Risk scoring: Risk Based Supervision in Practice Ross Jones Deputy Chairman, Australian Prudential Regulation Authority President of International Organisation of Pension Supervisors (IOPS) Outline • Introduction • Continuous supervision process • Range of supervisory activities • PAIRS model Framework Main risk areas for PAIRS assessment Net risk and significance weights Impact rating • SOARS model (next session) • Adapting PAIRS for pension funds • Ensuring quality and consistency Supervision process - APRA Supervision Activities • Prudential consultation • Prudential reviews • Targeted reviews •Ad hoc meetings Supervision Strategy • Supervisory action plans Risk Assessment • Offsite analysis • PAIRS Update Supervisory Activities - APRA • Prudential reviews – on-site • Analysis of financial and other data • Superannuation funds with >$50M assets, data is received on a quarterly and annual basis • Examination of exceptions and outliers • Analysis of other market and regulatory information PAIRS (Probability & Impact Rating System • Ratings tool used by APRA to determine the probability of failure of a regulated institution and the potential impact on the financial system of the failure. • Five probability rating categories: Low; Lower-Medium; UpperMedium; High; and Extreme. • Four impact rating categories (based on total assets): Low < $400m; Medium - between $400m and $4.0bn; High - between $4.0bn and $40bn; Extreme - above $40bn • APRA assesses the likelihood of an institution’s failure based on the “inherent risk” of the institution, balanced by the “management and controls” and the “capital support” available in the absence of APRA intervention. • Rating is based on the accumulated knowledge from APRA’s onsite reviews and offsite analysis PAIRS Conceptual Framework Descriptive Probability Rating Rating Process Probability Index Supervisory Attention Index Measurement Process Impact Index Descriptive Impact Rating Supervisory Stance Main risk areas for PAIRS assessment PAIRS Board Management Risk Governance Strategy & Planning # Liquidity Risk Operational Risk # Credit Risk NOTE - For DC superannuation funds, the Capital components do not apply # NOTE - Significant risks for superannuation funds Mk & Investment Risk # Insurance Risk Capital - Coverage Capital - Earnings Capital – Access to Add NOTE – guidance manuals for supervisors on each PAIRS component Risk Mitigants - APRA Risk Category Principle Determinants Management + Control Assessment Liquidity Risk Awareness of liquidity risk by the Board Liquidity management functions and committees (ALCO) in place Policies and procedures relating to liquidity risk management Limits in place and how they are reviewed and monitored Scenario analysis and models used, including dependability of information sources Reliability and extent of intra-group funding and standby facilities Contingency arrangements in place Operational Risk The awareness of operational risk by the Board Operational risk management functions and committees Policies and procedures Controls in place across the IT environment Management of operational issues including administration, outsourcing arrangements, fraud Business continuity and disaster recovery plans, including testing processes and back up Credit Risk The awareness of Credit Risk by the Board The credit risk management framework, systems and delegations in place Origination, security and collateral structures and valuation practices Credit-related policies and procedures Problem asset management including compliance with prudential requirements Information systems and portfolio management The role and functioning of independent credit review process Market + Investment Risk The awareness of maker an investment risk by the Board Trading and investment functions, including segregation of responsibilities ALCO and /or investment committees in place Delegations and limits in place and how they are monitored and controlled The process of reviewing and monitoring trading and /or investment strategies Investment management and asset valuation practices Market and investment policies and procedures including those relating to unit pricing Models used, including underlying assumptions and stress analysis The strength of management information systems Independent review functions Example – Module 7 - Operational risk EXAMINE • Nature & Complexity • Internal & External Fraud • IT Systems • Business Disruption • Board & Management Awareness • Operational Risk Management Framework • Outsourcing Arrangements • Administration • Information Technology • Business Continuity Management • Project Management (IT) • New & Varied Products • Independent Review of Operational Risk FEATURES WHERE LOW OPERATIONAL RISK FEATURES WHERE HIGH OPERATIONAL RISK • Simple legal & organisational structure, clear reporting lines • No reliance on related entities for core or complementary activities • No outsourcing of major business functions • Simple products, low transaction volumes • IT systems are simple, off-the-shelf, adaptable • Minimal disaster threat from external activities • No reliance on a key person • Complex structure, unclear reporting lines • Extensive reliance for core or complementary activities on related entities not wholly owned within the same group • Outsourcing to unrelated third parties with history of unresolved problems • Complex business, many products, high volume • IT systems unable to meet business needs, inherited / legacy systems • Vulnerable to external disaster • Heavy reliance on one person Net risk and significance weightings PAIRS Category Inherent Risk Management and Control Net Risk Significance Weight Board (0-4) % Management (0-4) % Risk Governance (0-4) % Strategy and Planning (0-4) (0-4) (0-4) % Liquidity Risk (0-4) (0-4) (0-4) % Operational Risk (0-4) (0-4) (0-4) % Credit Risk (0-4) (0-4) (0-4) % Market and Investment Risk (0-4) (0-4) (0-4) % Insurance Risk (0-4) (0-4) (0-4) % Net Risk Total (0-4) 100% Coverage/ Surplus (0-4) % Earnings (0-4) % Access to Additional Capital (0-4) % Capital Support Total (0-4) 100% Overall Risk of Failure (0-4) Impact rating Size, measured by assets under management, is the sole determinant of impact Asset ranges $0 ≤ x < $400m $400m ≤ x < $4b $4b ≤ x < $40b x ≥ $40b Impact Rating Low Medium High Extreme NOTE: Impact rating drives frequency of review NOTE: Impact rating determines whether specialist risk experts join supervision staff in review of institution Outcome of PAIRS process = SOARS Supervisory Approach Normal On going collection and analysis of data supported by routine prudential reviews on a cyclical basis. Oversight Significant increase in supervision intensity however entity is not considered likely to fail. More frequent information and visits. Board and senior management given strong signals of concern. Mandated Improvement Entity produces and executes a remediation plan. Transitional classification. Either improve or exit the industry. Restructure Entities have failed or are about to fail. Full use of supervisory and legislative powers to protect beneficiaries. PAIRS & SOARS - quality and consistency Dedicated support unit for supervisors Predictive analysis tools Portfolio reports and watch lists Peer review and assessment Reporting changes in assessment to top management in APRA The combination of these four support levels and the reporting framework leads to better risk assessments and strategy setting practices in APRA and overall improvements in supervisory judgements. Consistency of Scores Australia • • • Individual supervisor inputs scores for risk categories + mitigants and decides on weightings Guided by benchmarks / reference points Supervisors may have to defend their ratings at a review panel Thank You • Questions?