Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
1
1
The FSC’s Revised Risk-based Approach to SupervisionAssessing the risk of financial loss to the public presented by each regulated firm
3
What made us change?
� Need to identify the risks to the system more holistically
� Addressing the human failings of the previous methodology
� Lessons learnt from use of previous system� Independent review post Gibland/Marrache� Concentration towards lowest risk profile
due to previous scoring� Wanting greater differentiation to identify
higher risk firms
2
4
Reducing the burden of being regulated
Risk Management
Compliance Monitoring
5
The Risk Assessment Process
Off-site
Initial Profile
On-SiteFinal Profiling
Interfacing & Risk Mitigation
3
6
Off-site
7
Initial Profile
4
8
The FSC’s Regulatory Objectives
9
Risks to Objectives
5
10
What risks does a firm present to the FSC’s Regulatory Objectives?
11
Type of Firm
Prudential
Combination
Conduct of Business
6
12
What firm type are you?
Division\Type Prudential Conduct of Business
Combined approach
Auditors Audit Firms
Auditors
Banking & Investment
Services
BanksE-Money
MSBs MiFID Firms
Banks - MiFID
Fiduciary
Company Managers
Trustees
Funds and Pensions
Pension Schemes
CIS Managers (operators)
Funds
Insurance General
Insurance Companies
IMD firmsInsurance Managers
Life Insurance Companies
13
Prudential Risk Assessment
Prudential Requirements
Returns, Audited
Financial Statements,
MIS
Capital, Solvency, Liquidity, Financial
Performance
7
14
Conduct of Business Risk Assessment
Conduct of Business
Requirements
On-site testing/File Reviews
Mifid & IMD Obligations, AML/CFT, Advice & Services
15
Combined Risk Assessment
Prudential Requirements
Conduct of Business
Requirements
Combination Approach
8
16
Scoring Objective
OBJECTIVE : To determine the adequacy of the capital, funding and insurance cover in light of the current and future business plans of the firm.
17
Business RisksFinancial• To determine the
adequacy of the capital, funding and insurance cover in light of the current and future business plans of the firm.
Environment• To determine
what operational and other market risks the firm is subjecting itself in carrying out its business plan.
Business• To determine
where the current and future risks lie in a firm’s business plan, products and strategy.
9
18
Business RisksFinancial• Capital• Liquidity• Earnings• Insurance
Environment• Group• Legal• Operational• Market• Underwriting• Credit
Business• Strategy• Customers• Sources &
Distribution• Products &
Services
19
Control RisksControls• To determine the
control environment of a firm and management’s ability to put into place proper oversight procedures.
Organisation• To determine if the
legal ownership structure and/or passporting of services of the firm provides any impediments to the supervision of the firm.
Management• To determine if the
firm’s corporate governance arrangements and management are adequate for the nature, size and complexity of the firm.
10
20
Control RisksControls• Compliance,
Audit & Risk Management
• Conduct of Business
• Operations• Control
Environment
Organisation• Multiple Activity
Groups• Branches &
Subsidiaries• Ownership
Management• Quality of
Management• Corporate
Governance
21
Risks to Objectives
Financial Failure (FF)
The risk to the market confidence, systemic risk, p rotection of the good reputation of Gibraltar and protection of consumers objectives arising from the insolvency or illiquidity of a firm. For high impact firms this may also include financial losses that, whilst short of causing failure, can still adversely affect market confidence. This can also lead to direct financial loss to the public.
Misconduct and /or mismanagement (MM)
The risk to the protection of the good reputation o f Gibraltar, protection of consumers and market confidence objectives of mis-selling or mishandling of products/services by firms, of inappropriate behaviour by firms or mismanagement of their operations. This can also lead to direct financial loss to the public.
Consumer understanding (CU)
The risk to the protection of consumers and public awareness objectives arising from possible lack of understanding by consumers of products/services bought from or provided by firms. This can also lead to direct financial loss to the public.
