Module 5: Risk frameworks (mandatory) Flashcards
5 Stakeholders with roles involving supervision and control of companies
- professional bodies
- professional regulators
- industry bodies
- industry regulators
- governments
Functional regulation
Regulation with different supervisory bodies regulating different activities.
(eg separate regulators for banks, insurance companies, charities, etc.)
United regulation
Regulation with a single supervisory body regulating all activities.
3 Pillars of the Basel Accord
- minimum capital requirements for
- credit,
- market and
- operational risk - supervisory review of
- internal systems,
- processes and
- risk limits - adequate disclosure facilitating market discipline via pricing of capital
What do the 3 Basel accords comprise?
- Basel I - minimum capital requirements for credit (and later market) risk
- Basel II - superseded Basel I
- Basel III - established in response to the global financial crisis - focuses on liquidity, counterparty and systemic risk - works alongside Basel II.
Solvency II
Solvency II is the mandatory risk framework for insurance companies operating in EU member states.
It is modelled on Basel II, and comprises 3 pillars:
- quantitative requirements
- qualitative requirements
- disclosure
Solvency II:
2 Quantitative requirements
- A solvency capital requirement (SCR)
- A minimum capital requirement (MCR)
Solvency II:
Qualitative requirement
Under Pillar 2, insurance companies must carry out an Own Risk and Solvency Assessment (ORSA), which assesses the adequacy of risk management and likely future solvency.
Sarbanes-Oxley
The Sarbanes-Oxley Act of 2002 (SOX) is primary legislation in the US designed to protect shareholders.
It comprises reforms in relation to:
- disclosure
- the role of the external auditor
- corporate governance
COSO
The Committee of Sponsoring Organisations of the Treadway Commission.
COSO ERM Integrated Framework
Their published framework is advisory (rather than mandatory), but many companies use the framework to demonstrate that they have adequate internal controls for SOX purposes.
A key component of the framework is the “COSO cube” which considers the:
- ERM components / processes,
- in each business area covered by the framework,
- and at each business level of application.
5 Processes that can form part of a system of prudential supervision
Prudential supervision involves:
- Oversight
- Licensing
- A requirement to maintain minimum standards (eg operational)
- Procedures for monitoring compliance with standards and licences
- Processes to take action against those who fail to comply
Why might different parts of a business be subject to different regulatory regimes and capital adequacy requirements?
This can arise for a number of reasons, including:
- for international business, having operations that are regulated by DIFFERENT TERRITORIES
- having subsidiaries that operate in DIFFERENT INDUSTRY SECTORS, eg financial and manufacturing
- having subsidiaries that operate in DIFFERENT AREAS WITHIN THE SAME SECTOR, eg banking and insurance
- having subsidiaries or portfolios within the same sector that are subject to DIFFERENT REGULATORY REQUIREMENTS, eg traditional insurer and captive insurer
- having subsidiaries which are new ventures or acquisitions and are at DIFFERENT LIFECYCLE STAGES
4 Categories of supervisors (other than governments) and name a specific example of each
In addition to governments, supervision and control may be exercised by:
- Professional bodies
- — e.g. IFoA - Professional regulators
- — e.g. Chartered Financial Analyst Institute or the Financial Reporting Council - Industry bodies
- — such as the British Bankers’ Association (BBA), British Sandwich Association and the Association of British Insurers (ABI) - Industry regulators
- — such as the PRA, FCA and LSE
Outline the specific role of:
Professional bodies
Professional bodies ensure:
- members are ADEQUATELY TRAINED, usually through a process of examination
- members MAINTAIN THEIR COMPETENCE, through continuing professional development (CPD)
Some professional bodies also have the power to discipline members who fail to maintain appropriate standards.
Outline the specific role of:
Professional regulators
Where a profession has statutory responsibilities, for example, in the accounting and auditing professions, it is more likely to be subject to external regulation.
Professional regulators MAINTAIN PUBLIC CONFIDENCE in the profession by:
- setting standards
- monitoring adherence to the standards
- disciplining in cases of non-adherence
Outline the specific role of:
Industry Bodies
The main purpose of industry bodies is to PROMOTE THE INTEREST OF THEIR MEMBERS, through lobbying and other activities, such as shared research projects.
Outline the specific role of:
Industry Regulators / Supervisors
Regulators act on behalf of government to PROTECT THE PUBLIC by controlling the activities of firms and individuals operating in a particular industry.
The main aim of regulation (or supervision) is to prevent problems from occurring, rather than punishing those who are responsible for problems.
