Event summary

Lombard Risk business and regulatory experts summarise: Assessing

Current challenges
Even smaller institutions are now subject to thousands of regulations, and not surprisingly many are now having difficulty in even keeping track of new and amended regulations, never mind ensuring adequate compliance. In a recent Thomson Reuters survey, when 500 compliance professionals were surveyed, the results indicated that the deluge of new rules, regulations and enhanced vigour of regulators, coupled with a lack of additional internal resources and headcount, has pushed compliance departments to the breaking point. The situation is set to deteriorate further, from a compliance perspective, as the regulatory landscape is now undergoing a radical change in response to political and regulatory pressures and demands designed to restore economic and financial stability, both here and abroad. Clearly a major challenge is the need to increase both capital and liquidity to levels deemed by the regulators to be sufficient to weather another financial crisis no easy task given the increasing scarcity of high-quality capital in a deteriorating economic climate, particularly in Europe. For firms deemed too-big-to-fail, these challenges are further complicated by demands to restructure or even ring-fence their retail and investment activities whilst remaining compliant with all applicable regulations. Firms also facing the challenge of both restoring and promoting the sectors reputation and integrity, is helped in no small way by the regulators who are demanding propriety, transparency, better risk management and perhaps most important of all, accountable governance. And there is more to come:

regulatory risk webinar 5th December 2012

Introduction
On 5 December 2012 Lombard Risk held the 7 in the regulatory compliance series of webinars.
th th

Speakers
The event commenced with Welcome and introduction from Rebecca Bond, Group Marketing Director. The key presentation, explaining regulatory risk issues, was given by: David Wilford Director Compliance Products Lombard Risk The webinar focused on the BANKING sector, having attracted the most publicity and not in a good way, although the issues addressed apply equally to insurance companies, asset managers anyone in the financial sector or companies subject to considerable regulatory demands and supervision.

Regulatory risk
Given the enormous task faced by compliance functions in ensuring compliance in an ever-changing and demanding regulatory environment, regulatory risk is the biggest challenge firms now face. Defined as the risk to earnings, capital and reputation associated with a failure to comply with regulatory requirements and expectations. The financial sector is subject to a plethora of regulations governing every aspect of an institutions business.

IN CONCLUSION regulatory pressure is already severe but unfortunately is destined to get much worse, which means that many compliance functions are facing an extremely serious situation, especially given the lack of investment in appropriate resources. In fact, they themselves may become a risk to the institution.

www.lombardrisk.com

Managing collateralised trading | Enabling regulatory compliance

Event summary
Whats wrong with the current approach?
Compliance has moved from a tick-box approach to being montiored and measured on a RISK basis As a result, firms focus on high-risk areas (where non-compliance most impacts the bottom line) and low-risk areas were moved off-the-radar Compliance with new regulations embedded within implementation Reliance placed upon the majority of simple business operations being inherently compliant The result is that, even today, reliance is placed upon the majority of simple business operations being inherently compliant with applicable regulations and therefore off-theradar as far as a detailed examination - to determine the state of compliance - is concerned. And then to aggravate the situation, many compliance functions are expected to work with hard copies of the regulations, manual files and spreadsheets (which the FSA is introducing demands be subject to strict governance).

Whats the new approach?

Prudential Regulation Authority (PRA), taking over from the FSA, as per the joint Bank of England/FSA paper issued last month entitled The PRAs approach to banking supervision Taking a judgemental approach to supervision: safety and soundness (a term that appears 52 times in the aforementioned paper) Clause 69:

All of the above processes were no doubt deemed simple and straightforward and as a consequence, only warranted the occasional cursory review, yet the financial and reputational impact on individual banks for non-compliance with the relevant regulations has been enormous. And then we have UBS providing an additional $968m in provisions during the first 9 months of this year for litigation and regulatory matters alone! And so it goes on

What are firms options?

A change of approach IS required but what to do? Should the focus continue to be on high-risk business areas, and run the risk of noncompliance in low-risk areas? OR Should compliance functions restructure their approach to address both the principles-based and the rules-based regulatory requirements? Regulators are clearly going to place more and more reliance on a firms compliance and audit functions to enforce compliance and where necessary, justify partial or noncompliance. They are also looking to the Board of Directors and senior management to take responsibility possibly at a personal level - for any failures in compliance.

www.lombardrisk.com

Managing collateralised trading | Enabling regulatory compliance

Event summary
A new approach
Ensuring full compliance with every applicable prudential and non-prudential regulation is obviously an impossible task given the sheer quantity of the regulations, the dynamics of the financial institution and the resources available to compliance and audit functions who, historically, have suffered from a lack of investment.

