Risk Culture in Financial Services

One of the many issues that seems to puzzle some academic researchers seems to be the multiplicity of risk management approaches and, by implication, risk cultures.  One implication is to urge caution about codifying risk management.  The hope is that over time experience will accumulate, which will help us understand the need for this variation (here). 

I recently came across an interesting research report from Michael Power, Simon Ashby and Tommaso Palermo (here).  It seeks to explain this variation based on some field work covering UK banks and insurance.  

The report doesn’t look at risk culture by identifying instincts, attitudes, habits, and behaviour.  Rather it focuses on a number of observable building blocks that are associated with the design of risk management structures and identifies the underlying trade-offs, which I have summarised in the table below.

Building block	Trade-off
Design of oversight structures	Business partner and independent advisor
Enhance the organisational structure of risk management	Informal network and formal processes
The real organisational life of risk appetite in the form of limits and tolerance	Risk and control
The openness of organisations to outsiders in progressing change	Internal change and the use of advisors
The extent of the footprint of the regulator on organisation processes	Own risk and regulatory culture
Choices in designing leverage over behaviour	Ethics and incentives

I found the section on risk appetite particularly interesting and, in particular, the articulation of the trade-off between risk and control.  The difference between the focus on the choices within the risk appetite limits and the focus on the enforcement of the limits.

The report considers the above building blocks in the context of the three lines of defence governance models.  The trade-offs also suggest that any current model would be built on tensions and that the lines of defence would be likely to be less than ‘straight’ lines.  

The report has helped me make sense of my own observations.  I am sure it will help you too.

Conduct Risk Regulation: the Global Dimension

I wrote a post not so long ago about conduct risk in the UK (here).  In the course of producing that work, I discovered an emerging global dimension to conduct risk and I have been looking into it.  There seems to be three strands to this:

1.  Work on financial consumer protection focusing on credit and coordination with other international bodies by the Financial Stability Board (here).

2.  Principles for financial consumer protection led by the OECD.    The OECD has developed 10 principles of consumer protection (here).  I have summarised them below.  They summarise neatly the extent of the challenge.  The OECD continues its work.  It has issued a draft paper (here) setting out more detail on some of the principles.  

3. Work on financial education through International Network on Financial Education (INFE) coordinated by the OECD.   There is an interesting set of principles developed by the OECD (here) and a web-site listing financial literacy programmes and related research (here). 

I find this interesting for a number of reasons. 

1.  If you believe that regulation can be improved by pooling knowledge and expertise, then there is something valuable here.  Given the domestic nature of retail financial markets, this is going to be an interesting experiment of supervisory design where the challenge will be to articulate workable approaches that can be tailored to national conditions rather than prescriptive solutions.

2.  While financial consumer protection is a good case of a market failure, in the genuine economic sense, not every policy intervention would necessarily pass a cost-benefit test.  If there was scope for an 11^th principle it would be assessing the costs and benefits of policy initiatives.  Interestingly, the principles on national strategies for financial education include impact assessment. 

3.  The explicit recognition in the OECD principles that effective competition in the relevant markets can deliver appropriate outcomes for consumers. 

4.  While the above points together with the underlying market failure add up to a reasonable case for this activity, it is interesting that policy-makers interest on this issue stems from the financial crisis – a feature of G20 summits since 2010.   

The G20 interest together with the OECD endorsement of the principles should give these initiatives momentum.  It would be interesting to see what are the national impacts of these initiatives.   

=================

OECD 10 principles for financial consumer protection

1. Financial consumer protection should be an integral part of the legal, regulatory and supervisory framework. 

2.  There should be oversight bodies explicitly responsible for financial consumer protection with the necessary authority to fulfil their mandates. 

3.  All financial consumers should be treated equitably, honestly and fairly at all stages of their relationship with financial service providers. 

4.  Consumers should be provided with key information about the fundamental benefits, risks and terms of the product, including conflicts of interest where an agent is also involved in the sale.  

