- Количество слайдов: 27
Regulation in the 21 st Century: From Prescription to Collaborative Supervision Priscilla Rabb Ayres Global Regulatory Executive, Financial Services Sector IBM th XBRL International Conference, November 16, 2004 10 rabbayres@us. ibm. com
Agenda § Regulation in the Information Age: Background § What is new about regulation in the 21 st century? § Drivers for change § The new regulatory paradigm: Risk-Based Supervision § Financial Services Sector § Sector specific drivers for change § Illustrative initiatives § Basel II § IMF/WB Financial Sector Assessment Program § Sarbanes Oxley § The role of Extensible Business Reporting Language (XBRL) § Thoughts on successful navigation of the regulatory paradigm
The Industrial Age approach to regulation is out of step in the Information Age § Traditional regulatory regimes are characterized by static focus § highly prescriptive and rules-based § Compliance is siloed and risks stand alone § Compliance functions typically low level and dispersed throughout organizations § Regulation viewed as exclusively the concern of the government § Focus on discrete violations and correction of those violations § Shortcomings for application in the 21 st century § § § Inflexible and unable to keep up with rapid change May not capture risk appropriately Dependencies not adequately assessed Can encourage “gaming the system” (e. g. Enron) Highly labor intensive and slow § Traditional system failed to recognize early warning indicators for the Enron, World. Com, Parmalat, BCCI, Barings Bank, Vivendi, etc.
Key drivers for regulatory change have roots in globalization, deregulation, and consolidation, powered by technological advances § § The global economy has become a reality Interdependence of global markets exacerbates contagion risk Deregulation fosters freer play of competitive forces Multinational companies are challenging legal and regulatory jurisdictional boundaries § Industry consolidation raises unprecedented levels of risk § Concentration of systemic risk in fewer companies § Technology rapidly changing products, processes, and capabilities – business becoming increasingly complex § Critical infrastructure protection § Heightened security and privacy concerns for data and people § Threat of international terrorism
These drivers are forcing a sea change in regulatory focus, approach, and implementation § Must be proactive and anticipate vulnerabilities § Regulations have global impact § Jurisdictional sovereignty must be rethought § Legal and cultural clashes are inevitable and must be reconciled § Innovation and complexity rule in successful markets § Regulators challenged to meet fiscal and skills requirements § Reward innovation while mitigating risks § Risks evolve and transform constantly § Identification and appreciation of risk must be proactive § Metrics must remain meaningful § Collaboration and communication among regulators, regulated entities, and third party service providers critical § Terrorism risks are relatively new, unpredictable, and harmful § Individual privacy and security is challenged by technological advances and justifiable need-to-know national security measures
Risk based supervision (RBS) accommodates change and complexity and is being broadly adopted § Looks to the future -- aim is to prevent crises § Supervision of systemic risk by industry, firm, and customer base § The common thread is reliance on sound risk and compliance protocols and business performance management § Focus on corporate governance and senior management accountability § Standards-based measurement of risk exposure and dependencies § Enhanced collaboration between regulators and regulated § Supervisory tools and intensity linked to areas of risk and concern
This regulatory paradigm is characterized by flexibility, collaboration, technology, use of global standards – but with tougher standards and aggressive enforcement § Adoption of RBS model evident in most regulated industries § Increased reliance on global standards organizations and on development of appropriate global standards § Aggressive efforts to harmonize regulatory bodies globally § Greater leverage of technology by regulators to intensify impact of supervision and lower costs § Greater scrutiny of technology providers and the use of technology for compliance § Focus on high priority systemic risks and organizations § Severe penalties for non-compliance The stakes have never been so high
The RBS model suits all regulated industries but implementation is swiftest in the financial services sector § Recent corporate scandals and economic crises have forced urgent action to restore stability and confidence in financial markets § The impact and repercussions of 9/11 redoubled the effort § The IMF and BIS have established frameworks that have evolved to respond to the emerging challenges § Communication within the sector time-honored § Financial service regulatory bodies have shared interests and have been pursuing like paths for years § Early adopters, such as the UK Financial Services Authority, provide experience and validation § RATE (Risk Assessment, Tools of Supervision, Evaluation) adopted in 1997 § Introduces consistency and use of best practices in bank supervision § Focuses supervisory efforts on banks with highest risk profile
The financial services industry has experienced dramatic changes in recent years and the pace of change continues § Systemic importance of a small number of large transnational financial conglomerates § Significance of non-bank financial institutions such as investment banks and hedge funds has risen, complicating market surveillance § Stronger role of government sponsored enterprises (GSEs) § Unprecedented convergence has blurred traditional boundaries § Between financial institutions and capital markets § Among different types of financial institutions § Among different national jurisdictions § Technology is both a major agent of change and focus of risk management § Prevalence of outsourcing of financial services to non-financial – non regulated -- entities growing rapidly Management of risk and compliance is paramount
