The RBS process consists of two main components: identifying and understanding risks and mitigating those risks. When implemented properly, a risk-based approach is more responsive, less burdensome and delegates more decisions to the people best able to make them.  

Central Banking’s webinar, New Risks and Opportunities brought together an expert panel to discuss RBS. The panel included Joanne Horgan, Chief Innovation Officer, Vizor Software, Justin McCarthy, Chairman of the Global Board, Professional Risk Managers’ International Association, and Rabi Mishra, Chief General Manager, Reserve Bank of India. Here we look at some of the key learnings from the webinar.  

Understanding risk 

First and foremost, unlike compliance-based supervision, risk-based supervision provides a structured way for supervisors to identify and assess risks and allocate scarce supervisory resources proportionately. RBS acknowledges that if some firms suffer an unfortunate event, up to and including a collapse, they will have a much more damaging effect on the sector and the economy than others.  

The objective of RBS is to focus limited resources on firms that pose a larger risk to the economy. If there are 1,000 regulated entities, for example, it might make more sense from a risk-based perspective to focus 10% of staff on the single largest entity, instead of trying to spread them evenly across all organisations. 

Striking the right balance 

It is also important not to think of RBS as a purely proactive approach. There needs to be a balance that combines the proactive and reactive so that supervisors can collect data and access it as quickly as they need it. They may require a full risk assessment, or quarterly onsite inspections, combined with the capability to collect data when something in the market happens so they can react to it very quickly. 

As Vizor’s Joanne Horgan mentions, for RBS to be effective, it is important to collect data in a timely manner directly from the firms and quality-check the data as it comes in. But supervisors also need to be able to see the interaction of different risks and to gauge the probability of failure and the impact of failure across a range of different risk categories.  

Collecting data is important, but the system also needs to allow the supervisor to make a judgment based on key risk indicators (KRIs). Joanne Horgan says, “collecting the data is very important. But equally, having a system where the supervisor can make a judgment based on the KRIs, for example - key risk indicators that might have been calculated - it is really important to be able to combine that data-driven approach where you have automatic calculations, and automatic indicators being flagged to the supervisor, but then also allows a system where a judgement can be made.” 

It is important to have a structured framework in place and to collect data in a structured way because it can take time for a judgment-based approach to permeate throughout the organisation, for people to get the skills and become used to that way of working. 

At the broad level, risk-based and compliance-based approaches have some commonality because they are transaction-based. The critical difference is RBS has a more organised structure in place to identify and quantify the activities of a bank that carry greater risk and assess the risk management practices and controls in place to mitigate it. 

Managing data effectively 

Under the RBS approach, there is an added overhead with data because regulators collect huge amounts of it, exacerbated by the growing trend towards granular data. While there may be comfort in having as much data as possible, the challenge is to find ways to use it effectively.  

Justin McCarthy, speaking to Central Banking says: “I think it's wonderful to gather huge amounts of data, and there's a comfort in having as much data as you can. I think we all like that. The challenge is to find ways to use that data.” Banks might get requests from regulators for a vast amount of data but are the regulators using it all? Financial firms may also be frustrated if different parts of the regulator ask for data at different times. 

Regulators might need the data because there is an event occurring, such as an emergency, that requires daily or weekly liquidity data. But they also need to show regulated entities that they are making use of the data in normal times and that it is resulting in a better financial system. 

It is also important the data collection system can be adapted to ask firms for the data when regulators want it. The data collection system needs to be a funnel for all types of data from the firms. To assess risks based on data, regulators need the appropriate data for risk categories to make the right judgements and a clear view of how they are calculating key risk indicators. 

RBS is still a combination of technology and human. It has not reached the stage where machines are making decisions, but it is important that investments in technology for RBS are future-proof and are not restricted to a particular data format. 

For more information on how we can help you to manage risk-based supervision, request a demo with our team today 

banner background image banner shape image

Software trusted by 30 financial regulators, 19 tax authorities and 30 financial institutions.