thank you for giving me the opportunity to give a speech on risk characteristics and risk management, which is also a major topic that you will discuss in the next few days. Today, I'd like to talk about my overall view on risk management, and then specifically talk about the issue of total compliance risk management, which has been widely concerned recently. Obviously, risk is an inherent feature of all business activities in your industry. The financial services industry and its regulators are trying to draw lessons from the internal control failure of the financial services industry in recent years through post-event reflection. My speech today will discuss in depth the enlightenment of those internal control failure events to compliance risk management.
in the past two decades, we have seen great changes in the global financial system. Among these changes: the financial industry is increasingly dependent on risk transfer strategy; A large number of dazzling new products are being offered to consumers. With the development of new investment products and the continuous growth of alternative investments, such as hedge funds, it is estimated that the total amount has reached 1 trillion US dollars at present, and consumers' investment choices are increasingly rich.
overall risk management
at present, one of the biggest risks faced by financial enterprises and governments is insufficient preparation for the world changes in the next five years. Please note that I am talking about "preparation" for change, not "prediction" for change. Predicting changes in a specific way is very speculative, but planning for inevitable changes is prudent management. A key question is whether your organization has the tools and risk management processes to cope with inevitable changes. As trust and investment risk management managers, you all attach great importance to quantifying and monitoring the risks faced by your institution, and managing and controlling these risks. You may also have invested a lot of time and resources to keep up with the latest development of financial management and risk management. If you are just like most risk management managers, you will find it more and more difficult to keep up with your colleagues and competitors, because the world we live in, especially those affected by science and technology, is changing at an increasing speed. In this regard, the biggest risk faced by risk management managers is that they have not made effective preparations for the future. As yogi berra once said, "The future is no longer what it used to be". Therefore, the challenge for risk management managers is to ensure that their institutions are fully prepared for anything in the future.
although we can't predict the future in a specific way, if the past events have some guiding significance for us, we can optimistically expect that new technologies will enable us to solve problems and challenges that seem insurmountable today. However, at the same time, innovation (more wonderful articles from "Secretary Dont Ask For Help") will bring new problems and challenges. As risk managers, a key question we have to answer is, "How can we best cope with the inevitable great changes and challenges?" Preparation is the obvious answer, but foresight and restraint are equally necessary. The most basic requirement is that risk management managers should ensure that their institutions have risk management policies, processes and technologies in place that can properly quantify, monitor and control risk exposure. In addition, the risk management manager must also perform the duty of thinking deeply about the future. More precisely, risk management managers need to conduct scenario analysis and scenario planning, which is an area of risk management that is sometimes easily overlooked or not taken seriously. It is difficult to do a good job in scenario analysis and scenario planning, but it must be carried out in a down-to-earth manner.
for many financial institutions, the starting point and the end point of scenario analysis are quantitative analysis of the risk exposure of specific risk factors (such as changes in interest rates or credit spreads). But in order to fully benefit from scenario analysis, we must go beyond quantitative analysis. A comprehensive scenario analysis should include a detailed analysis of the potential and possible major changes in the economic, political and social fields: what are these changes? How do they affect your business? If they happen, how to deal with them, etc. This kind of analysis is the primary responsibility of risk management.
However, scenario analysis is not the ultimate goal, and corresponding measures must be taken for the analysis results. In order to prepare for possible scenarios in the near future, management must consider whether it is necessary to adjust its balance sheet structure or revise its current risk management strategy. This strategy formulation is the core of effective scenario planning. As a part of scenario planning, some key scenarios to be considered should include how various forces, such as the continuous globalization process, technological progress and competition in product innovation, affect your specific business lines. For example, globalization can make financial enterprises face greater challenges in group management and risk accumulation, and the increasing information technology will create new opportunities as well as new risks. In addition, new products and new distribution channels may also affect your business and its risk status.
the problems caused by control failure are also inevitable in the field of trust and investment. * * * The public reports on delayed trading and timing trading with fund management companies and related investigations have affected many companies in banking, securities and insurance. Such compliance failure not only leads to penalties and financial losses, but also adversely affects the company's reputation and franchise value. Therefore, we see that the comprehensive compliance risk management system is getting more and more attention.
