INTRODUCTION
Why were some countries with similar financial systems, operating under the same set of global rules, less affected than others in the recent global financial crisis? Although there may be more than one reason, one that has been offered is simply “better supervision.” In some of the crisis-affected countries supervision has not proved to be as effective as it should have been—hence, looking ahead what is needed is not just better regulation, but also better supervision. Supervision is not only about the tasks of implementation, monitoring, and enforcement of the regulations. No less crucially, it is about the tasks of figuring out whether an institution’s risk management controls are adequate and whether the institution’s culture and appetite for risk significantly increase the likelihood of solvency and liquidity problems.
What then constitutes better supervision, and how can countries identify and provide the right set of incentives and the institutional and operational framework to enable “better supervision”? This is a difficult question to answer. The international response to the crisis has focused on the need for more and better regulations in areas such as capital, liquidity, provisioning, accounting, and compensation (G-20, 2009a). Although these changes are necessary, they also must be accompanied by better oversight of the financial sector, because expanding the rule book will not be sufficient in itself to solve the problem. Unfortunately, what has been less prominent so far in the global response is an examination of the role of the other established pillars of oversight: supervision, governance, and market discipline. An institution can never have enough capital or liquidity if there are material flaws in its risk management practices. As the rule book becomes more detailed and complex, the supervisory approaches and skills required to implement the rules will become more challenging. (Box 5.1 discusses what makes financial sector supervision different from supervision in other industries.)
What Makes Financial Sector Supervision Different?
Supervision is not unique to the financial industry. What makes it different is the nature of the relationship between supervisors and industry, particularly in the context of prudential supervision. There is near-continuous involvement of supervisors in the birth, life, and death of the institutions they supervise. They license them; make sure that the people who own and run them are up to the task; lay out the rules that they must follow; guide them on how they should manage and disclose risks in their activities; continuously monitor their actions; impose penalties for bad behavior; and then take a leading role in the resolution of these institutions when they fail—be it finding new owners or leading creditors through bankruptcy. In other industries, these functions are divided across a host of agencies. Moreover, supervisors’ successes are unknown and unheralded, while their failures are dramatic and headline-grabbing and, as we have seen, may have serious consequences for the global economy. The varied expectations that this range of roles places on supervisors makes supervision an extremely challenging and often underappreciated task.
As the financial system has evolved, so has the regulatory and supervisory framework. In its earlier forms, the supervisory approach was more “compliance based” or “enforcement based,” with the main supervisory task being to ensure that all the rules laid out for safety and soundness (or conduct of business) were adhered to. There are risks in taking a mainly compliance-based approach, particularly where associated with relatively detailed rules-based regimes. It can lead to excessive focus on more easily observed noncompliance—such as breaches of capital adequacy requirements and demonstrable cases of customer mistreatment—and to insufficient understanding of key business drivers and flaws in risk management practices. It tends to be backward looking and can fail to identify the major risks that institutions are facing in the future. It can deal poorly with innovation. Equally, an element of compliance monitoring and use of enforcement powers is necessary in any system to ensure that essential minimum standards are met and that the overall regulatory and supervisory regime has credibility.
The compliance approach worked well so long as the banking business was straightforward deposit-taking and loan-making and the key risk was credit risk. Supervisors focused on examining the loan book and ensuring that banks held sufficient capital and provisions for credit risk losses. After the waves of deregulation and the technology revolution of the 1970s and 1980s, financial institutions, and their activities and products, underwent a profound change. In banks, there was a veritable explosion of off-balance-sheet items triggered by forays into more complex financial products, such as derivatives and securitizations. The boundaries between banks, securities firms, investment banks, and insurance companies blurred and their products began to straddle the different market segments. Bank books took on market risks arising from their trading activities, including positions in equity, debt, commodities, and foreign exchange. The changing scenario led to a shift in approach by many supervisors, referred to as risk-based or risk-focused, where supervisors focused their limited supervisory resources on major risks. Risk-based supervisory approaches vary, as do the methodologies for measuring risk for these purposes. They comprise a combination of rigorous risk assessment and a careful management of resources to ensure that they are in practice allocated as far as possible to the major risks. To be effective, risk-based approaches need to ensure that resources are committed not simply to the highest risks but to those that the supervisor has the best chance of mitigating.
This period also saw the emergence of large global financial groups, spurred by the ongoing liberalization of trade in services and deregulation in emerging markets. Financial services globalization posed additional challenges for supervision. It led to a focus on the development of internationally agreed-on standards and highlighted the importance of home and host supervisors working together to deal with issues posed by cross-border activities. The model advocated was that of the home supervisor being primarily responsible for the consolidated supervision of the global entity, based on information received from host supervisors on domestic operations.
Financial globalization also affected supervision in another indirect way. The competition for markets led some financial centers to adopt more market-friendly supervisory approaches. At the same time, supervision was also moving toward a greater recognition of banks’ own methods to manage risks in meeting regulatory requirements. Basel II, in particular, was a landmark in its increased acceptance of banks’ own internal models, spurred by advances in risk-modeling techniques. Thus, large and complex depository institutions with strong risk management were permitted greater use of their own methods to assess risks and accordingly determine the regulatory capital they needed to hold.*
* What is often forgotten is that this ability was neither unrestricted nor permanent. Basel II also mainstreamed the three-pillar approach, articulating what was a very sound supervisory philosophy: that sound regulation (Pillar 1) had to be accompanied by strong supervision and risk management (Pillar 2) and complemented by strong market discipline (Pillar 3) to be effective. In any case, this approach in itself was not the reason for the crisis—Basel II was still in the process of being implemented in major jurisdictions when the crisis broke.This chapter focuses on lessons that can be drawn from failures in supervision in this crisis that may help prevent future crises, and it discusses how the function of supervision needs to adapt to the new regulatory framework. It confirms that much of the international consensus on the elements of supervision does work well, and then discusses how this consensus failed to deliver in the lead-up to the crisis in some circumstances. Examining this failure, we can then draw out some additional elements of good supervision and identify what more may need to be done to ensure that supervisors have the will and ability to act in all situations. To be effective, supervision needs to be intrusive, adaptive, skeptical, proactive, comprehensive, and conclusive. For this to happen, the policy and institutional environment must support both the supervisory will and the ability to act. Although our discussion is mainly focused on microprudential supervision, the issues presented are relevant to macroprudential supervision2 (the operational framework, which is still evolving) as well as to market conduct supervision.
