You are on page 1of 129

Page |1

International Association of Risk and Compliance Professionals (IARCP)


1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com

Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the week's agenda, and what is next

Dear Member, The Financial Stability Board (FSB) published today a thematic peer review on risk governance. Risk governance collectively refers to the role and responsibilities of the board, the firm-wide CRO and risk management function, and the independent assessment of the risk governance framework.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |2

- Board responsibilities and practices: The board is responsible for ensuring that the firm has an appropriate risk governance framework given the firms business model, complexity and size which is embedded into the firms risk culture. How boards assume such responsibilities varies across jurisdictions. - Firm-wide risk management function: The CRO and risk management function are responsible for the firms risk management across the entire organisation, ensuring that the firms risk profile remains within the risk appetite statement (RAS) as approved by the board. The risk management function is responsible for identifying, measuring, monitoring, and recommending strategies to control or mitigate risks, and reporting on risk exposures on an aggregated and disaggregated basis. - Independent assessment of the risk governance framework: The independent assessment of the firms risk governance framework plays a crucial role in the ongoing maintenance of a firms internal controls, risk management and risk governance. It helps a firm accomplish its objectives by bringing a disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. This may involve internal parties, such as internal audit, or external resources such as third-party reviewers (e.g., audit firms, consultants). This is an excellent document for risk managers. Read more at N umber 1 of our list

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |3

Also
I like it. Nice and clear: Principal risk is the risk that a bank pays away the currency being sold, but fails to receive the currency being bought. Principal risk can be the most serious risk because the amount at risk can be equal to the full value of the trade. Replacement cost risk is the risk that an FX counterparty will default before a trade has settled and that the bank must replace it with a new trade and a different counterparty at current market prices (potentially less favourable exchange rate). Liquidity risk is the risk that a counterparty will not settle an obligation for full value when due. Liquidity risk does not imply that a counterparty is insolvent since it may be able to settle the required debit obligations at some unspecified later time. Great, clear definitions, in the Supervisory guidance for managing risks associated with the settlement of foreign exchange transactions from the Bank of I nternational Settlements. Read more at N umber 4 below Welcome to the Top 10 list.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |4

FSB publishes peer review on risk governance


The Financial Stability Board (FSB) published a thematic peer review on risk governance. The report takes stock of risk governance practices at both national authorities and firms, notes progress made since the financial crisis, identifies sound practices and offers recommendations to support further improvements.

Governor Daniel K. Tarullo

Dodd-Frank Act
Before the Committee on Banking, H ousing, and Urban Affairs, U.S. Senate, Washington, D.C.

Interview with Carlos Montalvo, Executive Director of EI OPA, conducted by Garry Booth, Reactions magazine (the UK)
Can you explain what the interim Solvency I I measures, sometimes known as Solvency 1.5, encompass?

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |5

Supervisory guidance for managing risks associated with the settlement of foreign exchange transactions
The purpose of this guidance is to provide updated guidance to supervisors and the banks they supervise on approaches to managing the risks associated with the settlement of FX transactions.

Financial Services Sector Draft recommendations to the Chartered Institute of Internal Auditors
Following the crisis in the financial system over the past few years a wide spread review of governance in financial institutions has been taking place. It was inevitable that the role of Internal Audit would be brought into that process.

The Financial Transaction Tax (FTT)


On 14 February 2013 the European Commission adopted a proposal for a Council Directive implementing enhanced cooperation in the area of financial transaction tax, which mirrors the scope and objectives of its original FTT proposal of September 2011.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |6

Speech by Andrew Bailey


Managing Director, Prudential Business Unit at the Chartered I nstitutes Nicholas Barbon Lectures, London

Suitability of members of the Management Body and Key Function H olders

EMIR: Frequently Asked Questions


Note: The Regulation (EU) No 648/ 2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties (CCPs) and trade repositories (TRs) (EM IR) entered into force on 16 August 2012. However, many provisions require technical standards to be developed by ESMA and the actual date of application of these provisions will depend on the date of entry into force of the technical standards (see section on timing for more details)

Corporate and Risk Governance: The IAIS Self-Assessment and Peer Review on ICPs 4, 5, 7 and 8
The I AIS has launched the Self-Assessment and Peer Review (SAPR) on Corporate and Risk Governance.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |7

FSB publishes peer review on risk governance


The Financial Stability Board (FSB) published today a thematic peer review on risk governance. The report takes stock of risk governance practices at both national authorities and firms, notes progress made since the financial crisis, identifies sound practices and offers recommendations to support further improvements. The recent global financial crisis exposed a number of risk governance weaknesses in major financial institutions, relating to the roles and responsibilities of corporate boards of directors (the board), the firm-wide risk management function, and the independent assessment of risk governance. Without the appropriate checks and balances provided by the board and these functions, a culture of excessive risk-taking and leverage was allowed to permeate in many of these firms.

The peer review found that, since the crisis, national authorities have taken several measures to improve regulatory and supervisory oversight of risk governance at financial institutions.
These measures include developing or strengthening existing regulation or guidance, raising supervisory expectations for the risk management function, engaging more frequently with the board and management, and assessing the accuracy and usefulness of the information provided to the board to enable effective discharge of their responsibilities. Nonetheless, more work is necessary. In particular, national authorities need to better assess the effectiveness of a firms risk governance framework, and more specifically its risk culture,
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |8

to help ensure the sound management of risk through the economic cycle.
Supervisors will need to strengthen their assessment of risk governance frameworks to encompass an integrated view across all aspects of the framework. The peer review also surveyed 36 banks and broker-dealers that FSB members deemed as significant for the purpose of the review. The evaluation of their responses indicates that many of the best risk governance practices at surveyed firms are now more advanced than national supervisory guidance, an outcome that may have been motivated by firms need to regain market confidence. Despite these considerable strides, significant gaps remain in a number of areas, particularly in the risk management function. At the core of strong risk management is an effective risk appetite framework, and firms progress to date is uneven in its development, comprehensiveness and implementation. Very few firms were able to identify clear examples of how they used their risk appetite framework in strategic decision-making processes. Drawing from the findings of the review, the report identifies a list of sound risk governance practices that would help firms continue to improve their risk governance and national authorities to assess its effectiveness. The review also sets out several recommendations targeting areas where more substantial work is needed, in particular: 1. National authorities should strengthen their regulatory and supervisory guidance for financial institutions and devote adequate resources to assess the effectiveness of risk governance frameworks.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

Page |9

2.Standard setting bodies should review their principles for governance, taking into consideration the sound risk governance practices set out in the report.
3.The FSB should explore ways to formally assess risk culture at financial institutions. 4.The FSB should provide general guidance on the key elements that should be included in risk appetite frameworks and establish a common nomenclature for terms used in risk appetite statements.

Tiff Macklem, Chairman of the FSBs Standing Committee on Standards Implementation (SCSI), said:
The review usefully pulls together good risk governance practices and identifies follow-up work that needs to be done by national authorities to strengthen their ability to assess the effectiveness of firms risk governance frameworks. Recent headline events surrounding activities at some large financial institutions underscore the importance of promoting and implementing a sound risk culture. Swee Lian Teo, Chair of the peer review team on risk governance, said: While measures have been taken to improve risk governance, the review showed that there are still gaps that need to be addressed by both firms and supervisors. The report sets out recommendations that will help supervisors everywhere raise the bar on their expectations for risk governance so that firms practices continue to improve through changing environments.

Notes
The FSB has been established to coordinate at the international level the work of national financial authorities and international standard setting bodies and to develop and promote the implementation of effective
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 10

regulatory, supervisory and other financial sector policies in the interest of financial stability.
It brings together national authorities responsible for financial stability in 24 countries and jurisdictions, international financial institutions, sector-specific international groupings of regulators and supervisors, and committees of central bank experts. The FSB also conducts outreach with 65 other jurisdictions through its six regional consultative groups.

The peer review on risk governance is the the sixth thematic peer review conducted by the FSB and the first thematic review using the revised objectives and guidelines for the conduct of peer reviews set forth in the December 2011 H andbook for FSB Peer Reviews.
Thematic reviews focus on the implementation and effectiveness across the FSB membership of international financial standards developed by standard-setting bodies and policies agreed within the FSB in a particular area important for global financial stability. Thematic reviews may also analyse other areas important for global financial stability where international standards or policies do not yet exist. The objectives of the reviews are to encourage consistent cross-country and cross-sector implementation; to evaluate (where possible) the extent to which standards and policies have had their intended results; and to identify gaps and weaknesses in reviewed areas and to make recommendations for potential follow-up (including via the development of new standards) by FSB members.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 11

Thematic Review on Risk Governance Peer Review Report


Foreword
Financial Stability Board (FSB) member jurisdictions have committed, under the FSB Charter and in the FSB Framework for Strengthening Adherence to I nternational Standards, to undergo periodic peer reviews. To fulfil this responsibility, the FSB has established a regular programme of country and thematic peer reviews of its member jurisdictions. Thematic reviews focus on the implementation and effectiveness across the FSB membership of international financial standards developed by standard-setting bodies and policies agreed within the FSB in a particular area important for global financial stability. Thematic reviews may also analyse other areas important for global financial stability where international standards or policies do not yet exist.

The objectives of the reviews are to encourage consistent cross-country and cross-sector implementation; to evaluate (where possible) the extent to which standards and policies have had their intended results; and to identify gaps and weaknesses in reviewed areas and to make recommendations for potential follow-up (including via the development of new standards) by FSB members.
This report describes the findings of the thematic peer review on risk governance, including the key elements of the discussion in the FSB Standing Committee on Standards I mplementation (SCSI).

Executive summary
The recent global financial crisis exposed a number of governance weaknesses that resulted in firms failure to understand the risks they were taking.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 12

In the wake of the crisis, numerous reports painted a fairly bleak picture of risk governance frameworks at financial institutions, which consists of the three key functions: the board, the firm-wide risk management function, and the independent assessment of risk governance.
The crisis highlighted that many boards had directors with little financial industry experience and limited understanding of the rapidly increasing complexity of the institutions they were leading. Too often, directors were unable to dedicate sufficient time to understand the firms business model and too deferential to senior management. In addition, many boards did not pay sufficient attention to risk management or set up effective structures, such as a dedicated risk committee, to facilitate meaningful analysis of the firms risk exposures and to constructively challenge managements proposals and decisions. The risk committees that did exist were often staffed by directors short on both experience and independence from management. The information provided to the board was voluminous and not easily understood which hampered the ability of directors to fulfil their responsibilities. Moreover, most firms lacked a formal process to independently assess the propriety of their risk governance frameworks. Without the appropriate checks and balances provided by the board, the risk management function, and independent assessment functions, a culture of excessive risk-taking and leverage was allowed to permeate in these weakly governed firms.

Further, with the risk management function lacking the authority, stature and independence to rein in the firms risk-taking, the ability to address any weaknesses in risk governance identified by internal control assessment and testing processes was obstructed.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 13

The peer review found that, since the crisis, national authorities have taken several measures to improve regulatory and supervisory oversight of risk governance at financial institutions.
These measures include developing or strengthening existing regulation or guidance, raising supervisory expectations for the risk management function, engaging more frequently with the board and management, and assessing the accuracy and usefulness of the information provided to the board to enable effective discharge of their responsibilities. Nonetheless, more work remains; national authorities need to strengthen their ability to assess the effectiveness of a firms risk governance, and more specifically its risk culture to help ensure sound risk governance through changing environments. Supervisors will need to undergo a substantial change in approach since assessing risk governance frameworks entails forming an integrated view across all aspects of the framework. The peer review also asked supervisors to evaluate progress made by their surveyed firm(s) toward enhanced risk governance in seven areas. To provide some consistency to this exercise, the review team developed high-level criteria to assist supervisory evaluations of firms progress, drawing from a compilation of relevant principles, recommendations and supervisory guidance. The high-level criteria were viewed as fundamental prerequisites for risk governance frameworks. This evaluation found that many of the best risk governance practices at surveyed firms are now more advanced than national guidance. This outcome may have been motivated by firms need to regain market confidence rather than regulatory requirements. Firms have made particular progress in:
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 14

assessing the collective skills and qualifications of the board as well as the boards effectiveness either through self-evaluations or through the use of third parties;
instituting a stand-alone risk committee that is composed only of independent directors and having a clear definition of independence; establishing a group-wide chief risk officer (CRO) and risk management function that is independent from revenue-generating responsibilities and has the stature, authority and independence to challenge decisions on risk made by management and business lines; and integrating the discussions among the risk and audit committees through joint meetings or cross-membership. Although many surveyed firms have made progress in the last few years, significant gaps remain, relative to the criteria developed, particularly in risk management. There were also differences in progress across regions with firms in advanced economies having adopted more of the desirable risk governance practices. The results of the supervisory evaluations were grouped by: (i)all surveyed firms; (ii)firms identified by the FSB and Basel Committee on Banking Supervision (BCBS) as global systemically important financial institutions, or G-SIFIs; and (iii)firms that reside in advanced economies (AEs) or emerging market and developing economies (EMDEs). In summary, across the seven areas evaluated, firms have made the most progress in defining the boards role and responsibilities, and reasonable progress in their approach to risk governance and the independent assessment of risk governance.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 15

The supervisory evaluations, however, indicate that surveyed firms should continue to work toward defining the responsibilities of the risk committee and strengthening their risk management functions as nearly 50 per cent of surveyed firms did not meet all of the evaluation criteria in these areas.
By type of institution, surveyed G-SIFIs are more advanced than other financial institutions in defining the responsibilities of the board and risk committee, conducting independent assessments of risk governance, providing relevant information to the board and risk committee, and to some extent more advanced in the risk management function. These results support the finding that the firms in the regions hardest hit by the financial crisis have made the most progress. Meanwhile, supervisory evaluations of firms that reside in EMDEs show that nearly 65 per cent did not meet all of the criteria for the risk management function. These gaps need immediate attention by both supervisors and firms. Other significant findings coming out of the review include the following: National authorities do not engage on a sufficiently regular and frequent basis with the board, risk committee and audit committee. Several jurisdictions hold such meetings only once a year or on an as-needed basis. Good progress has been made toward elevating the CROs stature, authority, and independence. In many firms, the CRO has a direct reporting line to the chief executive officer (CEO) and a role that is distinct from other executive functions and business line responsibilities (e.g., no dual-hatting). This elevation, however, needs to be supported by the involvement of the risk committee in reviewing the performance and setting the objectives of the CRO, ensuring that the CRO has access to the board and risk
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 16

committee without impediment (including reporting directly to the board/ risk committee), and facilitating periodic meetings with directors without the presence of executive directors or other management.
More work is needed on the part of both national authorities and firms on establishing an effective risk appetite framework (RAF). Assessing a firms RAF is a challenging task that requires greater clarity and an elevated level of consistency among national authorities. Supervisory expectations for the independent assessment of internal control systems by internal audit or other independent function were well-established prior to the crisis. As such, this is an area that demonstrated relatively sound practices across the FSB membership at both national authorities and firms. However, no jurisdiction had specific expectations for internal audit to periodically provide a firm-wide assessment of risk management or risk governance processes. Nearly all firms have an independent chief audit executive (CAE) who reports administratively to the CEO and the audit committee chair and who directly reports audit findings to a permanent audit committee. However, there is still room for improving the CAEs access to directors beyond those on the audit committee. Drawing from the findings of the review, including discussions with industry organisations as well as risk committee directors and CROs of several firms that participated in the review, the report identifies some of the better practices exemplified by national authorities and firms to collectively form a list of sound risk governance practices (see Section V). It also draws on some of the relevant principles and recommendations for risk governance published by other organisations and standard setting bodies.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 17

No one single authority or firm, however, demonstrated all of these sound practices.
This integrated and coherent list of sound practices aims to help national authorities take a more holistic approach to risk governance, rather than looking at each facet in isolation, and may provide a basis for consideration by authorities and standard setting bodies as they review their guidance and standards for strengthening risk governance practices. The review sets out several recommendations to ensure the effectiveness of risk governance frameworks continue to improve by targeting areas where more substantial work is needed. While the review focused on banks and broker-dealers that are systemically important, these recommendations apply to other types of financial institutions, including insurers and financial conglomerates.

