertakings. Combined with the potential extension of supervision to unregulated entities and identification of the entity ultimately responsible for compliance with FICOD requirements, including reporting obligations, these requirements should provide an adequate framework for supplementary supervision with regard to risk concentrations and intra-group transactions. The guidelines to be developed by ESAs, as requested by FICOD1, should ensure that the supervision of risk concentrations and intra-group transactions is carried out in a consistent way.

Page 105: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 105

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

3.3. Governance (Articles 9 and 13) Given the inherent complexity of financial conglomerates, corporate governance should carefully consider and balance the combination of interests of recognized stakeholders of the ultimate parent and the other entities of the group. The governance system should ensure that a common strategy achieves that balance and that regulated entities comply with regulation on an individual and on a group basis. FICOD, as amended, contains a requirement for conglomerates to have in place adequate risk management processes and internal control mechanisms, a fit and proper requirement for those who effectively direct the business of mixed financial holding companies, a ‘living will’ requirement, a transparency requirement for the legal and organisational structures of groups, and a requirement for supervisors to make the best possible use of the available governance requirements in CRD and Solvency II. CRD III and the proposal for CRD IV require, as will Solvency II, further strengthening of corporate governance and remuneration policy following the lessons learnt during the crisis. The living will requirement in FICOD1 would be strengthened by the Bank Recovery and Resolution Framework. What these frameworks do not yet cover is the enforceable responsibility of the head of the group or the requirement for this legal entity to be ready for any resolution and to ensure a sound group structure and the treatment of conflicts of interest. The Bank Recovery and Resolution Framework would require the preparation of group resolution plans covering the holding company and the banking group as a whole.

Page 106: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 106

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

4. Supervisory Tools and Powers 4.1. The current regime and the need to strengthen supervisory tools and Powers Article 14 enables supervisors to access information, also on minority participations, when required for supervisory purposes. Article 16 empowers the coordinator to take measures with regard to the holding company, and the supervisors of regulated entities to act against these entities, upon non-compliance with requirements concerning capital, risk concentrations, intra-group transactions and governance. The Article only refers to ‘necessary measures’ to rectify the situation, but does not specify such measures. Omnibus I gave the ESAs the possibility to develop guidelines for measures in respect of mixed financial holding companies, but these guidelines have not yet been developed. Article 17 requires Member States to provide for penalties or corrective measures to be imposed on mixed financial holding companies or their effective managers if they breach provisions implementing FICOD. The Article also requires Member States to confer powers on supervisors to avoid or deal with the circumvention of sectoral rules by regulated entities in a financial conglomerate. The wording of Article 16 and the lack of guidelines have led to a situation where there is no EU-wide enforcement framework specifically designed for financial conglomerates. As a result, the supervision of financial conglomerates is sectorally based with differences in national implementation. Furthermore, the ESAs point out that strengthening the sanctioning regime as advocated in the CRD IV proposal may create an uneven

Page 107: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 107

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

playing field between financial conglomerates depending on whether they are bank or insurance-led. At the same time, according to the ESAs, most national supervisory authorities consider that the measures available for sectoral supervision are equally appropriate for the supervision of financial conglomerates. Strengthening the supervision of financial conglomerates could therefore be achieved by improving the actual use of the existing instruments. As to the Article 17 requirement for Member States to provide for credible sanctions to make the requirements credibly enforceable, no such sanctioning regime is known for conglomerates. The ESAs provide eight recommendations both to enhance the powers and tools at the disposal of supervisors and to strengthen enforcement measures, also taking into account the differences in national implementation. Those recommendations include establishing an enforcement regime for the ultimately responsible entity and its subsidiaries. This implies a dual approach, with enforcement powers to deal with the top entity for group-wide risks and to hold the individual entities to account for their respective responsibilities. In addition, the supervisor should have available a minimum set of informative and investigative measures. Supervisors should be able to impose sanctions upon mixed activity holding companies, mixed activity insurance holding companies or intermediate financial holding companies.

4.2. The possibility to introduce mandatory stress testing The possibility to require conglomerates to carry out stress tests might be an additional supervisory tool to ensure the early and effective monitoring of risks in the conglomerate.

Page 108: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 108

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

FICOD1 introduced the possibility (though not an obligation) for the supervisor to perform stress tests on a regular basis. In addition, when EU-wide stress tests are performed, the ESAs may take into account parameters that capture the specific risks associated with financial conglomerates.

