Preliminary report on the AML/CFT Risk Based Supervision (RBS)
Risk-based Supervision
description
Transcript of Risk-based Supervision
1
Risk-based Supervision
Dave Finnis, IAIS
Including Off-site analysis and On-site inspection
San Jose 6 September 2011
2
Risk-based Supervision
Dave Finnis, IAIS
Basic supervisory tools – Australia as an example
The Australian Prudential Regulation AuthoritySan Jose 6 September 2011
Risk based supervision 36 September 2011
Defining insuranceInsurance contract
“means a contract under which one party (the insurer) accepts significant insurance risk from another party (the policyholder) by agreeing to compensate the policyholder if a specified uncertain future event (the insured event) adversely affects the policyholder” (AASB)
General insurance contract
“means an insurance contract that is not a life insurance contract” (AASB) (see Insurance Act 1973)
Life insurance contract
“means an insurance contract…regulated under the Life Insurance Act 1995” (AASB)
Risk based supervision 46 September 2011
Example: APRA’s powers and responsibilities under the Insurance Act 1973
Authorisations
Granting authorisation for eligible insurers to carry on an insurance business
Prudential Standards
Applying the prudential regime to the authorised entities.
The prudential standards are legally enforceable under section 32 of the Act
Risk based supervision 56 September 2011
Example: Legislative framework for General Insurance
LEGISLATION DESCRIPTION
Corporations Act 2001 Financial Services Law
Insurance Act 1973 Regulation of general insurance businesses, including •authorisation •prudential requirements
• Prudential Standards• FCR• REMS
•Enforcement
Insurance Contracts Act 1984 • Regulation of information provided to consumers. • Defines duty of disclosure for consumers and limits areas in which
a claim may be denied or policy cancelled
Australian Securities and Investments Commissions Act
• Misleading and deceptive conduct and • Unconscionable conduct
Australian Accounting Standards Board (AASB)
• An Australian Government agency that develops and maintains the financial reporting standards for private and public sector organisations.
• Powers and functions set out in the ASIC Act 2001
Risk based supervision 66 September 2011
Example: Put the experts in place - Appointment of actuary and auditor
Role of appointed actuary (AA)
Values the insurance liabilities of the general insurer
Assesses (annually) the overall financial condition of the general insurer
Role of the auditor
Annual audit of the statutory accounts
Reviews other aspects of the general insurer’s operations on an annual basis.
Both auditor and actuary
May be requested to conduct special purpose reviews relating to operations, risk management and the financial affairs of the insurer
Auditors and actuaries provision of information under the Act
They must provide information to APRA if they believe the insurer is likely to become insolvent or has contravened the Act or Prudential Standards, or face disqualification.
Risk based supervision 76 September 2011
Role of a supervisor – Australian view
The role of a supervisor• Supervision vs. regulation• Risk vs. compliance focus
Supervisory activities- Group review• Onsite reviews• Offsite reviews• Financial analysis• Regulatory approvals and interpretations
Risk based supervision 86 September 2011
Industry trendsSolvency coverage ratio for the GI industryas at 30 June 2010
Risk based supervision 96 September 2011 9
Modules & Topics
Module 1
Board
•Board Composition•Fit & Proper
Module 2
Management
•Management Structure •Fit & Proper
Module 3
Risk Governance
•Role of Board•Risk Governance of Board•Board Committees•Decision Making Process – Risk Management
•Compliance Framework•Management Information System•Independent Review – Internal Audit (IA)•Independent Review – External Audit (EA)
Module 4
Strategy & Planning
•Strategic Risk•Strategic Planning•Business Plan
•Implementation & Execution•Monitoring its own progress
Module 5
Capital
•Coverage / Surplus•Earnings•Access to Additional Capital
Module 6
Liquidity Risk
•Liquidity Risk•Board and Management Awareness•Liquidity Risk Management•Independent Review of Liquidity Risk
Risk based supervision 106 September 201110
Modules & Topics
Module 7
Operational Risk