Recommendations:
1.To ensure that firms risk governance practices continue to improve, FSB member jurisdictions should strengthen their regulatory and supervisory guidance for financial institutions, in particular for SIFIs, and devote adequate resources (both in skills and quantity) to assess the effectiveness of risk governance frameworks. In particular, national authorities should consider the following sound risk governance practices: i.Set requirements on the independence and composition of boards, including requirements on relevant types of skills that the board, collectively, should have (e.g., risk management, financial industry expertise) as well as the time commitment expected. i i . H old the board accountable for its oversight of the firms risk governance and assess if the level and types of risk information provided to the board enable effective discharge of board responsibilities.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 18

Boards should satisfy themselves that the information they receive from management and the control functions is comprehensive, accurate, complete and timely to enable effective decision-making on the firms strategy, risk profile and emerging risks.
This includes establishing communication procedures between the risk committee and the board and across other board committees, most importantly the audit and finance committees. iii.Set requirements to elevate the CROs stature, authority, and independence in the firm. This includes requiring the risk committee to review the performance and objectives of the CRO, ensuring the CRO has unfettered access to the board and risk committee (including a direct reporting line to the board and/ or risk committee), and expecting the CRO to meet periodically with directors without executive directors and management present. The CRO should have a direct reporting line to the CEO and a distinct role from other executive functions and business line responsibilities (e.g., no dual-hatting). Further, the CRO should be involved in activities and decisions (from a risk perspective) that may affect the firms prospective risk profile (e.g., strategic business plans, new products, mergers and acquisitions, internal capital adequacy assessment process, or ICAAP). iv.Require the board (or audit committee) to obtain an independent assessment of the design and effectiveness of the risk governance framework on an annual basis. v.Engage more frequently with the board, risk committee, audit committee, CEO, CRO, and other relevant functions, such as the CFO, to assess the firms risk culture (e.g., the tone at the top), whether directors provide effective challenge to managements proposals and decisions, and whether the risk management function has the appropriate authority to influence decisions that affect the firms risk exposures.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 19

2.The relevant standard setting bodies (e.g., BCBS, I AIS, IO SCO, OECD) should review their principles for governance, taking into consideration the sound risk governance practices listed in Section V.
3.Risk culture plays a critical role in ensuring effective risk governance endures through changing environments. The FSB Supervisory I ntensity and Effectiveness group has agreed to implement the recommendation from the 2012 FSB progress report on enhanced supervision to explore ways to formally assess risk culture, particularly at G-SIFIs. This work should be completed by September 2013. 4.To improve their ability to assess firms progress toward more effective risk management, national authorities should provide guidance on the key elements that are incorporated in effective risk appetite frameworks. To enable firms to define frameworks with a minimum amount of comparability despite their firm-specific nature, a common nomenclature for terms used in risk appetite statements (e.g., risk appetite, risk capacity, risk limits) should be established. The FSB Supervisory I ntensity and Effectiveness group, in collaboration with relevant standard setters, has agreed to finalise this work by the end of 2013. 5.The FSB should consider launching a follow-up review on risk governance after 2016 (i.e., after the G-SIFI policy measures begin to be phased in), to assess national authorities implementation of the recommendations to strengthen their supervisory guidance and oversight of risk governance. The review also should include the G-SIFIs identified in 2014 by the FSB in collaboration with the BCBS and I AIS.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 20

(I mportant Part)
Increasing the intensity and effectiveness of supervision to reduce the moral hazard posed by SIFIs is a key component of the FSBs policy measures, endorsed by G20 Leaders. Since the onset of the global crisis, supervisors have intensified their oversight of financial institutions, particularly SIFIs, so as to reduce the probability of their failure. Specifically, supervisory expectations of risk management functions and overall risk governance frameworks have increased, as this was an area that exhibited significant weaknesses in many financial institutions during the global financial crisis. While supervisors are responsible for assessing whether a firms risk governance framework and processes are adequate, appropriate and effective for managing the firms risk profile, the firms management is responsible for identifying and managing the firms risk. In October 2011, the FSB agreed to conduct a thematic peer review on risk governance to assess progress toward enhancing practices at national authorities and firms (banks and broker-dealers). For purposes of this review, risk governance collectively refers to the role and responsibilities of the board, the firm-wide CRO and risk management function, and the independent assessment of the risk governance framework (see Chart 2).

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 21

- Board responsibilities and practices: The board is responsible for ensuring that the firm has an appropriate risk governance framework given the firms business model, complexity and size which is embedded into the firms risk culture.

How boards assume such responsibilities varies across jurisdictions.


- Firm-wide risk management function: The CRO and risk management function are responsible for the firms risk management across the entire organisation, ensuring that the firms risk profile remains within the risk appetite statement (RAS) as approved by the board. The risk management function is responsible for identifying, measuring, monitoring, and recommending strategies to control or mitigate risks, and reporting on risk exposures on an aggregated and disaggregated basis.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 22

- Independent assessment of the risk governance framework: The independent assessment of the firms risk governance framework plays a crucial role in the ongoing maintenance of a firms internal controls, risk management and risk governance.
It helps a firm accomplish its objectives by bringing a disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. This may involve internal parties, such as internal audit, or external resources such as third-party reviewers (e.g., audit firms, consultants).

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 23

Governor Daniel K. Tarullo

Dodd-Frank Act
Before the Committee on Banking, Housing, and Urban Affairs, U.S. Senate, Washington, D.C. Chairman Johnson, Ranking Member Crapo, and other members of the committee, thank you for the opportunity to testify on implementation of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act). In today's testimony, I will provide an update on the Federal Reserve's recent activities pertinent to the Dodd-Frank Act and describe our regulatory and supervisory priorities for 2013. The Federal Reserve, in many cases jointly with other regulatory agencies, has made steady and considerable progress in implementing the Congressional mandates in the Dodd-Frank Act, though obviously some work remains. Throughout this effort, the Federal Reserve has maintained a focus on financial stability. In the process of rule development, we have placed particular emphasis on mitigating systemic risks. Thus, among other things, we have proposed varying the application of the Dodd-Frank Act's special prudential rules based on the relative size and complexity of regulated financial firms.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 24

This focus on systemic risk is also reflected in our increasingly systematic supervision of the largest banking firms.

Recent Regulatory Reform Milestones


Strong bank capital requirements, while not alone sufficient to guarantee the safety and soundness of our banking system, are central to promoting the resiliency of banking firms and the financial sector as a whole. Capital provides a cushion to absorb a firm's expected and unexpected losses, helping to ensure that those losses are borne by shareholders rather than taxpayers. The financial crisis revealed, however, that the regulatory capital requirements for banking firms were not sufficiently robust. It also confirmed that no single capital measure adequately captures a banking firm's risks of credit and trading losses. A good bit of progress has now been made in strengthening and updating traditional capital requirements, as well as devising some complementary measures for larger firms. As you know, in December 2010 the Basel Committee on Banking Supervision (Basel Committee) issued the Basel I I I package of reforms to its framework for minimum capital requirements, supplementing an earlier set of changes that increased requirements for important classes of traded assets. Last summer, the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) issued for comment a set of proposals to implement the Basel I I I capital standards for all large, internationally active U.S. banking firms. In addition, the proposals would apply risk-based and leverage capital requirements to savings and loan holding companies for the first time.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 25

The proposals also would modernize and harmonize the existing regulatory capital standards for all U.S. banking firms, which have not been comprehensively updated since their introduction twenty-five years ago, and incorporate certain new legislative provisions, including elements of sections 171 and 939A of the Dodd-Frank Act.
To help ensure that all U.S. banking firms maintain strong capital positions, the Basel I I I proposals would introduce a new common equity capital requirement, raise the existing tier 1 capital minimum requirement, implement a capital conservation buffer on top of the regulatory minimums, and introduce a more risk-sensitive standardized approach for calculating risk-weighted assets. Large, internationally active banking firms also would be subject to a supplementary leverage ratio and a countercyclical capital buffer and would face higher capital requirements for derivatives and certain other capital markets exposures they hold. Taken together, these proposals should materially reduce the probability of failure of U.S. banking firms--particularly the probability of failure of the largest, most complex U.S. banking firms. In October 2012, the Federal Reserve finalized rules implementing stress testing requirements under section 165 of the Dodd-Frank Act. Consistent with the statute, the rules require annual supervisory stress tests for bank holding companies with $50 billion or more in assets and any nonbank financial companies designated by the Financial Stability Oversight Council (Council). The rules also require company-run stress tests for a broader set of regulated financial firms that have $10 billion or more in assets. The new Dodd-Frank Act supervisory stress test requirements are generally consistent with the stress tests that the Federal Reserve has been conducting on the largest U.S. bank holding companies since the Supervisory Capital Assessment Program in the spring of 2009.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 26

The stress tests allow supervisors to assess whether firms have enough capital to weather a severe economic downturn and contribute to the Federal Reserve's ability to make assessments of the resilience of the U.S. banking system under adverse economic scenarios.
The stress tests are an integral part of our capital plan requirement, which provides a structured way to make horizontal evaluations of the capital planning abilities of large banking firms. The Federal Reserve also issued in December of last year a proposal to implement enhanced prudential standards and early remediation requirements for foreign banks under sections 165 and 166 of the Dodd-Frank Act. The proposal is generally consistent with the set of standards previously proposed for large U.S. bank holding companies. The proposal generally would require foreign banks with a large U.S. presence to organize their U.S. subsidiaries under a single intermediate holding company that would serve as a platform for consistent supervision and regulation. The U.S. intermediate holding companies of foreign banks would be subject to the same risk-based capital and leverage requirements as U.S. bank holding companies. In addition, U.S. intermediate holding companies and the U.S. branches and agencies of foreign banks with a large U.S. presence would be required to meet liquidity requirements similar to those applicable to large U.S. bank holding companies. The proposals respond to fundamental changes in the scope and scale of foreign bank activities in the United States in the last fifteen years. They would increase the resiliency and resolvability of the U.S. operations of foreign banks, help protect U.S. financial stability, and promote competitive equity for all large banking firms operating in the United States.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 27

The comment period for this proposal closes at the end of March.

Priorities for 2013


The Federal Reserve's supervisory and regulatory program in 2013 will concentrate on four tasks: (1)Continuing key Dodd-Frank Act and Basel I I I regulatory implementation work; (2) Further developing systematic supervision of large banking firms; (3) Improving the resolvability of large banking firms; and (4) Reducing systemic risk in the shadow banking system.

Carrying Forward the Key Dodd-Frank Act and Basel I I I Regulatory Implementation Work
Capital, Liquidity, and Other Prudential Requirements for Large Banking Firms. Given the centrality of strong capital standards, a top priority this year will be to update the bank regulatory capital framework with a final rule implementing Basel I I I and the updated rules for standardized risk-weighted capital requirements. The banking agencies have received more than 2,000 comments on the Basel I I I capital proposal. Many of the comments have been directed at certain features of the proposed rule considered especially troubling by community and smaller regional banks, such as the new standardized risk weights for mortgages and the treatment of unrealized gains and losses on certain debt securities.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 28

These criticisms underscore the difficulty in fashioning standardized requirements applicable to all banks that balance risk sensitivity with the need to avoid excessive complexity.
Here, though, I think there is a widespread view that the proposed rule erred on the side of too much complexity . The three banking agencies are carefully considering these and all comments received on the proposal and hope to finalize the rulemaking this spring.

The Federal Reserve also intends to work this year toward finalization of its proposals to implement the enhanced prudential standards and early remediation requirements for large banking firms under sections 165 and 166 of the Dodd-Frank Act.
As part of this process, we intend to conduct shortly a quantitative impact study of the single-counterparty credit limits element of the proposal. Once finalized, these comprehensive standards will represent a core part of the new regulatory framework that mitigates risks posed by systemically important financial firms and offsets any benefits that these firms may gain from being perceived as "too big to fail." We also anticipate issuing notices of some important proposed rulemakings this year. The Federal Reserve will be working to propose a risk-based capital surcharge applicable to systemically important banking firms. This rulemaking will implement for U.S. firms the approach to a systemic surcharge developed by the Basel Committee, which varies in magnitude based on the measure of each firm's systemic footprint. Following the passage of the Dodd-Frank Act, which called for enhanced capital standards for systemically important firms, the Federal Reserve joined with some other key regulators from around the world in

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 29

successfully urging the Basel Committee to adopt a requirement of this sort for all firms of global systemic importance.
Another proposed rulemaking will cover implementation by the three federal banking agencies of the recently completed Basel I I I quantitative liquidity requirements for large global banks. The financial crisis exposed defects in the liquidity risk management of large financial firms, especially those which relied heavily on short-term wholesale funding.

These new requirements include the liquidity coverage ratio (LCR), which is designed to ensure that a firm has a sufficient amount of high quality liquid assets to withstand a severe standardized liquidity shock over a 30-day period.
The Federal Reserve expects that the U.S. banking agencies will issue a proposal in 2013 to implement the LCR for large U.S. banking firms. The Basel I I I liquidity standards should materially improve the liquidity risk profiles of internationally active banks and will serve as a key element of the enhanced liquidity standards required under the Dodd-Frank Act.

Volcker Rule, Swaps Push-out, and Risk Retention.


Section 619 of the Dodd-Frank Act, known as the "Volcker rule," generally prohibits a banking entity from engaging in proprietary trading or acquiring an ownership interest in, sponsoring, or having certain relationships with a hedge fund or private equity fund. In October 2011, the federal banking agencies and the Securities and Exchange Commission sought public comment on a proposal to implement the Volcker rule. The Commodity Futures Trading Commission subsequently issued a substantially similar proposal.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 30

The rulemaking agencies have spent the past year carefully analyzing the nearly 19,000 public comments on the proposal and have made significant progress in crafting a final rule that is faithful to the language of the statute and maximizes bank safety and soundness and financial stability at the least cost to the liquidity of the financial markets, credit availability, and economic growth.
Section 716 of the Dodd-Frank Act generally prohibits the provision of federal assistance, such as FDIC deposit insurance or Federal Reserve discount window credit, to swap dealers and major swap participants.

The Federal Reserve is currently working with the OCC and the FDIC to develop a proposed rule that would provide clarity on how and when the section 716 requirements would apply to U.S. insured depository institutions and their affiliates and to U.S. branches of foreign banks.
We expect to issue guidance on the implementation of section 716 before the July 21, 2013, effective date of the provision. To implement the risk retention requirements in section 941 of the DoddFrank Act, the Federal Reserve, along with other federal regulatory agencies, issued in March 2011 a proposal that generally would force securitization sponsors to retain at least 5 percent of the credit risk of the assets underlying a securitization. The agencies have reviewed the substantial volume of comments on the proposal and the definition of a qualified mortgage in the recent final "ability-to-pay" rule of the Consumer Financial Protection Bureau (CFPB). As you know, the CFPB's definition of qualified mortgage serves as the floor for the definition of exempt qualified residential mortgages in the risk retention framework. The agencies are working closely together to determine next steps in the risk retention rulemaking process, with a view toward crafting a definition of a qualified residential mortgage that is consistent with the language

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 31

and purposes of the statute and helps ensure a resilient market for private-label mortgage-backed securities.

