Risk-based regulation is OUT. Regulation-based risk management is IN.


Risk-based regulation is OUT. Regulation-based risk management is IN.

by Tapan Agarwal - Risk Product Council Chair

06 April 2016

Being Reactive

Back in the late 1990s and early 2000s, regulations were designed to factor in risks. The UK Financial Services Authority, the Canadian Office of the Superintendent of Financial Institutions and the Australian Prudential Regulation Authority were all exploring risk-based approaches to regulations in their respective regions. Regulatory authorities wanted to create integrated financial regulation systems, birthing the OSFI Act, FSA and APRA’s PAIRS and SOARS frameworks in their respective regions.

Then came the year 2008. Kosovo declared its independence from Serbia, becoming a new nation that year, terror attacks rocked Mumbai for three days and Barack Obama become the first African-American president in the United States. But the reason why 2008 is most recalled today is to talk about the financial crisis that coursed through the world’s economies.

In its aftermath, governments and regulators have realized that having banks comply with regulations alone may not be enough to ensure the stability of the financial system. Today, the onus is on the banks to design their resources; systems, people and process included, in a manner that effectively manages the risks as well as complies with the industry guidelines.

Being Proactive

Compliance cannot be placed in a silo by banks, to be looked after only by the compliance department. Regulations need to be understood in the context of market conditions and a holistic approach needs to be adopted by the banks, integrating it in the bank’s business strategy.

Regulators emphasize not only compliance but also personal responsibility and increased risk governance. Capital, liquidity, systematic risk, supervision and governance are all areas that face regulatory pressure across Americas, Europe, Middle East and Asia-Pacific. There is a growing demand by regulators on conducting customer due diligence, customer classification and supplying specific data to the authorities.

Regulators are seeking to instil best practices in the bank’s infrastructure. There are three key factors that define a robust risk management strategy for banks:

  • Better risk decisions: Data tends to reside in silos; different departments have their own approaches and incentives to manage data. Multiple systems mean duplication of data, inconsistent information and sometimes even incompatible or erroneous details. Too much time is spent on aggregation and reconciliation, too little on conducting analysis for risk or strategic reasons. Data shouldn’t be used for mapping clients to forms alone; it needs to lead to smart business decisions.
  • Digitized and flexible systems: Regulators demand information, that is a given. But what report might be asked for and when, is something that the banks know only when the regulator seeks it. This means that the bank’s systems should be flexible enough to react to such requests even if the reports asked for are not a part of the standard reporting system and this should be possible without much manual intervention.
  • Enhance quality of data: Risk management is ineffective if the data is inconsistent, incomplete or invalid; a danger posed by data if it resides in multiple, disparate systems. Having the relevant data alone is not enough. It needs to be quality data, easily translatable to the regulators requirements.

Banks need to know who their high-risk clients are. They need to identify where risks exists. And they need to be able to do all this without having the regulator ask them to do it. Regulation-based risk management means being proactive. Clearly, not having an effective risk management approach can place the banks in a vulnerable position, the downfall of which is having to cough up fines and penalties, not to mention the loss of hard-earned reputation and clients.


This post is a part of the blog series: Commercial Risk - The New Normal. Read more here.

Facebook Twitter Linkedin