5. Financial education and awareness should be promoted by all relevant stakeholders and clear information on consumer protection should be accessible. 

6.  Financial service providers and their agents should have an objective to work in the best interest of the consumer and be responsible for upholding consumer protection. 

7.  Financial service providers should put in place mechanisms to protect financial consumers’ assets from fraud, misappropriation and other misuse.

8.  Personal information should be protection through appropriate control mechanisms. 

9.  Financial consumers should have access to complaints and redress mechanisms that are affordable, independent, fair, accountable, timely and efficient. 

10. Competitive markets should be promoted to provide consumers with greater choice, create competitive pressure on providers to offer competitive products, enhance innovation and maintain service quality.

Supervisory Stress and Scenario Tests: Does It Lead to Business Benefits?

I read a good question about stress and scenario tests: whether they are just a regulatory requirement or whether they are also a useful business tool.      

It is certainly a regulatory requirement in many jurisdictions, including the UK.  In my view, the supervisory application of stress testing is really re-writing regulatory requirements by formalising a new minimum level of capital which allows a bank to meet its minimum capital requirement after experiencing stress conditions.  I have written about this more extensively in my blog (here) following the publication of a paper on this subject by the Bank of England.  

If stress testing is a regulatory requirement, the next question is how it can be done so that the activity adds value to the business.  When I think about this, two aspects come to mind.  

Firstly, there is something about 'how' stress tests are done to add value to the business.  In this sense, there is something to take from the Bank of England paper.  The paper mentions examples of shortcomings that the UK supervisor has identified in banks' practices of stress testing, including the lack of Board engagement.  See my previous posting (link above) for a full list.  Interestingly, most of the shortcomings are related to governance.  It follows then that it is unlikely that banks will wish to derive value for their business if the governance has not been appropriate.

Secondly, there is something about 'what' is the source of business value.  Is the source of value the knowledge of the actual stresses?  Knowing the actual stresses prompts a question along the lines of 'so what'.  I believe fleshing out the answer to this question and identifying the management actions, planning them and seeking board approval would be the real value to the business.  Not surprisingly the paper from the Bank of England also stresses this aspect.  In a trading environment, the action could be adjusting appropriately the portfolio.  In a banking environment, this would need to be identified below the institutional level and may not be straightforward to identify.  

My view is that there may be an aspect of a 'catch 22' here.  If there is limited appreciation of the business value of stress testing then there will be limited incentives to improve the governance of stress testing to rely on them from a business perspective.  Supervisory intervention might then challenge this situation and as a by-product generate genuine business benefits.  

Business Model Analysis: the 'C-factor'?

There is fair amount of change happening in financial services regulation in the UK with the creation of new regulators and a new legislative framework.  As Hector Sants warned in 2012, “the changes will not just be structural but involve behavioural shifts from both supervisors and firms.”

Amongst all these changes and moves, there seems to be one emerging common factor between the FCA and PRA and between them and the FSA: business model analysis (BMA).  It has a strong overlap with the underlying business strategy.  A BMA has been described as answering six questions:

1. How does the company create value?
2. Who does the company create value for?
3. What is the source of competence?
4. How does the company competitively position itself?
5. How does the company make money?
6. What is the company size ambitions?

A recent speech from Julian Adams, Deputy Head of the PRA and Director of Insurance shows that the supervisor’s interest on BMA is not simply academic: 

“where incumbent firms have suffered competitive pressure in particular business lines, it is not uncommon for such firms to be tempted to increase the level of risk they run to protect their market positions, or ‘diversify’ into other areas in which they may not have the same level of expertise.”

This represents a healthy move away from supervision based on compliance with rules to supervision focused on the business and the underlying risks that arise from the strategy.  The BMA provides then a base line that enables supervisors to understand how trends impact on risk taking or business strategy. 

Given that supervisors have been behind the application of BMA in financial services, BMA remains to a large extent a supervisory tool.  Will it remain so?  Are there potential gains to financial services businesses from undertaking a BMA, even if there is no supervisory visit in the near future? 