SUPERVISION AND THE FINANCIAL CRISIS: WHAT WENT WRONG?
What caused supervision to take its eyes off the ball in several countries? The regulatory framework certainly was part of the reason. Regulations did not adequately capture the risks that banks were exposed to, for example in the regulatory approach to market risk capital for trading book positions. Also, the regulatory perimeter was not expansive enough and did not take into account the buildup of risks in the shadow banking system. Yet while the legal and regulatory framework may not always have facilitated the exercise of needed supervisory action (e.g., the ability to perform consolidated regulation and supervision in some countries), it did not impede supervision.
In this context, it is worth recalling how supervision failed to recognize and/or address some growing risks and thus contributed to the financial crisis. An important caveat here is that the events and the reasons were different in different jurisdictions, and what is presented here is a generalized description based on these separate occurrences. As various examinations of the crisis have revealed, there were abundant examples of supervision failures that turned out to be costly.
-
Staying on the sidelines and not intruding sufficiently into the affairs of regulated institutions. In some cases, supervisors were too deferential to bank management. The high degree of reliance placed by many supervisors on institutions’ internal controls, internal risk management systems, and management’s perceptions of risk (or lack thereof) was not matched by a focus on ensuring that governance was sufficiently robust to justify this. Therefore, failures of internal oversight and risk governance at firms were in effect transmitted through supervisors. Reliance on market discipline also turned out to be misplaced in some cases. Institutional investors did not do their own due diligence and relied on rating agencies. Rating agencies, in turn, ignored the conflicts of interest in their business models, which provided incentives to overrate products and clients.
-
Not being proactive in dealing with emerging risks and adapting to the changing environment. Supervisors did not in all cases have a capacity to identify risks or to act on them when identified. In some cases, they did not look ahead and anticipate the effects of emerging risks on the financial system or the larger economy. In others, they did not respond strongly enough to the movement of some institutions toward higher-risk strategies and innovative products, or to the buildup of leverage and high-risk exposures. They did not dig deeply enough into the implications of some complex products, nor did they satisfy themselves that the boards of the institutions packaging or investing in such products understood their risk. They did not react appropriately to the increased dependence of many institutions on short-term wholesale funding or to the risk that was building up in off-balance-sheet entities.
-
Not being comprehensive in their scope. Supervisors confined their interest to risks faced by their regulated entities from within the regulated system and did not go beyond to examine risks posed by other parts of the system or the risks that systemically important institutions posed to the others. Filling this gap goes beyond supervisory arrangements, encompassing strengthened rules and regulation and a reconsideration of the regulatory perimeter—which must be wide enough to facilitate risk identification.
-
Not taking matters to their conclusion. In some cases, supervisors were aware of the risks that were building up as underwriting standards deteriorated and the markets were flooded with misrated financial products of questionable quality. They did not move quickly enough to put together their supervisory conclusions and develop a view of risks emerging system-wide. The lack of timely and effective coordination and information sharing among supervisors contributed to creating opportunities for regulatory arbitrage and excessive risk concentrations.
HOW DO COUNTRIES FARE AGAINST SUPERVISORY STANDARDS?
The IMF (with the World Bank) routinely comments on the effectiveness of supervisory systems in member countries through assessments of national systems’ compliance with financial sector standards and codes. The relevant standards and codes are the Basel Committee’s Core Principles for Effective Banking Supervision; the International Organization of Securities Commissions’ (IOSCO) Objectives and Principles for Securities Regulation; and the International Association of Insurance Supervisors’ (IAIS) Insurance Core Principles (see Appendix 5.1 for a listing), which are conducted as a peer review with the support of supervisory experts. To date, more than 150 assessments under the Financial Sector Assessment Program (FSAP) have been conducted (including updates). The observations in this paper draw on the experience that staff have gained in the course of these assessments.
We have learned from our financial sector work that the implementation of a regulation (including regulatory guidance on risk management) matters as much as the regulation itself, and that implementation is more difficult to carry out and more difficult to assess. In response, recent revisions in the methodologies used to assess the effectiveness of supervisory frameworks place more emphasis on implementation and therefore will deliver more robust assessments regarding implementation than earlier.
Our analysis of the findings of the assessments of financial sector supervisory and regulatory standards conducted since 2000 shows us that although most countries have the necessary legislation, regulations, and supervisory guidance appropriate to their national systems, a significant proportion of them do not do as well when it comes to the nuts and bolts of supervision across the different sectors.3 An important caveat when interpreting these results is that they reflect the position at the time the assessment took place and do not incorporate any improvement that countries may have made since the assessment.
