A financial sector better serving citizens and the economy: the role of Supervisory Inspections in driving improvements - Gerry Cross, Director of Policy and Risk and Investment Banking Supervision (Interim)

14 October 2020 Speech

Gerry Cross

Speech to A&L Goodbody Corporate Crime & Regulation Summit

Good morning. It is a pleasure to speak to you as part of this year’s A&L Goodbody Corporate Crime and Regulation Summit.

The evolving nature and role of inspections as part of the supervisory mandate

Since the great financial crisis at the turn of the last decade financial regulation and supervision have changed significantly.

Much has been written and said about the reform of financial regulation. Perhaps a little less about how financial supervision has changed. Supervision has evolved not just as a result of the lessons of that crisis. But also from other lessons we have learned for example as concerns firms’ failures in truly protecting the interests of their customers. And also as we have enhanced our understanding of and approach to issues of money laundering and financial crime.

Now as we experience a further crisis, even if this time not one that has originated in the financial sector, it is perhaps a good moment to reflect on the evolution of supervision during the past ten years and to take stock of where we are now. That evolution has contributed to the robust starting position of the financial system as we entered this crisis and the overall resilience of financial firms to date – even if we know that the future path of the virus remains highly uncertain and there is much still to come in terms of economic impacts.

Amongst the failings that led up to the global financial crisis was a failure of supervision. The causes and aspects of this failure have been well discussed. They included:

  • Lack of clarity as to objectives and mandates;
  • At times conflicting mandates – for example the conflict between the Irish Financial Regulator’s role in attracting business to the jurisdiction on the one hand and delivering effective supervision on the other;
  • An undue degree of deference to supervised firms on the dual basis that:
  1. Generally firms knew best how to run their business and therefore supervisors should take a hands off approach;
  2. Absent rogue behaviour, businesses run in the interests of their shareholders would also be thereby generally run in the interests of the overall economy.

One might describe this as a lack of confidence in the distinct and assertive role of supervision;

  • A failure to resource financial supervision in a way that it was both strong enough and expert enough to consistently challenge firms to improve their standards and strongly protect the interests of their customers and clients;
  • A failure to deploy a credible threat of enforcement.

In the intervening period, while the journey is by no means over, major changes have been made in how we approach financial supervision designed to eliminate these weaknesses.

As early as 2010, at the Central Bank we were adopting a significantly enhanced approach to supervision. We determined that supervision should be intrusive and challenging, and underpinned by the credible threat of enforcement. Over the past ten years we have built on these principles to develop the robust, intrusive and demanding supervisory approach that is in place today.

Our view was, and is, that, yes, firms and their management are the ones that know their business best and therefore are best placed to make the decisions about the running of the firm. But this is subject to material limitations: firms may for example consider that the interests of their customers can be effectively subordinated to the interests of their shareholders. They may find that utilising riskily high levels of leverage can pay sufficiently attractive short-term dividends, particularly if when the chickens come home to roost all their peers are in the same position. They may find that upgrading of legacy IT systems takes just too much out of their quarterly and annual profits. They may find that the pressures of the old school network in appointing senior management are just too great to resist. And so on.

And that is why supervisors are there. To try and spot these tendencies. To ask the uncomfortable questions and to challenge the firm and its managers as to what they are doing and how they are doing it. And where necessary to require that it is done differently, done better, or, at times, not done at all.

Firms meanwhile must continue to adjust their mindsets. Not only to further embed a culture of doing the right thing and putting the interests of their customers first. But also in recognising that their engagement with inspection's is something to be approached in a proactive, transparent and positive way so that they are seen as contributing to better outcomes for the firm and for its customers. We are seeing improvements in this regard but their remains further progress to be made.

Let me mention three key aspects of our approach to impactful supervision: Our risk-based framework. The continuing evolution of our supervisory approach. And the role of inspection's.

Risk-based approach

Ten years ago we introduced our PRISM framework as the basis upon which we organise our supervisory activities. It provides a risk-based approach to how we prioritise our activities and allocate our resources. For example we categorise firms according to impact - the harm that they could cause if things went wrong – for example if the firm got into difficulty and failed. We also look at probability – the likelihood of such an event occurring. An on the basis of this combination – impact and probability – we make our resource deployment decisions. We decide how intensively we need to supervise different firms. The PRISM framework is a constantly evolving one. In recent months for example we have carried out a comprehensive review of our prudential impact methodology and are in the process of rolling that out to the different categories of firmas. In 2016 we expanded the framework to AML supervision. And in the coming period we will be publishing details of how Consumer Protection supervision has been enhanced and further developed in line with our risk-based framework.

