Regulation in the 21 Century: From Prescription to Collaborative Supervision st
Download
Report
Transcript Regulation in the 21 Century: From Prescription to Collaborative Supervision st
Regulation in the 21st Century:
From Prescription to Collaborative Supervision
Priscilla Rabb Ayres
Global Regulatory Executive, Financial Services Sector
IBM
th
10 XBRL International Conference, November 16, 2004
[email protected]
Agenda
Regulation in the Information Age: Background
What is new about regulation in the 21st century?
Drivers for change
The new regulatory paradigm: Risk-Based Supervision
Financial Services Sector
Sector specific drivers for change
Illustrative initiatives
Basel II
IMF/WB Financial Sector Assessment Program
Sarbanes Oxley
The role of Extensible Business Reporting Language
(XBRL)
Thoughts on successful navigation of the regulatory
paradigm
The Industrial Age approach to regulation is out of step
in the Information Age
Traditional regulatory regimes are characterized by static focus
highly prescriptive and rules-based
Compliance is siloed and risks stand alone
Compliance functions typically low level and dispersed throughout organizations
Regulation viewed as exclusively the concern of the government
Focus on discrete violations and correction of those violations
Shortcomings for application in the 21st century
Inflexible and unable to keep up with rapid change
May not capture risk appropriately
Dependencies not adequately assessed
Can encourage “gaming the system” (e.g. Enron)
Highly labor intensive and slow
Traditional system failed to recognize early warning indicators for
the Enron, WorldCom, Parmalat, BCCI, Barings Bank, Vivendi, etc.
Key drivers for regulatory change have roots in
globalization, deregulation, and consolidation, powered
by technological advances
The global economy has become a reality
Interdependence of global markets exacerbates contagion risk
Deregulation fosters freer play of competitive forces
Multinational companies are challenging legal and regulatory
jurisdictional boundaries
Industry consolidation raises unprecedented levels of risk
Concentration of systemic risk in fewer companies
Technology rapidly changing products, processes, and capabilities
– business becoming increasingly complex
Critical infrastructure protection
Heightened security and privacy concerns for data and people
Threat of international terrorism
These drivers are forcing a sea change in regulatory
focus, approach, and implementation
Must be proactive and anticipate vulnerabilities
Regulations have global impact
Jurisdictional sovereignty must be rethought
Legal and cultural clashes are inevitable and must be reconciled
Innovation and complexity rule in successful markets
Regulators challenged to meet fiscal and skills requirements
Reward innovation while mitigating risks
Risks evolve and transform constantly
Identification and appreciation of risk must be proactive
Metrics must remain meaningful
Collaboration and communication among regulators, regulated
entities, and third party service providers critical
Terrorism risks are relatively new, unpredictable, and harmful
Individual privacy and security is challenged by technological
advances and justifiable need-to-know national security measures
Risk based supervision (RBS) accommodates change
and complexity and is being broadly adopted
Looks to the future -- aim is to prevent crises
Supervision of systemic risk by industry, firm, and customer
base
The common thread is reliance on sound risk and compliance
protocols and business performance management
Focus on corporate governance and senior management
accountability
Standards-based measurement of risk exposure and
dependencies
Enhanced collaboration between regulators and regulated
Supervisory tools and intensity linked to areas of risk and
concern
This regulatory paradigm is characterized by flexibility,
collaboration, technology, use of global standards – but
with tougher standards and aggressive enforcement
Adoption of RBS model evident in most regulated industries
Increased reliance on global standards organizations and on
development of appropriate global standards
Aggressive efforts to harmonize regulatory bodies globally
Greater leverage of technology by regulators to intensify impact of
supervision and lower costs
Greater scrutiny of technology providers and the use of technology
for compliance
Focus on high priority systemic risks and organizations
Severe penalties for non-compliance
The stakes have never been so high
The RBS model suits all regulated industries but
implementation is swiftest in the financial services
sector
Recent corporate scandals and economic crises have forced
urgent action to restore stability and confidence in financial
markets
The impact and repercussions of 9/11 redoubled the effort
The IMF and BIS have established frameworks that have evolved
to respond to the emerging challenges
Communication within the sector time-honored
Financial service regulatory bodies have shared interests and have
been pursuing like paths for years
Early adopters, such as the UK Financial Services Authority,
provide experience and validation
RATE (Risk Assessment, Tools of Supervision, Evaluation) adopted in 1997
Introduces consistency and use of best practices in bank supervision
Focuses supervisory efforts on banks with highest risk profile
The financial services industry has experienced
dramatic changes in recent years and the pace of
change continues
Systemic importance of a small number of large transnational
financial conglomerates
Significance of non-bank financial institutions such as investment
banks and hedge funds has risen, complicating market
surveillance
Stronger role of government sponsored enterprises (GSEs)
Unprecedented convergence has blurred traditional boundaries
Between financial institutions and capital markets
Among different types of financial institutions
Among different national jurisdictions
Technology is both a major agent of change and focus of risk
management
Prevalence of outsourcing of financial services to non-financial –
non regulated -- entities growing rapidly
Management of risk and compliance is paramount
Regulators are refining their approach to better
address key areas of systemic impact
Standards applied to largest financial institutions calibrated to