5. Conclusion The criteria for the definition and identification of a conglomerate, the identification of the parent entity ultimately responsible for meeting the group-wide requirements and the strengthening of enforcement with respect to that entity are the most relevant issues that could be addressed in a future revision of the financial conglomerates directive. The identification of the responsible parent entity would also enhance the effective application of the existing requirements concerning capital adequacy, risk concentrations, intra-group transactions and internal governance. The regulatory and supervisory environment with regard to credit institutions, insurance undertakings and investment firms is evolving. All the sectoral prudential regulations have been significantly amended on several occasions in the last few years, and even more significant changes to the regulatory rules are pending before the legislators. Furthermore, the proposal for the Banking Union significantly changes the supervisory framework. Therefore, and taking into account also the position of the European Financial Conglomerates Committee, the supervisory community and the industry, the Commission considers it advisable not to propose a legislative change in 2013. The Commission will keep the situation under constant review to determine an appropriate timing for the revision.

Page 109: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 109

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

ESMA to provide technical advice

on possible delegated acts concerning the Prospectus Directive Executive Summary

The European Commission sent a formal request on 20 January 2011 to ESMA to provide technical advice on possible delegated acts concerning the Prospectus Directive as amended by Directive 2010/73/EU (the Mandate). The Mandate to ESMA sets out the areas on where the Commission is requesting advice in sections 3, 4 and 5. ESMA has already delivered its advice on sections 3.1, 3.2 and 3.3 on 30 September 2011 and advice on sections 3.4 and 5 on 29 February 2012. The European Commission extended the scope of the Mandate to include the issue of prospectus disclosure requirements for convertible or exchangeable debt securities, and in particular in the context of the Delegated Regulation on the proportionate disclosure regime (Section 3.3 of the Mandate) and the work on the review of the provisions of the Prospectus Regulation (Section 4 of the Mandate). On 20 June 2012 ESMA released a Consultation Paper (Ref. ESMA/2012/380) requesting input from market participants to assist in providing advice to the European Commission.

Contents In accordance with the terms of the Mandate, ESMA presents by means of this Technical Advice a combined document that comprises both its feedback statement and its final technical advice concerning the disclosure requirements for convertible or exchangeable debt securities.

Page 110: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 110

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The document has been structured in such a way that the Technical Advice immediately follows the Feedback Statement. This Technical Advice sets out ESMA’s proposals for clarifications of and amendments to the Prospectus Regulation in order to increase legal clarity and propose application of the proportionate disclosure regime for convertible/exchangeable debt securities. Section I explains the general background, Section II explains the overall result of the consultation, Section III sets out a summary of the feedback received and ESMA’s responses thereto and Section IV sets out the Technical Advice to the European Commission.

Next steps ESMA has set up a further dedicated task force currently dealing with section 5 of the Mandate concerning the compilation of a comparative table of the liability regimes applied by the Member States in relation to the Prospectus Directive. ESMA expects to submit its final report to the European Commission in the second quarter of 2013. The remaining work from the Mandate on section 3.4, the criteria to be applied in assessing the equivalence of a third-country financial market (Article 4 (1)), is postponed due to the on-going review of the Transparency Directive, Market Abuse Directive and MiFID.

Page 111: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 111

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Regulatory Resolutions for 2013 Remarks by Assistant Superintendent Mark Zelmer, Office of the Superintendent of Financial Institutions Canada (OSFI) to the 2013 RBC Capital Markets Canadian Bank CEO Conference

Introduction Thank you for inviting me to speak to you today. I hope you enjoyed the holiday season and were able to take some time to relax with family and friends. This year is expected to be another interesting and challenging one as we continue to adjust to the aftershocks of the global financial crisis. To kick off, let me talk about some issues on the regulatory front. Last month OSFI joined the growing group of regulators that have met their commitment to implement Basel III in their domestic regulatory frameworks. But this is only the end of the beginning. There is more to come. So today I would like to outline some of the key regulatory issues that OSFI will be tackling over the course of 2013. A New Year’s Regulatory Resolution List if you like.

Canadian banks are reporting gold-plated Basel III capital ratios It is a testament to the underlying strength of the Canadian financial system that Canadian banks have been able to fully implement the Basel III capital rules from the start.

Page 112: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 112

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

And that is without the transition requirement training wheels that will be used in some other jurisdictions. Canadian deposit-taking institutions are now expected to comfortably meet the seven per cent Common Equity Tier 1 capital requirement on an “all-in” or 2019 basis. As a result, Canadian banks are now publicly reporting Basel III capital ratios on that basis. Let me stress that these are truly gold-plated capital ratios – especially when you compare them to those published by some foreign banks. Here’s why. First, many foreign banks appear to be reporting Basel III capital ratios on the basis of the rules that allow for the transition measures. So a seven per cent number posted by a Canadian bank is in fact significantly stronger than the same number posted by a bank that is phasing-in Basel III over the next six years. Second, different jurisdictions are handling the various options allowed for in Basel III in different ways. One example is how insurance subsidiaries are treated in the definition of capital. And, third, the quality of a bank’s capital ratio will obviously be affected if a jurisdiction has deviated from Basel III in its domestic capital rules. In Canada, we have faithfully implemented Basel III. And we expect the Basel peer review process will confirm that there are no material deviations in our domestic guidance. When you analyze the capital ratios of Canadian banks it is important to bear those differences in mind.