Improving Systematic Supervision of Large Banking Firms


Given the risks to financial stability exposed by the financial crisis, the Federal Reserve has reoriented its supervisory focus to look more broadly at systemic risks and has strengthened its micro-prudential supervision of large, complex banking firms. Within the Federal Reserve, the Large I nstitution Supervision Coordinating Committee (LISCC) was set up to centralize the supervision of large banking firms and to facilitate the execution of horizontal, cross-firm analysis of such firms on a consistent basis. The LISCC includes senior staff from various divisions of the Board and from the Reserve Banks. It fosters interdisciplinary coordination, using quantitative methods to evaluate each firm individually, relative to other large firms, and as part of the financial system as a whole. One major supervisory exercise conducted by the LISCC each year is a Comprehensive Capital Analysis and Review (CCAR) of the largest U.S. banking firms. Building on supervisory work coming out of the crisis, CCAR was established to ensure that each of the largest U.S. bank holding companies (1)Has rigorous, forward-looking capital planning processes that effectively account for the unique risks of the firm and (2)Maintains sufficient capital to continue operations throughout times of economic and financial stress. CCAR, which uses the annual stress test as a key input, enables the Federal Reserve to make a coordinated, horizontal assessment of the resilience and capital planning abilities of
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 32

the largest banking firms and, in doing so, creates closer linkage between micro-prudential and macro-prudential supervision.
Large bank supervision at the Federal Reserve will include more of these systematic, horizontal exercises.

Improving the Resolvability of Large Banking Firms


One important goal of post-crisis financial reform has been to counter too-big-to-fail perceptions by reducing the anticipated damage to the financial system and economy from the failure of a major financial firm. To this end, the Dodd-Frank Act created the Orderly Liquidation Authority (OLA), a mechanism designed to improve the prospects for an orderly resolution of a systemic financial firm, and required all large bank holding companies to develop, and submit to supervisors, resolution plans. Certain other countries that are home to large, globally active banking firms are working along roughly parallel lines.

The Basel Committee and the Financial Stability Board have devoted considerable attention to the orderly resolution objective by developing new standards for statutory resolution frameworks, firm-specific resolution planning, and cross-border cooperation.
Although much work remains to be done by all countries, the Dodd-Frank Act reforms have generally put the United States ahead of its global peers on the resolution front. Since the passage of the Dodd-Frank Act, the FDIC has been developing a single-point-of-entry strategy for resolving systemic financial firms under the OLA. As explained by the FDIC, this strategy is intended to effect a creditor-funded holding company recapitalization of the failed financial firm, in which the critical operations of the firm continue, but

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 33

shareholders and unsecured creditors absorb the losses, culpable management is removed, and taxpayers are protected.
Key to the ability of the FDIC to execute this approach is the availability of sufficient amounts of unsecured long-term debt to supplement equity in providing loss absorption in a failed firm. In consultation with the FDIC, the Federal Reserve is considering the merits of a regulatory requirement that the largest, most complex U.S. banking firms maintain a minimum amount of long-term unsecured debt. A minimum long-term debt requirement could lend greater confidence that the combination of equity owners and long-term debt holders would be sufficient to bear all losses at the consolidated firm, thereby counteracting the moral hazard associated with taxpayer bailouts while avoiding disorderly failures.

Reducing Systemic Risk in the Shadow Banking System


Most of the reforms I have discussed are aimed at addressing systemic risk posed by regulated banking organizations, and all involve action the Federal Reserve can take under its current authorities. Important as these measures are, however, it is worth recalling that the trigger for the acute phase of the financial crisis was the rapid unwinding of large amounts of short-term funding that had been made available to firms not subject to consolidated prudential supervision. Today, although some of the most fragile investment vehicles and instruments that were involved in the pre-crisis shadow banking system have disappeared, non-deposit short-term funding remains significant. In some instances it involves prudentially regulated firms, directly or indirectly. In others it does not.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 34

The key condition of the so-called "shadow banking system" that makes it of systemic concern is its susceptibility to destabilizing funding runs, something that is more likely when the recipients of the short-term funding are highly leveraged, engage in substantial maturity transformation, or both.
Many of the key issues related to shadow banking and their potential solutions are still being debated domestically and internationally. U.S. and global regulators need to take a hard, comprehensive look at the systemic risks present in wholesale short-term funding markets. Analysis of the appropriate ways to address these vulnerabilities continues as a priority this year for the Federal Reserve. In the short term, though, there are several key steps that should be taken with respect to shadow banking to improve the resilience of our financial system. First, the regulatory and public transparency of shadow banking markets, especially securities financing transactions, should be increased. Second, additional measures should be taken to reduce the risk of runs on money market mutual funds. The Council recently proposed a set of serious reform options to address the structural vulnerabilities in money market mutual funds. Third, we should continue to push the private sector to reduce the risks in the settlement process for tri-party repurchase agreements. Although an industry-led task force made some progress on these issues, the Federal Reserve concluded that important problems were not likely to be successfully addressed in this process and has been using supervisory authority over the past year to press for further and faster action by the clearing banks and the dealer affiliates of bank holding companies.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 35

The amount of intraday credit being provided by the clearing banks in the tri-party repo market has been reduced and is scheduled to be reduced much further in the coming years as a result of these efforts.
But vulnerabilities in this market remain a concern, and addressing these vulnerabilities will require the cooperation of the broad array of participants in this market and their federal regulators. The Federal Reserve will continue to report to Congress and publicly on progress made to address the risks in the tri-party repo market.

In addition to these concrete steps to address concrete problems, regulators must continue to closely monitor the shadow banking sector and be wary of signs that excessive leverage and maturity transformation are developing outside of the banking system.

Conclusion
The financial regulatory architecture is stronger today than it was in the years leading up to the crisis, but considerable work remains to complete implementation of the Dodd-Frank Act and the post-crisis global financial reform program. Over the coming year, the Federal Reserve will be working with other U.S. financial regulatory agencies, and with foreign central banks and regulators, to propose and finalize a number of ongoing initiatives. In this endeavor, our goal is to preserve financial stability at the least cost to credit availability and economic growth. We are focused on the monitoring of emerging systemic risks, reducing the probability of failure of systemic financial firms, improving the resolvability of systemic financial firms, and building up buffers throughout the financial system to enable the system to absorb shocks. As we take this work forward, it is important to remember that preventing a financial crisis is not an end in itself.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 36

Financial crises are profoundly debilitating to the economic well-being of the nation.
Thank you for your attention. I would be pleased to answer any questions you might have.

Notes
Daniel K. Tarullo took office on January 28, 2009, to fill an unexpired term ending January 31, 2022. Prior to his appointment to the Board, Mr. Tarullo was Professor of Law at Georgetown University Law Center, where he taught courses in international financial regulation, international law, and banking law. Prior to joining the Georgetown Law faculty, Mr. Tarullo held several senior positions in the Clinton administration. From 1993 to 1998, Mr. Tarullo served, successively, as Assistant Secretary of State for Economic and Business Affairs, Deputy Assistant to the President for Economic Policy, and Assistant to the President for International Economic Policy. He also served as a principal on both the National Economic Council and the National Security Council. From 1995 to 1998, Mr. Tarullo also served as President Clinton's personal representative to the G7 /G8 group of industrialized nations. Mr. Tarullo was born in November 1952 in Boston, Massachusetts. He received his A.B. from Georgetown University in 1973 and his M.A. from Duke University in 1974. In 1977, Mr. Tarullo received his J.D. (summa cum laude) from the University of Michigan Law School, where he served as Article and Book Review Editor of the Michigan Law Review.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 37

Interview with Carlos Montalvo, Executive Director of E IOPA, conducted by Garry Booth, Reactions magazine (the UK)
Can you explain what the interim Solvency I I measures, sometimes known as Solvency 1.5, encompass?
Perhaps I should start with a disclaimer: I think the name Solvency 1.5 is unfortunate. We are not building from Solvency I , we are preparing for Risk Based Supervision. EIOPA will issue Guidelines addressed to national supervisors on how to proceed in the interim phase leading up to Solvency I I . These Guidelines will cover the system of governance, including risk management system and a forward looking assessment of the undertaking's own risks (based on the ORSA principles), pre+application of internal models, and reporting to supervisors. For more information you may wish to consult the E IOPA Opinion on interim measures regarding Solvency I I : https://eiopa.europa.eu/ fileadmin/ tx_dam/files/publications/ opinion s/E IOPA_Opinion+ Interim+Measures+Solvency+II.pdf

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 38

Does the proposal have acceptance among EU country supervisors? Will everyone move forward together?
The above mentioned Opinion of E IOPA was first welcomed, and then approved by the E IOPA Board of Supervisors, which consists of the national supervisory authorities of the EU Member States. EIOPA expects that all our Board of Supervisors members are committed to set the grounds to develop a consistent and convergent supervisory approach with respect to the preparation of Solvency I I . EIOPA's Guidelines will ensure that important aspects of the new regime will be phased in, taking into account due proportionality. However, by nature these Interim Guidelines are soft regulation (i.e. used on a so called "Comply or Explain basis"), so there will be no sanctions if some National Supervisory Authorities (NSAs) do not fully comply with the Guidelines at this stage.

Why have you decided to issue guidelines (Spring 2013)? What's in the guidelines?
In the absence of a final agreement on Solvency I I in the scheduled timeline, E IOPA has expressed an opinion in order to ensure and enhance sound risk based supervision and prepare the industry for the final Solvency I I Directive. Instead of reaching consistent and convergent supervision in the EU, different national solutions may emerge to the detriment of a good functioning internal market. In order to avoid this scenario E IOPA decided to develop guidelines and to take a lead in the preparatory process aimed at a consistent and convergent approach with respect to the preparation of Solvency I I . EIOPA Guidelines will allow supervisors and undertakings to be better prepared for the application of the new regulatory framework.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 39

To cut a long story short, the guidelines are an excellent way for all parties to use the extra time of the delay as a way to be better prepared for implementation.

The CRO of global reinsurer recently told me, 'We are experiencing ever increasing requirements for internal model approval, with each country carrying out its own assessment, with limited relation to proportionality... This process consumes a lot of resources without creating value it has even started to destroy value. And the situation might get even worse until the full formal implementation of all Solvency I I's three pillars in 2015/16 (or even 17). It is my sincere hope that EIOPA will have the power to convince local supervisors to stick to the original intention: a principle based approach following the principle of proportionality .' What's your response?
The requirements for the use of internal models are set out in the Solvency I I Directive, and will indeed be further developed in the upcoming implementing measures, and E IOPA standards and guidelines. Such requirements will have to be fulfilled by all undertakings (irrespective of their size) if they want to use an internal model for SCR calculations under Solvency I I . EIOPA has been supporting the role of I nternal Models in a risk based framework, even after the experience of the Banking sector, where models which were too principle based had a significant role in the crisis.

This support should be acknowledged, and the need to learn from what happened as well.
EIOPA recognises that the uses of the internal model will vary from undertaking to undertaking and will point out to N SAs that they have to assess compliance with requirements based on proportionality, according
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 40

to the nature, scale and complexity of the risks and business of the undertaking.
Having said that, it is fair to say that E IOPA recognises that differences between supervisory cultures, Member States' legal regimes and a number of resources available, have led, in the short term, to some inconsistencies in the supervisory approaches with respect to internal model reviews in pre application. Precisely because of that, when you look at our Work Program and objectives for 2013 onwards, you will see that E IOPA is building a Center of Expertise for I nternal Models that will work on enhancing consistency and supporting those supervisors that may need help achieving it.

Theres been a lot of uncertainty around the implementation date of Solvency I I. Realistically, when will the project be completed?
Lets start with what matters most: Solvency I I will be implemented, and there should be no doubts about it. On the application date, we are confident that the framework will be applicable in 2016 though I cannot give you 100% reassurance because the decision is not made at the EIOPA level. The decision has to be made by agreement between the European Council, European Parliament and the European Commission. I can confirm that EIOPA will do the necessary work to make the implementation of Solvency I I happen on January 2016. But lets be clear, once we settle the pending issue of Long Term Guarantees, parties must avoid the temptation of reopening more issues. Solvency I I is a good framework, it will not be perfect on day 1, but this should not be an obstacle to start.

Dr Elke Koenig, president of the German supervisor Bafin recently said of Solvency I I, You have created a massively complex system which is
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 41

probably only fully understandable for those that have created it. Whats your response?
The basis of the system is quite simple: it strives for risk based supervision that incorporates transparency, calls for a clear understanding of risk and good governance. So the idea is simple but the way it has to be translated into a regulatory framework is complex. So Dr Koenig is right in that sense.

Why is it so complex?
I would say that it is everybodys responsibility (the regulators, the European Commission). But in many cases the complexity is also being driven by the industry.

What can we do to make things less complex?


We need to enhance the principle of proportionality while bearing in mind that the same objectives can be met in different ways in particular for the companies that are not doing complicated business, for SMEs etc. EIOPA is also aiming at reducing part of this complexity, with initiatives such as an I T toolkit for undertakings that could include a way to calculate the SCR, etc. We dont just acknowledge the problem, we try to come with solutions.

Another CRO told me that regulators appear to no longer follow the original Solvency I I framework route of principle based regulation. For example, the Level Three proposal to add a compliance function and an actuarial function, with the added requirement that no person can be simultaneously responsible for more than one function.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 42

Should Solvency I I, as a principle based regime, force companies to make such departmental changes?
I was surprised at this question. The actions the CRO refers to, are explicitly captured in the level 1 Directive (articles 46 and 48). There is a full article on the actuarial function (Article 48) that contains number of requirements.

The level 1 text is principle based and there is a second level which gets into more nitty gritty details to do with best practice around the compliance and actuarial functions.
But the principle of proportionality should always be kept in mind. Furthermore, the intention of Solvency I I is not to force companies to do their business in one way or another. It should ensure that risks are addressed and that the means to do so, subject to proportionality, are implemented. On that basis we are not going to force companies to recruit a person to be a compliance officer or anything like that. What we expect is that they comply with the principles stated in levels 1 and 2 comply in a sound way but not in the same way for all the companies. Some individuals interpret the principles as prescriptive but it is not our intention to tell companies how to structure their business.

We use the word actuarial function but function does not mean person.
So in a tiny company you could have an actuarial function that does not have to be performed by a pure actuary but instead by someone who has strong mathematical knowledge.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 43

Are country supervisors straying from the original Solvency II script?


Our duty is to make sure that all 27 N SAs understand the principle of risk based supervision in a convergent way and apply it consistently. Some of our members have told us that they need to enhance risk management, internal controls, or disclosure. So they had some internal projects on hold because these projects were to be channelled via Solvency I I, which is the same for everybody.

Now Solvency I I is not coming in January 2014 as they expected and they want to move in those areas.
So exactly the necessity to avoid the development of national solutions was stated in E IOPA Opinion on I nterim Measures Regarding Solvency I I , where we are talking about number of areas for which there will be interim guidelines targeted to enhance preparedness towards Solvency 2. These Guidelines indicate that supervisors are supporting the original idea of convergence and harmonization, they believe in the concept of risk based supervision, and E IOPA is taking the lead to ensure that implementation will take place in a consistent way.

EIOPA wants to pave the way for further mutual understanding and future convergence between the EU and the U.S. on insurance regulation and supervision. But many people in the US argue strongly against convergence. Why is convergence important in your opinion?
The convergence is important for our overriding aim, which is to develop strong global regulatory and supervisory standards. The purpose of the EU+US Insurance Dialogue is to enhance mutual understanding and cooperation as well as to promote business opportunity, consumer protection and effective supervision.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 44

We remain respectfully aware of the commonalities and differences of both regimes, continue to strive to address important issues in technical detail, and may, over time, move toward improved compatibility that will benefit insurance consumers, industry participants, and the economy.

There is a growing view that Solvency II will lead to restructuring in the re/insurance industry with M&A and consolidation to follow. Do you agree this could be an unintended consequence?
I have been hearing this for the last 15 years and also often asked this question at conferences by representatives of smaller companies. And I used to give such an example: I like to buy books and I buy my books in a tiny bookshop in Madrid. The owner reads a lot and he knows what the customer likes and always gives me great recommendations. I could buy my books at Barnes & N oble or at Amazon.But as long as I get such a level of service [from my little bookshop] I will never do that. If smaller insurance companies understand the needs, bring added value to their customers and also understand the specifics of the business they underwrite, they will succeed. They will even benefit from Solvency I I because it gives them the right incentives to have better risk management. As for companies that are subjected to restructuring or mergers, they will face such issues because their problems are related to globalisation and not to Solvency I I.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 45

Supervisory guidance for managing risks associated with the settlement of foreign exchange transactions
The purpose of this guidance is to provide updated guidance to supervisors and the banks they supervise on approaches to managing the risks associated with the settlement of FX transactions.