Fraud or dishonesty (F)
The risk to the protection of the good reputation o f Gibraltar, reduction of financial crime and market confidence objectives of the incidence of fraud or dishonesty – either within firms, or by external parties defrauding firms. This can also lead to direct financial loss to the public.
Market Abuse (MA)
The risk to the protection of the good reputation o f Gibraltar , reduction of financial crime, protection of consumers and market confidence objectives of market abuse conducted by firms or by clients through firms.
Money laundering/ Terrorist Financing (ML)
The risk to the protection of the good reputation o f Gibraltar, reduction of financial crime and market confidence objectives of money laundering/terrorist financing conducted through firms.
11
22
FF MM CU F MA ML
Financial Soundness, Liquidity and Capital
Adequacy of Capital ���� ���� ����
Liquidity ���� ����
Earning ���� ����
Insurance ����
EnvironmentCredit Risk ���� ����
Insurance Underwriting Risk ���� ���� ����
Market Risk ���� ���� ����
Operational Risk ���� ���� ���� ����
Legal Risk ���� ���� ���� ����
Group Risk ���� ����
Business PlanStrategy ���� ���� ����
Types of Customer ���� ���� ���� ����
Types of Products/Services ���� ���� ���� ����
Sources of Business & Distribution ���� ���� ���� ���� ����
23
FF MM CU F MA ML
Controls
Human Resources ���� ���� ���� ���� ����
IT ���� ���� ���� ����
Management Information Systems ���� ���� ���� ����
Business Continuity ����
Internal Audit ���� ���� ����
Outsourcing ���� ���� ���� ���� ����
Acceptance of and Disclosure to Customers ���� ���� ���� ����
Advising, Dealing and Managing ���� ���� ����
Security of customer monies/assets ���� ����
Compliance Arrangements ���� ���� ���� ���� ����
Anti-Money Laundering Controls ���� ���� ����
Risk Management ���� ���� ���� ���� ����
External Auditors ����
Actuaries ���� ����
Organisation
Ownership ����
External Branches & Subsidiaries ���� ���� ����
Multiple Activity Groups ���� ���� ���� ����
Management
Quality of Management ���� ���� ���� ���� ���� ����
Corporate Governance ���� ���� ���� ���� ���� ����
12
24
Scoring Risk Elements
Perceptiblehighly likely in 12 months
Probable50% probability
Possiblereasonable chance
Negligiblelittle likelihood
Score
5.0
3.0
1.75
1.0
Not Applicable
Crystallised
25
Maxing Out
Risk Element Scoring
1.75
5.00
3.00
N/a
Max Score = 5.00
13
28
How risk types are weighted according to type of firm
Risk Type\ Firm Type Prudential Conduct of Business
Combined approach
60% 10% 40%
30% 20% 20%
10% 70% 40%
40% 60% 45%
10% 10% 10%
50% 30% 45%
Financial
Environment
BusinessBus
ines
s R
isks
Controls
Organisation
ManagementCon
trol
Ris
ksWeights are representative of the major risk types applicable to the firm type.