Regulators are refining their approach to better address key areas of systemic impact § Standards applied to largest financial institutions calibrated to reflect their systemic relevance § Capital targeted to achieve greater ability to absorb shocks – capital cushion over regulatory thresholds § Internal risk management regime -- for credit and market, operational, and compliance risk – needs to meet higher standard § More demanding requirements for technology system operational resilience § Upgrade of regulatory and internal risk management framework for government sponsored entities (GSE’s) to reflect higher risk profiles and systemic risk potential § Enhanced focus on institutions that make up the core of our payments systems § Operational resilience § Updated standards for risk management and internal financial resources § Strengthen oversight framework *Source: Timothy Geithner, President and CEO, Federal Reserve Bank of NY. “Changes in the structure of the US financial system and implications for systemic risk”, October, 2004
…and to incorporate supervision of emerging practices and capabilities § Strong focus on outsourcing of financial services § FFIEC updated handbook, “Outsourcing Technology Services” § BIS Joint Forum’s consultative paper, “Outsourcing in Financial Services” § Increased attention to the rise and risks of “offshoring” § Expanded supervision of technology service providers § FDIC handbook on technology service providers § Example of expansion into non-regulated industries that increasingly impact business processes of regulated ones § Collaborative outreach among regulators § BIS Joint Forum § PCAOB and Eighth Company Law Directive § SEC and CESR announcement of May 26 for greater collaboration between SEC and EU securities regulators Supervision and compliance continue to get increasingly complex
The number of regulations impacting financial institutions are increasing, but there are common themes that cross jurisdictional boundaries § § § § Capital adequacy Senior management oversight and accountability Anti Money Laundering Identity theft and fraud Privacy and security Critical infrastructure protection -- resiliency Outsourcing of financial services Harmonization of accounting principles All deal with systemic risk and management of that risk
Critical tools and processes that facilitate internal risk and compliance efforts and external supervision are evolving § Enterprise risk management and compliance solutions § Enhance senior management control of operations § Provide transparency and auditability § Enhance confidence of regulators and the public § Increasing reliance on global standards organizations that provide industry specific metrics to manage toward § Stress-testing and scenario methodologies § Outreach by regulatory authorities to harmonize regulations globally and coordinate supervision § Use of emerging technologies -- notably XBRL § Global regulatory reporting § Regulator to regulator communication § Enterprise internal risk and compliance …….
…risk management being the underlying imperative § "Indeed, better risk management may be the only truly necessary element of success in banking. " Alan Greenspan, Federal Reserve Chairman reportedly commenting on better management of banking risk and new rules on capital being the key to a stronger banking system contributing more to economic growth.
Three major programs dominate the sector and will help mold the future of financial services regulation § Basel II § Devised to improve the soundness of the financial system by aligning the regulatory capital requirement to underlying risks § Banks encouraged to conduct better risk management and enhance market discipline § Sarbanes-Oxley (SOX) § Addresses the accounting vulnerabilities exposed in recent corporate and financial scandals § Motivated by the need to restore confidence in capital markets § World Bank/IMF Financial Sector Assessment Program (FSAP) § Mission: Achieve a diversified competitive global financial services sector to promote sustained economic development and poverty reduction § Objectives: Alert national authorities to vulnerabilities in their financial sectors, internal and external, and assist in design of measures to reduce those vulnerabilities § Assessments are voluntary and are conducted by the IMF and WB, supported by national agencies, central banks, and standards-setting bodies
Basel II is arguably the dominant force in the transformation of global financial regulation…. § Precipitated by recognition of the critical role played by operational risk § And incorporates latest “technology” for managing risk § Regulatory/supervisory collaboration and global reach – Basel Committee on Banking Supervision a venerable body § Industry input is valued in development of implementation guidelines § Pillar II addresses the supervisory review process § Reliance on robust internal control processes § Management oversight and accountability § Cross jurisdictional supervisory coordination mandatory for effective implementation for a global bank § Approximately 9, 400 supervisors worldwide will need training
…. and its impact extends well beyond the Basel II countries and institutions § Global impact and influence § More than 100 countries, including over 88 non-BCBS, are expected to implement Basel II by 2009 § Reputational risk and competitiveness § Largely driven by local offices of foreign banks § Its principles and approaches are incorporated in the IMF/WB FSAP § Epitomizes the imperatives of proactive risk identification and mitigation supported by validated standards and management accountability § SEC has outlined a risk-based capital framework based on Basel II to provide consolidated supervision of major investment banks -- and the Counsel of European Securities Regulators (CESR) is not far behind
Sarbanes Oxley has captured the attention of public companies, the accounting profession, regulators, and third party service providers § Precipitated by corporate scandals and impact on confidence in global financial markets § The implementation timetable is aggressive § Senior manager accountability – in spades! § Focus on accounting profession and internal auditing § Auditability, including e-mail and RM, archiving capabilities § Impact on non-us based companies is real and immediate § Costly compliance can be balanced by positive transformation of business processes § “Enronitis” not a US-only vulnerability Despite the pain of compliance, few argue with the benefit