This guidance expands on, and replaces, the BCBS's Supervisory guidance for managing settlement risk in foreign exchange transactions published in September 2000.
Since the BCBS's Supervisory guidance for managing settlement risk in foreign exchange transactions (2000) was published, the foreign exchange market has made significant strides in reducing the risks associated with the settlement of FX transactions. Substantial FX settlement-related risks remain, however, not least because of the rapid growth in FX trading activities. The document provides a more comprehensive and detailed view on governance arrangements and the management of principal risk, replacement cost risk and all other FX settlement-related risks. In addition, it promotes the use of payment-versus-payment arrangements, where practicable, to reduce principal risk. The guidance is organized into seven "guidelines" that address governance, principal risk, replacement cost risk, liquidity risk, operational risk, legal risk, and capital for FX transactions. The key recommendations emphasize the following:

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 46

A bank should ensure that all FX settlement-related risks are effectively managed and that its practices are consistent with those used for managing other counterparty exposures of similar size and duration.
A bank should reduce its principal risk as much as practicable by settling FX transactions through the use of FMIs that provide PVP arrangements. Where PVP settlement is not practicable, a bank should properly identify, measure, control and reduce the size and duration of its remaining principal risk.

A bank should ensure that when analysing capital needs, all FX settlement-related risks should be considered, including principal risk and replacement cost risk and that sufficient capital is held against these potential exposures, as appropriate.
A bank should use netting arrangements and collateral arrangements to reduce its replacement cost risk and should fully collateralise its mark-to-market exposure on physically settling FX swaps and forwards with counterparties that are financial institutions and systemically important non-financial entities.

Annex FX settlement-related risks and how they arise


1. I n the period between FX trade execution and final settlement, a bank is exposed to a number of different risks. The risks vary depending on the type of pre-settlement and settlement arrangements. A bank needs to understand the risks associated with FX transactions in order to adequately manage them.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 47

2.Section A describes principal risk, replacement cost risk and liquidity risk. Section B identifies and describes the presence of operational and legal risks between trade execution and final settlement.
Finally, Section C discusses the various pre-settlement and settlement arrangements and their impact on risks. 3.For the purposes of exposition, the risks are described from the point of view of a bank and a failed FX counterparty of that bank. Section A describes the risks relating to a single FX trade between a bank and its counterparty. This is generalised to multiple trades in Sections B and C.

A. Risks relating to counterparty failure to deliver the expected currency


4.The three main risks associated with FX transactions are principal risk, replacement cost risk and liquidity risk, which arise due to the possibility that a counterparty may fail to settle an FX trade.

This failure may be temporary (eg operational or liquidity problems of the counterparty) or permanent (eg counterpartys insolvency).
A bank may become aware of a potential failure at any time between trading and the completion of settlement, particularly if the problem is due to insolvency. However, sometimes, a bank may only know that a problem has occurred on or after settlement day when it does not receive the currency that the counterparty was expected to deliver. Initially, a bank may not be able to identify the cause of the failure, nor determine whether the failure is temporary or permanent. 5.A bank is exposed to principal risk, replacement cost risk and liquidity risk until it receives the bought currency with finality.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 48

Principal risk
6.Principal risk is the risk that a bank pays away the currency being sold, but fails to receive the currency being bought. Principal risk can be the most serious risk because the amount at risk can be equal to the full value of the trade. 7.Principal risk exists when a bank is no longer guaranteed that it can unilaterally cancel the payment of the currency it sold (the unilateral cancellation deadline). Given that a banks unilateral payment cancellation deadline may be one or more business days before the settlement date, this risk can last for a significant period of time.

Replacement cost risk


8.Replacement cost risk is the risk that an FX counterparty will default before a trade has settled and that the bank must replace it with a new trade and a different counterparty at current market prices (potentially less favourable exchange rate). As such, the bank may incur a loss relative to the original trade. Replacement cost risk exists throughout the period between trade execution and final settlement.

Liquidity risk
9.Liquidity risk is the risk that a counterparty will not settle an obligation for full value when due. Liquidity risk does not imply that a counterparty is insolvent since it may be able to settle the required debit obligations at some unspecified later time. 10.Liquidity risk exists in addition to replacement cost risk.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 49

Whether a default is just a replacement cost problem or turns into a liquidity shortage depends on whether a bank can replace the failed trade in time to meet its obligations or, at least, to borrow the necessary currency until it can replace the trade.
In principle, liquidity risk can exist throughout the period between trade execution and final settlement. In practice, the probability of the problem materialising as a liquidity shortage and a replacement cost depends on many factors, including:

The timing of the default. The closer the default is to the settlement date, the less time a bank has to make other arrangements.
Whether a bank has already irrevocably paid away the currency it is selling. I f so, the bank may have fewer liquid assets available to pay for the replacement trade or to use as collateral to borrow the currency it needs. The nature of the trade. The less liquid the currency being purchased and/ or the larger the value of the trade, the harder it may be to replace. 1 1. A bank may find it hard to predict the probability of a liquidity shortage, as it cannot make a sound judgment based solely on normal market conditions. However, there is a strong positive correlation between a counterparty default and illiquid markets (ie the default may be the cause of the market illiquidity or an effect of it). In addition, trades that are easy to replace in normal conditions may be impossible to replace when markets are less liquid and experiencing stressed conditions.

B. Operational and legal risks


12. A bank may also face FX settlement-related risks caused by weaknesses in its own operations and weaknesses in the legal
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 50

enforceability of contractual terms and the governing law applicable to its transactions.
If a bank has inadequate operational capabilities or if there are weaknesses in the legal basis for the pre-settlement and settlement arrangements, it can face increased principal risk, replacement cost risk and liquidity risk relating to counterparty failure. 13.Operational risk is the risk of loss due to external events or inadequate or failed internal processes, people and systems.

This definition includes legal risk and excludes strategic and reputational risk.
14.Inadequate skills and insufficient processing capacity may increase potential exposures. These weaknesses can cause operational delays, inaccurate confirmation and reconciliation, or an inability to quickly correct or cancel payment instructions. 15.Legal risk occurs when a coun terpart ys cont ract u al FX ob ligation s are non-binding, unenforceable and subject to loss because: (i)The underlying transaction documentation is inadequate; (ii)The counterparty lacks the requisite authority or is subject to legal transaction restrictions; (iii)The underlying transaction or contractual terms are impermissible and/ or conflict with applicable law or regulatory policies; or

(iv)Applicable bankruptcy or insolvency laws limit or alter contractual remedies.


16. Legal problems may affect settlement of a foreign exchange transaction.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 51

Legal issues may compromise the legal robustness of netting, the enforceability of unilateral cancellation times or certainty about the finality of the receipt of currency.

C. I mpact of pre-settlement and settlement arrangements on risks


17.FX settlement-related risks may be affected by the type of pre-settlement and settlement arrangements used by a bank.

Risk implications for the most common arrangements are described below.
This section focuses on the implications for the risks related to counterparty failure described in Section A. Different pre-settlement and settlement arrangements can also impact the operational and legal risks described in Section B some arrangements may be operationally more complex, require more demanding risk management or create different legal risks.

However, since these implications can vary from bank to bank and depend on specific circumstances, they are not covered in this section.

Close-out netting
18.Legally robust and enforceable netting arrangements can be a safe and efficient method for reducing settlement exposures. In the context of bilateral FX transactions, close-out netting is a specific type of netting that establishes a close-out payment based on the net present value of future cash flows between a bank and a defaulting counterparty. This involves two counterparties entering into a formal bilateral agreement stipulating that, if there is a defined event of default (eg

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 52

insolvency of one of the counterparties), the unpaid obligations covered by the netting agreement are netted.
The value of those future obligations is calculated to a net present value, usually in a single-base currency. Thus, a series of future dated cash flows is typically reduced to one single payment due to, or from, the closed-out counterparty. 19.Legally enforceable close-out netting reduces principal risk, replacement cost risk, liquidity risk and operational risk for unsettled future obligations. Without close-out netting, a bank may be required to make principal payments to a defaulted counterparty. This risk is particularly relevant in jurisdictions without statutory provision or with weak or ineffective provision for offset of obligations with a defaulted counterparty. Thus, a bank may face gross principal risk, replacement cost risk and liquidity risk on transactions not covered by a legally enforceable netting agreement.

Bilateral obligation netting


20.Under bilateral obligation netting, FX transactions between two counterparties due to settle on a certain date are netted to produce a single obligation to pay in each currency on that date (ie each counterparty has an obligation to pay a single amount in those currencies in which it is a bilateral net seller).

Those net amounts are likely to be smaller than the original gross amounts, reducing principal and liquidity risks.
Obligation netting can take different forms (eg netting by novation) and may vary by jurisdiction.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 53

Their effectiveness depends on the legal soundness of the contractual terms.

Collateral arrangements
2 1 . I f netting is accompanied by a collateral arrangement, replacement cost risk can be reduced further. A collateral arrangement is where the counterparty with the negative net position provides financial assets to the other counterparty in order to secure that obligation. Collateral could be taken to cover only price movements that have already occurred. However, in this case, if there is a counterparty default, a bank is still exposed to further movements that may occur between the time collateral was last taken and the time that the bank succeeds in replacing the trade (potential future exposure). Further protection can be achieved if collateral is also taken to cover the potential future exposure. Since the actual size of this exposure cannot be determined until after the event, the degree of additional protection depends on the assumptions made when calculating the collateral amount. Note that such collateral arrangements are typically not used to provide protection against liquidity or principal risk.

Settlement via traditional correspondent banking


22.Under this settlement method, each counterparty to an FX trade transfers to the other counterparty the currency it is selling, typically using their correspondent banks for the currencies concerned.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 54

Once a payment instruction is irrevocable, the full amount being transferred is subject to principal risk, and some portion may be subject to replacement cost risk and liquidity risk.

On-us settlement
23.On-us settlement is where both legs of an FX transaction are settled across the books of a single institution. On-us settlement can occur either where one counterparty to a transaction provides accounts in both currencies to the other counterparty, or where one institution provides accounts to both counterparties to an FX transaction in both currencies. The account provider debits one of its customers accounts and credits the other, while making opposite debits and credits to its own account. Those credits can be made simultaneously (via PVP) or at different times, in which case one counterparty may be exposed to principal risk from the other counterparty.

Irrespective of whether principal risk exists, normal correspondent credit risks are also likely to exist.

Payment-versus-payment settlement
24.Payment-versus-payment (PVP) settlement is a mechanism that ensures the final transfer of a payment in one currency if, and only if, a final transfer of a payment in another currency occurs, thereby removing principal risk. There are various forms of PVP settlement arrangements, including the type offered by CLS Bank I nternational (CLS Bank). Another form consists of a link between payment systems in the two currencies, where a payment is made in one system if, and only if,

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 55

payment is made in the other system. PVP arrangements do not guarantee settlement.
In a basic PVP arrangement, a trade will settle only if a bank and its counterparty pay in the correct amount. If the counterparty fails to pay in, a bank will receive back the currency it was selling, thus providing protection against principal risk. However, it will still be short on the currency that it was buying and face liquidity risk equal to the full amount of that currency, as well as the replacement cost risk on that amount.

Central clearing
25.A central counterparty (CCP) is an entity that interposes itself between counterparties to trades in a financial market, thus, becoming the buyer to every seller and the seller to every buyer. In this way, a form of multilateral obligation netting is achieved among the original counterparties. Currently, CCPs for FX trades involving an exchange of payments at settlement are rare, but they may become more widespread in the future.

Indirect participation in settlement or CCP arrangements


26.A bank may choose to be an indirect participant of a settlement or CCP arrangement (ie a customer of a direct participant). In this case, the FX settlement-related risks a bank faces will depend, in part, on the exact terms of the service provided by the direct participant. Thus, the risks associated with indirect participation may not be the same as those associated with direct participation.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 56

Overview of Guidelines Guideline 1: Governance


A bank should have strong governance arrangements over its FX settlement-related risks, including a comprehensive risk management process and active engagement by the board of directors.

Guideline 2: Principal risk


A bank should use FM Is that provide PVP settlement to eliminate principal risk when settling FX transactions.
Where PVP settlement is not practicable, a bank should properly identify, measure, control and reduce the size and duration of its remaining principal risk.

Guideline 3: Replacement cost risk


A bank should employ prudent risk mitigation regimes to properly identify, measure, monitor and control replacement cost risk for FX transactions until settlement has been confirmed and reconciled.

Guideline 4: Liquidity risk


A bank should properly identify, measure, monitor and control its liquidity needs and risks in each currency when settling FX transactions.

Guideline 5: Operational risk


A bank should properly identify, assess, monitor and control its operational risks. A bank should ensure that its systems support appropriate risk management controls, and have sufficient capacity, scalability and resiliency to handle FX volumes under normal and stressed conditions.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 57

Guideline 6: Legal risk


A bank should ensure that agreements and contracts are legally enforceable for each aspect of its activities in all relevant jurisdictions.

Guideline 7: Capital for FX transactions


When analysing capital needs, a bank should consider all FX settlement-related risks, including principal risk and replacement cost risk. A bank should ensure that sufficient capital is held against these potential exposures, as appropriate.

Executive summary
Since the previous supervisory guidance was published in 2000, the foreign exchange (FX) market has made significant strides in reducing the risks associated with the settlement of FX transactions. These risks include principal risk, replacement cost risk, liquidity risk, operational risk and legal risk.

Such FX settlement-related risks have been mitigated by the implementation of payment-versus-payment (PVP) arrangements and the increasing use of close-out netting and collateralisation.
However, substantial FX settlement-related risks remain due to rapid growth in FX trading activities. In addition, many banks underestimate their principal risk2 and other associated risks by not taking into full account the duration of exposure between trade execution and final settlement. While such risks may have a relatively low impact during normal market conditions, they may create disproportionately larger concerns during times of market stress.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 58

Therefore, it is crucial that banks and their supervisors continue efforts to reduce or manage the risks arising from FX settlement.
In particular, the efforts should concentrate on increasing the scope of currencies, products and counterparties that are eligible for settlement through PVP arrangements. This guidance expands on, and replaces, the Supervisory guidance for managing settlement risk in foreign exchange transactions published in September 2000 by the Basel Committee on Banking Supervision (BCBS). The revised guidance provides a more comprehensive and detailed view on governance arrangements and the management of principal risk, replacement cost risk and all other FX settlement-related risks. It also promotes the use of PVP arrangements, where practicable, to reduce principal risk. The BCBS expects banks and national supervisors to implement the revised guidance in their jurisdictions, taking into consideration the size, nature, complexity and risk profile of their banks FX activities. This guidance is organised into seven guidelines that address governance, principal risk, replacement cost risk, liquidity risk, operational risk, legal risk, and capital for FX transactions. The key recommendations emphasise the following: A bank should ensure that all FX settlement-related risks are effectively managed and that its practices are consistent with those used for managing other counterparty exposures of similar size and duration.

A bank should reduce its principal risk as much as practicable by settling FX transactions through the use of FMIs that provide PVP arrangements.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 59

Where PVP settlement is not practicable, a bank should properly identify, measure, control and reduce the size and duration of its remaining principal risk.
A bank should ensure that when analysing capital needs, all FX settlement-related risks should be considered, including principal risk and replacement cost risk and that sufficient capital is held against these potential exposures, as appropriate. A bank should use netting arrangements where netting is legally enforceable and collateral arrangements to reduce its replacement cost risk and should fully collateralise its mark-to-market exposure on physically settling FX swaps and forwards with counterparties that are financial institutions and systemically important non-financial entities.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 60

Financial Services Sector Draft recommendations to the Chartered Institute of Internal Auditors Covering Letter
Following the crisis in the financial system over the past few years a wide spread review of governance in financial institutions has been taking place. It was inevitable that the role of Internal Audit would be brought into that process. Whilst there has not been extensive criticism of Internal Audits part in the financial crisis, some would say that this reflects too low an expectation of what Internal Audit could, and should have, delivered. Given this, and a number of individual failings detected during the regulatory process, the Financial Services Authority requested that the Chartered I nstitute of Internal Auditors develop a code to set out the expectations of internal audit functions in the financial sector. I was therefore pleased to have been invited by the Institute to chair a Committee aimed at identifying reasonable expectations of internal audit in UK financial institutions. I was also very pleased that we were able to attract a range of highly qualified people on to the Committee.