•Nature & Complexity•Internal & External Fraud•IT Systems•Business Disruption•Board & Management Awareness•Operational Risk Management Framework•Outsourcing Arrangements
•Administration•Information Technology•Business Continuity Management•Project Management (IT)•New & Varied Products•Independent Review of Operational Risk
Module 8
Credit Risk
•Portfolio Composition•Strategy & Appetite•Bad Debts/ Arrears Experience•Board & Management•Credit Risk Framework & Architecture•Origination/ Approval Process
•Portfolio/ Account Management & Monitoring•Governance & Controls around Credit Risk Grading System/ Scorecards•Problem Asset Management•Independent Credit Review Process
Module 9
Market & Investment Risk
•Traded Market Risk•Non-traded Market Risk•Board and Management
•Traded Market Risk Management•Non-traded Market Risk Management•Independent Review of Market & Investment Risk
Module 10
Insurance Risk
•Insurance Risk•Credit Risk•Board and Management•Product Design•Pricing•Underwriting
•Claims•Liability Valuation•Reinsurance•Distribution•Independent Review of Insurance Risk
Risk based supervision 116 September 2011 11
Supervision Process
Risk Assessment• PAIRS Update
Supervision Activities• Prudential consultation
• Prudential reviews• Offsite analysis
• Targeted reviews•Ad hoc meetings
Supervision Strategy• Supervisory Action Plans
Risk based supervision 126 September 2011
Prudential Reviews of Insurers
Prudential reviews of insurers is a cornerstone of APRA’s assessment
APRA reviews and assesses:− Reinsurance− Pricing− Underwriting− Claims− Independent review− Liability valuation− Product design− IT and business continuity management− Operational risk− Investment risk
12
Risk based supervision 136 September 2011
Offsite review – Obtain the trust!
Do the homework:• Current filings• Additional filings• People history• (proposed ICP 9)
Focus on other key documents and structures:• Business plan• Financial condition report• Management structure• Peer review• SWOT
Risk based supervision 146 September 2011
On-site review - Verification
Support from primary legislation (ICP 9 again)• flexibility in scope and frequency• review effect of regulatory change and market
developments
Follow up on questions from off-site review• tangible balance sheet issues• intangible balance sheet issues
Confirm the plans are put into practice• HIH example• risk management practicalities
15
Traditional supervisory considerations
Dave Finnis, IAIS
Entity-specific, and Group-wide issues
San Jose 6 September 2011
Risk based supervision 166 September 2011
Risk Based Supervision
Genesis and BackgroundTraditional/Historical Model:
• Entity-based • Revalidation of financial statements• Significant transaction testing• Largely compliance based• No reliance on the work of third parties (external auditors)
or on Internal Audit, Appointed/Responsible Actuary – redo their work
• Point-in-time – not dynamic • Looking for problems
• extensive investigation of almost every aspect of an institution’s operations; heavy demand on supervisory resources
Risk based supervision 176 September 2011
CARAMELS Capital
Asset quality
Reinsurance
Actuarial liabilities
Management
Liquidity
Subsidiaries
Risk Based SupervisionTraditional/Historical Model (A Canadian Viewpoint)
Risk based supervision 186 September 2011
CARAMELS• Key benefit – identification of institutions that
require special supervisory attention• Not forward looking – ratings derived from on-
site examinations, not designed to track changes
• Based on the last on-site examination, which may have been several years ago
• Provide ex post indications of problems.• Usefulness depends on the frequency of
examinations and stability of institution’s financial condition
Risk Based SupervisionTraditional/Historical Model
Risk based supervision 196 September 2011
Risk Based Supervision
ICP 18 Risk Assessment & Management
“The supervisory authority requires insurers to recognize the range of risks that they face and to assess and manage them effectively”
Proposed ICP 8 Risk Management & Internal Controls
“ The supervisor requires an insurer to have, as part of its overall corporate governance framework, effective systems of risk management and internal controls, including effective functions for risk management, compliance, actuarial matters, and internal audit.”
