The regulatory process of the British Financial Services Authority (FSA):

The first step: risk identification;

The second step: risk management;

Step 3: Assign responsibilities;

Step 4: Prioritize work;

Step 5: Risk mitigation and monitoring.

In these steps, the overall risk profile of concern is first assessed, then risk trends are identified, and then risk regulatory responsibilities are handed over to specific departments of the UK Financial Services Authority. Invited by the Australian Securities and Investments Commission (ASIC) to explain the risk-based regulatory approach of the UK Financial Services Authority (FSA). Several aspects are discussed: the meaning of risk-based supervision, the reasons for adopting risk-based supervision, the practical significance of risk-based supervision, in other words, how risk-based supervision is implemented in practice, and finally An important aspect is the difficulties encountered in the actual work of risk-based supervision, with a focus on the progress made in improving the supervision process.

Through a brief introduction to the responsibilities of the British Financial Services Authority and its ins and outs, everyone will have an understanding of the institution that I want to introduce that adopts a risk-based regulatory approach. According to the Financial Services and Markets Act 2001, the UK Financial Services Authority was established as an independent regulatory agency led by a board of directors, which was formed by the merger of ten regulatory agencies before the establishment of the UK Financial Services Authority. This Act gives the British Financial Services Authority four statutory objectives: to maintain public confidence in the financial system; to promote public understanding of the financial system; to appropriately protect the interests of financial consumers; and to strive to reduce financial crime.

It is worth noting that the above statutory objectives make the British Financial Services Authority a unique comprehensive financial regulatory agency in two aspects: First, the responsibilities of the British Financial Services Authority include prudential supervision and consumer supervision Protection, while in many countries, the responsibility for prudential supervision is borne by one regulatory agency, and the responsibility for protecting consumer interests (and their business practices) is borne by another separate regulatory agency; second, the responsibilities of the British Financial Services Authority span banking, insurance and securities, and in many countries these responsibilities are divided between three regulatory agencies. For example: in France, the banking industry has the Banking Supervision Commission, the securities industry has the Financial Exchange Authority, and the insurance industry has the Insurance and Mutual Assistance Authority (ACAM). The content included in the risk-based approach does not start with the British Financial Services Authority. Instead, we start with a financial institution and analyze the content included in the risk management of a financial institution. The basic characteristics are as follows:

1. Describe in detail the risks that the institution is prepared to take. This process is often loosely described as determining the institution's risk preference. The determination of this risk preference may be unclear. It may also be clear;

2. Identify the risks faced by the institution in terms of capital, reputation, income, brand, etc., as well as various risks that may cause credit risk, market risk, operational risk, event risk, etc. Business activities or events;

3. Unified methods to quantify the above risks, such as loan ratings to quantify credit risk, Value At Risk to quantify market risk, credit risk and operational risk, and quantify event risks Stress testing, etc. Each method will have many technical problems, such as correlation, "fat tail" distribution, the continued validity of model relationships under liquidity stress, and the lack of a clear and reasonable basis for determining the degree of stress testing;

4 , design and install a system that can generate the above-mentioned risk quantification information;

5. Determine and use internal control measures to manage the above-mentioned risks. Typical control measures include setting limits (such as risk value, credit exposure or Other standards, etc.), authorization rights, etc.;

6. Assign risk management responsibilities to managers. This includes two types of managers: one is the business managers engaged in various businesses or functions, who have primary responsibility for the organization's business management, including controlling risks within the pre-approved range; the other is independent risk managers, Its mission is to challenge situations in which risks are identified, quantified and controlled.

The risk management principles of the British Financial Services Authority and financial institutions are very close, and both contain the same elements: setting goals (for us, what we want to achieve are statutory goals rather than financial goals), determining Our risk appetite identifies the risks faced in achieving statutory targets, develops unified risk quantification standards, monitors these risks, and manages these risks through business managers with direct management responsibilities and risk managers who raise objections. Broadly speaking, the risk management processes of the British Financial Services Authority and financial institutions are the same, and from a more abstract level, both are the same process for identifying, measuring, mitigating, controlling and monitoring risks. cycle process. As I said, after explaining the principles succinctly, I will come back to the practical application of risk management principles. At present, the UK Financial Services Authority adopts a risk-based regulatory approach not because we should adopt the same policies as the regulated institutions, but for some more important reasons.

