introduction to iops principles for risk based supervision ross jones – president iops deputy...
TRANSCRIPT
Introduction to IOPS Principles for Risk Based Supervision
Ross Jones – President IOPSDeputy Chairman, Australian Prudential Regulation Authority
Regional IOPS Workshop on Private Pension Supervision Lima, Peru
8 September 2011
IOPS Principles of Private Pension Supervision
Principle 1 : Objectives
National laws should assign clear and explicit objectives to pension supervisory authorities
Strategic objectives should be clear and public Responsibilities of the pensions supervisor
should give a clear mandate and assign specific duties
IOPS Principles of Private Pension Supervision
Principle 1 : Objectives; Assessment questions
Is there legislation providing for a pension supervisor? Does the legislation set out objectives? Are objectives public and binding? Does the legislation explicitly set out
responsibilities and duties of the pension supervisor?
Does the supervisor explicitly set out its responsibilities and duties (and are they consistent with legislative objectives?)
IOPS Principles of Private Pension Supervision
Principle 2 : Independence
Pension supervisory authorities should have operational independence
Autonomy in day-today operations and decision making
Funding to ensure independence Appointment procedures transparent Judicial review of supervisory actions
IOPS Principles of Private Pension Supervision
Principle 2 : Independence; Assessment questions
Is the supervisory authority established as a body with operational independence?
What type of restrictions exist on the ability of the government to make directions to the supervisory authority?
Is there transparency in the process for appointing senior positions?
Is there transparency in the process for terminating senior positions so that threat of termination can’t be used to influence decisions?
Are senior officers replaced when there is a change of government?
If funded by levies on supervised entities, is there freedom from interference by these entities?
Is the agency head appointed for a fixed term?
IOPS Principles of Private Pension Supervision
Principle 3 : Adequate resources
Pension supervisory authorities require adequate financial, human and other resources
Able to conduct functions efficiently and independently
Funding to ensure independence
IOPS Principles of Private Pension Supervision
Principle 3 : Adequate resources; Assessment questions
Is the budgetary timeframe long enough (e.g. 3 years) to provide stability in planning and recruitment?
Is the budget sufficient to enable supervisory agency to meet its responsibilities? (very subjective)
Does the agency have freedom in hiring with regard to staff numbers and salary?
Are senior staff appropriately qualified? Is the fee structure transparent?
IOPS Principles of Private Pension Supervision
Principle 4 : Adequate powers
Pension supervisory authorities should be endowed with the necessary investigative and enforcement powers to fulfil their functions and achieve their objectives
Powers appropriate to the system being supervised
Powers appropriate to the manner of supervision e.g. appropriate investigatory and enforcement powers
IOPS Principles of Private Pension Supervision
Principle 4 : Adequate powers; Assessment questions
Are the supervisor’s powers clearly established by its governing legislation?
Can the supervisor gain access to the information it needs? Is there a licensing or registration process that enables the
supervisory agency to obtain relevant information and to reject/amend/revoke the license/registration in the case of serious non-compliance?
Can the supervisor enforce legislation relating to funding/capital adequacy, fitness and propriety?
Have there been any difficulties in using available powers? Is the legal framework flexible with appropriate gradation of
powers and defined strategic goals?
IOPS Principles of Private Pension Supervision
Principle 5 : Risk orientation
Pension supervision should seek to mitigate the greatest potential risks to the pension system
Objectives of supervision should be risk-based Allocate supervisory resources to highest risk
areas Pro-active approach to avoid problems before
they occur
IOPS Principles of Private Pension Supervision
Principle 5 : Risk orientation; Assessment questions
Are the supervisory authority’s objectives risk based rather than focusing on compliance?
Are resources of the authority allocated to the highest risk areas?
Do the supervisors consider both the probability and likely impact of potential risks?
