The FSA, TSA and Risk Management in the Sensitive Era.
Posted by Jim Wickenden on Tue, Jan 11, 2011 @ 03:43 PM
The UK Financial Service Authority (FSA) has just published its paper covering risk management. It is titled Enhancing Frameworks in the Standard Approach to Operational Risk, not a gripping title for sure but illuminating nonetheless. Ruminating over the very first line i thought, why just the TSA firms? Surely risk evaluation should apply right across the board from Basic Indicator Approach (BIA) to Advanced Measurement Approach (AMA). Again, I thought, the whole industry has missed the opportunity for wholesale reflection and reform and I stormed about the office in a tirade of piety and accusational epithets aimed at the big guys who seemed to have once again dodged the conscience bullet. We, as a company that, see this day-in and day-out; the constant excuses for inaction. Either the big boys, the AMA firms, do everything in house so don't see the need for outside scrutiny or the smaller guys say they cannot afford to purchase the systems to be as competitive, and therefore diligent, as the power hitters. Result: stagnant responses and little real progress. Then I read on. Yes, the paper is focusing on the TSA firms but it strongly advocates what we have been banging on about for years.
We (and the FSA) don't separate between process and capital risk management if there is to be proper and thorough diligence. However, to most in the industry processes happen before any capital is even involved and so is thought of as largely a secondary matter. After all banks are solely about money, right? So if there is no loss event then there is no need for risk management. Hands up if you agree with that? Unfortunately too many metaphysical hands were raised if the truth were told. Too many in the industry think loss is measured in cash and profit is measured in cash so why bother with anything else? It is only a very recent phenomenon that things such as reputation and public perception had any calculable value whatsoever.
Even within the financial world tiers, not of mere fiscal size, but also processes, are appearing and defining who is "good" and those who might be perceived as "not so much." If you are an AMA institution then you are an advanced player and a responsible and resolute member of capitalism. Ahh, I can hear the marching band now. If you hold a TSA membership card then that means you must be lacking in areas of refined risk management and how you do business, right? And BIA- forget about it!
Of course that isn't so. Risk is applicable to the ability to manage it. A smaller institution couldn't and shouldn't be forced to spend millions upon millions on systems and have to hire dozens more ops risk staff to gain AMA status and access to the executive washroom. But the flip side of that, and an all too common argument, is that TSA firms also have been saying for years that they are too small to warrant such an investment or shift or priorities towards risk management. And that for years has been their Get-out-of-jail-free-card. They want to play in the high stakes game but don't want to ante up.
Now the FSA is saying, “we are watching you" and expect you to be the prudent and vigilant financial institutions you profess to be. It is no longer good enough to take potshots at the AMA boys (even though they are often such fun and easy targets). This paper is the first that actually says, in very broad strokes, what is acceptable and what isn't. And that applies to everyone!
Correct me if I'm wrong but my understanding of the FSA paper is one of integrating the financial institutions under one microscope irrespective of their size. About time too. BIA, TSA and AMA firms must all now comply in a uniform approach that covers not only capital loss but also processes, the qualitative, the at times immeasurable nuances of risk assessment and management in banking.
This is great news to me. At last the banking world is being forced, or rather civilly nudged, into taking real care for care's sake and not cherry picking which risk they perceive as the greatest potential eyebrow-raiser. Vigilance is vigilance and risk management is risk management. They are absolutes and for too long have been regarded as things to ponder, pick up or reject like so much fruit.
Who would have thought that a limp-titled institutional paper would have fired up such a response? Hopefully the FSA did. And hopefully risk managers and compliance officers across the globe are also having hissy-fits and at the apparent and now verified apathy that has always pervaded the industry.
The FSA offers a framework of risk procedures because they never existed before. Now the question is will they enforce it.