Page 113: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 113

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The Basel Committee is doing what it can to shed as much light as possible on published capital ratios through the introduction of a new detailed reporting template later this year. But we are encouraging the Committee to consider whether more steps can be taken to address the reporting differences I just mentioned. After all, banks that report gold-plated capital ratios deserve some credit.

Some banks will be designated as D-SIBs An important New Year’s resolution for OSFI will be to assess which banks in Canada should be designated as domestically systemically - important (D-SIBs). We expect to announce our decision within a few months. Any bank receiving a D-SIB designation can also expect some additional prudential requirements, including having to carry more common equity. The extra capital requirements will take effect in January 2016; the start date for those that will be imposed internationally on globally systemically-important banks. This provides plenty of time for the designated banks to plan accordingly. But higher capital is not enough when it comes to managing issues associated with domestic systemic importance. That is why OSFI already conducts more intensive risk-based supervision for those institutions that are larger and more complex. In addition, OSFI and other federal agencies are working to ensure that the Financial Stability Board’s Key Attributes of Effective Resolution Regimes for Financial Institutions are implemented appropriately in Canada.

Page 114: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 114

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

For example, we have been helping major federally regulated financial institutions develop recovery plans and the Canada Deposit Insurance Corporation (CDIC) has been leading the work on resolution plans – also known as living wills.

An NVCC market should emerge Another important resolution for us this year is contingent capital. As of January 1, Canadian deposit-taking institutions are no longer able to include new issues of preferred shares and subordinated debt in their Tier 1 and Total Capital ratios unless those instruments carry Non-Viability Contingent Capital (NVCC) conversion triggers. Existing instruments are being phased out of regulatory capital at a rate of ten per cent per year. Like living wills and other resolution measures, these new instruments are an important ingredient in making sure that all deposit-taking institutions can be resolved in an orderly fashion in times of stress without taxpayers being the first port of call for new capital. OSFI is looking forward to the emergence of a market in Canada for NVCC preferred shares and subordinated debt instruments in 2013.

Basel liquidity standards will be clarified On the liquidity front, the Basel Committee has approved the Liquidity Coverage Ratio (LCR) – a new liquidity standard that seeks to ensure that banks hold enough liquid assets to meet their funding commitments over a thirty day horizon. The remaining technical work to be completed this year includes making sure that the LCR will mesh well with central bank facilities, assessing what role market-based indicators might play in helping to define liquid assets, and completing work on appropriate disclosure requirements for bank liquidity and funding profiles.

Page 115: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 115

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Work will also begin in earnest this year to flesh out a second liquidity standard – the Net Stable Funding Ratio (NSFR). This standard focuses more on the funding structure of a bank; i.e. the extent to which it relies on short-term versus medium to longer-term sources of funds. Meanwhile, OSFI needs to consider how our existing liquidity monitoring tools should be used in conjunction with these new international standards.

Bank information disclosures will be enhanced So far I have mentioned various regulatory initiatives that are designed to boost bank capital and liquidity positions. But regulatory measures alone are not enough. You – the investors and market analysts – also have a role to play. You help to ensure that banks are subject to the discipline of well-informed financial markets. But you need good information to fulfill that role. As the Enhanced Disclosures Task Force recently commented: Disclosures that describe risks and risk management practices transparently help to build confidence in the firm’s management, which is particularly important in attracting debt and equity investors and may in turn support higher equity valuations. By enhancing investors’ understanding of banks’ risk exposures and risk management practices, high-quality risk disclosures may reduce uncertainty premiums and contribute to broader financial stability. You may be wondering: who is this task force and what did they recommend?

Page 116: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 116

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The Task Force was established by the Financial Stability Board (FSB) last May. Most groups sponsored by the FSB are typically composed of senior officials from the public sector. By contrast, the Task Force consisted of a group of senior private-sector executives from leading asset management firms, investors and analysts, global banks, credit rating agencies and external auditors. Each task force member was allocated to a work-stream so that the latter comprised both users and preparers of financial reports. After consulting extensively with regulators and industry groups, the Task Force reported back to the Financial Stability Board in October. It offered 32 recommendations on how the disclosure of information on bank risk exposures and risk management practices could be enhanced. The report was welcomed by the FSB, which views it as a valuable step to improving the quality of risk disclosures. Canadian banks are currently reviewing the recommendations. Our goal at OSFI is to ensure that major Canadian banks continue to be among the best in terms of information disclosure. We recognize that some investors would welcome more information on the funding and liquidity profiles of Canadian banks. Thus, you may be interested in knowing that the Task Force made four recommendations in this area, including one that banks publish a table summarizing remaining maturities of assets, liabilities and off-balance-sheet commitments on a contractual basis. Another area where the Task Force had some good advice to offer relates to the wide variations in risk-weighted assets across countries.