Risk based supervision 206 September 2011
Liability Risks
Other Risks
Operational Risks
Liquidity Risks
Capital Risks
Asset Risks
Claims Risk Pricing Risk
Underwriting RiskConcentration Risk
Reserving RiskCatastrophe RiskReinsurance Risk
Claims Risk Pricing Risk
Underwriting RiskConcentration Risk
Reserving RiskCatastrophe RiskReinsurance Risk
Market RiskCredit Risk
Concentration RiskAsset Valuation Risk
Market RiskCredit Risk
Concentration RiskAsset Valuation Risk
Cost of capital Mismatch Risk (ALM)Solvency Margin Risk
Accounting Risk
Cost of capital Mismatch Risk (ALM)Solvency Margin Risk
Accounting Risk
Financing RiskCapital access Risk
Mismatch Risk (Cash Flow)Surrender
Financing RiskCapital access Risk
Mismatch Risk (Cash Flow)Surrender
Technology RiskCommunication RiskBusiness disruption
Fraud
Technology RiskCommunication RiskBusiness disruption
Fraud
Legal RiskRegulatory RiskReputation RiskStrategy Risk
Other business RiskEnvironmental Risk
Legal RiskRegulatory RiskReputation RiskStrategy Risk
Other business RiskEnvironmental Risk
What risks are insurers exposed to?
Risk based supervision 216 September 2011
London Working Group report, December 2002*
• Surveys of all recent failures and problems of EU insurers• Identified major risks:
Underwriting / reserving riskOperational risk (management / governance, business
risk, systems and controls)Asset riskExternal causesReinsurance risk
*Source: Managing Risk: Practical lessons from recent “failures” of EU insurers, 2002, FSA UK
Risk Assessment and management
Risk based supervision 226 September 2011
Risk Based Supervision
Proposed ICP 8: Risk Management and Internal Controls• the supervisor requires the insurer to establish, and operate within, effective
systems of risk management and internal control • risks specific to insurance sector
e.g. underwriting risk, risks related to evaluation of technical reserves (ICP 19)• supervisors participate in risk management process by reviewing the monitoring
and controls of the insurerprudential regulations/requirements to contain riskultimate responsibility rests with Board
Risk based supervision 236 September 2011
Risk Based Supervision
Proposed ICP 8: Risk Management and Internal Controls
Essential Criteria• supervisor requires/checks that insurers have in place comprehensive risk
management policies/systems• risk management policies/risk control systems are appropriate to the complexity,
size and nature of insurer. Appropriate risk tolerance limits are in place• risk management system monitors/controls all material risks• insurers regularly review the market environment and take appropriate actions to
manage adverse impacts of environment on insurer’s business
Risk based supervision 246 September 2011
Risk Based Supervision
Key benefits of Risk-Based Supervision:
Systematic assessment within a formalized framework both at the time of examination and in between examination through off-site monitoring (a continuous process).
Identification of institutions and areas within institutions where problems exist or are likely to emerge.
Cost effective use of resources through greater emphasis on risk – regulatory resources are focused on areas of highest risk (by FI and by sector)
Allows for prompt intervention and timely action.
Risk based supervision 256 September 2011
Risk Based Supervision
Comprehensive Risk Assessment & RatingsGeneric FeaturesComprehensive and detailed assessment of the risk profile of the institution – overall assessment
score/rating.Assessment of qualitative and quantitative risk factors and risk management oversight functionsAssessment of the inherent risks of each business unit or significant activityBenefits Can be applied on a consolidated as well as solo basisBetter understanding of the risks and quality of risk management functions at the institutionAllows for more focused and risk-based supervision
Risk based supervision 266 September 2011
Rationale for group-wide supervision
Group riskmanagement
andcontrols
Group managementstructure andgovernance
Increasingprominence of
IAIGs
Fill supervisory
gaps
Groupfinancialposition and risks
Rationale
Risk based supervision 276 September 2011
Proposed ICP 23 will provide overarching requirement
Have a clear definition of “insurance group”.