Basel Core Principles for Effective Banking Supervision
The analysis of weaknesses in this crisis mirrors what we find in our FSAP work. Observations from 120 assessments of banking supervision, which used the methodology developed by the Basel Committee in 2000 to assess compliance with its 25 Core Principles (1997 version), suggest that most countries were largely in compliance with international standards on the legal and institutional framework for supervision and the authorization and conduct of banking business (Figure 5.1). However, in more than one-third of the assessments, countries did not meet the standards relating to the supervision of risks (other than credit risk) (Basel Core Principle [CP] 13), consolidated supervision (CP 20), adequate resources and operational independence (CP 1.2), and enforcement powers (CP 20),4 reflecting key dimensions of both supervisory “will” and supervisory “ability” (discussed in the section later in this chapter on “Advancing the Supervisory Agenda”).
Basel Core Principles of Banking Supervision
(1997 Version)
Among the deficiencies in risk supervision were a lack of supervisory awareness and training, inadequate and dated tools and methodologies to evaluate banks’ risk management approaches, and an absence of authority to require banks to hold capital against such risks. For consolidated supervision, weaknesses identified included a lack of reliable consolidated information, a lack of ability and skills to examine and supervise some financial activities, and a lack of direct access to nonconsolidated subsidiaries and holding companies. In the case of enforcement powers, although most countries had a range of legal powers to take action, generally there was a lack of clarity as to the means by which sanctions were to be matched to the severity of the infringement—resulting in the powers not being applied consistently and in regulatory forbearance, so that supervisory actions were not seen as credible.
The methodology used by assessors was revamped by the Basel Committee in 2006, with a strengthened focus on implementation aspects. Recent assessments of 24 countries using the revised methodology identified a high incidence of deficiencies in consolidated supervision (CP 24), operational independence (CP 1.2), powers to take corrective action (CP 23), and comprehensive risk management (CP 7). (See Figure 5.2.) This last principle summarizes the supervisory review process laid out in the Basel II framework, with supervisors required to satisfy themselves that banks have an appropriate and comprehensive risk management process, including board and senior management oversight and encompassing all material risks.
Basel Core Principles of Banking Supervision
(2006 Version)
IOSCO Objectives of Securities Regulation
Assessments of countries against the 30 Core Principles that comprise the IOSCO Objectives and Principles for Securities Regulation reveal similar weaknesses. The weakest areas of compliance with these standards are in the areas of operational independence (CP 2); adequate powers, resources, and capacity (CP 3); and credible use of inspection, investigation, surveillance, and enforcement powers (CP 10). (See Figure 5.3.)
IOSCO Objectives and Principles for Securities Regulation
A 2007 IMF working paper, which presents this analysis for a group of 74 countries, summarizes the situation as follows:
Enforcement of compliance with rules and regulations emerged as the overriding weakness in regulatory systems. Regulators rely on a continuum of operations to effect regulation: beginning with routine inspections and reporting and culminating in special investigations and enforcement actions. We observed a chronic lack of skill and knowledge in the practice of inspections and the use of reporting tools. Further, there was a lack of resources, skill, and legal authority required to effectively undertake investigations and bring enforcement actions. While the regulator may be able to react to market needs with new laws and new regulatory guidance, it appears it is much more difficult to ensure these laws are complied with and the lack of ability to do so undermines the whole regulatory process. (Carvajal and Elliott, 2007)
IAIS Principles of Insurance Supervision
The assessments of 26 countries against IAIS’s revised (2003) 28 Insurance Core Principles also identify similar weaknesses. The key areas where countries have the most work to do to meet the standards are CP 3 (adequate powers, legal protection and financial resources, operational independence and accountability, and skilled and professional staff); CP 9 (supervisory compliance of governance standards); CP 13 (on-site inspection); CP 17 (group-wide supervision), and CP 18 (risk assessment) (Figure 5.4).
IAIS Insurance Core Principles
(2003 Revision)
THE MAKING OF GOOD SUPERVISION
What Is Good Supervision?
Drawing on the shortcomings exposed by the crisis, we articulate what the key components of a good, effective supervisory framework should be and what the focus of further reform should be. These components are well recognized and are embedded in existing supervisory standards. What follows is a reiteration rather than a discovery. The challenge is to institutionalize these elements in national structures.
-
Good supervision is intrusive. Supervision is premised on an intimate knowledge of the supervised entity. It cannot be outsourced and it cannot rely solely or mainly on off-site analysis. Supervisors in the financial sector should not be viewed as hands-off or distant observers but rather as a presence that is felt continuously, keeping in mind the unique nature of financial supervision. Perhaps differently from any other industry, supervisors of financial institutions and markets are involved in the day-to-day monitoring of industry operations. The intensity and periodicity of this intrusiveness may differ depending on the institution’s risk profile.
-
Good supervision is skeptical but proactive. Supervisors must question the industry’s direction or actions, even in good times. They cannot act only after operations have gone off the rails. In a sense, supervision must be intrinsically countercyclical, particularly in good times. Prudential supervision is most valuable when it is least valued; restricting reckless banks during a boom is seldom appreciated but may be the single most useful step a supervisor can take in reducing failures.
-
Good supervision is comprehensive. Even while recognizing the limitations of their scope, supervisors must be constantly vigilant about happenings on the edge of the regulatory perimeter to identify emerging risks that may have systemic portents and draw the proper implications for the institutions they supervise. This includes unregulated subsidiaries, affiliates, and off-balance-sheet structures associated with regulated institutions. This also includes the systemic risks posed by systemically important financial institutions (SIFIs) and those arising from interconnectedness and cyclicality. The emerging body of work on macroprudential supervision will provide additional tools to deal with these challenges.
-
Good supervision is adaptive. The financial sector is a constantly evolving and innovating industry, and this has great benefits to the real economy. Supervisors must be in a constant learning mode—new products, new markets, new services, and new risks must be understood and responded to appropriately. They should closely follow changes in the business models of financial institutions to determine whether any potential systemic risks are building up during such changes. Supervisors also must adapt to changes at the perimeter of regulation, with an eye to new or unregulated areas. They must form a view not only of how institutions are currently placed but of how they will be able to cope with changing circumstances.
