Keynote Speech by Mr John Palmer, Deputy Managing Director (Prudential Supervision), Monetary Authority of Singapore, at Risk Conference 2003, 30 June 2003 'Prudential Supervision in a Changing Environment'
Introduction - The Changing Environment
Good morning, everyone.
My topic this morning is prudential supervision in a changing and riskier environment. But before I talk about prudential supervision, I want to talk a little more broadly about the environment that we are operating in and the challenges that this environment poses for all of us.
The external environment has been changing and has become an increasing source of attention for all of us in the financial sector. We are more conscious of terrorist threats than we might have been a number of years ago. We all understand the enormous progress that we have made in the technological field but with that process has come a greater vulnerability to malfunctions and security issues.
We are increasingly exposed to pandemics and we have been reminded of this with the Severe Acute Respiratory Syndrome (SARS) scare that we have recently come through so well. And scientists are telling us that with the declining effectiveness of antibiotics, pandemics are likely to become more frequent in the future. This is something about which we have to become increasingly vigilant.
The financial sector, in which we all work, is affected by all of these external factors and we have to build these into our planning and our management of risk.
The financial sector has risks that are inherent to the sector itself and we are all familiar with these. New products and new technologies bring new risks. We are developing risk transfer mechanisms that mitigate risks but have inherent in them their own risks.
In addition to new risks and more serious risks, we have seen the financial and economic environment become more volatile. There are several reasons for this. Competition has become more intense. Technological advances, globalisation ? the dropping of geographical and jurisdictional barriers to financial events, and even deregulation, have added to volatility. I think that many of us would believe that the overall level of risk in the financial system has risen over the last decade.
The existence of risk implies the existence of failure. Economists take a rather sanguine view of failure. They see this as the necessary handmaiden to financial progress. Many writers, notably Joseph Schumpeter, have referred to the creative destruction in the modern economy of which failure is an important part.
But if you are working in a financial institution, you will take a somewhat less sanguine view of the notion of failure, at least as it applies to your own institution. And regulators are equally unenthusiastic about failure. We know that we can't prevent failures and indeed many regulators have been quite explicit about making it clear to the publics that they serve that they cannot prevent failures. But we are very conscious of the systemic impact that failures can have and we are conscious too of the damage failures can do to depositors and policyholders. And so we work hard to narrow the risk of failure within the financial system even if we can't absolutely prevent it.
Financial failures occur for many reasons and each reason contains its lessons, often valuable lessons, for risk managers and regulators. One source of failure is where management assumes a particular level of risk, does a good job of understanding that risk and preparing for it, establishes reasonable risk tolerances, but then encounters unexpected volatility ' the so-called 'hundred-year storms'.
There have been several victims of this source of failure in recent years. We saw a number of investment funds disappear as a result of the sharp interest rate spike in the mid-1990s that went well beyond the limits established by those funds. We have also seen some important global insurers that have suffered large event losses and have been punished by the steep declines in equity markets, declines far beyond what had been expected or prepared for.
Other sources of failure include errors in risk measurement and breakdowns in management controls. In my experience, one of the most important sources of failure is where management decides to go beyond pre-established limits or what would have been sensible limits due to overconfidence and greed. And we have seen a good deal of this over the last decade, particularly in the latter years.
The well-publicised demise of Long-Term Capital Management was probably attributable to several of these sources of risk but the overconfidence and greed that led LTCM to go beyond its original risk management model was certainly an important source of that particular failure.
We have also seen over the last decade that failures can have a contagion effect. And this effect can spread across borders and have important global impacts. We have seen the impact of contagion across borders in the Asian financial crisis, the Russian crisis, and more recent crises in Brazil, Turkey and Argentina and the financial impact of the September 11 events. One of the reasons that the Federal Reserve gave for what it referred to as facilitating the resolution of Long-Term Capital Management is that it feared the collapse of LTCM would have had an important negative impact on the global financial system.
In assessing the level of risk in the financial system, which many of us believe has gone up, we also have to consider the widespread use of increasingly complex risk transfer mechanisms. The growth of these risk transfer mechanisms has, of course, been part and parcel of the increases in risk appetite. Institutions have felt that they could take on more risks because they felt that they have mastered the capacity to allocate portions of those risks to other counterparties. These risk transfer mechanisms such as credit derivatives and asset securitisation have become very important products and techniques in the operation of a modern financial institution. They are used to actively manage risks and also to reduce regulatory capital requirements.