reflect their systemic relevance
Capital targeted to achieve greater ability to absorb shocks – capital cushion over
regulatory thresholds
Internal risk management regime -- for credit and market, operational, and
compliance risk – needs to meet higher standard
More demanding requirements for technology system operational resilience
Upgrade of regulatory and internal risk management framework for
government sponsored entities (GSE’s) to reflect higher risk
profiles and systemic risk potential
Enhanced focus on institutions that make up the core of our
payments systems
Operational resilience
Updated standards for risk management and internal financial resources
Strengthen oversight framework
*Source: Timothy Geithner, President and CEO, Federal Reserve Bank of NY. “Changes in the structure of
the US financial system and implications for systemic risk”, October, 2004
…and to incorporate supervision of emerging practices
and capabilities
Strong focus on outsourcing of financial services
FFIEC updated handbook, “Outsourcing Technology Services”
BIS Joint Forum’s consultative paper, “Outsourcing in Financial
Services”
Increased attention to the rise and risks of “offshoring”
Expanded supervision of technology service providers
FDIC handbook on technology service providers
Example of expansion into non-regulated industries that increasingly
impact business processes of regulated ones
Collaborative outreach among regulators
BIS Joint Forum
PCAOB and Eighth Company Law Directive
SEC and CESR announcement of May 26 for greater collaboration
between SEC and EU securities regulators
Supervision and compliance continue to get increasingly
complex
The number of regulations impacting financial
institutions are increasing, but there are common
themes that cross jurisdictional boundaries
Capital adequacy
Senior management oversight and accountability
Anti Money Laundering
Identity theft and fraud
Privacy and security
Critical infrastructure protection -- resiliency
Outsourcing of financial services
Harmonization of accounting principles
All deal with systemic risk and management of that risk
Critical tools and processes that facilitate internal risk
and compliance efforts and external supervision are
evolving
Enterprise risk management and compliance solutions
Enhance senior management control of operations
Provide transparency and auditability
Enhance confidence of regulators and the public
Increasing reliance on global standards organizations that provide
industry specific metrics to manage toward
Stress-testing and scenario methodologies
Outreach by regulatory authorities to harmonize regulations
globally and coordinate supervision
Use of emerging technologies -- notably XBRL
Global regulatory reporting
Regulator to regulator communication
Enterprise internal risk and compliance
…….
…risk management being the underlying imperative
"Indeed, better risk management may be the only truly
necessary element of success in banking."
Alan Greenspan, Federal Reserve Chairman reportedly commenting on better
management of banking risk and new rules on capital being the key to a
stronger banking system contributing more to economic growth.
Three major programs dominate the sector and will help
mold the future of financial services regulation
Basel II
Devised to improve the soundness of the financial system by aligning the
regulatory capital requirement to underlying risks
Banks encouraged to conduct better risk management and enhance market
discipline
Sarbanes-Oxley (SOX)
Addresses the accounting vulnerabilities exposed in recent corporate and
financial scandals
Motivated by the need to restore confidence in capital markets
World Bank/IMF Financial Sector Assessment Program (FSAP)
Mission: Achieve a diversified competitive global financial services sector to
promote sustained economic development and poverty reduction
Objectives: Alert national authorities to vulnerabilities in their financial sectors,
internal and external, and assist in design of measures to reduce those
vulnerabilities
Assessments are voluntary and are conducted by the IMF and WB, supported
by national agencies, central banks, and standards-setting bodies
Basel II is arguably the dominant force in the
transformation of global financial regulation….
Precipitated by recognition of the critical role played by operational
risk
And incorporates latest “technology” for managing risk
Regulatory/supervisory collaboration and global reach – Basel
Committee on Banking Supervision a venerable body
Industry input is valued in development of implementation
guidelines
Pillar II addresses the supervisory review process
Reliance on robust internal control processes
Management oversight and accountability
Cross jurisdictional supervisory coordination mandatory for
effective implementation for a global bank
Approximately 9,400 supervisors worldwide will need training
….and its impact extends well beyond the Basel II
countries and institutions
Global impact and influence
More than 100 countries, including over 88 non-BCBS, are expected to
implement Basel II by 2009
Reputational risk and competitiveness
Largely driven by local offices of foreign banks
Its principles and approaches are incorporated in the IMF/WB FSAP
Epitomizes the imperatives of proactive risk identification and
mitigation supported by validated standards and management
accountability
SEC has outlined a risk-based capital framework based on Basel II
to provide consolidated supervision of major investment banks
-- and the Counsel of European Securities Regulators (CESR) is
not far behind
Sarbanes Oxley has captured the attention of public
companies, the accounting profession, regulators, and
third party service providers
Precipitated by corporate scandals and impact on confidence in global
financial markets
The implementation timetable is aggressive
Senior manager accountability – in spades!
Focus on accounting profession and internal auditing
Auditability, including e-mail and RM, archiving capabilities
Impact on non-us based companies is real and immediate
Costly compliance can be balanced by positive transformation of
business processes
“Enronitis” not a US-only vulnerability
Despite the pain of compliance, few argue with the benefit
The impact of SOX extends well beyond US borders –
like it or not!