Does the supervisor assess risks for each entity under supervision (for example by a risk scoring model)
IOPS Principles of Private Pension Supervision
Principle 6 : Proportionality and consistency
Pension supervisory authorities should ensure that investigatory and enforcement requirements are proportional to the risks being mitigated and that their actions are consistent
Important to have the appropriate range of legal powers and tools Similar cases dealt in similar manner and follow due process Balance costs and impact of supervisory action Risk assessment and supervisory action should avoid
procyclicality
IOPS Principles of Private Pension Supervision
Principle 6 : Proportionality and consistency; Assessment questions
Can the supervisory authority vary its activities according to the magnitude of risks being addressed?
Does the supervisory have procedures for helping the choice of a proportionate response, such as an enforcement pyramid?
Does the supervisory allow entities appropriate flexibility in deciding how to comply with legislation?
Are there processes in place to ensure consistency between actions where circumstances are similar?
IOPS Principles of Private Pension Supervision
Principle 7 : Consultation and cooperation
Pension supervisory authorities should consult with the bodies they are overseeing and cooperate with other supervisory authorities
Industry consultation assists to get ‘buy-in’ Information exchange with co-regulators at home
and under cross-border arrangements promotes efficiency and supports preventative measures
Intensify coordination during periods of financial difficulty
IOPS Principles of Private Pension Supervision
Principle 7 : Consultation and cooperation; Assessment questions
Does the supervisory authority consult with the pensions industry when determining strategic supervisory approaches?
Is the supervisory authority empowered to exchange information with equivalent oversees authorities, subject to appropriate requirements?
IOPS Principles of Private Pension Supervision
Principle 8 : Confidentiality
Pension supervisory authorities should treat confidential information appropriately
Only release if permitted by law If in doubt, check first Principle extends ‘down the line’ Codes of confidentiality for staff Publish confidentiality policy
IOPS Principles of Private Pension Supervision
Principle 8 : Confidentiality; Assessment questions
Does the supervisory authority have a confidentiality policy which sets out the authority’s procedures to prevent inappropriate disclosure of non public information?
Are there mechanisms to prevent disclosure of confidential information by staff, including after they have left the supervisory authority?
IOPS Principles of Private Pension Supervision
Principle 9 : Transparency
Pension supervisory authorities should conduct their operations in a transparent manner
Adopts clear, transparent and consistent processes
Regularly reports on policy and performance Subject to external review Publishes industry information and supervisory
response framework (e.g. enforcement pyramid)
IOPS Principles of Private Pension SupervisionPrinciple 9 : Transparency; Assessment
questions
Does the supervisory authority publish its rules and procedures?
Is the supervisory authority subject to appropriate audit and reporting requirements (that do not compromise its independence)?
Does the supervisory authority publish an Annual Report explaining how it has (or has not) met its objectives?
Does the supervisory authority explain to individual supervised entities why it has taken particular action?
IOPS Principles of Private Pension Supervision
Principle 10 : Governance
The supervisory authority should adhere to its own governance code and should be accountable
Controls, checks and balances Code of conduct Decisions are reviewable Accountable to e.g. Parliament, members and beneficiaries Governance codes, internal risk management systems.
IOPS Principles of Private Pension Supervision
Principle 10 : Governance; Assessment questions
Does the supervisory authority have appropriate codified procedures for internal governance, and is compliance with these, monitored and enforced?
Is there a code of conduct for all staff regarding gifts, hospitality etc and declaring conflicts of interest?
Is there independent review within the agency of decisions which have significant implications for the supervised entity?
Is there an appeals process against decisions? Does the supervisory agency measure its performance
against objectives and provide external stakeholders with the results?