The jury is still out on the overall effectiveness of these risk transfer mechanisms. Many of us have been following with interest and amusement the debate between Warren Buffet and Alan Greenspan. Mr Buffet believes that these are very dangerous instruments. Mr Greenspan believes that generally these risk transfer mechanisms have been beneficial. Most of us in the regulatory community recognise that there is merit to both arguments, but probably side with Mr Greenspan in believing that on an overall basis these risk transfer mechanisms have been and can be helpful.
There have been problems. Some counterparties have refused to pay claims, and have challenged the legal effectiveness of these mechanisms. In some cases, they have been successful or partially successful. So these are not panaceas. But we have also seen that in spite of some very significant losses suffered by financial institutions, for example in the huge exposures to the telecommunications industry and some of the exposures to debts in Brazil and Argentina, these institutions successfully allocated their risks throughout the financial system, and the overall impact on any one financial institution has for the most part been tolerable.
So at least for the risk transferors, these mechanisms have been broadly effective. I think that most of us in the regulatory community feel that we understand less well the impact on the transferees. In fact, one of the frustrations for regulators is that we are not quite sure where the risk has gone. We are not sure who all the transferees are. We suspect that a lot of the risk has moved into the insurance community but because some of the world?s largest insurance companies are not regulated, we do not know precisely what those insurers might have absorbed.
So overall we think that these risk transfer mechanisms are important and potentially beneficial. But you need to understand what you are doing. They have to be used with caution.
In the rapidly changing and increasingly volatile environment that I have been describing, both financial institutions and regulators have important responsibilities. We both have responsibilities for managing and mitigating risk but it is also important that we do so in a way that does not unnecessarily impair the competitiveness and dynamism of individual financial institutions and our financial system.
Regulators are concerned with both systemic stability and the soundness of particular institutions. We have a responsibility to detect excessive risk-taking and ?irrational exuberance? and to apply the brakes in a sensible manner but in a way that also avoids moral hazard and does not smother the capacity of financial institutions and the financial system for innovation and adaptability.
Institutions are hugely incented these days to compete effectively, to push the envelope on risk taking and to be increasingly innovative. But institutions must have a profound understanding of the risks they take and must manage those risks in a prudent way.
MAS' Supervisory Responses to the Changing Environment
The changes in the financial environment that I have been describing have had a very important effect on the way in which prudential supervisors do their work. In fact, there has been a paradigm shift over the last decade in regulation and supervision.
The traditional approach of prudential supervisors was rule-based. We attempted to prescribe those activities and risks that financial institutions could take and could not take. Increasingly, we have been finding this approach to be unnecessarily restrictive and, frankly, ineffective. It simply does not work.
Like other regulators, we at the Monetary Authority of Singapore are moving away from prescriptive rule-making to risk-based supervision. Risk-based supervision relies heavily on the quality of an institution's own risk management process.
As we apply risk-based supervision and review the quality of risk management within an institution, we focus quite closely on the quality of management and the processes that an institution uses to monitor and control its risks. We also benchmark risk management and control systems against evolving industry standards and best practices around the world.
There is also within the regulatory community, and here at the Monetary Authority of Singapore, an increasing emphasis on corporate governance. One of the most important responsibilities of the board of directors is to oversee an institution?s risk management framework. Recent corporate debacles, particularly in the United States, have underlined the need for the Board to take overall responsibility for the risks undertaken by a company, or a financial institution, and the management of those risks. The Board also needs to send a clear message throughout the organisation that it is overseeing the management of risks and that everyone in the organisation has a role to play in ensuring that risks are well managed.
In order to apply its risk-based approach to supervision, MAS is building specialist expertise in key risk areas, including credit, market, liquidity and technology risks, and in risk management areas such as corporate governance.
We have also been issuing consultative papers on risk management to engage the risk management community in our effort to develop and encourage adoption of good risk management standards. MAS has finalised its guidelines on business continuity management and internet banking technology risk management. MAS is also launching later today a new risk management section on the MAS website. Shortly, we will be issuing guidelines on credit, market and liquidity risks, as well as internal controls.
Our guidelines are based on best practices. We are trying not to be too prescriptive in these guidelines. We do not expect you to adopt the guidelines in every respect. What we do expect is that where you do not adopt the guidelines, you have an alternative approach and that overall, your risk management framework is as good as the risk management framework that is summarised in the guidelines.