I would be interested on your thoughts. 

The Potential Impact of Solvency 2 Regulation on Competition

One of the challenges about financial regulation is identifying the impacts so that costs can be kept to a minimum and benefits maximised.  Targeting regulation to address identified ‘market failures’ helps but it also require an analysis of the costs and benefits.  

Some impacts can easily be measured, like the cost of changes to IT systems.  Others are not so easily measured like the impact on how firms compete in the market place.  For example, regulation can create barriers to entry that can undermine the efficiency of competition. 

The potentially negative impact on competition because of market consolidation was one of the concerns at the time of the publication of the Solvency 2 directive.  There were two aspects to this concern:

(i) reducing capital requirements by taking into account the pooling of un-correlated risks could benefit disproportionally large and well-diversified insurers.

(ii) the fixed costs of risk management and compliance aspects of Solvency 2 could bear more heavily on small and medium insurers.

Relevant extracts from the Commission’s impact assessment of the Solvency 2 directive published in 2007 are below:

"The recognition of diversification effects implies that well diversified entities, or those which are part of an insurance group will, in practice have lower capital requirements than single solo entities which are less well diversified. Although this is fully in line with the basic economic principles underpinning the proposal, and does not entail lower protection for policyholders, it may nevertheless act as a catalyst to the already existing trend of consolidation in the EU insurance market and increase already existing competitive pressures on small and medium-sized insurers. This however does not mean that small and medium sized insurers would be expected to quit the market in a disorderly way following the introduction of Solvency II, but rather that they would be incentivised to look for new partnerships and alliances. Moreover, many small and medium sized insurers are specialised insurers that carefully monitor and manage their risks, and benefit greatly from being close to their customers. Where this is the case, these natural competitive advantages will be fully recognised and will result in lower capital requirements for those companies." (Commission’s Impact Analysis of the Solvency 2 directive, page 49)

"Insurers may also have incentives to consolidate further, as the implementation of Solvency II could require substantial investment in data collection, IT and risk management systems and expertise. Similarly, strengthening risk management will give rise to fixed compliance costs which are likely to fall more heavily on small firms. While this effect should be smoothed by applying the roportionality principle (limited reporting requirements for small firms), the higher weight of compliance costs for small firms could be a further driver of consolidation.  Moreover, the use of relatively sophisticated internal models for risk management could ensure lower regulatory capital requirements - and a consequent pricing advantage – for bigger insurers."  (DG ECFIN Report - Section 3.4.1)

As noted in the assessment, an important point to bear in mind is that the underlying effects mentioned above exist anyway.  So the question is really about the extent to which Solvency 2 exacerbates these trends significantly.

A few years have now gone through and I would be keen to hear your thoughts about a number of aspects of the impact of Solvency 2 on competition:

• You may have observed negative effects on competition in the product space as a result of Solvency 2.  If so, could you share details about your observations?

• If you have not observed a negative effect on competition, do you believe that it’s just a matter of time until we do?  For example, you could take the view that the reason we have not observed a negative impact is that Solvency 2 has not yet been implemented.  

• You may take the view that the absence of negative effects on competition is the result of changes in the industry landscape.  For example, a recent CSFI survey ‘Insurance Banana Skins 2013’ suggests that there is a significant amount of capital in the insurance industry (‘capital availability’ goes from the second highest concern in 2012 to number 16 in the 2013 survey).  If so, do you believe that the increased availability of capital has muted the potential impact on competition?  Are there any other relevant changes in the industry landscape that have a similar effect? 

• Finally, you may take the view that we are unlikely to see a negative effect on competition.  This could be because regulation’s marginal impact on existing trends is unlikely to be material.

I would be grateful for your thoughts.  If you want to share your thoughts privately, email me at isaacalfonblog "at" gmail.com.  

