APRA to Emphasize Operational Risk and Resilience

Starling Team

Australian banks, insurers and superannuation (pension) funds are likely to be subject to increased scrutiny as the Australian Prudential Regulation Authority (APRA) rolls out a replacement for its 15-year old supervisory framework. New areas of focus include operational resilience, cybersecurity and governance, culture, risk and accountability factors, known as GCRA.

This new model, Supervision Risk and Intensity (SRI), will replace the existing Probability and Impact Rating System (PAIRS) and the Supervisory Oversight and Response System (SOARS). APRA Deputy Chairman Helen Rowell warned member entities that additional granularity under the new system could well cause the rankings of some institutions to change.  “The transition from PAIRS and SOARS to the SRI Model commences in October 2020 and will be completed by June 2021,” Rowell said. “The move to the SRI Model could lead to a change in the intensity of supervision that APRA applies for some entities.”


The second stage of the SRI will see institutions issued with school-style grades, from A to F, across up to 30 categories of examination. An A-grade indicates that the regulator sees minimal risk, while a grade of F will represents critical perceived risk.  Once an institution’s overall risk rating has been established, it will be awarded a “stage” (from 1 to 5). Firms with a Stage 1 designation will require routine supervision, while stage 5 indicates that APRA believes an institution no longer viable.

Against this backdrop, it is all the more important that firms adopt credible and data-driven metrics to evidence their level of GCRA risk and a capacity for proactive course-correction where needed to sustain resilience.

Read more

Expand

Why Risk Management Is More Important Than Ever

Starling Team

A recent Forbes article took a closer look at the challenges and risks organizations are currently facing. Maintaining business operations in an increasingly volatile and complex business environment is difficult. Doing this successfully requires proactive solutions encompassing people, data and infrastructure. Organizations need to move quickly to deal with risks as they evolve. That can’t be accomplished if risk management is sequestered in the back office.

Emerging technologies such as machine learning and artificial intelligence show great promise in helping risk managers pinpoint specific risks and develop responses. However, many risk teams haven’t taken full advantage of mature technologies in areas including data, analytics and modeling. These technologies can reduce efforts in lower-risk areas and help managers focus on real threats that are critical to the organization.

Risk managers need to do more than identify and mitigate potential risks. They need to be active, not passive, or reactive. To do this, they can use external or internal data sources to identify digital signals that provide early indicators of potential problems. New technologies can turn this data into insights and uncover business threats and opportunities.

Keep reading

Expand

FCA Action Against Companies Dropped at Start of Pandemic

Starling Team
Nikhil Rathi recently began his tenure with the Financial Conduct Authority as its new chief executive. Previously a senior executive at the London Stock Exchange, Rathi takes the helm of the financial regulator just as the UK is battling to contain a second wave of the COVID-19 pandemic and as policy-makers begin to determine how the region’s finance sector will adapt to life outside of the European Union.  How the FCA handles this era will set pressing questions before Rathi.

Should the FCA toughen up its approach to enforcement? How can it strictly police a sector that could also be under significant pressure to remain a competitive financial center? Can the FCA help the UK retain its position as a fintech hub?

Earlier this year, the FCA confirmed it would delay up to two-thirds of its regulatory initiatives as a result of the virus crisis. Rathi will be under pressure to get those initiatives back on track given fears that the pandemic will have led to an uptick in misconduct in the UK market.

The Financial Times reported that the regulator took significantly less action over financial misconduct at the start of the pandemic. For instance, only 36 new enforcement cases were opened between March 1 and May 31 this year, compared with 148 during the same period in 2019. However, more FCA warning notices were issued during the period around the lockdown. 

The FCA has said that fewer enforcement cases does not mean it was overlooking wrongdoing. “Enforcement has continued as normal during the pandemic,” said a spokesperson. “The FCA will open cases where it suspects serious misconduct, with the number of new cases fluctuating month on month and year on year. “

Douglas Cherry, a partner at law firm Reed Smith also said, “Whilst not relishing the prospect, we should all expect the regulator to be back, with its foot firmly on the gas.”

Read more
Expand

Regulators Fine Citigroup $400 Million Over ‘Serious Ongoing Deficiencies’

Starling Team
Citigroup Inc. was fined $400 million by U.S. federal banking regulators and ordered to fix its risk-management systems, citing “significant ongoing deficiencies.” The Federal Reserve faulted Citigroup for falling short in “various areas of risk management and internal controls” including data management, regulatory reporting and capital planning. 

Consent Orders from the OCC and Fed require that Citigroup make several changes as part of a risk overhaul. The Orders also requires Citigroup to seek approval for any acquisition, and afford the regulators power to order the bank to replace managers or directors. 
“We are disappointed that we have fallen short of our regulators’ expectations, and we are fully committed to thoroughly addressing the issues identified in the Consent Orders,” the bank said. “Citi has significant remediation projects under way to strengthen our controls, infrastructure and governance.”

The required overhaul will be an expensive but necessary initiative for the organization to manage risks and improve their infrastructure.  Many of Citigroup’s businesses run on their own independent systems that have their own methods for tracking customers and transactions. Regulators have long fretted that the hodgepodge of systems could make the bank vulnerable to costly and potentially damaging missteps.

This unusual set of steps on the part of the Fed and OCC are in keeping with recent actions involving Wells Fargo and JP Morgan. Together the enforcement activity signals an end to the ‘more of the same’ approach that banks of brought to risk management, and particularly non-financial risk management.  New approaches are being demanded and it is clear that new technologies and methodologies will have to play a part in the future risk management landscape.

Read more
Expand

FMA Tells Finance Firms to up Their Game

Starling Team
The New Zealand Financial Markets Authority is running out of patience with some firms, telling them they’ve had long enough to sort out governance and compliance issues.  FMA chief executive Rob Everett said firms could expect a crackdown if effort was not made soon.  Everett said a review into firms’ culture and conduct in 2018 and 2019 had resulted in improvement but there was plenty still to be done.

“We saw much good progress over the last year but were unimpressed by attitudes from one or two firms that suggested to us that they saw good conduct as something that only needs to be demonstrated when we visit. This is not a box-ticking exercise, it needs to be woven into the culture of providers.”

The FMA recently released a report on its supervision of the sector between January 2019 and June 2020. It found that many entities were working hard to meet expectations, but there are still several entities lagging behind. “We have signaled over the last couple of years increasing impatience where things aren’t being done to the standards that we require,” Everett added.  

He went on to argue that leaders must take action to address risk and compliance issues before these weaknesses create additional problems that will impact their organizations and the sector at large.

Read more
Expand