Risk Based Supervision

What is Risk-Based Supervision?

Risk-Based Supervision (RBS) is gradually becoming the dominant approach to regulatory supervision of financial institutions around the world. It is a comprehensive, formally structured system that assesses risks within the financial system, giving priority to the resolution of those risks.

RBS is often contrasted with rules-based regulation. The latter, also known as principles or compliance-based supervision, is a method of regulation which involves checking for and enforcing compliance with rules – legislation, regulations or policies – that apply to an entity.

What is the purpose of RBS and why is it important?

RBS has a regulatory emphasis of “focusing on what matters” – assessing the degree of risk in the company’s business operations and determining how to reduce the risk as required.

With RBS, entities are always being monitored, both for compliance with the rules and for how they approach risk management. Failure to comply or to manage well is noted, and action is taken according to the appropriate legislation, to deal with any concerns. In a RBS regulatory system the following are considered:

  • finding contraventions of the law, regardless of materiality
  • reconciliation of data, counting the securities, other detailed checking
  • business strategy
    • financial analysis
    • on-site Inspections
    • market intelligence

RBS versus a Compliance Approach

RBS Compliance
Formal education Extensive Low to Moderate
Industry knowledge Extensive Low to Moderate
Company knowledge Extensive Low to Moderate
Ability to apply judgment Extensive Low
Interaction and communication across supervisory teams Extensive Low
Communications skills: Extensive

Extensive

Low

Low

Management oversight Extensive Low
QA Processes Extensive Some
Practices (i.e. documented procedures) Robust framework & supporting guidance required Check list and some guidance
RBS – A journey not a destination

Four considerations of RBS:

A prerequisite for good RBS is knowledge of the institution, its industry and operating environment. These can all be observed by creating a risk profile of an institution:

  • institution’s activities
  • risks in those activities
  • quality of risk management (day-to day management and Oversight)
  • capital required to support operations
  • identifying the key risks within an institution that may affect its risk profile
  • that its supervisory activity and resources applied are commensurate with the level of risk
  • Off-site monitoring –Review the financial data filed by the institution, using ratios and other methods of analysis

All institutions are exposed, to a greater or lesser extent, to certain broad types of risk such as credit risk, market risk, operational risk, etc. These categories fall under “inherent risks” because they are inherent to being in business. For each of these categories there are ways to consistently and objectively assess the level of risk:

  • Operational Risk– everyday risks of operating and managing a business. This includes the quality and reliability of an institution’s IT system, as well as the competence of management.
  • Market Risk– relates to the possible change in value of market prices, e.g., an institution’s portfolio of common stocks is subject to market risk because the market value may change very quickly.
  • Credit Risk– the risk of not being paid by entities owing money to the institution, e.g., the institution may have loaned money to investors by buying their debentures and is yet to be repaid.
  • Related Party Risk– when transactions occur between related parties, the normal discipline of market negotiation is not present; therefore, transactions between related parties such as shareholders and supervised institutions are subject to the risk that the interests of the institution will be subjugated to those of the shareholders.
  • Liquidity Risk– the risk that the institution will require liquid funds but not be able to access such when required to meet an obligation that is due and payable, e.g., a short-term insurance company has invested most of its funds in real estate; it requires liquid funds to pay claims and would therefore have high liquidity risk.
  • Underwriting Risk, Provisioning Risk– these are risks that are specifically applicable to insurance companies. Other types of institutions may have other unique risk categories.