This is not intended to be a scientific poll but if there are sufficient answers I will summarise the emerging views (without attribution) in a future post. 

Conduct risk: old wine in a new bottle?

The establishment of the Financial Conduct Authority (FCA) as the new conduct of business regulator in the UK has brought a new focus to 'conduct risk'.  I have been working with BaxterBruce, a management consultancy, on this issue.  We have written a paper (here) summarising the recent changes in financial regulation that are relevant to conduct risk and identifying what steps businesses may consider to meet this challenge.  

There is also an emerging international dimension to conduct risk that I will cover in a future post.

Banking regulation: a new paradigm, more challenges but similar consequences

The Bank of England recently published a discussion paper (here) setting out a comprehensive framework for coordinated stress and scenario tests of the UK banking industry.  

This process is challenging but necessary to underpin the resilience of the UK financial system.  As set out in the paper, other countries are going through similar exercises and there is a view that they can be instrumental to restore the credibility of the banking system.  

In 2014 the exercise will cover the eight banks covered in the recent regulatory capital shortfall exercise (Barclays, Co-op Bank, HSBC, Lloyds Banking Group, Nationwide, Royal Bank of Scotland, Santander UK and Standard Chartered).  For future years the Bank is considering the inclusion of medium-sized banks.  It is also likely to include UK subsidiaries of foreign globally systemic banks. 

At a high-level, the approach is reasonably straightforward.  Staff at the Bank design common stress scenarios for all banks which look into the next three to five years.  The severity of the scenarios is described in qualitative terms – “both sufficiently severe but also plausible”. 

Each bank goes through a similar process and creates specific stress scenarios.  These must be consistent with the bank’s business model and key vulnerabilities and be as severe as the common scenario.  

Then a bank assesses the impact of both types of stress scenarios and considers the management actions that may be needed to ensure that the bank can meet the capital requirements prescribed by the PRA (or at least the internationally agreed minimum capital requirements) after the stress.

Towards the formalisation of a new paradigm …

It seems that there are two major changes to banking regulation in this process. 

Firstly, going forward it would not be enough for a bank to just meet its capital requirements.    A bank should demonstrate that it would meet its capital requirements after a stress has taken place.  This could have implications on a bank’s capitalisation level.

The next change is about reducing the reliance on a bank’s internal models.  Officials at the Bank have raised these concerns before, for example, in this speech of Andrew Haldane (here).  In particular, the evidence about the large number of parameters that need to be calibrated is sobering.  The paper sets out the Bank’s intention to rely on a suite of models to assess capital adequacy, including a bank’s internal models, regulatory models and models of the entire financial system that build in the impact of interaction between institutions. This is consistent with the doubts that have been expressed.  You could say that the message is that a bank’s internal models would be credible if it is operated in a context where the bank has sufficient capital to meet its capital requirements after stress scenarios.

… which creates challenges for the Bank …

I suppose that for a regulator like the Bank defining “sufficiently severe but also plausible” stress scenarios is not perhaps the most significant challenge.  My guess is that the real challenge would be in terms of applying judgements to the results provided by banks and consolidating the impact across a number of scenarios for each bank and for the system as a whole.  One would hope that there will be enough transparency so that a bank’s executives understand where and how their conclusions may differ from those derived by the Bank.  

The other challenge would be the inclusion of medium-sized banks.  The paper is open about the challenge that this may represent for these banks.  The Bank would need to balance that against the recognition that medium-sized banks like Northern Rock can also create systemic disruption and put taxpayers’ money at risk (here).  One possible way of reducing the impact would be to integrate this exercise within the existing ICAAP and Pillar 3 disclosures frameworks.

