Risk Culture in Financial Services

One of the many issues that seems to puzzle some academic researchers seems to be the multiplicity of risk management approaches and, by implication, risk cultures.  One implication is to urge caution about codifying risk management.  The hope is that over time experience will accumulate, which will help us understand the need for this variation (here). 

I recently came across an interesting research report from Michael Power, Simon Ashby and Tommaso Palermo (here).  It seeks to explain this variation based on some field work covering UK banks and insurance.  

The report doesn’t look at risk culture by identifying instincts, attitudes, habits, and behaviour.  Rather it focuses on a number of observable building blocks that are associated with the design of risk management structures and identifies the underlying trade-offs, which I have summarised in the table below.

Building block	Trade-off
Design of oversight structures	Business partner and independent advisor
Enhance the organisational structure of risk management	Informal network and formal processes
The real organisational life of risk appetite in the form of limits and tolerance	Risk and control
The openness of organisations to outsiders in progressing change	Internal change and the use of advisors
The extent of the footprint of the regulator on organisation processes	Own risk and regulatory culture
Choices in designing leverage over behaviour	Ethics and incentives

I found the section on risk appetite particularly interesting and, in particular, the articulation of the trade-off between risk and control.  The difference between the focus on the choices within the risk appetite limits and the focus on the enforcement of the limits.

The report considers the above building blocks in the context of the three lines of defence governance models.  The trade-offs also suggest that any current model would be built on tensions and that the lines of defence would be likely to be less than ‘straight’ lines.  

The report has helped me make sense of my own observations.  I am sure it will help you too.

Conduct Risk Regulation: the Global Dimension

I wrote a post not so long ago about conduct risk in the UK (here).  In the course of producing that work, I discovered an emerging global dimension to conduct risk and I have been looking into it.  There seems to be three strands to this:

1.  Work on financial consumer protection focusing on credit and coordination with other international bodies by the Financial Stability Board (here).

2.  Principles for financial consumer protection led by the OECD.    The OECD has developed 10 principles of consumer protection (here).  I have summarised them below.  They summarise neatly the extent of the challenge.  The OECD continues its work.  It has issued a draft paper (here) setting out more detail on some of the principles.  

3. Work on financial education through International Network on Financial Education (INFE) coordinated by the OECD.   There is an interesting set of principles developed by the OECD (here) and a web-site listing financial literacy programmes and related research (here). 

I find this interesting for a number of reasons. 

1.  If you believe that regulation can be improved by pooling knowledge and expertise, then there is something valuable here.  Given the domestic nature of retail financial markets, this is going to be an interesting experiment of supervisory design where the challenge will be to articulate workable approaches that can be tailored to national conditions rather than prescriptive solutions.

2.  While financial consumer protection is a good case of a market failure, in the genuine economic sense, not every policy intervention would necessarily pass a cost-benefit test.  If there was scope for an 11^th principle it would be assessing the costs and benefits of policy initiatives.  Interestingly, the principles on national strategies for financial education include impact assessment. 

3.  The explicit recognition in the OECD principles that effective competition in the relevant markets can deliver appropriate outcomes for consumers. 

4.  While the above points together with the underlying market failure add up to a reasonable case for this activity, it is interesting that policy-makers interest on this issue stems from the financial crisis – a feature of G20 summits since 2010.   

The G20 interest together with the OECD endorsement of the principles should give these initiatives momentum.  It would be interesting to see what are the national impacts of these initiatives.   

=================

OECD 10 principles for financial consumer protection

1. Financial consumer protection should be an integral part of the legal, regulatory and supervisory framework. 

2.  There should be oversight bodies explicitly responsible for financial consumer protection with the necessary authority to fulfil their mandates. 

3.  All financial consumers should be treated equitably, honestly and fairly at all stages of their relationship with financial service providers. 

4.  Consumers should be provided with key information about the fundamental benefits, risks and terms of the product, including conflicts of interest where an agent is also involved in the sale.  

5. Financial education and awareness should be promoted by all relevant stakeholders and clear information on consumer protection should be accessible. 

6.  Financial service providers and their agents should have an objective to work in the best interest of the consumer and be responsible for upholding consumer protection. 

7.  Financial service providers should put in place mechanisms to protect financial consumers’ assets from fraud, misappropriation and other misuse.

8.  Personal information should be protection through appropriate control mechanisms. 

9.  Financial consumers should have access to complaints and redress mechanisms that are affordable, independent, fair, accountable, timely and efficient. 

10. Competitive markets should be promoted to provide consumers with greater choice, create competitive pressure on providers to offer competitive products, enhance innovation and maintain service quality.

Supervisory Stress and Scenario Tests: Does It Lead to Business Benefits?

I read a good question about stress and scenario tests: whether they are just a regulatory requirement or whether they are also a useful business tool.      

It is certainly a regulatory requirement in many jurisdictions, including the UK.  In my view, the supervisory application of stress testing is really re-writing regulatory requirements by formalising a new minimum level of capital which allows a bank to meet its minimum capital requirement after experiencing stress conditions.  I have written about this more extensively in my blog (here) following the publication of a paper on this subject by the Bank of England.  

If stress testing is a regulatory requirement, the next question is how it can be done so that the activity adds value to the business.  When I think about this, two aspects come to mind.  

Firstly, there is something about 'how' stress tests are done to add value to the business.  In this sense, there is something to take from the Bank of England paper.  The paper mentions examples of shortcomings that the UK supervisor has identified in banks' practices of stress testing, including the lack of Board engagement.  See my previous posting (link above) for a full list.  Interestingly, most of the shortcomings are related to governance.  It follows then that it is unlikely that banks will wish to derive value for their business if the governance has not been appropriate.

Secondly, there is something about 'what' is the source of business value.  Is the source of value the knowledge of the actual stresses?  Knowing the actual stresses prompts a question along the lines of 'so what'.  I believe fleshing out the answer to this question and identifying the management actions, planning them and seeking board approval would be the real value to the business.  Not surprisingly the paper from the Bank of England also stresses this aspect.  In a trading environment, the action could be adjusting appropriately the portfolio.  In a banking environment, this would need to be identified below the institutional level and may not be straightforward to identify.  

My view is that there may be an aspect of a 'catch 22' here.  If there is limited appreciation of the business value of stress testing then there will be limited incentives to improve the governance of stress testing to rely on them from a business perspective.  Supervisory intervention might then challenge this situation and as a by-product generate genuine business benefits.