Page 117: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 117

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

This has led to some concern about the reliability of the models used by banks to compute their risk exposures and the associated asset risk weights. The Basel Committee is on top of this issue. Two reports are being prepared that examine the factors driving the variation in risk weights in both the banking book and the trading book. Indeed, one of my OSFI colleagues, Richard Gresser, is co-chairing the trading book study. Their findings will be published soon. Meanwhile, the Task Force offered several recommendations on how banks could provide more information on the models used to compute risk weights for credit risk, market risk and operational risk. Our hope is that more information on the models used by banks to calculate their risk exposures and asset risk weights will increase investor confidence in those models and in the Basel III capital framework more generally.

Solo capital requirements: a new wave in capital regulation? As you know, OSFI has traditionally focused on capital adequacy of banks and other deposit-taking institutions on a fully consolidated basis. By that I mean our formal capital guidance is defined in terms of a bank’s consolidated capital position; regardless of whether capital is carried at the parent bank level, or within a subsidiary that is fully consolidated for accounting and regulatory purposes. This approach has worked well for many years. Indeed, it has enabled Canadian deposit-taking institutions to manage their capital positions efficiently and limit situations where capital is trapped and cannot be used to satisfy Canadian regulatory requirements.

Page 118: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 118

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Having said that, even back in the pre-crisis Basel II days, banks and their supervisors were encouraged to pay attention to the distribution of capital within a banking group and ensure that individual banks were adequately capitalized on a stand-alone or solo basis. But the issue is now gaining more prominence. The new D-SIB framework provides incentives for host jurisdictions to require banks that are systemic in their jurisdictions to hold more capital locally. In other words, all things equal, a potential drain of capital away from home jurisdictions. In addition, UK authorities are reportedly encouraging overseas banks to operate through locally-incorporated subsidiaries with their own separate capital and liquidity requirements. And last month, the Federal Reserve announced new draft rules that would tighten capital and liquidity requirements on foreign banks operating in the United States. Together, these events suggest we may be moving to a world where more attention will be placed on how capital and liquidity are allocated within a banking group. OSFI has been monitoring the distribution of capital within Canadian banks for some time now. However, the recent events that I just described are leading us to consider what kind of framework and expectations would make sense in the future for federally-regulated financial institutions here in Canada.

Conclusion Let me end by reiterating my main points:

Page 119: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 119

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

1. Canadian banks are reporting gold-plated Basel III capital ratios because they are not relying on the transitional arrangements contained in Basel III. 2. OSFI plans to announce which banks will be designated as D-SIBs and the associated prudential requirements within a few months. 3. OSFI is committed to ensuring that major Canadian banks continue to be among the best in information disclosure. 4. More attention is being paid internationally to the issue of solo capital requirements. OSFI is considering what kind of framework and expectations would make sense in the future for federally-regulated financial institutions in Canada. Thank you again for the opportunity to speak with you today about our regulatory resolutions for 2013. There is still a lot of work to be done. But I am confident the result of this work will be a safe, resilient financial system that will continue to earn the well-deserved confidence and trust of depositors, creditors and investors. I wish you a Happy New Year.

Page 120: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 120

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Fifth progress note on the Global LEI Initiative

This is the fifth of a series of notes on the implementation of the legal entity identifier (LEI) initiative.

Global LEI System Regulatory Oversight Committee (ROC) The G20 Finance Ministers and Central Bank Governors endorsed the Charter for the ROC on 5 November 2012, thus initiating the process for the ROC to be formed. The ROC is the permanent governance body for the Global LEI System. Membership is open to all public authorities from across the globe that assent to the Charter. As of 10 January 2013, there are 45 authorities who have assented to the LEI Charter and are thus Members of the ROC. 15 authorities are Observers to the ROC. A number of other authorities are actively reviewing their engagement and expect to join the system shortly. The first meeting of the ROC is to take place at the end of January 2013 in Toronto. A key priority for that meeting will be to establish the ROC as a working body, through the appointment of the Chair (and potentially Vice Chairs), the Executive Committee, Secretariat, Committee on Evaluation and Standards as well as to take a number of key decisions on the next stages of implementation.

Page 121: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 121

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Global LEI foundation operating Central Operating Unit (COU)

The formation of the ROC is a necessary step for the creation of the global LEI foundation (or legal equivalent) which will operate the Central Operating Unit (COU) as described in the FSB June Report.

Following advice from the Private Sector Preparatory Group (PSPG) and the Implementation Group, the FSB Secretariat commissioned a detailed legal assessment of Switzerland as the potential legal home of the global LEI foundation.

Two important considerations in the assessment are that the legal home should support the governance structure described in the ROC Charter to ensure the protection of the broad public interest and that it should allow different locations for the legal home of the foundation and its associated operational activities.