… and for banks

UK banks have been undertaking stress and scenario tests for regulatory purposes.  The paper includes a list of the shortcomings that the FSA had identified: 

• “insufficient engagement by banks’ Boards and senior management with the stress-testing process;  
• insufficient integration of stress testing with banks’ annual business planning process, including the use of stress tests as a challenge to business plans; 
• inadequacies in scenario design, including the failure to identify key vulnerabilities, overly optimistic baseline assumptions and insufficiently stressful adverse scenarios;
• difficulties in reconciling risk data with reported balance sheets and risk-weighted assets;
• stress-testing infrastructures that have not been suitable for bank-wide stress testing;
• insufficiently justified or internally challenged assumptions and judgements around the translation of macroeconomic shocks into projected losses, including overestimation of banks’ ability to control margins and generate profits in stress scenarios; and
• inadequate determination and quantification of relevant management actions under different stress scenarios.”

The paper does not say much about how generalised these shortcoming are.  However, I found it very interesting that most, if not all, of those shortcomings are related to weaknesses in processes and governance rather than technical issues. 

There are also consequences …

And in case those reading the paper have doubts about the Bank’s determination to see this through, the Bank suggests that failure to address these shortcomings will result in regulatory intervention. 

“The exercise might reveal weaknesses in banks’ stress-testing and capital planning processes and governance. In those circumstances the PRA would consider what action was appropriate to ensure that shortcomings were addressed. The PRA has a variety of formal powers available. Additional capital requirements might be one tool. Withdrawing certain permissions, changing banks’ management and requiring specific actions to improve banks’ stress testing, risk management or capital planning processes are others.”

Summing up, we may be witnessing the formalisation of a new paradigm for banking regulation that places less reliance on a bank’s internal models but the potential enforcement side does not seem to be changing.  

The paper includes a number of specific questions and responses are requested by 10 January 2014. 

The Fate of Solvency 2 ...

There was today a Solvency 2 trilogue between the European Commission, the Council and the European Parliament.  Gideon at www.solvencyiiwire.com articulates very well what are the open issues (here).  Who knows tomorrow we may know the fate of Solvency 2.

Re-stating the Case for Solvency 2

In the midst of following press-reports about the tri-logue discussions about Solvency 2 and given the passing of time, I had almost forgotten what it is all about. 

I am starting to give some thought to a training course that I will be delivering in March 2014 for Euromoney (here).  As a result, I have been dusting off documents like the Sharma report from 2002 (here).

This provided a useful reminder of what it is all about:

1.  Common approaches for supervision.  

The underlying differences that challenge an agreement on Solvency 2 between the Commission, Council and Parliament: the extent of different supervisory objectives and approaches that exist(ed) are quite significant.   

The differences in the table put the progress to date in terms of legislation in perspective.(*)   This is also a useful reminder of why Solvency 2 is a European project.  You may disagree that Solvency 2 should be a European project but that's a different point. 

2.  The important role of risk management and senior management 

In the words of the report ...

"Although a well-managed firm can still fail, poor management makes a firm vulnerable and we believe that in practice it is the primary root cause of most problems in insurance firms.  We found that poor management can take one or more of the following forms:

(i) management are competent but have an excessive risk appetite or a lack of integrity or independence; or 
(ii) they operate outside their field or level of competence;
(iii) they fail to put in place adequate decision-making processes or adequate internal controls."

So perhaps there will be an agreement in the trilogue.  Then there will be a lot of detail - delegated acts, implementing technical standards - to discuss and assimilate.  However, I hope these messages about the case of Solvency 2 do not get lost ... 



Note: 
(*)  I am assuming that there haven’t been drastic changes across the EU in terms of supervisory objectives in the run-up to Solvency 2 and notwithstanding EIOPA’s work to bring about supervisory convergence, which will continue past any agreements at the trilogue.  

Freakonomics and Insurance Regulation

A post from the Freakonomics blog (here) highlights an interesting paper (here) about insurance regulation by Ralph Koijen and Motohiro Yogo.  The paper looks into the growth in the use of ‘shadow reinsurance’.  Freakonomics is concerned that there may be a bubble building up. 

I believe the underlying issue represents a good example of the law of unintended consequences that applies sometimes to financial regulation. This post will explain that and offer some thoughts from a Solvency 2 perspective.  