The Committee includes not only internal audit directors but also non-executive directors and people with skills in executive and risk management, regulation and governance.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 61

Of course internal auditors already work in compliance with standards promulgated by the I nstitute.
However these standards are not industry specific and in particular do not meet all the current expectations of internal audit in significant UK financial institutions. In this document, we set out recommendations to the Chartered Institute which, we believe, address these expectations. These recommendations for the most part supplement, rather than replace, the existing standards. They are informed not only by the work of the Committee but also by the significant and thoughtful responses to our call for evidence. These responses, and a number of meetings with internal audit directors of large banks and insurance companies, have impressed me with the quality of work performed by internal audit. Whilst there were doubtless examples of poor internal audit work, and ineffective internal audit functions, leading up to the financial crisis I do not subscribe to the view that all internal audit functions are in drastic need of improvement. However these draft recommendations, if implemented, are likely to lead to significant change for some organisations and are likely to affect all internal audit functions of UK financial institutions to some extent. Emphasising the need for proportionality we have kept the draft recommendations at a fairly high level.

Whilst we believe that the recommendations are relevant to internal audit functions in all UK financial institutions, and the UK operations of overseas institutions, the detailed recommendations may not all be applicable in smaller institutions.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 62

We also stress that implementation of some of these recommendations is a matter for the Board; I nternal Audit cannot deliver them by themselves.
We now welcome comments on this draft Guidance, at the latest by 12 April 2013, which will be made publicly available via the I IA website after the consultation period. All responses to this document should be sent to Chris Spedding, Secretary to the Committee, via chris.spedding@iia.org.uk. We will be holding a number of open meetings in March to receive oral feedback and are very open to individual meetings.

Introduction and Background


The recommendations included in the following Guidance are made by the Committee to the Chartered I nstitute of I nternal Auditors in the UK and are designed to provide a benchmark for effective I nternal Audit in Financial Services in the UK. The intended audience for this Guidance includes Chief I nternal Auditors, Executive and Non-Executive Directors and the Regulatory bodies. The Guidance should be applied in conjunction with the existing Institute of I nternal Audit I nternational Professional Practices Framework (IPPF), which includes the I nternational Standards for the Professional Practice of I nternal Auditing (the I IA Standards). It includes some elements covered by the Basel Committee on Banking Supervisi on s p aper on th e I nt ernal Aud it fu nct ion s in banks. The recommendations are designed to provide incremental Guidance to existing standards, such as the I IA Standards and Basel paper. In the course of the Committee consultation, and through discussion with the regulators supervisory teams, examples of non-conformance to these existing standards were identified.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 63

These include key risk areas that were not included in the scope, risk assessment and audit plan of I nternal Audit; audit opinions (particularly satisfactory audit opinions) with insufficient work and/ or evidence of work to fully support and justify the opinion; and audits in which the audit work programme included the operating effectiveness, but not the design adequacy, of processes and controls.
The Committee views these instances as examples of Internal Audit practice that does not meet the existing I I A Standards and expectations of the profession, as opposed to areas requiring incremental Guidance.

The Committee emphasises the importance of full conformance to the attribute and performance principles, as defined in the I IA Standards, as the basis for robust I nternal Audit.
The consultation process through which this Guidance was created sought input from a range of stakeholders with interest in the risk management, governance and control of financial institutions. This included the Chartered I nstitute of Internal Auditors; the Bank of England; the Financial Services Authority (representatives from both the future Prudential Regulation Authority and the Financial Conduct Authority); audit practitioners from across the sector, including banking, insurance, asset management and building societies; Executive and NonExecutive Directors of financial organisations; government representatives; rating agencies; professional services firms; and consumer groups. In the course of our consultation, the Committee asked a range of questions around the role, scope and position of internal audit in the organisations governance and risk management frameworks.

The responses received highlight the range of practice across the industry, with a varying degree of uniformity of practice and aspiration between organisations.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 64

There was a general consensus around the importance of the independence of Internal Audit; both independence from Executive Management authority, from the Risk Management and Compliance functions, and from executive decision making responsibilities.
There was also strong support for an unrestricted scope of Internal Audit, and for greater clarity and consistency of I nternal Audits role in auditing areas such as strategy, culture, risk appetite and key corporate events. Areas in which there was a greater divergence of response include the role and extent of Internal Audit involvement in challenging strategic decision making; whether there are circumstances in which it would be appropriate for Internal Audit to report to a Board Risk Committee rather than to the Audit Committee, the nature of Internal Audits Executive reporting line and who this line should report into (e.g. CEO / CFO); and the appropriateness of the Chief Internal Auditor having the right to attend Executive Committee meetings. In these areas, the Committee has formed a view based on both the responses received and Committee discussion.

Proposed Recommendations of the Committee A. Role and mandate of Internal Audit


1. The primary role of Internal Audit should be to help to protect the assets, reputation and sustainability of the organisation. It does this by assessing whether all significant risks are identified and appropriately reported to the Board and Executive Management; assessing whether they are properly controlled; and by challenging Executive Management to improve the effectiveness of governance, risk management and internal controls. The role of I nternal Audit should be articulated in an I nternal Audit Charter, which should be publicly available.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 65

B. Scope and priorities of I nternal Audit


2.Internal Audits scope should be unrestricted In setting its scope, Internal Audit should independently determine the key risks that face the organisation, including emerging and systemic risks, and how effectively these risks are being managed. There should be no impediment to I nternal Audits ability to challenge the executive and to report its concerns.

3.For the avoidance of doubt, I nternal Audit should include within its scope:
a.The design and operating effectiveness of governance structures and processes of the organisation. b.The strategic and management information presented to the Board Internal Audit should include within its scope the processes and controls supporting strategic decision making, and based on this work, whether the information presented to the Board and Executive Management is complete, accurate and fairly represents the benefits, risks and assumptions associated with the strategy and associated business model. c.The setting of, and adherence to, risk appetite Internal Audit should assess whether the risk appetite has been established and reviewed through the active involvement of the Board and Executive Management, and is accurately embedded within the activities, limits and reporting of the organisations businesses. d. The risk and control culture of the organisation Internal Audit should include within its scope the risk and control culture of the organisation.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 66

This should include assessing whether the processes (e.g. appraisal and remuneration) and actions (e.g. decision making) are in line with the values, ethics, risk appetite and policies of the organisation.
Internal Audit should consider the attitude and assess the approach taken by all levels of management to risk management and internal control. This should include managements actions in addressing known control deficiencies as well as their regular assessment of controls within their areas.

e.Risks of poor customer outcomes, giving rise to conduct or reputational risk


Internal Audit should evaluate whether products, services and supporting processes are designed in line with conduct regulation, and the organisations customer strategy, values and standards. Internal Audit should evaluate whether the organisation is acting with integrity in its dealings with all customers and in its interaction with relevant markets. f. Capital and liquidity risks Internal Audit should include within its scope the management of the organisations risks relating to capital and liquidity and other regulatory risks. g. Key corporate events These events include significant business process changes, introduction of new products and services, outsourcing decisions and acquisitions / divestments. Internal Audit should decide if these events are sufficiently high risk to warrant involvement on a real time basis.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 67

In doing so I nternal Audit will evaluate whether the key risks are being adequately addressed (including by other forms of assurance, e.g. third party due diligence) and reported.
Internal Audit should also assess whether the information being used in the decision making is, to the extent possible, complete, accurate and balanced and whether the related procedures and controls have been followed. h. Outcomes of processes

Internal Audit should evaluate the adequacy and effectiveness of the design, as well as the implementation, of the organisations policies and processes.
As part of this evaluation, Internal Audit should consider whether the outcomes achieved by the implementation of these policies and processes are in line with the objectives, risk appetite and values of the organisation. 4. Prioritisation of I nternal Audit work Internal Audit should make a risk-based decision as to which areas within its scope should be included in the audit plan it does not have to cover all of the potential scope areas every year. In setting its priorities and deciding where to carry out more detailed work, Internal Audit should focus on the areas where it considers risk to be higher, as well as taking into account the wishes of the Board and Board Committees. Both the determination and the assessment should be informed, but not driven, by the views of management or the Risk function. 5. Risk assessment Internal Audits risk assessment should be all-encompassing, taking into account business strategy and objectives and the full range of risks that

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 68

have an impact on the organisation; combine a bottom up and top down assessment of risk; and take into account potential future or emerging risks on a continuous basis.
6. Internal Audit planning Internal Audit plans should be approved by the Audit Committee*. They should have the flexibility to deal with unplanned events to allow Internal Audit to prioritise emerging risks.

Changes to the audit plan should be considered in light of I nternal Audits ongoing assessment of risk.
Items removed from I nternal Audits plans should be reported, with appropriate justification, to the Audit Committee*.

C. Reporting results
7.Internal Audit should be present at, and issue reports to, both the Board Audit Committee and the Board Risk Committee and any other Board Committees as appropriate. The nature of the reports will depend on the remits of the respective Committees. 8.Internal Audits reporting to the Audit and Risk Committees should include: - a focus on significant control breakdowns together with a robust root-cause analysis; - any thematic issues identified across the organisation; - an independent view of managements reporting on the risk management of the organisation, including a view on managements remediation plans (which might include restricting further business
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 69

until improvements have been implemented) highlighting areas where there are significant delays; and
- at least annually an assessment of the overall effectiveness of the governance, and risk and control framework of the organisation, together with an analysis of themes and trends emerging from Internal Audit work and their impact on the organisations risk profile.

D. Interaction with Risk Management, Compliance and Finance


9.Internal Audit should not be part of, nor responsible for, the Risk Management, Compliance or Finance function.
1 0 . I nternal Audit should include within its scope an assessment of the adequacy and effectiveness of the Risk Management, Compliance and Finance functions. In evaluating the effectiveness of internal controls and risk management processes, in no circumstances should Internal Audit rely exclusively on the work of Risk Management, Compliance or Finance. Internal Audit should always examine for itself, an appropriate sample of the activities under review. 11.Internal Audit should exercise informed judgement as to when to place reliance on the work of Risk Management, Compliance or Finance. To the extent that Internal Audit places reliance on the work of Risk Management, Compliance or Finance function, that should only be after a thorough evaluation of the effectiveness of that function in relation to the area under review.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 70

E. Independence and authority of I nternal Audit


12.The Chief I nternal Auditor should be at a senior enough level within the organisation (normally expected to be at Executive Committee or equivalent) to give him or her the appropriate standing and authority to challenge the Executive. Subsidiary and divisional H eads of Audit should also be of a seniority comparable to the senior management whose activities they are responsible for auditing. 1 3 . I nternal Audit should have the right to attend Executive Committee meetings and any other key management and decision making fora. This right of attendance is for the duration of the meeting, and will enable Internal Audit to gain an understanding of the business and provide perspectives on risk and control. 1 4 . I nternal Audit should have sufficient and timely access to key management information and a right of access to all of the organisations records, necessary to discharge its responsibilities. 15.The primary reporting line for the Chief I nternal Auditor should be to the Chairman of the Board of Directors. The Chairman may wish to delegate responsibility for the reporting line to the Chairman of the Board Audit Committee or, exceptionally, the Chairman of the Board Risk Committee, providing this Committee is constituted exclusively of independent Non-Executive Directors. The reporting line should take into account the respective mandates of the Board Audit Committee and the Board Risk Committee, and must avoid any impairment to internal audits objectivity. 16.The Audit Committee* should be responsible for appointing the Chief Internal Auditor and removing him/ her from post.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 71

17.The Chairman of the Audit Committee* should participate in setting the objectives of the Chief Internal Auditor and appraising his/her performance although it would be expected that the objectives and appraisal would take into account the views of the Chief Executive.
18.The Chairman of the Audit Committee* should be responsible for recommending the remuneration of the Chief Internal Auditor. The decision should be ratified by the Remuneration Committee. The remuneration of the Chief I nternal Auditor and I nternal Audit staff should be structured in a manner such that it avoids conflicts of interest, does not impair their independence and objectivity and should not be directly linked to the short term performance of the organisation. 19.Subsidiary and divisional H eads of Audit should report primarily to the Group Chief I nternal Auditor, except insofar as prohibited by local legislation or regulation. This includes the responsibility for setting budgets and remuneration, conducting appraisals and reviewing the audit plan. 20.In order to protect the objectivity and independence of I nternal Audit, the Audit Committee* should determine an appropriate interval to consider the need to change the Chief Internal Auditor and should have a similar policy for divisional and subsidiary heads. 2 1 . I f Internal Audit has a secondary Executive reporting line, this should be to the CEO in order to preserve independence from any particular business area or function.

F. Resources
22. The Chief Internal Auditor should ensure that the audit team has the skills and experience commensurate with the risks of the organisation.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 72

This may entail recruitment, secondment from other parts of the organisation or co-sourcing with external third parties.
23.The Chief I nternal Auditor should provide the Audit Committee* with a regular assessment of the skills required to conduct the work needed, and whether the I nternal Audit budget is sufficient to allow the function to recruit and retain staff with the expertise and experience necessary to provide effective challenge throughout the organisation and to the executive. 24.The Audit Committee* should be responsible for approving the Internal Audit budget. 25.The Board of Directors should confirm in the annual report that it is satisfied that I nternal Audit has the appropriate resources.

G. Quality assessment
26.The Board or the Audit Committee* is responsible for evaluating the performance of the I nternal Audit function on a regular basis.

In doing so it will need to identify appropriate criteria for defining the success of Internal Audit.
Delivery of the audit plan should not be the sole criterion in this evaluation. 27.Internal Audit should maintain an up-to-date set of policies and procedures, and performance and effectiveness measures for the I nternal Audit function. Internal Audit should continuously improve these in light of industry developments. 28.Internal Audit functions of sufficient size should develop a quality assurance capability, with the work performed by individuals who are independent of the delivery of the audit plan.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 73

The function should have the standing and experience to meaningfully challenge Internal Audit performance and to ensure that I nternal Audit judgements and opinions are adequately evidenced.
The quality assurance review should include I nternal Audits understanding and identification of risk and control issues, in addition to the adherence to audit methodology and procedures. This may require the use of resource from external parties. The quality assurance work should be risk-based to cover the higher risks of the organisation and of the audit process. The results of these assessments should be presented directly to the Audit Committee* at least annually. 29. In addition the Audit Committee* should obtain an independent, external assessment at appropriate intervals. This could take the form of periodic reviews of elements of the function, or a single review of the overall function. The conformance of I nternal Audit with the recommendations included in this Guidance should be explicitly included in this evaluation. The Chairman of the Audit Committee* should oversee and approve the appointment process for the independent assessor.

H. Relationships with Regulators


30. Nature and purpose of the relationship The Chief Internal Auditor, and other senior managers within I nternal Audit, should have an open, constructive and co-operative relationship with regulators which supports sharing of information relevant to carrying out their respective responsibilities.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 74

31. Compliance with the Statements of Principle and Code of Practice for Approved Persons, and the UK Corporate Governance Code
As a significant influence function, the Chief I nternal Auditor must fully comply with the relevant provisions of the Statements of Principle and Code of Practice for Approved Persons, the UK Corporate Governance Code, and other obligations specific to I nternal Audit as set out in the relevant regulators handbook.