The results of the legal assessment will be presented at the first meeting of the ROC in January to facilitate the decision on the legal location of the Global LEI Foundation and its formation in time for the system launch by March 2013.

Once the decision on location is made, work will be taken forward on the final specification of the legal documents necessary to establish the global LEI foundation.

Following the formation of the LEI foundation, the next task for the ROC will be the appointment of the initial Board of Directors as outlined in the fourth progress note.

Private Sector Preparatory Group The LEI Private Sector Preparatory Group (PSPG) members are currently preparing recommendation on governance and operational elements of the Global LEI System as well as proposals on LEI relationship data. An overarching aim of the work is how to draw most effectively on local infrastructure to deliver a truly global federated LEI system with a logically centralised database of unique LEIs based on consistent

Page 122: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 122

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

standards, protocols, procedures, etc. that will also appear seamless to users, as discussed in the FSB LEI report. The PSPG will provide its proposals and recommendations for consideration by the ROC at its first meeting and the Board of Directors of the Global LEI Foundation once in place. The IG is also working closely with the PSPG to develop proposals for both short-term and long-term strategies and work plans for relationship data in the Global LEI System.

Handover from the FSB to the ROC

At the Cannes Summit in 2011, the G20 provided a mandate to the FSB to lead the co-ordination of international regulatory work and to deliver in June 2012 concrete recommendations for the appropriate governance framework for a global LEI system, representing the public interest.

Following the provision of the recommendations to G20 in June 2012, the FSB was further tasked to coordinate the implementation of the global LEI System and prepare the Charter for the LEI ROC.

The ROC is now established as the permanent self-standing governance body for the Global LEI System and will take over full responsibility for the leadership of the initiative from the FSB at the Toronto meeting.

The FSB stands ready to offer support to the ROC upon request to ensure a smooth transition.

The FSB has fulfilled the mandate given to it by the G20 Leaders – the FSB LEI Implementation Group will be disbanded as responsibility is transferred.

The FSB LEI IG welcomes the LEI ROC as the oversight body of the Global LEI System, and wishes the ROC and Global LEI Foundation every success.

The FSB LEI IG would also like to thank PSPG members for their tremendous help and support to the initiative.

Page 123: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 123

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

LEI ROC Members

Page 124: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 124

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

LEI ROC Observers

Note

There is widespread agreement among the public authorities and financial industry participants on the merits of establishing a uniform global system for legal entity identification.

Such a system would provide a valuable ‘building block’ to contribute to and facilitate many financial stability objectives, including: improved risk management in firms; better assessment of micro and macroprudential risks; facilitation of orderly resolution; containing market abuse and curbing financial fraud; and enabling higher quality and accuracy of financial data overall.

It would reduce operational risks within firms by mitigating the need for tailored systems to reconcile the identification of entities and to support aggregation of risk positions and financial data, which impose substantial deadweight costs across the economy.

It would also facilitate straight through processing.

But despite numerous past attempts, the financial industry has not been successful in establishing a common global entity identifier.

Page 125: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 125

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The finance sector consequently lags well behind many other industries in agreeing and introducing a consistent global framework for entity identification.

The financial crisis has provided a renewed spur to the development of a global LEI system.

International regulators have recognised the importance of the LEI as a key component of necessary improvements in financial data systems.

To provide additional impetus, the FSB was given a mandate by the G-20 to lead the co-ordination of international regulatory work and to deliver concrete recommendations on the LEI system by June 2012:

‘We support the creation of a global legal entity identifier (LEI) which uniquely identifies parties to financial transactions.

We call on the FSB to take the lead in helping coordinate work among the regulatory community to prepare recommendations for the appropriate governance framework, representing the public interest, for such a global LEI by our next Summit.’ (Cannes Summit Declaration)

Page 126: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 126

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Corporate governance

Address by Mr Yandraduth Googoolye, First Deputy Governor of the Bank of Mauritius, at the workshop on “Corporate governance”, organised by the Mauritius Institute of Directors, Port-Louis Ladies and Gentlemen A very good morning to you. I would like to thank the Mauritius Institute of Directors – the MIOD – for organizing this Workshop on Corporate Governance and inviting me to speak before such a distinguished audience. I understand that this is the second Workshop in this series – the first one was held in November last year at this very same venue and due to the vast interest expressed by its members, the MIOD had to organize this second workshop. Corporate Governance is turning out to be a very topical issue indeed! Not only in Mauritius, but worldwide. International standard setters like the Bank for International Settlements and the OECD, among others, have recommended that bolder initiatives be taken to promote higher corporate governance standards in organisations. These initiatives, as you all know, were driven mainly by the corporate governance failures and lapses noted during the global financial crisis. The crisis has shown that there is not only the need for banks to improve their corporate governance practices, but that supervisors also must ensure that sound corporate governance principles are thoroughly and consistently implemented.