Supervisors cooperate and coordinate to avoid regulatory gaps and avoid unnecessary duplication.
At a minimum, group-wide supervision covers:• Group structure• Capital adequacy• Intra-group transactions and exposures• Governance and risk management
Put in place adequate supervisory reporting requirements.
Deny or withdraw license when effective supervision is hindered.
Proposed ICP 23 Group-wide Supervision
The supervisor supervises insurers on a legal entity and group-wide basis
Risk based supervision 286 September 2011
Key issue – what is an “insurance group” for the purpose of group-wide supervision?
Non-operatingHolding Company
(NOHC) 1
Insurer 1 Bank 1Securities
Firm 1
Non-regulated Operating
Entity (NROE) 1
IntermediateNOHC 2
Insurer 3 NROE 2 Insurer 4NROE 3
Insurer 2
SPE 1
2. The minimum types of “relevant entities” that should be included
1. Supervisors must set the perimeter of group-wide supervision in cooperation with other supervisors
• Participation, influence• Interconnectedness• Risk exposure• Risk concentration• Risk transfer• Intra-group transactions
3. Minimum elements with respect to insurance activities to consider when setting the scope
Risk based supervision 296 September 2011
Key Features of treatment of non-regulated entities in group-wide supervision
Risk mitigationmeasures
Flexiblescope of
supervision
Supervisorycooperation,coordination,info exchange Supervisory
reviewand reporting
Fitness and propriety
Capital adequacy
Assess risks from
non-regulated entities
Comprehensive understanding
of group
Key Features
Risk based supervision 306 September 2011
International recommendations on supervisory colleges
G20
FSB
Joint Forum
• “Supervisors should collaborate to establish supervisory colleges for all major cross-border financial institutions, as part of efforts to strengthen the surveillance of cross-border firms.” (Washington D.C. Summit, Nov 2008)
• “We remain focused on the medium term actions, and make recommendations to the London Summit to ensure strengthened international cooperation to prevent and resolve crises, including through supervisory colleges…” (London Summit, Apr 2009)
• “Substantial progress has been made in strengthening prudential oversight, improving risk management, strengthening transparency, promoting market integrity, establishing supervisory colleges, and reinforcing international cooperation.” (Pittsburgh Summit, Sep 2009)
• “The use of international colleges of supervisors should be expanded so that, by end-2008, a college exists for each of the largest global financial institutions.” (Apr 2008)
• “The BCBS, IOSCO, and IAIS should work together to enhance the consistency of supervisory colleges across sectors and ensure that cross-sectoral issues are effectively reviewed within supervisory colleges, where needed and not already in place.” (Jan 2010)
31
Macroprudential Supervision
Dave Finnis, IAIS
An additional dimension
San Jose 6 September 2011
Risk based supervision 326 September 2011
“Macroprudential regulation” – a definition
“Regulatory policy that uses primarily prudential tools to limit systemic or system-wide financial risk.” (IMF)
Effectively macroprudential regulation provides a “top down” approach to regulation that complements standard, “bottom up” (or microprudential) regulation
Risk based supervision 336 September 2011
Contagion in banking and insurance
100%
50%
0%
50%
100%
jul/07 jan/08 jul/08 jan/09 jul/09 jan/10 jul/10 jan/11 jul/11
Daily 7 Day average
Coexceedance of equity prices (in per cent of firm sample)
This chart reflects the percentage of banks and insurers that simultaneously show an extreme decline in equity prices.Source: Thomosn Datastream and DNB calculations
Banks
Insurers
100%
50%
0%
50%
100%
jul/07 jan/08 jul/08 jan/09 jul/09 jan/10 jul/10 jan/11 jul/11
Daily 7 Day average
Coexceedance of CDS spreads(in per cent of firm sample)
Banks
Insurers
This chart reflects the percentage of banks and insurers that simultaneously show an extreme increase in CDS spreadsSource: Thomson Datastream and DNB calculations
Systemic risk is endemic – also in insurance
Risk based supervision 346 September 2011
Where we start from
The guiding principle… “…no source of systemic risk should be left unattended.”