I. Wider considerations
32.The Board Committees and senior management should set the right tone from the top to ensure support for, and acceptance of, I nternal Audit at all levels of the organisation.
33.The Financial Reporting Council should consider whether additional guidance is needed with regard to the respective role and mandate of the Board Audit and Risk Committees in relation to their interaction with Internal Audit, including what should be expected from a good I nternal Audit function with reference to the recommendations included in this Guidance. * In the interest of simplicity and clarity, this document has assumed that Int ern al Aud it s primary reporting line is to the Audit Committee. Please refer to recommendation 15 for the Committee recommendation relating to Non-Executive reporting lines.

About the Chartered I nstitute of Internal Auditors (IIA)


The I IA is the only body focused exclusively on internal auditing and we are passionate about supporting, promoting and training the professionals who work in it. We have been leading the profession of internal auditing for over 65 years. Our International Standards and Code of Ethics unite a global community of over 180, 000 internal auditors in 190 countries.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 75

We are committed to enhancing the recognition and professionalism of internal audit in the UK and I reland, through:
Dynamic leadership of the profession which maximises our members reputation and influence individually and collectively. Technical excellence through our I nternational Standards and Code of Ethics. All members across the globe work to the same I nternational Standards and Code of Ethics. We have 8,000 members in all sectors in the UK and I reland. H igh quality support to our members throughout their careers, which enables them to continually develop their professional knowledge, skills and experience and provides other services of value to members in their roles. These things, enacted through our staff, members and volunteers and with the support of our suppliers and partners, make a significant and unique contribution to the success of all organisations.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 76

The Financial Transaction Tax (FTT)


On 14 February 2013 the European Commission adopted a proposal for a Council Directive implementing enhanced cooperation in the area of financial transaction tax, which mirrors the scope and objectives of its original FTT proposal of September 2011.

Financial Transaction Tax under Enhanced Cooperation: The European Commission sets out the details
The details of the Financial Transaction Tax (FTT) to be implemented under enhanced cooperation have been set out in a proposal adopted by the Commission today. As requested by the 1 1 Member States that will proceed with this tax, the proposed Directive mirrors the scope and objectives of the original FTT proposal put forward by the Commission in September 2011 (IP/11/ 1085). The approach of taxing all transactions with an established link to the FTT-zone is maintained, as are the rates of 0.1% for shares and bonds and 0.01% for derivatives. When applied by the 1 1 Member States, this Financial Transaction Tax is expected to deliver revenues of 30-35 billion euros a year. There are certain limited changes in today's FTT proposal compared to the original one, to take into account the fact that the tax will be implemented on a smaller geographical scale than originally foreseen. These changes are mainly to ensure legal clarity and to reinforce anti-avoidance and anti-abuse provisions.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 77

Algirdas emeta, Commissioner responsible for Taxation, said: " With today's proposal, everything is in place to enable a common Financial Transaction Tax to be become a reality in the EU.

On the table is an unquestionably fair and technically sound tax, which will strengthen our Single Market and temper irresponsible trading. Eleven Member States called for this proposal, so that they can proceed with the FTT through enhanced cooperation.

I now call on those same Member States to push ahead with ambition to drive, decide and deliver on the world's first regional FTT."
Today's proposal follows EU Finance Ministers' agreement last month to allow the 1 1 Member States to move ahead with an FTT under enhanced cooperation. There are 3 core objectives to the FTT. First, it will strengthen the Single Market by reducing the number of divergent national approaches to financial transaction taxation. Secondly, it will ensure that the financial sector makes a fair and substantial contribution to public revenues. Finally, the FTT will support regulatory measures in encouraging the financial sector to engage in more responsible activities, geared towards the real economy. As in the original proposal, the FTT will have low rates, a wide base and safety nets against the relocation of the financial sector. As before, the "residence principle" will apply. This means that the tax will be due if any party to the transaction is established in a participating Member State, regardless of where the transaction takes place.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 78

This is the case both if a financial institution engaged in the transaction is, itself, established in the FTT-zone, or if it is acting on behalf of a party established in that jurisdiction.
As a further safeguard against avoidance of the tax, today's proposal also adds the "issuance principle". This means that financial instruments issued in the 1 1 Member States will be taxed when traded, even if those trading them are not established within the FTT-zone. Furthermore, explicit anti-abuse provisions are now included. As in the original proposal, the FTT will not apply to day-to-day financial activities of citizens and businesses (e.g. loans, payments, insurance, deposits etc.), in order to protect the real economy. Nor will it apply to the traditional investment banking activities in the context of the raising of capital or to financial transactions carried out as part restructuring operations. The proposal also ring-fences refinancing activities, monetary policy and public debt management. Therefore, transactions with central banks and the ECB, with the European Financial Stability Facility and the European Stability Mechanism, and transactions with the European Union will be exempted from the tax.

Next Steps
The proposed Directive will now be discussed by Member States, with a view to its implementation under enhanced cooperation. All 27 Member States may participate in the discussions on this proposal. However, only the Member States participating in enhanced cooperation will have a vote, and they must agree unanimously before it can be implemented. The European Parliament will also be consulted.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 79

Background
In September 2011, the Commission tabled a proposal for a common system of financial transactions tax, with the objectives of securing a coherent approach to taxing this sector in the Single Market, ensuring a fair contribution from the financial sector to public finances, and contributing to more efficiency and welfare enhancing financial sector trading. Following intense discussions on this file, there was consensus at the ECOFIN meetings in summer 2012 that unanimity between the 27 Member States would not be reached within a reasonable period. Nonetheless, a number of Member States expressed a strong willingness to go ahead with the FTT. Therefore, in autumn 2012, 1 1 Member States wrote to the Commission, officially requesting enhanced cooperation on the financial transaction tax to be authorised, on the basis of the Commission's 2011 proposal. The Commission carefully assessed these requests against the criteria for enhanced cooperation in the Treaties. In particular, it was established that enhanced cooperation on the FTT would not have a negative impact on the Single Market or on obligations, rights and competences of non-participating Member States. On the basis of that assessment, in October 2012, the Commission proposed a Decision to allow enhanced cooperation on the FTT. This was backed by the European Parliament in December and agreed by European Finance Ministers at the ECOFIN in January 2013. Once the green light for enhanced cooperation had been given, the Commission could proceed with the detailed proposal on the FTT to be applied by the 1 1 Member States, which it has presented today.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 80

Financial Transaction Tax through Enhanced Cooperation: Questions and Answers


Why has the Commission proposed a Financial Transaction Tax for implementation through enhanced cooperation? The Commission initially proposed a Financial Transaction Tax to be implemented by all 27 Member States, in September 2011 (IP/11/ 1085).
However, following intense discussions in Council, it was found that unanimity would not be reached on this proposal in the foreseeable future. Nonetheless, a number of Member States expressed a strong willingness to go ahead with the FTT. Therefore, in autumn 2012, 1 1 Member States wrote to Commissioner emeta, officially requesting enhanced cooperation on the financial transaction tax to be authorised, on the basis of the Commission's 2011 proposal. The Commission carefully assessed these requests against the criteria for enhanced cooperation in the Treaties. On the basis of that assessment, in October 2012, the Commission proposed a Decision to allow enhanced cooperation on the FTT (see IP/12/1138). This was backed by the European Parliament in December and agreed by European Finance Ministers at the ECOFI N in January 2013. Once the green light for enhanced cooperation had been given, the Commission could proceed with the detailed proposal on the FTT to be applied by the 1 1 Member States. This is what has been presented today.

What is enhanced cooperation?


Enhanced cooperation is when a group of at least 9 Member States decide to move ahead with an initiative proposed by the Commission, once it proves impossible to reach unanimous agreement on it within a reasonable period.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 81

It is only relevant to policy areas which require unanimity, and it aims to overcome the situation whereby certain Member States are prevented from advancing with a common approach due to the reluctance and non-agreement of others.
Clear provisions and conditions for enhanced cooperation are set out in Article 20 of the TEU and Articles 326 to 334 (TFEU). For more information on the enhanced cooperation procedure, see MEMO/ 12/799.

Which Member States intend to implement the common FTT through enhanced cooperation? Eleven Member States, representing 2/3 of EU GDP, have been authorised to establish the common financial transaction tax under enhanced cooperation.
These are: Belgium, Germany, Estonia, Greece, Spain, France, Italy, Austria, Portugal, Slovenia and Slovakia.

Can others join the FTT group later, and how? Yes. One of the conditions of enhanced cooperation under the Treaties is that it should be open to any other Member State joining at a later stage if it wishes to do so.
In order to join, the Member State would need to submit a request to the Commission, which would then assess this against the criteria set out in the Treaty (as it did the initial requests).

What are the key features of the FTT proposed today for the 1 1 Member States? In line with the requests of the 1 1 Member States, today's proposal very much reflects the Commission's original FTT proposal in terms of scope and objectives. When it comes to objectives, they remain exactly the same.
These are:

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 82

-To tackle fragmentation of the Single Market that an uncoordinated patchwork of national financial transaction taxes would create;
-To ensure that the financial sector makes a fair and substantial contribution to public finances and covering the cost of the crisis, particularly as it is currently under-taxed compared to other sectors; -To create appropriate disincentives for financial transactions which do not contribute to the efficiency of financial markets or to the real economy With regard to the scope of the FTT, it again mirrors the 2011 proposal, in that: -The base of the tax is very wide, covering transactions carried out by financial institutions on all financial instruments and markets, once there is an established economic link to the FTT-zone -The rates are low, at 0.1% for shares and bonds, units of collective investment funds, money market instruments, repurchase agreements and securities lending agreements, and 0.01% for derivative products. These are proposed minimum rates, and participating Member States would be free to apply higher rates if they wanted to. The tax would have to be paid by each financial institution involved in the transaction; -Day-to-day financial activities of ordinary citizens and businesses (e.g. insurance contracts, mortgage and business lending, credit card transactions, payment services, deposits, spot currency transactions etc.) are excluded from the FTT, in order to protect the real economy; -The raising of capital (i.e. primary issuance of shares and bonds, units of collective investment funds) and certain restructuring operations will not be taxed. Also, excluded from the scope of the FTT are financial transactions with the ECB and national central banks, the EFSF and ESM; -The "residence principle" remains a core element to safeguard against the relocation of financial transactions. Under the residence principle, who is party to the transaction is what counts, not where it takes place.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 83

If a financial institution involved in the transaction is established in the FTT zone, or is acting on behalf of a party established in this zone, then the transaction will be taxed, regardless of where it takes place in the world;
To further prevent avoidance of the tax, the Commission has added to this proposal the "issuance principle". This means that a transaction will also be taxed, whenever and wherever it takes place, if it involves financial instruments issued in one of the participating Member States.

What are the main changes compared to the 201 1 FTT proposal, and why have they been introduced? Any changes in today's proposal compared to the one in 2011 serve one of two purposes: either to provide more legal clarity, where it was seen to be necessary, or to reinforce anti-abuse and anti-avoidance provisions, as the 1 1 participating Member States had requested.
The main changes are: -Issuance principle has been added as an anti-avoidance measure (see below for more details). A general and a specific anti-abuse clause have also been added to the proposal; -Member States and other public bodies, when managing public debt, are now explicitly excluded from the scope of the Directive; -ECB, EFSF and ESM are now explicitly referred to as being exempt from FTT -Exchanges of financial instruments will now be considered as two transactions for tax purposes, while repurchase and reverse repurchase agreements and securities lending and borrowing will be regarded as only one transaction, as they are economically equivalent to a (single) credit operation; -The issuance of shares and units in collective investment funds and restructuring operations are now also excluded from the scope.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 84

Are there still benefits to the FTT if it is not applied by all Member States? Absolutely. The Commission would have liked to see the FTT applied throughout the entire EU.
However, as this proved impossible, enhanced cooperation is the right way to proceed. The objectives set by the Commission are still valid and achievable. A common FTT will ensure a fairer contribution to public finances from the financial sector, which is currently under-taxed by about 18 billion a year in the EU, and which has tremendously benefited from rescue operations pre-financed by tax payers. And it will reduce the fragmentation of the Single Market, by having a single system for taxing financial transactions which covers 1 1 Member States. Importantly, those that participate in enhanced cooperation on the FTT will also have a significant new source of revenue without placing further burden on the ordinary citizen.

How much revenue is the FTT expected to generate? How will this be used? The proposed FTT applied under enhanced cooperation is expected to generate 30-35 billion a year, corresponding to 1% of the participating Member States' tax revenues.
The Commission has proposed that a portion of the revenue could be used as an own resource for the EU budget, resulting in a corresponding reduction of the national GN I contributions of participating Member States. The money for the national budgets could be used to help consolidate public finances, invest in growth-promoting activity, or meet development aid commitments. Ultimately, it will be for participating Member States to decide how the revenues of the FTT should be used.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 85

Is there a risk that the financial sectors in participating Member States will relocate to Member States or non-EU countries not applying this common FTT? Robust measures remain in today's proposal to mitigate the risk of relocation.
In particular, the "residence principle" ensures that if any party to the transaction is established in the FTT-zone, the transaction is taxed, regardless of where in the world it takes place. This means that financial operators would only be able to avoid the FTT if they were prepared to relocate, abandon all their clients in the 1 1 Member States, and refrain from any interaction with financial institutions established in the participating Member States. This makes relocation a very unlikely response, particularly considering the low rate of the proposed FTT and the fact that the participating Member States comprise 2/ 3 of EU GDP. Nonetheless, the Commission took measures in today's proposal to further reinforce the safeguards against relocation. Under the issuance principle, financial products issued in the 1 1 Member States will be taxed when traded, even if those trading them are not established within the FTT-zone. Again, this removes any incentive to relocate in order to avoid the tax. Thus, financial institutions would only be able to avoid paying the tax if they gave up their client base in the FTT jurisdiction with respect to financial instruments, and if they were to no longer trade in financial products issued there.

Does the proposed FTT respect the relevant territoriality rules? Yes. The proposed FTT for the 1 1 Member States is fully in line with international law and EU taxation principles.
Taxing cross-border services is a well-established principle in taxation. VAT can be used as a comparative example of how this works. When a Belgian citizen buys software on the internet from an American company, the software is taxed at the Belgian rate.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 86

Moreover, many national financial sector taxes are based on the issuance principle and therefore apply to transactions which take place outside their own territory, once the financial product traded has been issued on their territory.
The same ideas apply to the FTT proposed. As long as there is an established link between the transaction and the territory of a participating Member State, it is legal to charge this tax. Nonetheless, the proposal includes a general rule allowing the person liable to pay the FTT to prove that the link between the transaction and that territory ("economic substance clause") is insufficient, and that they therefore do not have to pay the tax.

What will be the impact of the FTT on growth and jobs? The most up-to-date analyses presented by the Commission showed that the FTT will not lead to any job losses.
In terms of economic impact, it is estimated to have a -0.28% impact on GDP in the long run. Smart recycling back into the economy of the revenues delivered by the FTT can even potentially lead to a positive impact on GDP of 0.2%. Both these figures are cumulative effects over periods of several decades based on economic models. Rather than the figures themselves what is important is that putting in place an FTT will not negatively impact growth or jobs.

Will the FTT hit the ordinary citizen? The proposed FTT excludes the day-to-day financial activities of ordinary citizens and businesses, in order to protect them and the real economy.
In fact, it is very well targeted to the financial sector.
The proposal covers only transactions where financial institutions are involved, and around 85% of the transactions take place purely between financial institutions.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 87

In addition, the minimum tax rates proposed are very low, to avoid significant knock-on effects on the real economy due to an increased cost of capital.
Of course, just as they do with any costs they have, the financial institutions would have to assess whether they absorb such a tax or pass it on, taking into account market conditions / competition. But even if the financial sector does pass on some of the costs to its clients, the outcome would not be disproportionate. Any citizen buying, for example, 10 000 in shares would only pay a 10 tax on the transaction.