Page 127: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 127

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

But why should banks be subject to more stringent rules than other companies? One would be tempted to ask. Well, simply because banks play a critical role in the economy. They are highly leveraged institutions and most of their funds come from depositors – regulators cannot condone that a customer loses his money on account of lax corporate governance standards being maintained in institutions they regulate. Regulators have the ultimate responsibility of ensuring the safety and soundness of the financial system while at the same time safeguarding the interests of the depositors and the public at large. Hence, it is vital that this special position of trust that banks have in the economy is maintained through principles of good corporate governance. And it is within the remit of the regulators to make sure that these principles are effectively adhered to by banks. Predictably, the best option available to the Bank of Mauritius to ensure that these best practices are being adhered to in the banking sector is to prescribe them in the form of Guidelines. In fact, as far back as 2001, the Bank of Mauritius issued the first Guideline on Corporate Governance, which shows that corporate governance has always ranked high on our agenda. The first Guideline, however, provided only a broad framework of corporate governance whereby banks were advised to put in place a set of parameters without being prescriptive enough. The growth and increasing complexity of banks domestically coupled with the sad experiences which unfolded during the financial crisis, however, heightened the need for the Bank of Mauritius to revisit the codes and principles of corporate governance governing banks.

Page 128: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 128

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

As you all know, the history of banking contains many examples of banking crises. You may recall the high profile failures such as Enron and Parmalat and nearer to us, the failure of banks in the global financial crisis largely attributed to failures in corporate governance and risk management practices and the underpinning poor corporate culture and ethics. In response, many standard setting bodies and banking supervisors around the world have revamped their corporate governance standards requirements and reassessed their adequacy. Whilst these changes may have increased the burden of regulated financial institutions, they provide a safeguard for the financial system as a whole. The Bank of Mauritius has also kept pace with the evolving best practices set by international standard setters and issued a new Guideline on Corporate Governance in August 2012. This Guideline, I must say, was released to the industry after rather lengthy consultations with the banking community and the public at large. The Guideline was issued for public consultation in November 2010 and it was finalized after nearly two years. The Bank of Mauritius adopted a collaborative approach on this front and discussion groups were set up with banks. We even received comments from the MIOD for which we are very thankful and we thank everyone who participated in this initiative. I must emphasize here that the new Guideline has been finalized taking into account the specificities of the local context. Let me now run you through the broad principles underpinning the Guideline.

Page 129: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 129

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The financial crisis has shown that in certain instances, the Board – which plays a significant role in safeguarding the corporate governance principles and is ultimately responsible for overseeing the organization and management of the company’s affairs as well as the individual board directors were simply unaware of and did not understand the risks taken by the businesses which they were supposed to oversee. Other factors in corporate governance breakdown were attributed to conflicts of interest, lack of board director independence, weak internal and external audit practices and deficient internal control systems. Moreover, the complexity of the organisational structure of some financial firms impeded transparency and disclosure so that the firms’ true conditions were not visible to external parties such as regulators and market participants. The new Guideline on Corporate Governance has thus, attempted to circumvent these shortcomings and uphold the three principles underpinning good corporate governance, namely integrity, transparency and accountability. The Guideline emphasizes the responsibility of boards, their accountability as well as that of the Chairperson who leads the Board. The quality of the people sitting on boards and comprising senior management of financial companies has a direct bearing on the way these institutions are managed. The Guideline, therefore, whilst ensuring that directors meet the fit and proper person criteria, further prescribes for the leadership skills enhancement of board directors. Poor leadership has undermined public confidence in financial institutions during the crisis and has provided many painful but precious leadership lessons to one and all. The Orientation Program for Directors outlined in the Guideline addresses the issue of leadership by ensuring that directors are fully

Page 130: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 130

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

conversant with the principles of leadership, and the leadership training programme has to be approved by the Bank of Mauritius. I am pleased to announce that this Workshop has been duly approved by the Bank. The crisis also brought to light the importance of inculcating a corporate culture which promotes ethical principles. Culture has been described as “the way human beings behave together – what they value and what they celebrate.” The banking crisis revealed a breakdown of the values that promote trust and led to a crisis of confidence in banks. Regulation can propel a change in culture when it is otherwise not feasible, as rightly expressed by the Chief Executive of the UK, Financial Services Authority who stated that the regulator can influence culture by “influencing the composition of management, influencing incentives for good behaviour, influencing training and competence regime and deterring poor behaviour.” The Guideline on Corporate Governance, thus imposes the responsibility on directors and senior management to lead by example in an environment that emphasizes trust, integrity, honesty, judgment, respect, responsibility and accountability. Culture can only be effective when combined with strong leadership. For corporate governance principles to be really effective, the tone must be set from the very top of the organization in order that these principles trickle down to the lowest level of the organization to ensure compliance. The board should actively sustain an ethical corporate culture in the organization.