“What does Sarbanes-Oxley mean? That’s when two members of
U.S. Congress fiddle and half a million accountants in Europe start
dancing.”
Quote attributed to the spokesman of a leading European industry group
Klaus C. Engelen, “Preventing European ‘Enronitis’
The International Economy, Summer 2004
The Public Company Accounting Oversight Board’s
scope illustrates challenges raised by emerging
regulations
Changes in US capital market laws impact – and in some cases
conflict with -- laws, regulations and corporate governance systems
of EU member states
Requires EU audit firms to register with the PCAOB
Subjects all major EU audit firms to double oversight
US access to foreign firm’s audit papers violates EU member state’s laws
and/or professional standards that require strict confidentiality
Collaborative outreach underway to minimize the extraterritorial shock
EU’s new Corporate Governance Action Plan (May 2003)
Eighth Company Law Directive: Will clarify the duties of statutory auditors
PCAOB negotiating with the EU Commission to cooperate on oversight
structures for EU audit firms to harmonize SOX and EU requirements
SEC and the Committee of European Securities Regulators (CESR)
formally announced greater collaboration on May 26, 2004
FSAP is an excellent example of the new regulatory
paradigm – with one major difference
Global scope and context: Covers all IMF member countries
Purpose is to avoid crises through vulnerability identification and
mitigation
Focus on systemic risk prioritized by potential for adverse impact
Relies on established global standards that are applied according
to basic nature of the economy
Collaboration between regulatory, political, industry, and private
sector authorities/experts
Uses increasingly sophisticated methodologies and technologies to
assess and mitigate risk
IMF and WB technical assistance support corrective follow-up
But – FSAP is voluntary and virtually penalty-free
The FSAP is a comprehensive diagnostic framework
aimed at crisis prevention and mitigation
It is the preferred tool for strengthening IMF surveillance and Bank
development work in the financial sector
Approach developed and refined through cooperative efforts of all
FSAP stakeholders to achieve “best practices”
Identifies financial system strengths, vulnerabilities, and risks
Engages all stakeholders – public and private
Assesses observance and implementation of relevant international
standards, codes, and best practices (ROSCs)
Analyzes overall financial stability within macroeconomic context
Provides recommendations for improvement and rectification
Identifies and prioritizes development and technical assistance needs
Leverages peer review and positive reinforcement – no enforcement
per se
Basel II, SOX, and FSAP represent the goals, promise -and challenges of regulation in the 21st century…
Excellent examples of RBS for the innovation economy
Principles of sound risk mitigation infrastructures, senior management
accountability, auditability, and collaboration resonate
Defined interdependent roles for stakeholders -- all must work together to
a shared goal
Appreciation for threat of systemic risk and value of crisis avoidance
Adaptable approach to encourage growth and innovation, but serious
penalties for non-compliance
Challenges
Global impact, if not direct global scope
Harmonization of political, cultural, geographic, and language differences
Variations in sophistication and resiliency of economies and local
institutions
Jurisdictional overlap and complexities
Risk exposures and profiles constantly changing
…and XBRL is ideally suited to help stakeholders
achieve the promise of those shared goals
XBRL is poised to Web-enable business reporting and is the
emerging standard for regulatory reporting
Transparency
Common language
Royalty free open specification that uses XML data tags to describe
financial information and add context to content
Provides automated and more reliable exchange of regulatory and
financial information across all software formats and technologies
Information reusability and analysis enhanced – information available
electronically for multiple purposes and reports
Cycle time significantly reduced and human error minimized
Rekeying and reformatting of data eliminated
Data for customized reports easily identified
Reports more current
Global regulatory adoption on the rise
UK Inland Revenue
FDIC Call Report Modernization Project
SEC
National Tax Agency of Japan (Kokuzeicho)
XBRL powers and empowers Risk Based Supervision
Provides common format for growing volumes of complex business
information regulators must manage
Tagged data affords depth of information and context easily analyzed
and benchmarked
Timely data access that enhances collaboration between regulators
and regulated entities – as well as other regulators
Internal savings in time and money affords focus on greatest systemic
risks
Improved filing accuracy
Promotes consistency and comparability among various regulatory
reports and adaptability to new requirements
Companies can use same basic data for numerous internal and
external reports providing consistency at significantly lower costs
Enterprise risk and compliance frameworks for transnational
conglomerates significantly improved
Successful navigation of the new global regulatory
streams requires constructive proactive engagement
Accept the reality of change, complexity, and uncertainty
All stakeholders must engage actively and proactively in the
process
Regulator relationship management: know your regulators and let
them get to know you
Integrate risk management, compliance awareness, and
accountability into your core business operations
Develop internal governance processes that are robust,
transparent, and well-documented
Facilitate auditability – if not documented, it hasn’t been done
Carefully weigh balance between global standards and local
compliance requirements
Leverage industry groups and important influencers
Encourage more robust collaboration between regulators,
regulated industries, and technology service providers
Most of all, embrace change and leverage the value of
XBRL!
Thank you!