35
Obtaining a Risk Profile
Max Score Weight % Weighted Score
1.75 10% 0.175
5.0 20% 1.000
3.0 70% 2.100
Total 3.275
Max Score Weight % Weighted Score
5.0 60% 3.000
1.0 10% 0.100
1.0 30% 0.300
Total 4.300
Impact
X 2.90 = 9.4975 Business Risk Score
X 2.90 = 12.470 Control Risk Score
Financial
Environment
Business
Bus
ines
s R
isks
Controls
Organisation
Management
Con
trol
Ris
ks
14
31
Impact
50%
20%
15%
15%
Impact Weighting
Size Experience Product Types Client Monies/Assets Held
34
Impact
High (5) Medium High (3)
Medium Low (1.75)
Low (1) ImportanceWeighting Value Score
Size High Medium High
Medium Low Low 50% 3 1.50
Customer Experience
General Public
Mixed -Professional / Captive /
Experienced20% 1 0.20
Product Types
Investment / Banking
FiduciaryFund
Adminis-trator
Protection / Other 15% 3 0.45
Client Assets / Monies
held
Controlling - Holding None 15% 5 0.75
Impact Score 2.90
15
36
What we have changed
37
A risk profile
Bu
sin
ess R
isk
s
Control Risks
10 15 20 25
10
15
20
25
Low
Monitoring
&/or
Remediation
Low Monitoring
& Medium
Remediation
Medium
Monitoring &
High
Remediation
High
Monitoring &
High
RemediationHigh Monitoring
& Medium
Remediation
Medium
Monitoring &
Low
Remediation
Bu
sin
ess R
isk
s
Control Risks
10 15 20 25
10
15
20
25
Low
Monitoring
&/or
Remediation
Low Monitoring
& Medium
Remediation
Medium
Monitoring &
High
Remediation
High
Monitoring &
High
RemediationHigh Monitoring
& Medium
Remediation
Medium
Monitoring &
Low
Remediation
9.4975
12.47
16
38
When a risk is crystallised
Bu
sin
ess R
isk
s
Control Risks
10 15 20 25
10
15
20
25
Low
Monitoring
&/or
Remediation
Low Monitoring
& Medium
Remediation
Medium
Monitoring &
High
Remediation
High
Monitoring &
High
RemediationHigh Monitoring
& Medium
Remediation
Medium
Monitoring &
Low
Remediation
Bu
sin
ess R
isk
s
Control Risks
10 15 20 25
10
15
20
25
Low
Monitoring
&/or
Remediation
Low Monitoring
& Medium
Remediation
Medium
Monitoring &
High
Remediation
High
Monitoring &
High
RemediationHigh Monitoring
& Medium
Remediation
Medium
Monitoring &
Low
Remediation
When a risk element is scored as CRYSTALISED, • the Total Business
or Control Risk is multiplied by 3 and
• capped to 25 after impact
In this example say a Business Risk Element is scored as Crystallised;9.4975X3=28.4925Capped = 25
39
On-site
17
40
Prior to an on-site
Determine the expected duration of the on-site visit
Arrange with the firm mutually convenient dates for the on-site to take effect
Provide the firm with a formal agenda which will: • List all the risks that it wishes to discuss• Identify any individuals that the FSC wishes to speak with on any of the matters • Allow the firm’s Senior Management to invite to the meeting any other person it
feels would contribute to the on-site • Provide a list of any additional document or information that it may wish to
review
41
Post on-site
Summarise the areas reviewed by the FSC team
Invite the Senior Management of the firm to provide input to the team on areas which they wish to add to the risk assessment
Invite the firm to provide any feedback on the process
18
42
Final Profiling
43
Risk Mitigation-Fit for Purpose
19
44
Mitigation Tools
Bu
sin
ess R
isk
s
Control Risks
Bu
sin
ess R
isk
s
Control Risks
Control Risk Score
Supervisory Visit
Focused Visit
Skilled Persons
Branch Visit
45
To avoid seeing more of the FSC
Bu
sin
ess R
isk
s
Control Risks
Bu
sin
ess R
isk
s
Control Risks
Bus
ines
s R
isk
Sco
re
Frequency of FSC
Prudential & Other
Interfacing
20
46
Formal Feedback
Address the outstanding risks identified in the assessment.
• Including Identify any areas to be covered by a reporting accountants’/skilled persons’ review, and the timescales by which these should be carried out.
Set out the interfacing between the FSC and the firm
Provide the firm with its Risk Profile.
Establish the length of the supervisory cycle
47
Helping yourselves to an easier life
� Mitigate the risks most likely to lead to a higher risk score
� Lower your impact score by changing your profile� Avoid having risks that crystallise
21
48
Same firms, new scores
49
New Distribution of Risk Profiles