Page 131: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 131

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Further, strategic plans and procedures have to promote ethical balance, fair dealing practices must be applied, and a code of ethics must be laid down and communicated to all the members of the organisation. The Guideline on Corporate Governance not only draws from lessons learnt from the crisis, but also aims at addressing corporate governance weaknesses identified in financial institutions during on-site examinations conducted by the Bank of Mauritius and which have not been remedied in line with the recommendations of the Bank of Mauritius. While the 2001 Guideline recommended for a rotation of directors, it was noted that this recommendation has not been implemented to the satisfaction of the Bank of Mauritius. It was found that some boards remained “Pale, Male and Stale” as Governor Bheenick remarked during the first Workshop. To remedy that, we had no other alternative than to limit the term of office of non-executive directors of local banks to 6 years with a cooling-off period of two years before a possible re-appointment. This would allow for more fresh blood in the Boardroom with new ideas, new mindset and, why not, bolder initiatives. Renewal of board members allows new thinking on the board. Nevertheless, we are alive of the need to maintain continuity at the Board level and banks have been granted a transitional period to comply with that provision. In addition, on the issue of directorship, it needs to be highlighted that while the Bank of Mauritius is mandated under the Banking Act 2004 to allow a director to sit on the Board of more than one financial institution, we have taken the view that there is a potential risk of conflict of interest, if we were to allow this.

Page 132: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 132

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

We also believe that all directors should allocate sufficient time to perform their board responsibilities effectively. The Chairperson of the Board must be an independent director under the Guideline. This requirement is based on the principle that effective board debate and discussion require independent board leadership. A strong presence of independent directors implies independent judgment, free of any external influence. The board is further encouraged to appoint a lead independent director. The lead independent director has a potentially major role to play within the board, if there is a potential or actual tension between the Chairman and CEO or, alternatively, where the closeness of the Chairman and the CEO might inhibit the ability of nonexecutive/ independent directors to challenge and to contribute effectively to the works of the board. As regards the various sub-committees of the boards, the Guideline makes it mandatory for financial institutions to have an Audit Committee, a Conduct Review Committee for related party transactions and a Risk Management Committee. Board sub-committees represent the arm of the board for those issues that require special competencies. The sub-committees should report regularly and formally to the board which should stand ready to challenge any key issues as the board bears the ultimate responsibility. Corporate governance principles also require the bottom-up flow of information to the board through independent control functions such as the internal audit, compliance and risk management functions.

Page 133: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 133

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

However, the onus remains on the board to ensure receipt of management information as appropriate for the exercise of its oversight responsibilities. We may recall that the global financial crisis revealed weaknesses in corporate governance practices of failed banks where information on the real risks being taken by the institution did not reach the board or even senior levels of management. Even if risk management systems are functioning, the absence of transmission of information to the board and senior management would constitute a breakdown of corporate governance principles. Approving strategy is not sufficient, suitable metrics must be set to monitor the implementation of strategy and the responsibility for such monitoring falls on the board. Internal Audit and Compliance are two independent assurance functions which constitute the eyes of the board in matters of internal control as well as legislative and regulatory compliance. Whilst the Banking Act 2004 already elevated the Internal Audit function in the organization by giving it a direct reporting line to the Audit Committee, the Guideline on Corporate Governance has now enhanced the value and importance of the Compliance function by prescribing that it has a direct reporting line to the board or a board committee. This function has the responsibility of ensuring compliance with legislative and regulatory requirements as well as policies and procedures. Moreover, a compliance certificate has to be delivered by the board to the central bank on an annual basis as we want to ensure that the board is assuming its compliance oversight responsibilities over the activities of the institution. It would be remiss of me, if, in a talk on corporate governance, I did not mention the role of external auditors.

Page 134: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 134

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

The latter provide an independent opinion on whether the financial statements of the bank are complete, fair and properly drawn up with a true and fair view of its affairs. They will also draw attention on any significant matters identified during the course of their audit work. We view auditors as partners in our quest to have safe and sound institutions and expect the highest standards from them. Excessive risk taking by employees and compensation based on short term profitability have often been a serious hit to the banks. Weaknesses in these areas contributed to the failures of financial institutions during the crisis where remuneration systems were not related to the strategy and risk appetite of companies and served more the self-interest of bankers rather than the long term interest of the financial companies. To address this issue, the guideline recommends that incentives be designed to discourage such practices and remuneration for executives, directors and key personnel be fair and reasonable. The Bank of Mauritius will ensure that the provisions of this Guideline are being complied with. In fact, compliance thereto will be factored in the computation of the CAMEL Ratings of banks which are published on the Bank’s website since 2011. The CAMEL Ratings comprise an assessment of the following components: Capital, Asset quality, Management, Earnings and Liquidity. Four of the five components, namely the Capital, Asset Quality, Earnings and Liquidity, are based on objective criteria, i.e. data submitted by banks in their returns to the Bank of Mauritius, whereas the Management

