• FSA Library
  • Communication documents
    • Speeches

Speech by Verena Ross, Director, Strategy & Risk, FSA
The Foundation of Science and Technology
09 May 2007

Slide 2 - Introduction

I am delighted to be here this evening at the Foundation of Science and Technology to talk to you about an area which the FSA sees as integral to the effective operation of the financial markets and which helps to secure the appropriate level of protection for consumers of financial products and services – and that area is one which, as Director of the Strategy & Risk Division, is very close to my own heart. It is, of course, risk management.

I will start by focusing on our risk-based approach to regulation – explaining briefly the related concepts of evidence-based and principles-based regulation. I will then move on to describe how risk-based regulation works in practice and, finally, what challenges come with being a risk-based regulator.

As the UK's single financial regulator, we currently regulate over 28,000 firms with a diverse range of sizes and activities. This is one of the most diverse populations of firms of any financial regulator in the world. And given the many possible events that could have a negative effect on the financial markets, we have made a conscious and deliberate decision to be a risk-based regulator. This means that we concentrate our regulatory efforts on the areas of greatest risk. It also means that we restrict regulation to those circumstances where the market does not provide satisfactory answers and where regulation has the prospect of doing so at reasonable cost.

Back to top

Slide 3 - Statutory Objectives

As a statutory body set up under the Financial Services and Markets Act 2000 (FSMA) the FSA must manage risk with regard to four statutory objectives.

• market confidence: maintaining confidence in the financial system;
• public awareness: promoting public understanding of the financial system;
• consumer protection: securing the appropriate degree of protection for consumers; and
• the reduction of financial crime: reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime.

We summarise these objectives under three strategic aims:

• promoting efficient orderly and fair markets;
• helping retail consumers achieve a fair deal; and
• improving our business capability and effectiveness

Slide 4 - Principles of good regulation

We are also guided by Principles of Good Regulation, that we need to take into account when pursuing our functions under the Act (e.g. innovation and competition).

Slide 5 - Risk-based regulation

As our statutory objectives cover a very broad remit and we are faced with a large number of risks from a wide variety of sources, I would like to take just a few moments to outline how we classify and measure those risks.

Slide 6 - How do we measure risk?

When choosing the approach we will take to dealing with an individual firm or issue, we consider risk to be the combination of impact (the potential harm that could be caused) and probability (how likely the event is to occur). This impact/probability matrix allows us to prioritise the different risks that we face.

So, for the FSA to consider something to be a risk, it must have the potential to cause harm to one or more of our statutory objectives. The growing complexity of the markets and consumer products makes the understanding, identification and mitigation of risks in the financial markets a significant undertaking.

Back to top

Slide 7 – Non-zero failure and risk appetite

Of course, given the many possible events that could have a negative effect on the financial markets, operating a risk-based approach means that we have to accept that we can never eliminate risk entirely. We call this "non-zero failure". And although the idea that regulation should seek to eliminate all failures may look superficially appealing, in practice this would impose prohibitive costs on the industry and on consumers.

Consumers benefit from healthy, competitive markets where different firms try to meet their needs, compete actively and innovate – even if that means that not all succeed. We recognise this.

As we accept that we can never remove risk entirely from the financial system, we need to regularly review how much risk we are prepared to accept at a particular point in time. We do this by setting our risk appetite which defines the boundary between the level of risk at which we need to act and the level of risk that we would be prepared to tolerate.

It is, in part, our risk appetite which determines the FSA's approach to supervision. For small firms, for instance, we do not conduct formal risk assessments (although we collect some information and data from them) and many of our 28,000 firms we are unlikely to ever visit.

Slide 8 – FSA firms portfolio

Naturally, this increases the chance that we might miss something that later proves important, but we view this as a risk that we need to accept within our risk appetite. It is in line with operating a "non-zero failure" regime.

ARROW is the framework we use to make risk-based regulation operational in the FSA. This ARROW framework covers all the FSA's risks, firm-specific and thematic. It provides the link between our statutory objectives and our regulatory activities. Recently we have redesigned our ARROW risk model to improve communication with firms concerning our assessment of them; facilitate greater efficiency and effectiveness of our risk management; achieve greater proportionality and consistency in response to risks and to improve the skills and supervisory knowledge of our staff.

Slide 9 - Evidence-based regulation

Being risk-based means that we need to prioritise our efforts and focus on the most significant risks. So, when deciding on new policy initiatives we take an evidence-based approach - we consider first and foremost whether there is a market failure that needs to be addressed and, if so, whether regulation is the best way to deal with it. In deciding whether to make rules, we therefore need to examine the potential costs and benefits of regulation.

Much of the above is, of course, part and parcel of our risk-based approach and is embedded through our risk management policies and procedures. But, our overall aim as a risk-based regulator is to encourage and foster good business practice throughout the financial services sector, recognising firms' duties to their owners and customers are often consistent with their regulatory requirements.

Back to top

Slide 10 - Principles-based regulation

It should come as no surprise then if I tell you that we are going to move towards a more principles-led approach. Principles-based regulation means a shift of balance from detailed process-focused rules to outcome-focused, high-level principles (and rules) both in our policy making and how we interact with the regulated industry.