6 Advantages (claimed) of a unified system
- it is easier to regulate financial CONGLOMERATES
- it ensures a CONSISTENT APPROACH across various financial services activities
- limits any incentive for REGULATORY ARBITRAGE (firms picking and choosing the most favourable regulatory environment)
- ECONOMIES OF SCALE
- better SHARING OF IDEAS between regulatory staff
- improved ACCOUNTABILITY (less chance of buck-passing between regulators)
List the aspects considered by a supervisor when developing their understanding of an insurer
In addition to the nature of the business, regulators typically seek to understand an organisation’s:
- governance arrangements
- business plans
- financial (condition) reports
- risk management strategies and processes
Outline the reasons an insurer should engage proactively with their supervisors
A practical argument would be that the insurer-regulator relationship should be a key component of an insurer’s ERM framework.
Proactive engagement helps to reduce the level of risk a supervisor places on a particular insurer and therefore reduces the supervisory burden on that insurer.
Regulators see a wide range of risk management practices in operation and are well placed to advice on what is best practice. Proactive engagement provides greater opportunity to benefit from such advice.
Risk-Based Regulation
Although regulators monitor all institutions, they focus their attention on those institutions that, in their opinion, represent the greatest risk.
FCA
The Financial Conduct Authority (FCA) regulates the financial services industry in the UK.
Their aim is to
- protect consumers,
- ensure the industry remains stable and
- promote healthy competition between financial services providers.
PRA
The Prudential Regulation Authority (PRA) is a part of the Bank of England and is responsible for the prudential regulation and supervision of
- banks,
- building societies,
- credit unions,
- insurers and
- major investment firms.
It sets standards and supervises financial institutions at the level of the individual firm.
UKLA
One important part of the FCA is the UK Listing Authority (UKLA), which:
- ensures that listed companies (or companies seeking a listing on the UK exchange) comply with certain standards set out in the LISTING RULES
- requires that listed companies comply with certain DISCLOSURE RULES on an ongoing basis
- ensures that companies either comply with the Combined Code of Corporate Governance 2003, or that they state where they do not comply and why
- has the power to suspend trading in a company’s shares or cancel their listing.
2 Main traded markets of the London Stock Exchange (LSE)
- the main market
- the alternative investment market (AIM)
SIMR
The UK financial services regulators introduced a Senior Insurance Managers Regime (SIMR) at the start of 2016.
This regime brought together a number of rules (including Solvency II requirements) to ensure that individuals who run insurance companies:
- have clearly defined responsibilities
- behave with integrity, honesty and skill.
2 Main parts to the SIMR
- The development of a GOVERNANCE MAP giving details of:
- – the company and corporate governance structure
- – identified “Key Functions” (including the Risk Management Function), “Key Function Holders” who are ultimately accountable for these functions and “Key Function Performers” who support the Key Function Holder in the execution of their duties
- – all individuals included within the SIMR regime, their responsibilities and reporting lines
- – the rationale applied in identifying those individuals and allocating responsibilities to them. - The requirement to carry out an ASSESSMENT OF FITNESS and proprietary of senior insurance managers and directors, based on their responsibilities as allocated through the governance map. Of particular note is the inclusion of the Chief Risk Officer and the Chair of the Risk Committee.
Main Criticisms of Basel II
- too much emphasis may be being placed on a SINGLE NUMBER that aggregates a wide variety of risks
- some risks (eg operational) are very difficult to quantify
- some risks (eg liquidity) are only given cursory consideration
- more complex calculations does not necessarily imply more reliable calculations
- the new regime costs a lot to implement, particularly if banks want to take advantage of the more beneficial capital regimes by using their own advanced credit and market risk models
- banks all measure risk in the same way, and may be trying to protect themselves in the same way at the same time of crisis - a feature called risk herding
- market values may under-value certain assets
- implied levels of confidence could be spurious as some securities (eg CDOs) have not existed for very long
- pro-cyclicality, the (systemic) risk that assets may need to be sold if their market value falls - forcing prices down even further
- banks could become overconfident in their risk control due to the complexity of the risk modelling.
Basel III aims
- STRENGTHENS CAPITAL REQUIREMENTS for banks, including limiting cross-holding in other financial institutions and associated assets to limit systemic risk
- introduces a CONSERVATION BUFFER to provide breathing space in times of financial stress
- CHANGES MINIMUM RATIOS of Tier 1 and Tier 2 capital
- allows some flexibility in capital requirements in times of financial crises to LIMIT PRO-CYCLICALITY.
Solvency II aims
Solvency II aims to introduce:
- ECONOMIC RISK-BASED SOLVENCY REQUIREMENTS across all EU Member States
- MORE COMPREHENSIVE requirements than in the past taking account of the asset side as well as liability side risks
- A requirement to hold capital against:
- – market risk,
- – credit risk,
- – operational risk and
- – underwriting (life, non-life and health) risk. - An emphasis that capital is not the only (or the best) way to militate (this means “to have influence on something or bring about a change”) against failures.