Deficiencies in compliance and audit functions in terms of both approach and resources - must be addressed if a firm is to minimise regulatory risk and avoid the consequences of non-compliance
Tactical vs strategic
Tactical solutions are no longer viable. Firms require a strategic solution to address the PRAs approach to supervision: All-encompassing, demanding firms not only comply with the spirit of the regulations but also each and every applicable regulation.

The answer may therefore be to assess regulations not only in terms of the impact on the bottom line, but also in terms of the regulatory consequences of non-compliance. In other words, a regulation may be deemed low-risk if the institution believes that the consequences of non-compliance would just be a disapproving look from the regulator, whilst noncompliance with a high-risk regulation may prompt a Pillar 2 capital levy or drop in share price as a result of reputational damage. Certainly, it would be inappropriate to focus simply on highrisk regulations for exactly the same reason as focusing on high-risk business areas diverted attention from areas that subsequently proved to be costly when breaches in compliance were uncovered. However, combining the two approaches may assist an institution in avoiding the same mistakes made by some institutions this year. Compliance and audit functions are clearly caught between a rock and a hard place, having responsibility for compliance with thousands of regulations but often restricted as to appropriate resources, on the grounds of cost. Indeed, it is fair to say that these functions have in the past been deemed to be a necessary evil, costing an institution money to run but with no apparent benefit.

Lombard Risk solution

ComplianceASSESSOR has been designed to address these requirements by: Accommodating an unlimited and searchable library of multi-jurisdictional prudential and non-prudential regulatory books applicable to the firms businesses, including internal regulations e.g. the FSA Prudential Sourcebooks, European Directives, Sarbanes Oxley and even the various UK laws applicable to in this case - the financial sector Accommodating four categories of book that cover business and governance regulations, training material and consultative / discussion documents

Unfortunately, it is failures in compliance that are headlined, not the success of ensuring compliance.

www.lombardrisk.com

Managing collateralised trading | Enabling regulatory compliance

Event summary
Highlighting new and amended regulations for review and / or possible assessment, thereby avoiding inadvertent breaches in compliance Identifying a change to a policy or procedure that may inadvertently result in a breach in compliance Mapping policies & procedures, or indeed any documents, to the relevant regulations in order to evidence compliance with the relevant regulations on the assumption that policies & procedures are adhered to in practice. Providing that the institution maintains strict version control over such documents, any changes to the mapping are identified and the relevant regulations highlighted for review and possible re-assessment management to monitor and manage compliance more efficiently throughout the organisation. And finally, all of this information - relating to the assessment of applicable regulations, including all supporting documentation and reports - is immediately identifiable and retrieval, saving considerable time and expense when responding to a query or demand.

Questions from the audience

1. How will the PRA and FCA exercise a judgemental approach? We understand that the PRA's approach will be based on empirical evidence e.g. the FSA's past experience with the particular institution and experience with institutions within the same peer group. The PRA will also look at the position occupied by the institution within the marketplace (degree of influence / importance) in determining the extent of compliance expected of the institution. The difficulty lies in the interpretation of the empirical evidence! 2. Will we ever get out of this situation? The simple answer is 'No' - for the simple reason that there are far too many regulations to ensure compliance against. There will therefore always be some possibility of noncompliance as in the example of rogue traders. Consequently, the only solution is to adequately resource compliance functions, and ensure the capture of evidential documentation to show that at least best efforts have been made to comply.

Accommodating an assessment process where not only are policies & procedures mapped to the relevant regulations, but action plans may be established to address deficiencies in compliance, each action plan being documented where appropriate Accommodating the four-eyes approach by requiring assessments to be approved by an independent officer The ability to code the regulations in terms of the consequences of non-compliance, as mentioned previously. And more importantly, requiring assessments relating to high risk regulations to be approved not only by an independent officer but also by an appropriate executive or senior manager which should prove a useful tool given the PRAs intended approach to executive responsibility. This Risk Severity Indicator (RSI) is also used extensively in the dashboard to highlight, for example, action plans associated with the assessment of high-risk regulations that exceed their anticipated completion date or where confidence in achieving compliance moves to red on a RAG code. As one would expect, all of this information and much more is captured and displayed, focusing attention on compliance issues and enabling senior

Online survey
The audience were polled 3 times to gain their input: 1. Do you think your compliance team will be able to handle compliance with regulations in the future, given the anticipated changes in the regulatory landscape? Nearly 40% of respondents did not think the compliance department could manage without additional resources. 2. To what extent does your firm hold applicable regulations in electronic format? NOBODY could say that their firm was paper-free: but 86% indicated that MOST of the documents were now stored in electronic format. 3. What do you use to maintain a record of compliance against current regulations? An overwhelming 70% indicated that they use SPREADSHEETS to maintain compliance records.

For more information visit www.lombardrisk.com and / or email info@lombardrisk.com

www.lombardrisk.com

Managing collateralised trading | Enabling regulatory compliance