Will the FTT hit the non-financial sector and what about traditional investment banking? The proposed FTT excludes the day-to-day financial activities of enterprises outside the financial sector.
Thus, when SMEs or bigger companies need money and borrow it from banks or they issue new shares or enterprise bonds, no tax will be due. Also, when there is a merger and acquisition activity, or a management buyout in which financial institutions take a leading facilitator role, no tax will be due. Only in case financial institutions were able to pass the cost of the tax on to their enterprise clients, some minor increases in the cost of could materialise. However, these should remain rather limited as most effects will have to be swallowed by the financial sector itself as 85% of all transactions take place amongst financial institutions with no outside client in sight.

Will the FTT be applied to pension funds, and could this have a negative effect on pensions and pensioners? Pension funds do fall under the scope of the FTT.
They are important actors on financial markets, and they are in direct competition with other investment funds, such as index funds shadowing stock exchanges or bonds markets.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 88

But the impact can be extremely limited, depending on both the asset allocation (portfolio) and on the investment strategy (more frequent trading vs. less frequent trading, for example).
Pension funds generally have a diversified portfolio of assets and invest their money in financial instruments (mainly bonds) but also in assets which are not affected by the FTT, such as cash/ currencies, deposits, real estate, loans, gold and silver etc. Conservative fully-funded pension funds typically follow low-risk investment strategies that are mainly reflected in buying bonds or shares when they are issued and holding them until maturity.

Such transactions are not covered by the scope of this tax.


For pension funds where there is a high degree of assets trading, the tax incidence will be higher. But an effect of the FTT could be to deter high turnover in pension funds, and encourage a move towards more long-term handling of funds. This, in turn, could substantially reduce the management fees of those funds in which pension funds often invest.

What will be the impact of the FTT under enhanced cooperation on non-participating Member States? Before the Commission proposed that the 1 1 Member States should be allowed to move ahead with FTT through enhanced cooperation, it carried out careful assessment that the criteria set out in the Treaties were met. Among these criteria was the stipulation that there should be no negative effects arising from enhanced cooperation on the obligations, rights and competences of the non-participating Member States, nor any competitive or other distortions for the Single Market.
The Commission's analysis had positive conclusions on all these aspects. Moreover, non-participating Member States will benefit from the improvements to the Single Market that a harmonised FTT amongst 1 1 Member States will bring in terms of simplification and reduced administrative burdens for businesses.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 89

What will be the impact of the FTT under enhanced cooperation on the Single Market? The FTT applied by 1 1 Member States would be positive for the Single Market.
A common FTT system, shared by 1 1 Member States, would reduce the number of divergent national approaches to financial sector taxation. In doing so, it would lead to less competitive distortions, fewer tax avoidance opportunities, more transparency and information exchange amongst those taking part, and less compliance costs for businesses and operators across the EU.

When is it foreseen that the FTT would be implemented by the 1 1 Member States? Today's proposal foresees the FTT for the 1 1 Member States entering into effect on 1 January 2014.
Obviously, it depends on the Council reaching agreement on the proposal in time to respect this proposed implementation date. The European Parliament and the European Economic and Social Committee and National Parliaments will also be consulted, and national transposition would then be needed.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 90

Speech by Andrew Bailey, Managing Director, Prudential Business Unit at the Chartered I nstitutes Nicholas Barbon Lectures, London
Thank you for inviting me to give this N icholas Barbon Lecture. And, thank you for giving me the opportunity to remind myself of the career of Nicholas Barbon I say remind myself because a long time ago I was an economic historian. Barbon is certainly one of the founders if not the founder of the insurance industry in London in the late seventeenth century. He was first a builder, indeed, he wrote a tract called an apology for the builder in which he defended new construction in London on the grounds that cities created employment and wealth. Barbon was probably the leading builder of the time and he offered an integrated service because he pioneered house insurance. Indeed there are observations that Barbons business was to build, insure, and re-build your house when it fell down.

These days you would be in FSA enforcement if you tried that one.
But Barbon was also one of the early economic theorists in a period at the end of the seventeenth century when economic theory flourished, before it went into abeyance until Adam Smith and David H ume came onto the scene.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 91

Barbon developed the argument that wealth creates demand and he extolled conspicuous consumption: he wrote that a poor man wants a Pound; a rich man a H undred.
Clearly, Barbon never quite imagined that one day investment bankers would take his idea to a whole new level. And, finally on Barbon, he was around at the time of the founding of the Bank of England. Indeed, the records suggest that he very much wanted the Bank of England not to be founded, and instead that his own idea of a national Land Bank should have received the favour of the Crown and Parliament. That did not happen, and so I guess that Barbon would not be happy on finding out that the Bank of England will, over three hundred years later, take on regulating his industry of insurance. But then his writings suggest that Barbon was no fan of regulation. From my perspective this is a very exciting time because after nearly three years of work on a wide range of subjects covering the legislation, the new model of prudential supervision, our staff, property, I T and other things, we can see the new Prudential Regulation Authority starting to take shape for real. We are in the process of moving into our new home at 20 Moorgate. There were several reasons why we chose a City location. One consequence is that it will bring us closer to the insurance industry, which for the most part resisted the appeal of Canary Wharf and stayed close to the roots that date back to Barbon. He would have approved, providing he could have built, insured, and rebuilt your building.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 92

Time will tell whether you will welcome having your prudential regulator near to your doorsteps, and as far as we know located in the City for the first time.
I want to tackle a number of large issues today, which are closely connected. First, why do we think it makes sense to place prudential supervision of insurance in the PRA alongside banks and major investment firms? Second, what style of supervision will the PRA adopt and how will it affect insurers? And third, how do we think about the issue of systemic risk, and systemically important status for insurers? There are over 700 insurers in this country which will be subject to prudential supervision by the PRA and conduct supervision by the FCA (in addition, insurance brokers will be entirely supervised by the FCA). Why place prudential supervision of insurers in the PRA alongside banks?

I am tempted to make one point here and conclude, namely that we asked to have one industry that caused us less trouble than banks.
Of course, that would be on the basis of please keep it that way. Its tempting to stop there, but in all honesty it would not be the full story. Banks and insurers have one crucial thing in common which distinguishes them from other financial services providers, namely that they bring the funds customers deposit or invest directly onto their balance sheets and therefore expose customers directly to the risk inherent in those balance sheets. We did not, however, place insurers under the PRA because they are like banks, even though there are important similarities in the prudential approach we apply to both sectors.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 93

Why then? For me, the logic has to do with what we have learned about our role during the crisis. The traditional model of supervision has been quite industry specific. The FSA regime introduced in 1997 created a single authority , but within the FSA the framework of rules applied to insurance supervision is unique to the industry. It is true that in the run-up to the start of the crisis, and for some time thereafter, the FSA mingled insurance and bank supervision in terms of its operating units, but I think that did not work effectively and we have moved to a clear distinction with an insurance supervision directorate headed by Julian Adams. Insurance supervision is a skill of its own, and while our supervisors do move roles between insurance and banking in both directions, we want to ensure that we have groups of truly expert insurance and banking supervisors. The reason for locating insurance and banking in the PRA is in my view that we have learned during the crisis that our job as prudential supervisors is to ensure that the public and users of financial services, including the corporate sector, can be assured of continuous access to the critical services on which they depend. Many financial services may be regarded as critical by their users, but some are distinctive because it is hard for consumers to replace their provider with a substitute without accepting unacceptable cost and loss. Insurers provide critical services to the public in terms of risk transfer and very long-lived savings contracts.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 94

This last point draws out that insurance is not a single homogenous industry general and life insurance are very different activities - and we recognise that in our supervision.
It would be unacceptable to the public to have access to risk transfer through, say home or car insurance, or professional indemnity insurance, to name but a few, withdrawn in a disruptive and unannounced way. In the same way, savings contracts that are long-lived and provided by life insurers, and are often an individuals primary pension provision, are critical financial services that are difficult to replace without unacceptable cost. For me, there is therefore a common feature of banking and insurance in terms of continuity of access to critical financial services. This is not, however, the end of the story on the issue of why the PRA will regulate banks and insurers. What I have started to describe is the first objective that the new legislation gives to the PRA, namely the safety and soundness of the firms we will supervise. But there is another important leg to the definition of the objective, namely that the underlying objective of our pursuit of safety and soundness is the stability of the financial system. For banks, this had led us to emphasise that we will be a proportionate supervisor, putting more emphasis on the large firms that have more scope to damage the stability of the system. We think we can do this for banks because the depositor is protected by the deposit insurance arrangements on the first 85,000 of deposits provided by the FSCS for all banks except branches from other EU countries (where the insurance comes from the home country), and because as a consequence of the crisis the resolution regime is now set down in statute, though we clearly have work to do to make the larger

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 95

banks resolvable using those resolution powers, supplemented we expect by future EU legislation.
For insurers, the legislation gives the PRA a second objective, namely the protection of policyholders.

We do not have a comparable objective for depositors.


Policyholder protection means in effect that our approach of proportionality in supervision cannot be the same for insurers.

Why?
This is a good question because the FSCS is set up to cover insurance. For me, the reason is that we have more work to do to develop the best tools to ensure continuity of access to critical insurance services. Why do I think we are short of tools? To explain my view on this requires some background on the resolution of banks. Statutory special resolution regimes for banks like the one adopted in the UK in 2009 have at their heart the power to alter property rights, the power to separate the business of a company from its owners, albeit with safeguards against unfair expropriation. It is a very powerful tool, and one that should be used carefully for that reason. For banks a typical use of the resolution regime is because depositors can lose confidence in their ability to have access to their funds, and thus a run can start which brings down the bank. A resolution regime can bring order to that process.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 96

For insurers, policyholders are less likely run in the sense that they can withdraw their contract and take it somewhere else, though it is possible for some life contracts to be surrendered without penalty.
Unlike money, insurance contracts are not fungible because the cover is specific to the contract. In the limit, a bank depositor can exchange their claim on the bank (commercial bank money) for a risk-free claim on the central bank (by requesting bank notes).

An insurance policyholder cannot do this.


Work is under way to determine whether insurance would benefit from a special resolution regime that overrides normal insolvency rules in order to enhance the ability to ensure continuity of critical contacts through, say, the transfer to business to another firm. I will return to this subject later in this lecture because it is one that we should consider carefully. My general view is that the policyholder protection objective for insurance points to the need for a resolution regime for insurers, but the important issue is to be clear on what sort of regime. There is one further area of insurance that for me clinches the case for the policyholder protection objective in the PRA. I almost mention With Profits with trepidation, but I am afraid I must do so at this stage. With about 350bn of policy values outstanding, and policy maturities that can run into decades hence, With Profits is clearly a legacy that will be very much with us for a good while yet. Consequently, I do think that the industry and the authorities need to be alert to its inherent risks and complexities.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 97

In thinking about the implications of With Profits, let me step back for a moment. In broad terms, I can see two distinct types of financial contract involving deposits and savings.
A deposit contract with a bank has at its core the promise that the bank will return the full value of the deposit at any time when it is contractually obliged to do so. Loss of confidence in a bank sets in when depositors fear that this may not happen.

An asset management contract is quite different because the promise is at its simplest to return the proceeds of the investment strategy, which may be more or less than the amount invested.
It is cruel to remember the Woody Allen jibe at this point that a stockbroker is someone who invests your money until it is all gone. Economists might call the deposit and asset management contract corner solutions in that they have a robust definition and lie at opposite ends of a range. If so, With Profits falls in between, and it is in this ground that issues can arise. The proposition was essentially to offer investors a blended exposure to cash, bond, property and equity return with some degree of smoothing of overall returns, essentially at managements discretion, to reduce market timing risk. The marketing tended to make much of these products potential to earn above cash returns without the volatility of pure equity exposure; and this in turn conditioned policy holders expectations, a fact first acknowledged explicitly in the UKs prudential solvency regime for insurers in 1967 (bear in mind that this was not the original prudential regime, which was introduced in 1870).

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 98

The essence of the With Profits contact as I understand it is that the provider offers a guaranteed minimum return, variously structured, plus the prospect of additional returns derived from the return earned on a pooled fund that combines many contracts including over different generations of policyholders.
There is of course a logic to pooling returns, but for the policyholder the return can be complicated, and sometimes made opaque, by the practice of pooling different generations of policyholders who may have different expectations on their returns (conditioned, for instance, on changes in the external environment); and by the practices of smoothing returns and of charging differentially for the economic value of the guarantees. Additionally, problems have arisen because the funds are made up of many different groups of policyholders with different guarantees, some of which, essentially on the annuity side, became increasingly valuable as nominal interest rates fell from the mid 1990s. The existence of these guarantees was often, at best, unclear or, at worst not disclosed to new joiners to the fund. Bear in mind also that these contracts are long-lived with maturities typically of 25 years of more; and that the With Profits insurers themselves have often built up over many years through the take-over or mergers of many smaller providers, each with their own distinct products, associated policyholder expectations, and administrative legacy systems. Suffice to say that in the last two years in which I have been involved with insurance supervision, some of the most difficult issues that I have faced have been in the area of With Profits. For that reason, I think it is appropriate that the PRA should have a policyholder protection objective because I think we have to recognise explicitly the contractual complexity that we inherit and the solvency risks this can generate. I should also add finally that it is not a coincidence that we have found this area to be the most challenging in terms of creating the twin peaks
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 99

model in which the FCA will have responsibility for reaching judgements, through a formal determination process on fairness to policyholders and the PRA will be responsible for ensuring that those judgements are compatible with the prudential soundness of firms.
We have reached a satisfactory conclusion, with specific language in the legislation, and a special With Profits MoU between the FCA and PRA; but it has required very careful consideration to ensure that each regulators role and responsibilities has been appropriately defined to avoid any under-laps and that the correct balance has been struck between them. Let me now move on to the second subject what style of supervision will the PRA adopt and how will it affect insurers? Let me start by drawing the distinction between regulation and supervision in our world. Regulation is about the framework of rules and policies against which we operate. Supervision is about how we apply that framework every day. They are not the same thing. Rules are for the most part in our world the product of international agreement, eventually. There are good reasons for this in terms of seeking to ensure comparable standards of protection where services can be provided across borders, and where encouraging free trade in services is consistent with open economies. When it comes to supervision the PRA will be applying judgement around the framework of rules. This is important for a number of reasons, but above all against a background of inexorable increases in rule making we must have the
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 100

determination to be focussed on the key risks that matter to our objectives.


One of my commitments is that we must be focussed on the (I hope) small number of big risks that threaten our objectives of safety and soundness and policyholder protection. I dont have any difficulty with intensive and intrusive supervision where it is focussed and justified by the risks. We are not, however, substitute compliance officers that is the job of firms, and one that we will expect to see in place and functioning along with risk and audit functions. Another key aspect of judgemental supervision is that it must be forward-looking to the risks that may arise. This is crucial, and was not properly incorporated into the pre-crisis regime of supervision. Let me give a few current examples of this for insurers. We are focussed on the impact of very low interest rates staying with us for a protracted time, and when I say this I am offering no view whatsoever on the likely course of monetary policy. Likewise, we want to know that the prudential position of firms also captures the possible impact of an unexpected upward shift in the slope of the yield curve, and again I am offering no view on monetary policy. My third example is different: we are watching the range of possible outcomes on flood insurance in this country for their prudential implications. Judgment in supervision is not, however, without its challenges when it comes to the practice of supervision. There are two large challenges I see.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 101

First, we have to balance the use of sensible judgement against the risk of creating undue uncertainty in our behaviour which damages your ability to do business.
This is not easy I accept. It requires us almost constantly to check and test our judgements against a framework of reasonable predictability. Also, it requires a greater degree of transparency from us to you, and I think from both of us to the public and investors. This is important to ensure that we can both be held to account for applying judgement in a way that is consistent with the pursuit of our objectives. I am conscious that achieving accountability in insurance supervision in the current environment is challenging because all the focus is on the banks. No visits to the Treasury Select Committee may seem like a blessing, but we have to ensure that the accountability still holds water. On that point, frankly, I think there should have already been more accountability for how the processes of the European Union could have created such a vast cost for an industry for the implementation of a directive which has not even yet been finally agreed, and for which I cannot give you a date. Largely unseen in the banking crisis has been the shocking cost of Solvency I I .