- A more PROSPECTIVE FOCUS.
- A STREAMLINED APPROACH which aims to recognise the economic reality of how groups operate.
Solvency II:
Pillar 1
Contains the quantitative requirements designed to capture
- underwriting,
- credit,
- market,
- operational,
- liquidity and
- event risk.
These can be assessed using a standardised approach or a company’s own internal model.
There are two parts to the requirements:
- the Solvency Capital Requirement (SCR - below which regulatory action is taken)
- the Minimum Capital Requirement (MCR - below which authorisation is foregone)
Solvency II:
Pillar 2
Contains qualitative requirements on undertakings such as risk management as well as supervisory activities.
Specifically, insurers must carry out their Own Risk and Solvency Assessment (ORSA) to quantify their ability to continue to meet the SCR and MCR in the near future, given their identified risks and associated risk management processes and controls.
Solvency II:
Pillar 3
Covers supervisory reporting and disclosure.
The purpose of ORSA
To provide the board and senior management of an insurance company with an assessment of:
- the adequacy of its risk management, and
- its current, and likely future, solvency position.
The ORSA requires each insurer (5)
- to IDENTIFY THE RISKS to which it is exposed
- to IDENTIFY THE RISK MANAGEMENT PROCESSES and controls in place, and
- to quantify its ongoing ability to continue to meet its solvency capital requirements (both MCR and SCR)
- —- involving projections of financial position over terms longer than that normally required to calculate regulatory capital requirements
- to analyse quantitative and qualitative elements of its business strategy
- to identify the relationship between risk management and the level and quality of financial resources available.
Outline the main similarities between Basel II and Solvency II
- They both describe requirements in three pillars, and each pillar deals with similar aspects of the company’s risk (capital, supervisory and disclosure).
- Both frameworks are largely risk-based (solvency I was purely volume-based) in that they allocate capital to business areas that run the highest risk. This means that they deal with embedded options, guarantees and other non-volume related risks.
- Both frameworks are designed to be suitable for multi-national firms.
- Companies that have both banking and insurance arms should find that the approaches to regulation are consistent for both types of business.
Main difference between Basel II and Solvency II
The key difference is that Basel II is based on the concept that the market participants are dependant on one another and that there is SIGNIFICANT CONTAGION RISK in the banking sector (the demise of one bank can affect another).
However, the Solvency II framework is not designed with systemic risk in mind as it is considered unlikely that the demise of one insurer will affect others.
Overall Basel II takes a more prescriptive approach than Solvency II, which is more principles based, leaving the details to the regulators in individual countries.
Key features of the Sarbanes-Oxley Act of 2002
- the formation of a Public Accounting Oversight Board (PAOB) to inspect the published accounts of quoted firms and to prosecute any accountancy firm deemed to be in breach of the regulations.
- increase accountability of CEOs and CFOs of public companies, whereby they are required to certify that the financial statements do not contain any untrue facts and are personally responsible for financial disclosures in the financial reports
- that each published report must contain an internal control report (ICR), which commits management to maintain proper internal controls and review their effectiveness
- the requirement for external auditors to on the assessment made by the management
- that it is illegal for for management to interfere with the audit process
- to make it illegal to destroy records or documents with intent to influence an investigation
Key themes for management to consider as part of their governance, risk and compliance (GRC) systems
- Are controls identified and documented?
- Are controls consistent across the business?
- Do controls address the critical factors - ie are the right controls in place?
- Do the controls include risk management?
- What testing procedures are required before signing off the ICR?
COSO
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a US private sector organisation, sponsored by professional accounting associations.
It has issued a set of definitions and standards against which organisations can assess their internal control systems.
State the principles embedded in the COSO framework
- risk represents opportunity as well as potential downside
- ERM is a parallel and iterative process
- everyone has a role in risk management (at all levels)
- any risk management process is imperfect
- implementation of risk management must balance cost with potential benefit.
3 Dimensions of the COSO cube
- ERM components / processes
(eg risk assessment, monitoring) - … in each BUSINESS OBJECTIVE covered by the framework
(eg operational, strategic) - … and at each BUSINESS LEVEL of application
(eg subsidiary, unit)
Swiss Solvency Test
A risk-based regulatory capital regime which has been fully in-force in Switzerland since 1 January 2011.
It takes a market consistent approach and has similarities with the Solvency II Pillar 1 requirements.
Differences include calibration to a Tail Value at Risk (TVaR) measure at 99% confidence rather than Value at Risk (VaR) at 99.5% confidence.