Outcomes focused supervision

Secondly, it is an outcomes focused approach. This is consistent with what I have said earlier. We are determined in our approach to achieving our mandate. We want to ensure that financial firms and markets operate and are run in a way that achieves resilience, that the system and firms within it are trustworthy because they operate fairly and in the interests of their customers, and that markets are orderly and delivering effective price formation.

This means that we require firms to run themselves in a way which is consistent with these outcomes. So you won’t find us satisfied simply with monitoring developments, or engaging mechanically, or ensuring that we have completed a list of supervisory tasks. You will find us challenging strongly and, where needed, demanding changes.

It is our strategic aim to see things improve over time. We want the financial system to support the economy and the wellbeing of its customers as well as it possibly can. This means that when we look forward to next year, and to three years time, and to ten years time, we expect to see things operating better than they do now and better each year than they did the year before.

We also want to see firms well prepared to deal with a rapidly evolving operating environment – including responding to rapid technological change and to the transition to a sustainable economy.Our supervision therefore is strategic – strategic not just in how we deploy our resources to achieve our objectives this year but strategic in how we seek to achieve enhanced outcomes over time.

Ever more effective supervision

The other side of the continuous improvement coin is that we equally seek to supervise more effectively over time. Part of this is of course driven by the strategic aim of ongoing improvement that I have mentioned. But it is also driven by the knowledge that we are a public authority with a responsibility to deliver as effectively as possible on available resources.

After the last crisis we moved to a model of supervision which incorporated, as a major component, on-site inspection's. Of course, being on site with firms was nothing new for us or for firms. This had always been an important part of effective supervision. But what was new about this was the development of teams of inspectors with very specific risk or subject expertise. Credit risk, liquidity risk, governance, operational and IT risk, client assets management, etc. And then deploying those teams in a strategic manner based on detailed planning in the supervision of regulated firms. Not only does this allow us to develop and leverage scarce expertise in a focused way, it allows us to leverage such expertise across a wide number of firms. Moreover it allows us to be better equipped to deal with increasing complexity and the ongoing innovation of and in the firms we regulate.

We also established a dedicated division – the Anti-Money Laundering Division - to supervise firms’ AML compliance. This division assesses, through on-site and off-site activities, the AML compliance measures put in place by firms’ to protect businesses from being abused by criminals and to protect the integrity of the financial system. We also promote a positive AML compliance culture within firms. This means having an approach to AML compliance that considers the legislative obligations as only the starting point; where firms have a commitment to investing in, resourcing and maintaining an effective AML compliance framework, in terms of both personnel and systems, and senior leadership participate actively in instilling the right culture.

Eighteen months ago we took a further step. We established a dedicated directorate – the Prudential Analytics and Inspection's Directorate – a central purpose of which was to house our newly established cross-sectoral prudential inspection's teams. This means that we now have a dedicated centre of prudential inspection's expertise organised by risk specialism which we deploy across the range of sectors. This we believe significantly enhances our supervisory effectiveness and impact.

A belief that has been borne out strongly during the recent Covid 19 crisis period where we have been able to quickly and effectively deploy this risk expertise to respond to the many challenges that have emerged for firms and for supervisors.

Inspection's expectations

Let me turn now to the question of inspection's-related expectations. What can firms expect in respect of inspection's. And what do we expect of firms in this regard.

What can firms expect

Firms can expect us to adopt an approach to inspection's that reflects our strategic perspective. So while we will of course be looking at our schedule of risk assessments under our PRISM framework, we will also be building in our strategic consideration not only of key risk areas for firms, but also for sectors. We will also be incorporating our assessment of significant external and conjunctural features.

For example at the current time the issue of resilience and customer fairness arising out of Covid19 are significant features in our ongoing supervisory strategy. So is the question of how firms are responding to the period of significant technological disruption that is under way, including their resilience to IT and cyber risk. So also is the question of cultural and organisational health such that firms’ DNA becomes better coded towards prioritising their customers’ interests.

Firms can expect us to be focused, intrusive and challenging. We want and expect our inspectors to get underneath the skin of the firm, to get inside its risks and their management and mitigation. We are not simply there to see does everything look okay. We are there to get our hands on the risks, to lift the lid, and to see and understand what we find. You can expect us to be demanding and challenging.