-
Good supervision is conclusive. Supervision has many facets, from off-site reporting to on-site examinations to enforcement actions. Supervisors must follow through conclusively on matters that are identified as these issues progress through the supervisory process. As anyone who has been involved with the supervisory process can affirm, the work of following up on inspection findings to their final resolution is laborious, painstaking, and unglamorous, but in the long run it is critical to bringing about change. Every identified issue, however small, needs follow-up and no matter can be left without conclusion.
Bringing About Good Supervision
Of course, realizing a supervisory system that lives up to this constant, intensive, and “through-the-cycle” task takes some effort. Borrowing from the two dimensions of credit risk, we identify two pillars that support good supervision: the ability to act and the will to act. The will to act has been prominently featured in discussions of the supervisory response to crisis, present and past.5 This will is predicated on the ability to act, that is, having the right people and the right tools, but neither is alone sufficient—and both must act in tandem—to bring about effective supervision.
The Ability to Act
Supervisors also must have the ability, in law and in practice, to act. They must have authority to be intrusive and authority to challenge management’s judgment in a proactive way. They must have the skill to adapt to innovation and the ability to follow through on an issue until its resolution. Elements of the ability to act may be summarized as follows.
-
Legal authority. Supervision should be enshrined in an enabling legal framework that provides for adequate powers. To fulfill their mandates and their unique list of tasks, agencies need strong regulatory capacity to make rules and issue guidance, as well as an established legal framework that allows for a range of swift regulatory responses to both ongoing and emerging situations. In addition, agencies need to be able to mount and fund substantial legal actions, where necessary.
-
Adequate resources. Supervisors need to have sufficient funds and stable funding sources to be able to carry out their mandates, as much in good times (when supervisors can be at their most effective) as in bad. Supervision is resource intensive. Off-site reporting and surveillance requires access to technology and data sources. On-site inspection requires significant human capital. Together, they require constant skill development to keep pace with market developments. The follow-through on issues can be particularly resource intensive, which is why this is often observed to be a problem for supervisory agencies. Technical skills require sufficient compensation to attract and support to retain. Adequate resources are also a key determinant of will—they demand a degree of budgetary autonomy, which in turn drives operational independence.
-
Clear strategy. Supervisory agencies consciously need to consider and decide on a strategic approach to supervision and to communicate it both internally and to institutions. At its most basic, developing a strategy may mean no more than deciding how often institutions are to be assessed on-site, that is, setting a standard examination cycle. The key drivers of the choice of strategy will include the nature of the industry, the resources at hand, and the institutional framework. For example, a mature financial sector with a high degree of innovation is likely to force certain choices on supervisors—that is, an emphasis on the proactive approach that focuses on getting ahead of emerging risks and challenging risk managers, rather than a reactive stance that relies on analysis of past developments. A clear strategy is also needed for addressing activities, operations, and markets that can create systemic risks, for which enhanced supervision is necessary.
-
Robust internal organization. Decision-making processes need to be well defined and accountability of supervisors needs to be clear. There is a need to balance the desirability of supervisors being able to make judgments and take actions with the need for appropriate challenge and oversight within a good governance framework. The latter goal may be achieved by peer review of key decisions or by committee structures, provided that the approach is sufficiently flexible to allow, for example, for urgent action to be taken where necessary. Internal processes also should support the supervisor in case of adverse company reaction.
-
Effective working relationships with other agencies. Supervisors cannot go it alone. They have to forge effective coordination and cooperation mechanisms with other domestic agencies, national authorities, and international organizations. In some countries, the regulatory and supervisory functions may be divided between different agencies, and the supervisor’s role is only to monitor compliance. Such an approach may be necessitated by broader legal or constitutional arrangements. In principle, however, there are far more advantages to one agency having both regulatory and supervisory responsibility. Supervisors are likely to have a fuller understanding of the regulations that they are enforcing; practical supervisory experience is more likely to inform regulatory policy.
Beyond the regulatory and supervision divide, it is crucial that bank regulators have excellent relationships with their central bank and their finance ministry. Averting, and where necessary managing, major bank failures and systemic crises is a challenge for the government, not just for supervisors. Finally, when supervising groups that have cross-sector and cross-border operations, coordinating with other domestic supervisors and overseas supervisory agencies become imperative, both in normal times and during crises.
The Will to Act
Very simply, there must be a willingness to take action and fulfill the supervisory role. On its face, this seems like an easily obtained consensus; however, supervisors find themselves under almost constant criticism for getting in the way of innovation and for being stodgy and “anti-market.” Without a clear expectation that their role is to second-guess the industry, this criticism may win the day. As mentioned earlier, the relationship between supervisors and the financial industry is a unique blend of familiarity (supervisors are in constant dialogue with the industry) and authority (the right and responsibility) to say no. The elements needed to create the will to act are as follows:
-
A clear and unambiguous mandate. The supervisory agency must have clear objectives, ideally in relation to financial stability and systemic soundness, as well as the safety and soundness of particular institutions. Objectives should be realistic—supervisors cannot be expected to detect, prevent, or take enforcement action against every instance of noncompliance. Potential conflicts between objectives should be identified and managed; competing conflicts that push actions in opposite directions should be avoided.