The business lines and business activities of financial services companies can span multiple legal entities, which makes it more difficult for a regulatory agency to judge the crux of the problem and which processes need to be improved. In some cases of mutual funds, the Federal Reserve, as the joint regulator of relevant banking institutions, has worked closely with the chief regulator of banks and the Securities and Exchange Commission to investigate the control failure. The regulators exchange information with each other to compare their findings. The Securities and Exchange Commission conducted a comprehensive analysis by examining the information found by broker traders, investment consultants and fund distributors, and the information found by the Federal Reserve and the bank's primary regulatory agencies in conducting targeted joint inspections on bank-holding companies and banks. The focus of inspection by banking regulators is on comprehensive compliance practices and bank lending practices.
according to my observation, the major defects in the practice of * * * mutual fund come from the interaction of several factors and the failure of control. First of all, the business activities of the fund are not effectively supervised by the board of directors of the fund. Second, some fund management companies provide strong financial incentives to increase profits, but the legal risks and reputation risks of these incentives have not been properly concerned. Third, the lack of adequate staff training has led staff to violate standard procedures in order to cater to some big customers. For example, in some cases, employees routinely exempt important customers from redemption fees, allowing these customers to engage in timing trading at the expense of other fund holders. A strong corporate compliance program can enable local compliance managers to identify these problems and draw the attention of higher-level managers of the company.
based on our experience in investigating these * * * same fund control failures, I would like to emphasize some lessons that can be used for reference. The most obvious point is to strictly judge abnormal customer relationships that require deviations from standard procedures. If the profit contribution of a single customer is high, we should be more vigilant. In addition, financial institutions should have a formal process of reviewing and approving unique products, customers and services at the initial stage of establishing customer relationships. Finally, it is always beneficial to give some attention to areas that have always been considered as "low risk" to confirm the original judgment. The low probability of loss in business activities should not be the only factor to be considered when evaluating risks.
compliance risk management framework
The above experiences and lessons show that compliance risks will arise when financial institutions fail to comply with laws, regulatory provisions or codes of conduct. Fortunately, there are various models that can help financial institutions manage compliance risks more effectively. Many banking institutions have established or are in the process of strengthening comprehensive compliance risk management functions. Many financial institutions have also upgraded their compliance management information systems to achieve more integrated and transparent analysis and monitoring to support the implementation of their compliance risk management programs. The comprehensive compliance risk management method has been proved to be very valuable in the following fields, including: bank secrecy law (bsa) and anti-money laundering compliance, information security, privacy protection, related party transactions and conflicts of interest.
both large financial enterprises and small financial enterprises are facing the same trend, that is, the compliance scheme is changing from "task-centered" to "process-centered". A process-centered compliance program requires that compliance be based on continuous testing and verification. In addition, local and repetitive compliance management activities are being replaced by those that can make the whole organization fully understand compliance. However, this does not mean that each business unit's own compliance management activities are outdated, but that these compliance management activities should become part of a comprehensive and integrated compliance plan. This can promote the consistency of expectations, documents, compliance risk assessment and reporting of compliance management activities.
an effective comprehensive compliance risk management scheme should not only have the flexibility to cope with changes, but also be tailored according to an organization's corporate strategy, business operation and external environment. In addition, an effective comprehensive compliance risk management plan also requires strong supervision by the board of directors and senior management.
the board of directors and senior management play different but complementary roles in ensuring the success of an institution's comprehensive compliance risk management program. The board of directors is responsible for establishing a strong compliance culture so that compliance becomes an indispensable part of daily business activities. The board of directors will also entrust this responsibility to managers and staff at all levels of the organization. A strong compliance culture encourages employees to pay more attention to compliance risks and realize the necessity of strengthening or improving controls.
summary
our review of the best practices in the financial industry and the analysis of other industries' experiences show that financial institutions need to put strategic thinking and dynamic thinking into a comprehensive compliance risk management system. Financial institutions should not only learn from past experience, but also use quantitative and qualitative scenario analysis and scenario planning when preparing for possible future situations. As Alan Greenspan, former chairman of the Federal Reserve, said: "Complex risk models can not completely replace people's experience."