Principles-based regulation is nothing new – we have had eleven high-level principles for firms which have been in place since 2001. Through these principles and other means we need to clearly articulate the regulatory outcomes that we want the firms to achieve. Beyond that we strongly believe in providing firms with the flexibility to decide for themselves what business processes and controls they should operate, as long as they meet the regulatory outcomes. By focusing on a more principles-based approach to regulation we can create incentives for firms to do the right thing in return for less regulatory intervention. Well controlled and managed firms that engage positively and openly with us, and the outcomes that we are aiming to achieve, should expect to experience real benefits.

There are, of course, constraints on how far and how fast we can move towards principles-based regulation, but we will continue to work actively with stakeholders and other regulators both domestically and internationally to make principles-based (and indeed risk-based and evidence-based) regulation a reality. We published on 23 April a paper ("Principles-based Regulation: Focusing on the Outcomes that Matter") which outlines our vision on principles-based regulation and the challenges it poses to the FSA and the firms we regulate.

Slides 11 and 12 - The practicalities of managing risk

Let me now move on to talk about some of the practicalities of managing risks across the spectrum of the FSA's responsibilities.

The portfolio of risks that we deal with is varied and contains some areas which people often see as natural tensions - such as those between consumers and markets. For example, we deal with risks ranging from the long term financial capability of consumers to the most appropriate framework to mitigate liquidity risk in the international financial system.

We were pleased that a recent review of the FSA's activities by the NAO has found our financial capability work world-leading. Clearly we want to maintain that position. To ensure that consumers can confidently deal with financial products we, in partnership with the government, firms and other important stakeholders are developing many long-term initiatives to educate and develop consumers' understanding, which we believe, will ultimately result in the best regulatory result.

On the other side of the portfolio of risks, comes some of our activity under the market confidence objective. We deal with many complex macro issues in the markets and financial services infrastructure, many of which due to the global character of the financial markets require international coordination. The largest impact risks require sophisticated and globally coordinated responses. We work closely with the Treasury and Bank of England, under the Tripartite Agreement, to review and improve the resilience of the system to shocks and major events. We coordinate extensively with overseas regulators, for example our recent, highly successful work with the Federal Reserve Bank of New York and the Securities and Exchanges Commission (SEC), to set targets and monitor progress in reducing trade confirmation backlogs in the derivatives markets. Eliminating such backlogs has helped to reduce legal uncertainty and operational risks and supports market stability.

[Having explained some of the risks at the "extreme" ends of our responsibilities and the way we work to mitigate them, let me come to what is in most people's minds the core of the FSA's responsibilities which cuts across many risks in our portfolio: Our supervision of financial services firms.

Many people have commented that the FSA's approach, especially as regards wholesale firms, is "light touch". To our mind this is certainly not the case. Our risk-based approach means that firms who demonstrate that they are well organised, well controlled and have embedded an effective awareness and responsiveness to regulatory issues from the top of the firm down – such as treating their customers fairly – should attract less of our attention than their peers who may not be so expert in managing their affairs. This to our mind is a "proportionate" and "risk-based" approach – but is definitely not "light-touch".

We believe that the most effective results are achieved with informed, evidence-based dialogue with the firms. When we do take action against individuals, we tend to focus on the senior management who are responsible for the integrity of a firm's operations. Senior management responsibilities are core to our risk-based approach (even more so as we move toward a more principles-based regime).

The increasing emphasis on principles and outcomes in the supervision – and in some cases, enforcement - context is a development of our current direction rather than a fundamental change of course. ]

Back to top

Slide 13 - Measuring regulatory outcomes

How will we know whether we have been successful? I have explained this evening our risk- and principles-based and outcome-focused approach to regulation. In order to be effective and efficient as a regulator, we need to be guided by clearly articulated outcomes that we want to achieve and against which we can measure and report our performance.

Before I finish, therefore, I would like to talk briefly about the measurement of regulatory outcomes.

Over the last few years we have been increasingly explicit in all our activities to target and deliver regulatory outcomes that align to our statutory objectives. This is in particular driven by our three strategic aims that I talked about at the start of this speech as these have provided a consistent framework for our activities since 2003.

To help us track our progress in a structured and consistent way, we have now taken an additional step by defining nine outcome indicators, three under each aim. These explain what success in delivering the three aims will mean in practice and will, over time, enable us to judge our achievement of that success. These indicators will increasingly drive our planning, decision-making and operational activities – including our risk management policies and procedures.

This Outcome Performance Report (OPR) is a key tool in sustaining the momentum behind our internal change to be more outcome-focused and becomes particularly important as we move towards becoming more principles-based.

We will integrate the OPR into our routine management information so that we can monitor regularly outcomes, risks, effectiveness, efficiency and economy. Our internal approach to measuring how successful we are in meeting our objectives therefore closely mirrors the outcome focus that is driving our external regulatory strategy.

I have described this evening the FSA's approach to risk-based regulation. We strongly believe that this approach has served us well. Given the changes in our scope and growth in expectations, however, it needs to continue to evolve. Principles-based regulation is part of that evolution, which we will push over the next couple of years. We are committed to taking the next steps that will be required to keep our regulatory regime proportionate and appropriate for the UK's financial markets.

Thank You.

Back to top