-
Operational independence. Supervisory agencies should be able to resist inappropriate political interference or inappropriate influence from the financial sector itself. This needs to be reflected in the processes for appointment and dismissal of senior staff, stable sources of agency funding, and adequate legal protection for staff. For example, provisions that require that key decisions on individual companies be referred to the government should be avoided. Supervisory agencies should not manage or otherwise run the enterprises they supervise; and the boards of supervisory agencies should not have directors who represent the industry.
-
Accountability. To balance independence, supervisory agencies should have to report to the public on their use of resources, key decisions, and as far as possible, the effectiveness of their supervision in relation to their supervisory objectives. This last element is challenging, not least because of the need to avoid disclosure of confidential examination and enforcement information. However, it is important to ensure that agency performance can be assessed.
-
Skilled staff. This is an issue that straddles both dimensions—the will and the ability to act. Staff must be able to respond to changes in industry practices with confidence. They often are parodied as always being one step behind the market, but this is only a reflection of the reality that markets are continuously innovating and have stronger incentives to do so. The skill set required for supervision has expanded as financial services have become more complex. Rigorous hiring processes are required, as well as scope to offer competitive remuneration packages to attract and, equally important, retain expert supervisory staff. Some of the more successful supervisory agencies during the crisis tended to have a blend of long-term supervisory staff and experienced industry professionals, recruited in mid- or late career.6
-
A healthy relationship with industry. Supervisors should be able to dialogue with industry but maintain an arm’s-length relationship. Agencies should have policies on the turnover of staff devoted to the supervision of individual institutions and on the movement of their staff into employment with regulated institutions. Relationships between supervisors and institutions benefit from the depth of understanding that can be developed over time. Equally, such relationships can add to risks of “regulatory capture.” Where supervisors move frequently, or with no significant interval, between employment with an agency and an institution, conflicts of interest arise that, even if managed, may damage agency credibility. Strict ethics codes are necessary to protect and preserve the will to act.
-
An effective partnership with boards. Regulated entities are not monolithic. Boards of directors, not supervisors, are the first line of defense against excessive risk taking by management. Supervisors should hold boards responsible for the performance of the institutions they oversee. As a matter of course, they should ensure that boards and individual directors are sufficiently empowered and informed both to understand emerging risks within an institution and to respond appropriately to those risks.
ADVANCING THE SUPERVISORY AGENDA
The shortcomings discussed above are being recognized, and some supervisory agencies have begun to take action in response. They are in the process of expanding their risk analyses to include all activities within a group and to better develop their emerging-risk capacities to analyze new products and business lines, so as better to understand what risks these might present.7
The Financial Stability Board (FSB) and the standard setters also have taken several steps in this direction, for example by issuing strengthened guidance on risk management elaborated by the Basel Committee as part of the supervisory review process (Pillar 2) in July 2009. Revised principles for enhancing corporate governance for credit institutions are currently under public consultation, and work is ongoing to develop a framework of macroprudential supervision as a critical tool to mitigate risks arising from systemically important financial institutions.
However, much more needs to be done. Putting together the lessons from the crisis, the findings from the FSAP, and the demands of the impending regulatory agenda, we are faced with a challenging task ahead. The failures in these areas suggest that the scope and nature of supervisory action needs to be broader and more intrusive than in the past. Supervisors need to focus more on strengthening institutions’ internal governance, for example by raising expectations from boards of directors. But they also need to directly address issues previously viewed as mainly a management responsibility, such as remuneration practices—an area in the past not focused on by supervisors but now seen as requiring supervisory intervention to constrain financial institutions’ incentives to take excessive risk.
Supervisors need to supplement reliance on internal controls with more of their own direct and thorough assessments and independent analysis. They need a forward-looking assessment of risks and a range of responses that includes requiring companies to make significant changes in strategy (perhaps pulling out of particular lines of business) or to replace senior management. All of these will require the determination to act.
Supervisory skills will have to be supplemented to incorporate new skill sets into the existing portfolio. A particular challenge may arise from implementing a macroprudential dimension to regulation. A new framework and tools are in the offing, and supervisors will have to deal with new sets of issues, ranging from setting countercyclical capital buffers to supervising living wills. A suggestion that merits further action is to make supervision a more defined profession and, for this purpose, to provide more professional training and targeted college programs aimed at creating a cadre of supervisors.
In the cross-border dimension, supervisors will have to further strengthen the effectiveness of their cooperation, pursuing clear agreements on specific information to be shared through efficient communication channels and working together for a common supervisory approach to improve joint monitoring of the main risks facing the financial system.
How should the international community and national governments support this strengthening of the supervisory framework so that it can perform its unpopular role the next time an asset bubble begins to get out of hand and a crisis begins to ferment? In their London Declaration, the G-20 leaders stated their commitment to strengthening both the regulation and the supervision of the financial sector. Going forward, countries should recognize this priority by reaffirming the key elements of will and ability that underlie effective supervision (e.g., as reflected in financial standards and laid out in this chapter) as an essential ingredient of their financial systems. They should commit to providing an enabling framework with a clear mandate, adequate resources, and sufficient authority to take a range of corrective actions. Adequate funding to hire and train skilled staff and equip them with the requisite tools they need for the complex tasks they must perform is critical. This funding is an essential input into creating a breed of independent naysayers.
The international financial institutions engaged in the task of financial sector surveillance also have an important role to play. They should include discussions of the components of both will and ability to act as a matter of course in their work and in their assessments. Agencies that are engaged in the provision of technical assistance should focus their capacity-building efforts on strengthening the components of both supervisory will and supervisory ability, because neither by itself would be sufficient to prevent the next crisis.
CONCLUSION
In this crisis, supervisors in some of the most advanced economies with strong traditions of independent and well-resourced institutions were unable to act in an effective and timely manner. The discourse must now move from influencing the incentives of industry behavior (i.e., regulation) to understanding and addressing the incentives for supervisory behavior and understanding why the will and ability to act in some countries dissipated over this period of extreme exuberance.