You can also expect us to be forming judgements as we go. How a firm responds to our engagement, our expectations and our challenges tells us a lot about the firm, its culture and its management. And let’s be very clear here, we do have a clear sense, continually refreshed, as to where firms sit on a spectrum of reliability, responsiveness, and ultimately quality of approach.

Firms can, and should, expect us to be well-organised, efficient, prepared and on top of our game. We expect high standards of firms. They should expect high standards of us.

Financial services regulation and supervision is a complicated business subject to a range of rules and requirements.  Firms can expect detailed feedback on issues identified during an inspection but they cannot expect an exhaustive list of all weaknesses or issues in the firms systems of risk management, governance or controls. Our role after all is not to provide consultancy.

Firms can expect a challenging but proportionate response to risk mitigation. We may distinguish between findings, which require specific actions, and observations, which do not, but where we believe there is an opportunity for the firm to strengthen the control framework. In setting and sequencing timelines for risk mitigation plans we consider the seriousness of the particular issue, the scale of the mitigation work involved and the range of issues that a firm may need to address. 

Firms can also expect fair procedures. When communicating findings and risk mitigation plans to firms they are given an opportunity to highlight any factual inaccuracies or to propose alternative actions, which will at least be as effective in achieving the outcomes we require. We will always consider any such feedback, albeit it may or may not result in any changes to our position.  

Finally, firms can expect follow through. Our inspectors work closely with their colleagues on supervision teams so that there is consistent and thorough follow-up on how and when firms deliver on actions required. 

What do we expect of firms?

We expect firms, first and foremost, to engage with inspection's in a strongly positive manner. Understood correctly, supervisory engagement of this kind is an important opportunity for firms and their management. You get an impartial, very well informed, expert engagement with and assessment of important aspects of your business, your risks and your management. This is something to be valued. We expect firms to recognise that.

We expect firms to be well prepared, to be open, to be truthful and honest, to communicate clearly and to be supportive of the work of our teams. To be clear, this is the least that we expect from firms whose business relies on the trust of the public, their clients and counterparts.

We expect firms to respond effectively and well to the findings of our inspection's. As we expect to challenge, so we expect to be challenged. But once the challenge and exchange is concluded, and we have reached our conclusions, we expect firms to implement our findings in a timely, effective and proactive manner. Important to us is a firm’s ability to see past its initial perspective to an internalisation of the improvements to be achieved.  

That internalisation should also encompass whether the inspection findings and risk mitigation plans may have a read across to areas and risks that were not subject to the inspection. Absolutely we expect firms to address the findings from an inspection. However, it should also be viewed as a tool which may help a firm improve its wider governance, risk management and compliance systems –part of the value of inspection's I referred to earlier.

Where we find common themes or issues across inspection's, be they within sectors or cross-sectoral, we may issue an industry communication or Dear CEO letter. The fact that this is not bespoke bilateral communication between regulator and firm does not in take from its import.  We expect firms to consider these communications and take action to ensure that, where the issues are relevant to a firm, it takes action to address them.  

The Covid 19 context

Finally let me say a few words about Covid 19 and its impact on our carrying out of onsite inspection's. As with so many other activities Covid 19 has caused disruption to our inspection's programme. But also as for other activities it has given rise to adaptations and positive learnings for the future. We have learned that many aspects of onsite inspection's can be successfully achieved by virtual means. We have learned that we can gain efficiencies that we might not have known about. And of course we retain the option to go onsite where that is necessary.

So, with some modifications – both due to Covid 19 constraints and the need to actively follow C19-related risks - we are taking forward our inspection's work with determination. And we are doing so on the basis of the same principles of intrusiveness, challenge and demand and with the same expectations of firms and of ourselves as I have described above.

Conclusion

I think that that represents a positive note on which to end.

In summary:

Supervision has become significantly more intrusive and impactful over recent years. This has been in order to deliver better outcomes in the financial system which needs to be more trustworthy and to better support the economic welfare of citizens.

Supervisory inspection's examine a firm’s risks and also probe its culture and mindset. Firms are slowly responding to enhanced supervision. But they need to do better.

And inspection's have adapted successfully to the Covid 19 context.

Thank you

My thanks to Mary Burke, Head of Division, Governance and Operational Risk, for her contribution to this speech.