(IMF, March 2011)
…and its consequences…
“In principle, macroprudential policy should capture all systemically important providers [of risk] … and where relevant, appropriate prudential instruments and regulations should be applied to institutions and market activities that may pose systemic risk. This would require redefining the perimeter of reporting and regulation to include all firms that may contribute to systemic risk.”
(IMF, March 2011)
…are recognized in our mandate
“…to develop a macroprudential policy framework …to identify, assess, monitor, and mitigate the adverse consequences of any systemic risk…” (IAIS, February 2011)
Risk based supervision 356 September 2011
Macro- and microprudential approachesMacro- and microprudential approaches
Microprudential Macroprudential
Proximate objectiveLimit distress of individual
institutions Limit system-wide distress
Ultimate objective Investor/depositor) protectionAvoid macroeconomic costs
linked to instability
Risk characterisation
Exogenous—independent of individual behaviour
Endogenous—dependent on collective behaviour
Correlations and common exposures
Irrelevant Important
Calibration of prudential controls
Bottom up, risks of individual institutions
Top down, in terms of system-wide risk
Source: Claudio Borio, 2003 “Towards a Macroprudential framework for financial stability” (BIS WP 128).
Risk based supervision 366 September 2011
Implementing the G-20 agenda
At the 2009 Pittsburgh Summit G-20 leaders called on the Financial Stability Board to develop for systemically important financial institutions “possible measures including more intensive supervision and specific additional capital, liquidity, and other prudential requirements.
Challenge IAIS response
Identify systemically relevant insurers • G-SIFI project; results by 2012• Macroprudential surveillance in
insurance established
Promote consolidated supervision that accounts for all risk activities undertaken in a group and its entities
• ICP 23 in effect by October 2011• ComFrame for 50 large IAIGs
Establish resolution regimes for failed financial institutions
• Traditional supervisory approaches to insurers in failure and run-off
• IGSC work on resolution
Enhance loss absorbency • Loss absorbency in traditional insurance well defined by solvency requirements
• Open issue remains how to include and manage non-traditional activities
Risk based supervision 376 September 2011
Workplan for the Macroprudential Policy and Surveillance Working Group (MPSWG)
Analysis / diagnosis• Develop analytical tools for macroprudential surveillance• Analyse gaps that could give raise to regulatory arbitrage• New: Analyse systemic issues of sovereign debt• New: Analyse systemic role of Credit Rating Agencies (CRAs)
Operational issues / standard setting• Further develop KIRT (internal) and GIMAR (external) reports to strengthen
comprehensive analysis of insurance sector• Develop measures to close regulatory arbitrage• Develop macroprudential tool kit to be used by national supervisors
Institutional set-up• Internal: Report to FSC and TC• External: Work closely with IMF, World Bank, OECD, FSB and Joint Forum
• New: Collaborate closely with the Supervisory Forum
Risk based supervision 386 September 2011
Example: Increased systemic risk in the EU
Main risks for the EU financial system Type of systemic risk
Level and recent change
Interplay between public finances and financial sector; potential for adverse contagion
Macro shock, unwinding of imbalances
Bank funding vulnerabilities leading to contagion Contagion
Losses for banks in residential and commercial real estate markets of certain EU countries
Unwinding of imbalances, contagion
New: Sudden rise in global long-term interest rates with adverse impact for financial institutions
Macro shock
A medium to longer term risk
Tensions related to international capital flows; asset price increases in emerging markets
Unwinding of imbalances,
Considerable systemic risk Systemic risk Potential systemic risk
Source: ECB
Risk based supervision 396 September 2011
KIRT
“Key Insurance and Risk Trends”
Initial survey of insurers and reinsurers• Type of risk
• Insurance risk• Financial market risk
• Potential systemic risk implications• Trends in profitability and pricing
adequacy
40
Risk-based Supervision
Dave Finnis, IAIS
Questions?
San Jose 7 September 2011