To be effective, supervision must be intrusive, adaptive, proactive, comprehensive, and conclusive. For this to happen, the policy and institutional environment must support both the supervisory will and the supervisory ability to act. A clear and credible mandate, which is free of conflicts; a legal and governance structure that promotes operational independence; adequate budgets that provide sufficient numbers of experienced supervisors; a framework of laws that allows for the effective discharge of supervisory actions; and tools commensurate with market sophistication are all essential elements of the will and ability to act. However, making all this come together is the more intangible and difficult part. In the coming years, the IMF should place increased emphasis in its bilateral surveillance and technical assistance on the issues identified in this chapter, which provide the foundations on which effective financial sector supervision can be built.
Supervisors are expected to stand out from the rest of society and not be affected by the collective myopia and consequent underestimation of risks associated with the good times. Society and governments must support them in this approach and stand by their supervisors as they perform this unpopular role.
APPENDIX 5.1. FINANCIAL REGULATION AND SUPERVISION STANDARDS
| Basel Core Principles 1997 | Basel Core Principles 2006 | IAIS Core Principles | IOSCO Principles |
|---|---|---|---|
| CP 1.1 Objectives and responsibilities |
CP 1.1 Responsibilities and objectives |
ICP 1. Conditions for effective insurance supervision | 1. The responsibilities of the regulator should be clear and objectively stated |
| CP 1.2 Independence and resources |
CP 1.2 Independence, accountability, and transparency |
ICP 2. Supervisory objectives | 2. The regulator should be operationally independent and accountable in the exercise of its functions and powers |
| CP1.3 Legal framework for authorizing and supervising |
CP 1.3 Legal framework |
ICP 3. Supervisory authority | 3. The regulator should have adequate powers, proper resources, and the capacity to perform its functions and exercise its powers |
| CP 1.4 Legal framework for compliance and soundness | CP 1.4 Legal powers | ICP 4. Supervisory process | 4. The regulator should adopt clear and consistent regulatory processes |
| CP 1.5 Legal protection | CP 1.5 Legal protection | ICP 5. Supervisory cooperation and information sharing | 5. The staff of the regulator should observe the highest professional standards, including appropriate standards of confidentiality |
| CP 1.6 Information exchange | CP 1.6 Cooperation | ICP 6. Licensing | 6. The regulatory regime should make appropriate use of self-regulatory organizations (SROs) that exercise some direct oversight responsibility for their respective areas of competence and to the extent appropriate to the size and complexity of the markets |
| CP 2. Permissible activities | CP 2. Permissible activities | ICP 7. Suitability of persons | 7. SROs should be subject to the oversight of the regulator and should observe standards of fairness and confidentiality when exercising powers and delegated responsibilities |
| CP 3. Licensing criteria | CP 3. Licensing criteria | ICP 8. Changes in control and portfolio transfers | 8. The regulator should have comprehensive inspection, investigation, and surveillance powers |
| CP 4. Significant ownership | CP 4. Transfer of significant ownership | ICP 9. Corporate governance | 9. The regulator should have comprehensive enforcement powers |
| CP 5. Major acquisitions | CP 5. Major acquisitions | ICP 10. Internal control | 10. The regulatory system should ensure an effective and credible use of inspection, investigation, surveillance, and enforcement powers and implementation of an effective compliance program |
| CP 6. Capital adequacy | CP 6. Capital adequacy | ICP 11. Market analysis | 11. The regulator should have authority to share both public and nonpublic information with domestic and foreign counterparts |
| CP 7. Credit policies | CP 7. Risk management process | ICP 12. Reporting to supervisors and off-site monitoring | 12. Regulators should establish information-sharing mechanisms that set out when and how they will share both public and nonpublic information with their domestic and foreign counterparts |
| CP 8. Loan evaluation and loss provisioning | CP 8. Credit risk | ICP 13. On-site inspection | 13. The regulatory system should allow for assistance to be provided to foreign regulators who need to make inquiries in the discharge of their functions and exercise of their powers |
| CP 9. Large exposure | CP 9. Problem assets, provisions, and reserves | ICP 14. Preventive and corrective measures | 14. There should be full, accurate, and timely disclosure of financial results and other information which is material to investors’ decisions |
| CP 10. Connected lending | CP 10. Large exposure limits | ICP 15. Enforcement or sanctions | 15. Holders of securities in a company should be treated in a fair and equitable manner |
| CP 11. Country risk | CP 11. Exposures to related parties | ICP 16. Winding-up and exit from the market | 16. Accounting and auditing standards should be of a high and internationally acceptable quality |
| CP 12. Market risk | CP 12. Country and transfer risks | ICP 17. Group-wide supervision | 17. The regulatory system should set standards for the eligibility and the regulation of those who wish to market or operate a collective investment scheme |
| CP 13. Other risks | CP 13. Market risks | ICP 18. Risk assessment and management | 18. The regulatory system should provide for rules governing the legal form and structure of collective investment schemes and the segregation and protection of client assets |
| CP 14. Internal controls/audit | CP 14. Liquidity risk | ICP 19. Insurance activity | 19. Regulation should require disclosure, as set forth under the principles for issuers, which is necessary to evaluate the suitability of a collective investment scheme for a particular investor and the value of the investor’s interest in the scheme |
| CP 15. Abuse of financial services | CP 15. Operational risk | ICP 20. Liabilities | 20. Regulation should ensure that there is a proper and disclosed basis for asset valuation and the pricing and the redemption of units in a collective investment scheme |
| CP 16. On-and off-site supervision | CP 16. Interest rate risk in the banking book | ICP 21. Investments | 21. Regulation should provide for minimum entry standards for market intermediaries |