Some context – shadow reinsurance

There isn’t a formal definition of shadow reinsurance. Koijen and Yogo refer to shadow reinsurers as “affiliated and unauthorised reinsurers without an A.M. Best rating” in the US or offshore. (The paper used A.M. Best data, hence the reference to them in the definition.) 

The use of shadow reinsurance has also been covered in a recent report (here) from the NY State Department of Financial Services (DFS).  The DFS has a similar definition in mind, other than the ratings consideration.

Unintended consequences

The likely chain of events leading to an increased use of shadow reinsurance is set out below.   

Firstly, supervisors introduce new reserving requirements for certain term and life insurance products, so called XXX and AXXX reserving requirements respectively. 

These new reserving requirements require the use of stringent assumptions, which have been described as resulting in reserves “over eight to 10 times that of an ‘economic’ type reserve, such as a FAS 60 reserve under U.S. GAAP” (here).  I don’t really know if this estimate has passed the test of time – the paper is from 2005 – and the quote is offered as an indication of the conservativeness of the underlying assumptions.  As a footnote, it is worth noting that industry papers tend to refer to the delta between economic and AXXX / XXX reserves as ‘redundant reserves’.

Secondly, firms take action to reduce the impact of non-economic regulation. 

This requires an understanding of the prevailing regulatory environment.  Insurance companies would then realize that they can reduce the impact of these stringent reserve requirements by transferring some of these liabilities to special purpose vehicles (SPVs) in such a way that an insurance licence is not required. There are then some additional issues which give rise to the need of letter of credit to the originator. However, the key point is that if the recipient of the liability is not an insurance, the stringent valuation requirements would not apply.  

So far so good from a company's perspective.  However, what appears surprising is that state supervisors have a role in approving these transactions. There is even a sub-group of the NAIC Executive Committee called “Captive & SPV use sub-group” (see last page of this report).  It is therefore not entirely surprising that one of the DFS report recommendations is that state insurance commissioners stop approving these transactions:

“state insurance commissioners should consider an immediate national moratorium on approving additional shadow insurance transactions until […] investigations [by the Federal Insurance Office, Office of Financial Research, the NAIC and other state insurance commissioners] are complete and a fuller picture emerges.”

It would appear that the same supervisor that introduced stringent reserving requirements has a role in approving transactions aimed at reducing the impact.  This begs the question of what is the value of these onerous reserving requirements. 

Back to economic rationality, it is not entirely surprisingly, that the data in the paper also show that the (mean) reinsurance shifted to shadow reinsurers increased during the financial crisis when the uncertainty about valuations probably increased (Table 2 of the paper).

What about Solvency 2?

The essence of the unintended consequences means that it is difficult to foresee if similar transactions would happen under Solvency 2. 

The key point is that there would less incentive for these transactions to take place because it would not appear that the Solvency 2 reserving requirements would be uneconomical as in the case of AXXX and XXX requirements.  Although depending on the on-going discussion about the treatment of long-term guaranteed products, it may be argued that for certain insurances the Solvency 2 reserves are uneconomical. 

However, there are two additional considerations that would make the outcome in the paper less likely under Solvency 2. 

Firstly, there are specific articles in the directive about SPVs used for reinsurance purposes which require authorisation and the application of solvency requirements.  This would mean that shifting liabilities to SPVs would not necessarily mean a reduction in reserving and capital requirements.  (If you want to see the detail of the likely implementing measures, please check EIOPA’s advice to the Commission - here).  

Secondly, within the Solvency 2 directive a group is widely defined.  Personally, I would be surprised to hear that this could be read to exclude such SPVs.  More generally, the default approach to calculate the group solvency requirements is based on the consolidation of all exposures, which would mean that the effect of the transfer to an SPV cancels out.

The Solvency 2 implementing measures will  provide additional details about these issues but, as ever, regulation can have unintended consequences in particular when there are uneconomic requirements.