Page 135: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 135

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

component is based on subjective criteria many of which are contained in the Guideline on Corporate Governance. The Bank therefore, expects financial institutions to comply with the provisions of the Guidelines, as noncompliance thereto will have a bearing on the Management component in the CAMEL rating of banks. On this note, may I conclude by commending the initiative of the MIOD to organize this workshop and assist stakeholders to better understand the Bank’s Guideline on Corporate Governance. I am confident that participants will benefit from it. May I also congratulate the Institute for its relentless efforts to improve professionalism and ethics in our corporate entities. I thank you very much for your kind attention.

Page 136: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 136

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

'Standard Quantum Limit' Smashed, Could Mean Better Fiber-Optic Comms

From NIST Tech Beat

Communicating with light may soon get a lot easier, hints recent research from the National Institute of Standards and Technology (NIST) and the University of Maryland's Joint Quantum Institute (JQI), where scientists have potentially found a way to overcome a longstanding barrier to cleaner signals. The findings, which demonstrate for the first time an error rate far below the "standard quantum limit" for a wide range of light levels, could increase the efficiency of fiber-optic systems by reducing both the power needed to send a signal and the number of errors the receiver makes. Light waves traveling through a fiber-optic cable often carry digital information encoded as differences in phase between one wave and another. The crests of two waves that are "in phase" pass a point at the same time, while if the two waves are 180 degrees out of phase, one crest passes while the other's trough does. Receivers can be designed to detect more than just two phase angles—0, 90, 180 and 270 degrees, for example—and the more phases they can detect, the more information can be packed into a signal, increasing the rate of data transmission.

Page 137: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 137

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

However, a constant problem is that phase states slightly overlap one another, meaning that there is a chance a state with 180-degree phase will be mistaken for a 0, 90 or 270-degree phase state. To minimize these errors, engineers must use more optical signal power—which amps up the cost as well. A potential solution would be an improved receiver that does a better job distinguishing among the different phase states. But designers have struggled for decades to get past a barrier they call the standard quantum limit, which is the best performance an ideal conventional receiver could ever attain. The research team, though, found a clever way to get past the standard quantum limit using off-the-shelf technology to construct a receiver in an innovative way. Their solution is to make several measurements instead of a single one, and set them up so that each measures a portion of the input light's phase state successively. The key to this "staged" approach is that the receiver makes a partial measurement of the input phase state, and then uses the information obtained from this first partial measurement to adapt itself before making the next one. None of the individual partial measurements is perfect, but the adaptive technology allows a dramatically better final result. "With a receiver implementing only a few adaptive measurements, we've managed to achieve error rates four times lower than the standard quantum limit," says Francisco Elohim Becerra, a NIST/JQI postdoctoral fellow who is acknowledged by his co-authors as having done the brunt of the work and originated the design. While the innovation may not make its way into a fiber-optic system near you for some time, Becerra's coauthor Alan Migdall says better phase

Page 138: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 138

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

measurement could lead to more efficient technologies that harness quantum effects, as well as improved data encryption systems.

Page 139: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 139

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

Certified Risk and Compliance Management Professional (CRCMP) distance learning and online certification program. Companies like IBM, Accenture etc. consider the CRCMP a preferred certificate. You may find more if you search (CRCMP preferred certificate) using any search engine.

The all-inclusive cost is $297. What is included in the price: A. The official presentations we use in our instructor-led classes (3285 slides) The 2309 slides are needed for the exam, as all the questions are based on these slides. The remaining 976 slides are for reference. You can find the course synopsis at: www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm B. Up to 3 Online Exams You have to pass one exam. If you fail, you must study the official presentations and try again. Up to 3 exams are included in the price. To learn more you may visit: www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf C. Personalized Certificate printed in full color Processing, printing, packing and posting to your office or home.

Page 140: Monday January 21 2013 Top 10 Risk Compliance News Events

P a g e | 140

_____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP)

www.risk-compliance-association.com

D. The Dodd Frank Act and the new Risk Management Standards (976 slides, included in the 3285 slides) The US Dodd-Frank Wall Street Reform and Consumer Protection Act is the most significant piece of legislation concerning the financial services industry in about 80 years. What does it mean for risk and compliance management professionals? It means new challenges, new jobs, new careers, and new opportunities. The bill establishes new risk management and corporate governance principles, sets up an early warning system to protect the economy from future threats, and brings more transparency and accountability. It also amends important sections of the Sarbanes Oxley Act. For example, it significantly expands whistleblower protections under the Sarbanes Oxley Act and creates additional anti-retaliation requirements. You will find more information at: www.risk-compliance-association.com/Distance_Learning_and_Certification.htm