First, as a guiding principle, we have a clear goal of not pursuing a zero-failure attitude, that is, we do not try to prevent the failure of all regulated institutions, but consider that the failure of some institutions is impossible. Avoided, and in fact logical. The so-called inevitable is because no regulatory agency can control all regulated institutions, so unexpected things will inevitably happen; the so-called logical is because returns and risks are accompanied by each other, and trying to control risks to prevent all financial failures is would unduly inhibit financial institutions. But we clearly will not ignore major failures, which would pose risks to the achievement of our regulatory objectives. Therefore, some means are needed to identify which issues are the most important. This is the essence of risk-based supervision.

Second, we are clear about the scope of our regulatory responsibilities: 29,759 financial institutions, 165,544 employees, an industry accounting for 5% of GDP. We are obviously not omnipotent, and there needs to be a mechanism for prioritizing which work should be prioritized.

Third, when establishing the British Financial Services Authority, we need to build a common foundation for risk analysis and regulatory methods, not just a collection of regulatory methods from various companies, that is, securities and futures The regulatory approach of the Authority, the Securities and Investments Commission, the Bank of England responsible for banking supervision, the Department of Trade and Industry and the Treasury in relation to insurance, the Building Societies Council and others. Whether explicit or not, each regulatory agency has its own set of regulatory approaches and practical practices, and what we need is a unified regulatory approach. This is why the British Financial Services Authority has to make the risk assessment very clear. The reasons for this regulatory approach. Firstly, the risks we are concerned with are those related to the UK Financial Services Authority's four statutory objectives, namely maintaining public confidence in the financial system, promoting public understanding of the financial system, appropriately protecting the interests of financial consumers and combating financial crime . It is important to note that although the risks involved in these four statutory objectives may be related to the risks of concern to the management of a financial institution, they are different. In reality, these statutory objectives are so broad that a rigorous and more focused risk management approach is needed. To do this, we focus on specific sources of risk, both agency-based and more general.

1. Risk sources mainly based on institutions: financial failure; misconduct and improper management; financial fraud; abuse of market power; money laundering; decline in market quality, etc.

2. Mainly based on non-institutional risk sources: insufficient consumer understanding; failure to implement strategic priorities; damage to the reputation of the British Financial Services Authority; failure to use our resources economically and efficiently.

The practical significance of the risk-based supervision principle:

First, the risk-based supervision principle establishes our supervision method for institutions. We classify institutions according to their potential impact (which can be replaced by the size of the institution). They are divided into four major categories: high, medium-high, medium-low, and low. The degree of attention to these four types of institutions is completely different. From what we call "intensive and ongoing" regulation of institutions at one extreme (basically a specialist group monitoring the UK operations of a major institution such as HSBC or Santander) to the other , that is, we rely heavily on special surveys, statistical analysis, and irregular sampling inspections (therefore, for general insurance brokerage companies, we only collect data to understand the type of business the brokerage company engages in, and analyze the overall situation of the brokerage company. In normal times, We do not require visits or inspections of brokerage firms in the course of business). Overall, the UK Financial Services Authority regulates 29,759 institutions, which are broken down into the following categories: Potentially affected number of institutions Supervision type high 87 Rigorous and continuous medium high 423 Regular inspections medium low 900 Longer period Ad hoc inspections low 28,349 Statistical analysis/special surveys The result of this classification is that for approximately 90% of the institutions we oversee, we never conduct inspections in the normal course of business. We have adopted a similar supervisory approach to hedge fund managers. There are more than 300 hedge fund managers in the UK, and we focus our information collection efforts on approximately 27 institutions (less than 10% of the total) as a way to manage this. The best means of risk in an industry.

Second, the principle of risk-based supervision provides us with a general method for transforming risk assessment into risk mitigation. We have Rules Of Thumb for dealing with different levels of risk and deciding when to take steps to mitigate risk. These rules are:

1. Low risk: no mitigation measures are required;

2. Medium and low risk: no mitigation is necessary, if appropriate mitigation measures are to be taken Corresponding reasons are needed;

3. Medium and high risk: Mitigation measures should be taken. If appropriate mitigation measures are not taken, corresponding reasons are needed;

4. High risk: Mitigation measures must be taken Mitigation measures.

It should be noted that there is an element of subjective judgment here: for medium and low risks, we may take mitigating measures unconventionally; conversely, for medium and high risks, we may also take mitigating measures unconventionally. No action is taken, but both cases will be questioned and require explanation.