| CP 17. Bank management contact | CP 17. Internal control and audit | ICP 22. Derivatives and similar commitments | 22. There should be initial and ongoing capital and other prudential requirements for market intermediaries that reflect the risks that the intermediaries undertake |
| CP 18. Information requirements | CP 18. Abuse of financial services | ICP 23. Capital adequacy and solvency | 23. Market intermediaries should be required to comply with standards for internal organization and operational conduct that aim to protect the interests of clients, ensure proper management of risk, and under which management of the intermediary accepts primary responsibility for these matters |
| CP 19. Validation of supervisory information | CP 19. Supervisory approach | ICP 24. Intermediaries | 24. There should be a procedure for dealing with the failure of a market intermediary in order to minimize damage and loss to investors and to contain systemic risk |
| CP 20. Consolidated supervision | CP 20. Supervisory techniques | ICP 25. Consumer protection | 25. The establishment of trading systems including securities exchanges should be subject to regulatory authorization and oversight |
| CP 21. Accounting standards | CP 21. Supervisory reporting | ICP 26. Information, disclosure, and transparency toward the market | 26. There should be ongoing regulatory supervision of exchanges and trading systems which should aim to ensure that the integrity of trading is maintained through fair and equitable rules that strike an appropriate balance between the demands of different market participants |
| CP 22. Formal powers of supervisors | CP 22. Accounting and disclosure | ICP 27. Fraud | 27. Regulation should promote transparency of trading |
| CP 23. Global consolidated supervision | CP 23. Corrective and remedial powers of supervisors | ICP 28. Anti-money laundering, combating the financing of terrorism (AML/CFT) | 28. Regulation should be designed to detect and deter manipulation and other unfair trading practices |
| CP 24. Contact and information exchange | CP 24. Consolidated supervision | 29. Regulation should aim to ensure the proper management of large exposures, default risk, and market disruption | |
| CP 25. Supervision over foreign banks | CP 25. Home-host relationships | 30. Systems for clearing and settlement of securities transactions should be subject to regulatory oversight, and designed to ensure that they are fair, effective, and efficient and that they reduce systemic risk |
| Basel Core Principles 1997 | Basel Core Principles 2006 | IAIS Core Principles | IOSCO Principles |
|---|---|---|---|
| CP 1.1 Objectives and responsibilities |
CP 1.1 Responsibilities and objectives |
ICP 1. Conditions for effective insurance supervision | 1. The responsibilities of the regulator should be clear and objectively stated |
| CP 1.2 Independence and resources |
CP 1.2 Independence, accountability, and transparency |
ICP 2. Supervisory objectives | 2. The regulator should be operationally independent and accountable in the exercise of its functions and powers |
| CP1.3 Legal framework for authorizing and supervising |
CP 1.3 Legal framework |
ICP 3. Supervisory authority | 3. The regulator should have adequate powers, proper resources, and the capacity to perform its functions and exercise its powers |
| CP 1.4 Legal framework for compliance and soundness | CP 1.4 Legal powers | ICP 4. Supervisory process | 4. The regulator should adopt clear and consistent regulatory processes |
| CP 1.5 Legal protection | CP 1.5 Legal protection | ICP 5. Supervisory cooperation and information sharing | 5. The staff of the regulator should observe the highest professional standards, including appropriate standards of confidentiality |
| CP 1.6 Information exchange | CP 1.6 Cooperation | ICP 6. Licensing | 6. The regulatory regime should make appropriate use of self-regulatory organizations (SROs) that exercise some direct oversight responsibility for their respective areas of competence and to the extent appropriate to the size and complexity of the markets |
| CP 2. Permissible activities | CP 2. Permissible activities | ICP 7. Suitability of persons | 7. SROs should be subject to the oversight of the regulator and should observe standards of fairness and confidentiality when exercising powers and delegated responsibilities |
| CP 3. Licensing criteria | CP 3. Licensing criteria | ICP 8. Changes in control and portfolio transfers | 8. The regulator should have comprehensive inspection, investigation, and surveillance powers |
| CP 4. Significant ownership | CP 4. Transfer of significant ownership | ICP 9. Corporate governance | 9. The regulator should have comprehensive enforcement powers |
| CP 5. Major acquisitions | CP 5. Major acquisitions | ICP 10. Internal control | 10. The regulatory system should ensure an effective and credible use of inspection, investigation, surveillance, and enforcement powers and implementation of an effective compliance program |
| CP 6. Capital adequacy | CP 6. Capital adequacy | ICP 11. Market analysis | 11. The regulator should have authority to share both public and nonpublic information with domestic and foreign counterparts |
| CP 7. Credit policies | CP 7. Risk management process | ICP 12. Reporting to supervisors and off-site monitoring | 12. Regulators should establish information-sharing mechanisms that set out when and how they will share both public and nonpublic information with their domestic and foreign counterparts |
| CP 8. Loan evaluation and loss provisioning | CP 8. Credit risk | ICP 13. On-site inspection | 13. The regulatory system should allow for assistance to be provided to foreign regulators who need to make inquiries in the discharge of their functions and exercise of their powers |
| CP 9. Large exposure | CP 9. Problem assets, provisions, and reserves | ICP 14. Preventive and corrective measures | 14. There should be full, accurate, and timely disclosure of financial results and other information which is material to investors’ decisions |
| CP 10. Connected lending | CP 10. Large exposure limits | ICP 15. Enforcement or sanctions | 15. Holders of securities in a company should be treated in a fair and equitable manner |
| CP 11. Country risk | CP 11. Exposures to related parties | ICP 16. Winding-up and exit from the market | 16. Accounting and auditing standards should be of a high and internationally acceptable quality |