We will be evaluating you on the quality of your own risk management framework. We will be scoring you. We are updating our rating methodology, making it more risk-based, and we will be scoring all the financial institutions that we regulate. Our evaluation of your risk management framework will be an important part of that scoring process. Our guidelines will help us score your risk management framework.
The guidelines should be seen as an evergreen document. We will be updating them regularly as the science of risk management evolves. We are also trying not to re-invent the wheel as we create and update these risk management guidelines. We watch carefully the documents of other regulators. Those of you who have worked in a number of jurisdictions will see that our risk management guidelines are similar to those issued by regulatory authorities in other advanced jurisdictions.
The Need For Institutions to Respond Appropriately to the Changing Environment
I have been talking about MAS and our approach to risk management, but the prime responsibility for risk management really lies with the institutions. And as I have noted, your first and most important responsibility is to have a deep and thorough understanding of all the risks you take. The corollary to that is that you should not be taking risks that you do not completely understand. You also need the capacity to manage and control all of the risks you take on.
Within your institutions, it is essential that there be a strong risk management culture. Risk management should not be a kind of overlay that is rolled out whenever the regulator decides to carry out an on-site inspection. It's got to be part and parcel of the way you manage your business, day-in and day-out.
You need risk management processes that match your risk appetite and operations. It is important that you see risk management as a competitive advantage, not an unnecessary burden. In our view, it is a competitive advantage as important as economies of scale, superior technology and privileged market access. It really is an important competitive weapon if you do it well.
In our view, as emphasised in our risk management guidelines, there are four pillars to effective risk management within a financial institution. One that I have already mentioned, and the most important pillar, is effective Board oversight. The second is senior management accountability. The third is sound and well-documented risk management policies and operating procedures. And the fourth is strong risk measurement, monitoring and control capabilities that are commensurate with the risks that the institution has taken.
One thing that we have seen to be important as we look at those institutions that are most successful in managing risks, and those that are not, is an independent, centralised risk management function within an institution, a function that is responsible for overseeing all risks. It is clear that all risks are ultimately related and should be assessed on an entity-wide basis. There is a need to aggregate the risks across an institution, understand the causal links and correlations among risks, and to anticipate how risks will interact with one another.
The need for sound risk management is growing. Increasing competition and all of the factors that I have referred to earlier underline the importance of sound risk management. The liberalisation by the Monetary Authority of Singapore of commercial banking in Singapore adds to the level of competition within our banking sector and also increases the need for effective risk management.
Both regulators and financial institutions have much to do to strengthen the effectiveness of risk management. As I have said, we want to strengthen the soundness and stability of the financial system and individual institutions but we do not want to undermine the competitiveness and dynamism of the system. It is important in pursuing these objectives that regulators and institutions work together. I think that in large measure we are working quite effectively together here in Singapore. The useful feedback that we have received to our request for advice on industry best practices, and the feedback on our consultative papers have been good examples of the cooperation needed to increase the effectiveness of risk management in this market and indeed everywhere.
Some big challenges lie ahead. Not only the challenges that I have already referred to ' risk aggregation and making effective use of risk transfer mechanisms ' but other challenges too. Indeed, in this conference later this morning, we are going to talk about the potential for consumer banking in this region. There are great opportunities but there is also work to be done on the risk management side. The measurement and management of consumer risk in this region is still evolving. There are consumer risk models but they are largely proprietary at this stage and of unknown reliability.
Business continuity management is another key challenge we will be discussing at this conference. The events of September 11 and the recent SARS scare have underlined the importance of business continuity management. One of the reasons why Singapore came through the SARS crisis so well was because many of the players in the financial sector had business continuity plans they were able to quickly roll out and operationalise. These proved to be very effective. Those of you working in our financial institutions have done a great job and Singapore owes you a debt of gratitude for the effectiveness of your planning and the competent implementation of those plans. But we can still enhance the effectiveness of our business continuity plans. There?s more to do; more threats that we need to be prepared for. Business continuity management will continue to be an important subject for risk managers, and indeed the Monetary Authority of Singapore, in the months and years to come.
We hope that this Risk Conference will further our collective understanding of some of the key risk and risk management issues, and make a contribution to the improvement of risk management practices.
Have a good conference! Thank you.