IOPS Principles of Private Pension SupervisionMETHODOLOGY
Provides a structured framework for assessing the extent to which a pension supervisory authority complies with the letter and spirit of the Principles
Can be used for external or self-assessment Also indicates type of evidence that may help to answer questions Compliance rated as:
- Fully implemented – the IOPS Principle is implemented in all material respects
- Broadly implemented – the Principle is implemented in all but one or two material respects and the exceptions do not significantly detract from the overall opinion. It should be possible to say something positive about compliance in answer to nearly every question
- Partly implemented – while a negative answer is given to some questions, the responses to the majority of the questions are consistent with compliance
- Not implemented - there are major shortcomings against the Principle
- Not applicable –the Principle does not apply due to structural, legal or institutional features
IOPS Principles of Private Pension Supervision
Self assessment results
Well Implemented Principles Medium Implemented Principles
Poorly Implemented Principles
1 Objectives
10 Governance 5 Risk-based Supervision
4 Powers
9 Transparency 6 Proportionality + Consistency
7 Communication
2 Independence 3 Adequate Resources
8 Confidentiality
IOPS Principles of Private Pension Supervision
Recommendations• To improve compliance with the IOPS Principles, pensions
supervisory authorities may consider: Embedding strategic objectives in legislation, make these omore risk-
orientated, and publish performance assessment vs. them Making appointment of head of authority and board transparent and fair
(requiring suitable professional experience) Striving for more autonomy in the setting of supervisory budgets
(including longer time periods) Introducing indemnity for the authority’s staff Striving for more independence and flexibility in terms of staff policy Using the introduction of risk-based supervision to review and redefine
required supervisory powers. Developing a formal framework for risk-based supervision
IOPS Principles of Private Pension Supervision
Recommendations Developing procedures for articulating supervisory responses (e.g.
enforcement pyramid). Intensifying dialogue with supervised entities to help aid their
understanding of supervisory expectations, procedures and actions, Improving international dialogue with supervisory peers. Drafting manuals for the treatment of confidential information Undertake cost-benefit analysis of supervisory actions. Strengthening the government requirements of the supervisory
authority itself (introducing codes of conduct, reviews of supervisory interventions etc.)
What is Risk-based Supervision? • A structured approach focusing identifying potential risks faced by pension
funds and assessing the financial and operational factors in place mitigate those risks. This process then allows the supervisory authority to direct its resources towards the issues and institutions which pose the greatest threat.
• Can be applied in many different ways quantitative measures of risk vs. qualitative judgement of risk management risk-scores for each entity vs. analysis of risks systemic to pension system identify weak areas within a supervised entity vs. which institutions
amongst thousands may pose the greatest threat
• Elements common to all RBS systems Determine objectives of supervisory authority + greatest risks to these Assess hazard or adverse events + likelihood of these occurring Assign scores and / or ranks to firms or activities based on assessments Link supervisory response to the risk scores assigned
Combine ‘risk’ and ‘rules’ based approach
Risk-based Supervision DB vs DC
RBS DB• Focus on sponsor• Solvency and
funding key issues• Use of quantitative
measurement tools
RBS DC• Focus on individual
members• Focus on risk-
management systems
• Qualitative measurement more appropriate
Why adopt Risk-based supervision?
• To improve supervisory effectiveness and efficiency
• To address internal organisational concerns• To adapt to changes in the overseen industry• To gain legitimacy following supervisory failure • To meet requirements imposed by legislation• To adapt to the changing nature of financial risks
themselves, as these become more complex and - with the growth of DC pension systems - are increasingly transferred to individuals
Challenges
• Combining simplicity with complexity • Knowledge and data • Ensuring that assessments of firms are forward looking• Going beyond the individual firm in assessing risk• Structure and operation of internal risk governance
processes• Changing the culture to embed the risk based approach
across the whole organization• Managing blame• Making resources follow risks
Lessons Learnt
• Adaptation of Models - consult widely but build your own/ flexibility, upgrades, pilot test
• Application of Models – know weaknesses /use with judgment• Data Collection – plan properly/ use existing where possible/ collect
electronically• Reorganisation of the Supervisory Body – allow plenty of time• Staff – train all on philosophy as well as process• Industry – explain new approach and what is expected of them• Powers – make sure sufficient data collection + enforcement powers• Risk-based solvency – apply flexibly in volatile conditions / counter-cyclical• Systemic risk – build into analysis • Think in terms of achievability – target resources for maximum impact• It is worth doing
IOPS Toolkit for Risk-based Supervision