| CP 12. Market risk | CP 12. Country and transfer risks | ICP 17. Group-wide supervision | 17. The regulatory system should set standards for the eligibility and the regulation of those who wish to market or operate a collective investment scheme |
| CP 13. Other risks | CP 13. Market risks | ICP 18. Risk assessment and management | 18. The regulatory system should provide for rules governing the legal form and structure of collective investment schemes and the segregation and protection of client assets |
| CP 14. Internal controls/audit | CP 14. Liquidity risk | ICP 19. Insurance activity | 19. Regulation should require disclosure, as set forth under the principles for issuers, which is necessary to evaluate the suitability of a collective investment scheme for a particular investor and the value of the investor’s interest in the scheme |
| CP 15. Abuse of financial services | CP 15. Operational risk | ICP 20. Liabilities | 20. Regulation should ensure that there is a proper and disclosed basis for asset valuation and the pricing and the redemption of units in a collective investment scheme |
| CP 16. On-and off-site supervision | CP 16. Interest rate risk in the banking book | ICP 21. Investments | 21. Regulation should provide for minimum entry standards for market intermediaries |
| CP 17. Bank management contact | CP 17. Internal control and audit | ICP 22. Derivatives and similar commitments | 22. There should be initial and ongoing capital and other prudential requirements for market intermediaries that reflect the risks that the intermediaries undertake |
| CP 18. Information requirements | CP 18. Abuse of financial services | ICP 23. Capital adequacy and solvency | 23. Market intermediaries should be required to comply with standards for internal organization and operational conduct that aim to protect the interests of clients, ensure proper management of risk, and under which management of the intermediary accepts primary responsibility for these matters |
| CP 19. Validation of supervisory information | CP 19. Supervisory approach | ICP 24. Intermediaries | 24. There should be a procedure for dealing with the failure of a market intermediary in order to minimize damage and loss to investors and to contain systemic risk |
| CP 20. Consolidated supervision | CP 20. Supervisory techniques | ICP 25. Consumer protection | 25. The establishment of trading systems including securities exchanges should be subject to regulatory authorization and oversight |
| CP 21. Accounting standards | CP 21. Supervisory reporting | ICP 26. Information, disclosure, and transparency toward the market | 26. There should be ongoing regulatory supervision of exchanges and trading systems which should aim to ensure that the integrity of trading is maintained through fair and equitable rules that strike an appropriate balance between the demands of different market participants |
| CP 22. Formal powers of supervisors | CP 22. Accounting and disclosure | ICP 27. Fraud | 27. Regulation should promote transparency of trading |
| CP 23. Global consolidated supervision | CP 23. Corrective and remedial powers of supervisors | ICP 28. Anti-money laundering, combating the financing of terrorism (AML/CFT) | 28. Regulation should be designed to detect and deter manipulation and other unfair trading practices |
| CP 24. Contact and information exchange | CP 24. Consolidated supervision | 29. Regulation should aim to ensure the proper management of large exposures, default risk, and market disruption | |
| CP 25. Supervision over foreign banks | CP 25. Home-host relationships | 30. Systems for clearing and settlement of securities transactions should be subject to regulatory oversight, and designed to ensure that they are fair, effective, and efficient and that they reduce systemic risk |
The authors are grateful to senior staff in several national supervisory agencies for sharing their insights and for providing comments and suggestions on this chapter. They also thank Ceyla Pazarbasioglu, Michael Moore, and other IMF colleagues for their helpful comments and Moses Kitonga for data support. This chapter was also issued as an IMF Staff Position Note, SPN/10/08 (May 18).
The crisis has shown that the financial supervisory framework should be reinforced with a macroprudential orientation, which should provide a system-wide approach to financial regulation and supervision, and hence help in mitigating the buildup of excess risks across the system.
See IMF (2004a, 2004b) for an early evaluation of cross-sector issues brought out by FSAP assessments. These identify the main weaknesses to be regulators’ independence, regulatory objectives, and governance arrangements between the regulator and self-regulatory organizations; and the conduct of regulation, such as enforcement, consistent application of rules and laws, and the effective and timely application of regulatory powers.
See for example, IMF (2008b).
While discussing the last major crisis, the Bank for International Settlements (BIS; 1998) wrote that “What is also needed is the vision to imagine crises and the will to act preemptively,” and “it may be asked whether the proper incentives are in place, in both lending and borrowing countries, for supervisors themselves to act expeditiously before a crisis erupts.” Speaking after this crisis, J. Dickson (2009), the head of Canada’s Office of the Superintendent of Financial Institutions (OSFI) said, “Regulators do not eliminate the possibility of failure but they reduce it; that said, they must constantly demonstrate the will to act, not only in taking steps to minimize the risk of failure but also proactively taking steps to cause an institution to exit from the system when necessary.”
A 2007 IMF survey of governance practices in 140 supervisory agencies in 103 members discusses findings on supervisory remuneration practices and ability to hire and set staffing and salary levels. It finds differences in these abilities based on location and function, with supervisors inside the central bank and stand-alone bank supervisors usually faring better than those in consolidated and integrated agencies (Seelig and Novoa, 2009).
In a 2009 report, the Senior Supervisors Group (SSG) representing supervisors from seven countries that oversee major global financial firms evaluated the progress these firms had made since the start of the crisis in implementing changes in their risk management practices and internal controls. The challenges in this task are evident from the fact that many of the weaknesses continued even a year after they had been identified by the firms and reflected in an earlier SSG report (SSG, 2009).