The impact of SOX extends well beyond US borders – like it or not! § “What does Sarbanes-Oxley mean? That’s when two members of U. S. Congress fiddle and half a million accountants in Europe start dancing. ” Quote attributed to the spokesman of a leading European industry group Klaus C. Engelen, “Preventing European ‘Enronitis’ The International Economy, Summer 2004
The Public Company Accounting Oversight Board’s scope illustrates challenges raised by emerging regulations § Changes in US capital market laws impact – and in some cases conflict with -- laws, regulations and corporate governance systems of EU member states § Requires EU audit firms to register with the PCAOB § Subjects all major EU audit firms to double oversight § US access to foreign firm’s audit papers violates EU member state’s laws and/or professional standards that require strict confidentiality § Collaborative outreach underway to minimize the extraterritorial shock § EU’s new Corporate Governance Action Plan (May 2003) § Eighth Company Law Directive: Will clarify the duties of statutory auditors § PCAOB negotiating with the EU Commission to cooperate on oversight structures for EU audit firms to harmonize SOX and EU requirements § SEC and the Committee of European Securities Regulators (CESR) formally announced greater collaboration on May 26, 2004
FSAP is an excellent example of the new regulatory paradigm – with one major difference § Global scope and context: Covers all IMF member countries § Purpose is to avoid crises through vulnerability identification and mitigation § Focus on systemic risk prioritized by potential for adverse impact § Relies on established global standards that are applied according to basic nature of the economy § Collaboration between regulatory, political, industry, and private sector authorities/experts § Uses increasingly sophisticated methodologies and technologies to assess and mitigate risk § IMF and WB technical assistance support corrective follow-up § But – FSAP is voluntary and virtually penalty-free
The FSAP is a comprehensive diagnostic framework aimed at crisis prevention and mitigation § It is the preferred tool for strengthening IMF surveillance and Bank development work in the financial sector § Approach developed and refined through cooperative efforts of all FSAP stakeholders to achieve “best practices” § Identifies financial system strengths, vulnerabilities, and risks § Engages all stakeholders – public and private § Assesses observance and implementation of relevant international standards, codes, and best practices (ROSCs) § Analyzes overall financial stability within macroeconomic context § Provides recommendations for improvement and rectification § Identifies and prioritizes development and technical assistance needs § Leverages peer review and positive reinforcement – no enforcement per se
Basel II, SOX, and FSAP represent the goals, promise -and challenges of regulation in the 21 st century… § Excellent examples of RBS for the innovation economy § Principles of sound risk mitigation infrastructures, senior management accountability, auditability, and collaboration resonate § Defined interdependent roles for stakeholders -- all must work together to a shared goal § Appreciation for threat of systemic risk and value of crisis avoidance § Adaptable approach to encourage growth and innovation, but serious penalties for non-compliance § Challenges § Global impact, if not direct global scope § Harmonization of political, cultural, geographic, and language differences § Variations in sophistication and resiliency of economies and local institutions § Jurisdictional overlap and complexities § Risk exposures and profiles constantly changing
…and XBRL is ideally suited to help stakeholders achieve the promise of those shared goals § XBRL is poised to Web-enable business reporting and is the emerging standard for regulatory reporting § Transparency § Common language § Royalty free open specification that uses XML data tags to describe financial information and add context to content § Provides automated and more reliable exchange of regulatory and financial information across all software formats and technologies § Information reusability and analysis enhanced – information available electronically for multiple purposes and reports § Cycle time significantly reduced and human error minimized § Rekeying and reformatting of data eliminated § Data for customized reports easily identified § Reports more current § Global regulatory adoption on the rise § § UK Inland Revenue FDIC Call Report Modernization Project SEC National Tax Agency of Japan (Kokuzeicho)
XBRL powers and empowers Risk Based Supervision § Provides common format for growing volumes of complex business information regulators must manage § Tagged data affords depth of information and context easily analyzed and benchmarked § Timely data access that enhances collaboration between regulators and regulated entities – as well as other regulators § Internal savings in time and money affords focus on greatest systemic risks § Improved filing accuracy § Promotes consistency and comparability among various regulatory reports and adaptability to new requirements § Companies can use same basic data for numerous internal and external reports providing consistency at significantly lower costs § Enterprise risk and compliance frameworks for transnational conglomerates significantly improved
Successful navigation of the new global regulatory streams requires constructive proactive engagement § Accept the reality of change, complexity, and uncertainty § All stakeholders must engage actively and proactively in the process § Regulator relationship management: know your regulators and let them get to know you § Integrate risk management, compliance awareness, and accountability into your core business operations § Develop internal governance processes that are robust, transparent, and well-documented § Facilitate auditability – if not documented, it hasn’t been done § Carefully weigh balance between global standards and local compliance requirements § Leverage industry groups and important influencers § Encourage more robust collaboration between regulators, regulated industries, and technology service providers
Most of all, embrace change and leverage the value of XBRL! § Thank you!