In practice, our analysis is slightly more complex and detailed, distinguishing between different levels of impact and probability of occurrence. However, the central principle that consistent risk assessment methods should be used and uniform decision rules applied to decide whether risk mitigation measures are required is clear. A risk-based regulatory approach determines the way we need to act.

Third, we use risk-based supervision methods to implement the so-called "risk preference" that is often just a slogan. For example: In our work as an agency with listing regulatory responsibilities, we have changed our internal review processes to reflect our risk assessment of prospectuses and announcement documents. Our risk assessment is based on a range of easy-to-understand factors, focusing on the type and complexity of the transaction, the size and status of the issuer, and other relevant factors. The level of risk derived from the assessment determines the depth of our review of the document. and the amount of resources we should devote to the review process. The benefit of this is that it allows us to focus resources on areas of real risk. Issuer documents with the lowest risk ratings are subject to a limited review, while documents with higher risk ratings are subject to a limited review. Issuer documents are subject to a thorough review by our most senior staff, or the actions we take in response to financial issues are consistent with the risk assessment. First, there is a political issue related to an explicit policy of not pursuing zero failure. Although the logic of this policy was understood in advance, it was easily forgotten after the incident, and when the fact of failure was caught, no consideration was given to regulators taking measures to prevent the type of failure that had occurred from happening again. included in the total cost. When a failure is criticized for having a direct and adverse impact on consumers, it is difficult for the regulator to reply that he has made a judgment that it is not worthwhile to seek measures to prevent the institution's failure. However, sometimes such a decision must be made. reason. Within the regulator as well, there needs to be a firm attitude so that FSA staff understand that they sometimes need to choose not to take action (and suffer the consequences) and sometimes choose to take action. Although taking no action may have some adverse consequences, the decision to take no action is not necessarily a wrong decision. But it is certainly an unsettling decision, and those making it will need the support of their senior management.

Secondly, we need to realize that there will inevitably be a large number of elements that require judgment in our regulatory process. There is no algorithm that allows us to put in the data and decide whether the FSA should spend an extra ￡5 million on improving its ability to control fraud in the market, or on improving financial literacy among the public generally, or on To improve the FSA's internal management information systems, or for any of our other potential resource needs. All of these decisions require judgment, which of course needs to be underpinned by risk analysis and drawing on the best sources of information we have, but ultimately judgment needs to be exercised. For example: We have increased the annual funding of the British Financial Services Authority in popularizing public financial knowledge, from the two million pounds planned two years ago to 10 million pounds next year. We believe that the current low level of public financial knowledge will allow us to achieve Statutory targets create risks that justify this adjustment, but it remains a judgment call. We can improve our data collection and information processing processes, but these will always only factor into final judgments, which will remain subjective and result from the different statutory objectives given to the UK Financial Services Authority. the inevitable result.

Thirdly, much of the data and market information of the British Financial Services Authority is based on regulatory relationships with various financial institutions. Although this information gives us considerable insight, it does not provide focused information, and there is often a tendency to consider only a series of individual questions without exploring the underlying patterns and themes that connect them. . For example: When I first joined the Financial Services Authority, I was stuck with two things: on the one hand, I was busy dealing with the difficulties faced by the UK's independent financial advisers (IFA) network; on the other hand, I was busy dealing with the difficulties affecting the distribution of financial products. Relatively little attention has been paid to the overall effect of major adjustments to legal and regulatory rules, the so-called depolarisation. To overcome this imbalance, we have established industry groups (for example: those studying banking, asset management, insurance, accounting, etc.) to improve our system's understanding of the economic drivers of the businesses we regulate. They will help correct the imbalance of detailed knowledge of specific institutions and little ongoing dynamic knowledge of the comprehensive issues affecting an industry.

Finally, we need to improve the FSA’s flexibility to respond to the identification and assessment of new risks. We constantly adjust resources to reflect new risk assessment findings, but this adjustment is often slow, partly because we are better at adding new tasks than closing existing ones, and partly because staff adapt to the tasks The ability to convert still needs to be improved. We need to accelerate our response to newly identified risks and changes in risk focus. On the one hand, we have taken many measures to improve training to increase the job mobility of our employees; on the other hand, our management information system is also being improved to make our resource allocation clearer.