The second challenge with the use of judgement in supervision is that elsewhere we have seen a preference to have many rules, but often ones which can then be gamed.
Paul Volcker put it nicely in his evidence to the Parliamentary Banking Commission.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 102

He said that people ask for clear and simple rules so that they can tell when they are in abeyance, but they typically fail to add that they want to know how to get round the rule too, but that is part of the in deal. At the PRA we will apply judgement rigorously; sometimes you will agree with us, and sometimes you wont. We will be clear and transparent in our judgements, and we will be accountable. Finally on the issue of the PRAs approach to supervision, I want to assure you that we will take supervision of insurers just as seriously as we do the other lot. It is not in our nature to do otherwise. And, we are putting more emphasis on senior level contact in the new approach. We want to deliver key messages very clearly to senior management and boards, and we want to know how your governance works in practice. I will give one example of this approach in recent months, returning to Solvency I I . It was clear to me by the end of last summer that we were facing a long delay in the directive on top of a bill that, as I have said, was indefensible and ever rising. We have had extensive contact with chief executives and the Association of British I nsurers in recent months, with the overarching objective that this cannot go on. I think we have reached a sensible conclusion which at least makes the best of where we find ourselves. Where possible and sensible we will use the work done on Solvency I I to date to bolster our existing I CAS regime, though I should stress that we are quite comfortable with the core of ICAS and believe that we can use it
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 103

as the framework to build the PRA approach until such time as Solvency I I appears.
I hope that this change of approach both alleviates the costs and helps to create a less pressured environment in which we can seek to obtain a better framework for prudential supervision of insurers in the future than would otherwise be the case. There is too much at stake for the industry and the economy to compromise on this objective.

Let me turn to the third and final issue, namely how do we think about the issue of systemic risk, and systemically important status, for insurers?
This is obviously topical in the context of the I AIS proposed policy measures for globally systemically important insurers. First of all, in my view the case for systemic importance for insurers has to be proved. It does not follow that because major banks are systemically important, the same must be true for insurers. And, second, if a case can be made, it does not automatically determine what the response should be; in other words, it does not follow that the same capital treatment of systemic firms and/or a statutory resolution regime are needed as for banks. The calibration of these responses will have to be proven, and the response will need to be consistent with mitigating the cause of the systemic risk.

So, lets put banks to one side, but only after making one important point, that whereas systemic risk in banking is dangerous in good part because that it is in the nature of banking that the confidence issue combined with a very high level of inter-connectivity of risk within the system creates systemic risk, this is not true to the same extent in insurance.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 104

Over the years, re-insurance has come under the spotlight as a possible cause of intra-system connectivity and risk, but I have not yet seen a convincing demonstration of a major systemic issue for pure reinsurance of idiosyncratic, diversifiable, non-financial risks such as fire, weather, earthquake or liability.
It is of course likely that within the insurance industry there are firms which because of some combination of complexity of risk and size pose more risks to the financial system, and as such our supervision should be proportional.

Let me develop this theme drawing on, I should say, valuable input from my colleagues Paul Sharma and Julian Adams.
The resolution challenge for non-life insurance involves ensuring short-term continuity of risk cover. But life insurers make long-term promises to their policyholders which can only be matched imperfectly with available financial instruments (securities and derivatives).

This creates a vulnerability to shocks from financial markets such as the impact of the large fall in equity markets in 2002 to 2003.
Life insurers do not close down by going into so-called solvent run-off in the same way as non-life insurers, and bear in mind that the term solvent run-off is the expression of a probability of an outcome. A non-life insurer when it enters run-off typically ceases to collect new premiums. The risk in run-off here and there is a risk that needs examination is that near-term claims are paid out to the detriment of unidentified far-term claims, thereby creating an inequality through a form of time subordination. In contrast, a life insurer that enters run-off continues to collect regular premiums on its existing in-force life insurance policies.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 105

Moreover, it needs to continue to pay its obligations (e.g. annuities-in-payment) on the exact day contracted whereas a non-life insurer in run-off has some greater flexibility to pay claims to match its cash flow.
Finally, a life insurer in run-off needs to honour contractual policy surrender rights. These features of life insurers draw out the difference in economic interest between near-term and far-term policyholders, and one who has a right of surrender and one who does not. Moreover as life insurers are making long-term promises to policyholders, they often seek to match those commitments dynamically, using shortterm derivatives, and therefore rely on continued access to those derivatives and the willingness of counterparties to take such exposures to a firm in run-off. These derivative positions will not be more idiosyncratic like traditional insurance, but will be determined by the overall direction of financial market prices, giving scope for more system-wide problems. I described earlier the issues I see with more traditional With-Profit contracts. The issues I highlighted were not so much to do with definite features of the contract between the insurer and the policyholder but with the uncertainty around the contract itself arising from the substantial discretion afforded to the insurers management to determine final policy charges and returns. There is an argument that such uncertainty is helpful to the insurer because the promise to the policyholder is cautious in terms of accrued income and gains, and the insurer is in control of the investment strategy for the asset pool. The issue with uncertainty around contractual terms is therefore arguably more of a conduct issue to do with fairness in the operation of the
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 106

contract, but to be clear it will have prudential consequences if the scale of the fairness problem is large enough, as Equitable demonstrated.
Compare this with the newer life insurance products in some jurisdictions which contain much more definitive promises, for example that at each valuation point the policyholder has a commitment such that if their asset-pool is valued higher than the previous guaranteed amount, this new amount will feature in the minimum guaranteed return. This reduces uncertainty in one sense relative to With Profits but increases financial risk for the insurer which is further increased where policyholders can switch instruments at each valuation point and thus select against the insurer on the basis of a more definitive promise they have made on future returns. The insurer thus risks adverse selection against them. The risks in this type of contract are therefore more clearly prudential. Globally the scale of all of these promises is very large the full extent is not clear, but it could be well over $1 trillion. In the UK these contracts are marked to market, which provides useful information, but that is not consistently the case globally. There is scope for problems in, for instance, the time-value of liabilities and the valuation of complex derivative positions. All of this tends to my mind to demonstrate that there is at least one part of the insurance industry that is, globally, large and complex, and UK firms are an important part of this sector.

That does not, to be clear, lead to a conclusion that therefore the approach and toolkit taken for globally important banks should apply to these insurers.
It leads me to two initial conclusions.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 107

First, that in a world of proportionate supervision, we should take a more enhanced and intensive approach for these large and complex firms.
This is what the PRA will do, and it does not contradict our policyholder protection objective which, as I indicated earlier, gives us in my view a somewhat different objective in respect of small insurers versus small banks. Second, this degree of complexity inevitably raises important questions around our resolution tools where we face dealing with large-scale run-downs. In this context, I am aware that the PRA will need to be very clear how it interprets and puts into effect its policyholder protection objective in the context of insurers that enter run-off or require some other means to draw the business to a close. In conclusion, I hope this description has given you a sense of the PRAs intended approach to supervising insurers, and some of the big issues that we see ahead. We have grown all too accustomed to focusing heavily on banks, reflecting their capacity for damaging spillovers and externalities. Whether, or how much, insurers share some of these characteristics is the subject of extensive debate. I am yet to be persuaded that the similarities of insurers and banks are more important that the differences. But I am persuaded that insurance is a critical financial service provided by firms that have considerable complexity in terms of financial risks. This alone demonstrates why we care about the prudential supervision of insurers. I should stress that we are looking forward to the challenge.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 108

Thank you.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 109

Suitability of members of the Management Body and Key Function H olders

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 110

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 111

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 112

EMIR: Frequently Asked Questions


Note: The Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties (CCPs) and trade repositories (TRs) (EM IR) entered into force on 16 August 2012.

However, many provisions require technical standards to be developed by ESMA and the actual date of application of these provisions will depend on the date of entry into force of the technical standards (see section on timing for more details)
Regulation No 648 /2012 (EM IR) of 4th of July 2012 lays down clearing and reporting requirements for over-the-counter (OTC) derivative contracts and uniform requirements for the performance of activities of central counterparties and trade repositories.

The publication of EM IR in the Official Journal of the EU on 27 July 2012, L201/ 1 has triggered some questions, essentially on (1) the timing of implementation, (2) the scope the requirements and (3) the position of third country CCPs and trade repositories.
These FAQs are designed to provide clarity on these three topics from the perspective of the Commission services, although only the Court of Justice of the EU can give an authoritative interpretation of Union legislation. This web page will be updated as needed. I f you wish to submit further questions, please use the functional mailbox: 'M arkt-G2@ec.europa.eu'. We will publish answers to any questions related to the regulatory and implementing technical standards only after the adoption of these standards by the Commission.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 113

I. TI M ING When do the obligations under EMIR take effect?


EM IR was adopted on 4 July and entered into force on 16 August 2012. As with any other EU Regulation, its provisions are directly applicable (i.e. legally binding in all Member States without transposition into national law) as from the day of entry into force. However, the obligations under the provisions of EM IR that need to be specified further via regulatory and/ or implementing technical standards will take effect once the necessary technical standards take effect.

When will the clearing obligation take effect?


Before the clearing obligation procedure can begin, central counterparties (CCPs) must be authorised - or recognised in case of a CCP from a third country - to clear under the new EM IR regime (see question on authorisation/ recognition). This step is necessary to ensure that the CCPs used to comply with the clearing obligation are safe and sound (see EM IR Article 5(1)). Once a CCP has been authorised under EM IR to clear a certain class of OTC derivatives, ESMA will, within six months, determine whether the classes of OTC derivatives that the CCP is able to clear should be subject to the clearing obligation and, if so, will specify the date of entry into force of such obligation, including any phase-in (EM IR Article 5(2)). However, in order to expedite the assessment of products for the clearing obligation, national authorities must notify ESMA of any existing clearing services for OTC derivatives in their jurisdictions within one month of entry into force of the technical standards defining the relevant details to be included in the notification, in accordance with EMIR (Article 89(5)). In this context, ESMA will be in a position to start its assessment of products within the first quarter of 2013 and the first clearing obligation
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 114

could enter into force very soon after the first authorisations/recognitions of CCPs under EM IR.

When do CCPs need to apply for authorization or recognition under EMIR?


CCPs that are currently providing clearing services in the EU need to apply for authorisation or recognition under EM IR within six months after the entry into force of the relevant technical standards (see EMIR Article 89(3)). To ensure that CCPs already active in the EU can continue to provide services during this transitional period, they may continue to operate, subject to any applicable national regimes, until they have been authorised under EM IR (see Article 89(4)). As a result, EU clearing members active on those CCPs may continue to use their services during the transitional period.

When do CCPs need to comply with the requirements defined under Title IV and V of EMIR?
CCPs remain subject to the rules of their national regime only until a decision has been made on their authorisation under EM IR. Therefore they must begin to comply with the requirements set up under Title IV and V and relevant technical standards as of the date that they are authorized under EM IR (Article 89(4)).

When do the obligations related to risk-mitigation techniques for OTC derivative contracts not cleared by a CCP enter into force?
EM IR (Article 1 1(3)) requires counterparties to have in place procedures for "the timely, accurate and appropriate segregated exchange of collateral" for non-centrally cleared "OTC derivative contracts that are
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 115

entered into on or after 16 August 2012".


This rule is applicable from the entry into force of the Regulation. The precise level and exact type of collateral to be exchanged will be specified by further regulatory technical standards which will be by drafted jointly by the ESMA, EBA and EIOPA and adopted by the Commission. Before those technical standards enter into force, counterparties have the freedom to apply their own rules on collateral in accordance with the conditions laid down in Article 1 1(3). As soon as the technical standards enter into force however, counterparties will have to change their rules to the extent necessary in order to comply with the standards. The technical standards will apply to relevant contracts concluded as of the date that they enter into force. With respect to the operational risk mitigation techniques of timely confirmation, portfolio reconciliation, portfolio compression, contract valuation and dispute resolution the relevant dates of application are as indicated in the draft technical standards developed by ESMA.

When will the reporting obligation take effect?


The date by which derivative contracts are to be reported will be specified in the relevant technical standards mandated under Article 9(6)(b) of EM IR. Reporting obligations for credit and interest rate derivative contracts are expected to commence from 1 July 2013 at the earliest. The reporting of derivative contracts in all other asset classes is expected to commence from 1 January 2014 at the earliest.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 116

Do derivative contracts terminated before the entry into force of the reporting obligation, but which were outstanding (or entered) on or after 16 August 2012, need to be reported under EMIR?
Yes. EM IR (Article 9(1)) applies the reporting obligation to derivative contracts which: (a)Were entered into before 16 August 2012 and remain outstanding on that date; and (b) Are entered into on or after 16 August 2012. The technical standard specifying the date of entry into force of the reporting obligation also specify a phase-in period for contracts entered into before the reporting obligation begins, providing for a longer period for those trades to be reported.

When do trade repositories (TRs) need to be registered under EMIR?


A trade repository that is currently authorised or registered in its Member State of establishment to collect and maintain the records of derivatives, must apply for registration within six months of the date of entry into force of the relevant technical standards2 (see EMIR Article 89(6)). To ensure that TRs active in the EU may continue to provide services during the transitional period, they remain subject to existing national regimes until they have been registered with ESMA in accordance with EM IR (see Article 89(7)).

I I . SCOPE Are energy spot transactions within the scope of EMIR?


Energy spot transactions are not financial instruments under MiFID and are therefore not within the scope of EMIR.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 117

Energy derivatives are, however, covered by EM IR.

Are foreign-exchange derivatives in the scope of EMIR?


Yes; EM IR applies to all types of derivative contracts as defined in points (4) to (10) of Section C of Annex I to Directive 2004 /39/ EC (M IFID). The applicability of the clearing obligation to foreign exchange derivatives will be assessed by ESMA in accordance with the clearing obligation procedure, taking into account the specificities of the product in accordance with Article 5(4) of EM IR in combination with Recital 19. For non-cleared foreign-exchange OTC derivative contracts, the appropriate margin requirements applicable to these contracts will be specified by the above-mentioned technical standards on margining requirements to be drafted next year (Article 1 1(15)). Foreign exchange derivative contracts are further subject to the reporting obligation of EMIR Article 9.

With regard to the reporting obligation, who is legally accountable when the reporting of the details of the derivative contract is delegated to a third party?
If a counterparty (or a CCP) subject to the reporting obligation delegates the reporting of the details of the derivative contract to a third party in accordance with EM IR Article 9(1), it remains legally responsible for the reporting obligation The original counterparty (or CCP) is responsible for ensuring that the third-party to whom it has delegated the reporting of the derivative contract does so accurately.

May delegation of reporting be assigned to a third party or CCP, including non-EU based third parties or CCPs?
Yes. There are no specific rules on third parties reporting on behalf of
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 118

counterparties, provided that the reporting rules under EM IR are complied with, and without prejudice to the counterparty's ultimate liability for meeting the reporting obligation.

Do counterparties and/or CCPs need to agree on the report's contents before submitting it to TRs?
Yes, and so do any other entities reporting on their behalf. EMIR Article 9(1) also provides that counterparties and CCPs shall ensure that the details of their derivative contracts are reported without duplication.

Are the details of a contract the same as the contract terms?


No. Market participants must report all details regarding derivative contracts they have entered into to trade repositories, but this does not mean that they will have to send copies of each derivative contract including all terms (and conditions). The details should, however, encompass all elements related to the derivative trade that are relevant for regulatory purposes under EM IR, with particular emphasis on measurement and mitigation of systemic risk. The details to be reported will be specified in the regulatory technical standards to be adopted by the Commission on the basis of article 9(5).

How will affiliates or subsidiaries of entities listed under EMIR Article 81(3) access trade repository data to fulfil their respective responsibilities and mandates?
EM IR (Article 81(3)) provides a list of entities to which trade repositories shall make the necessary information available in order to enable them to fulfil their respective responsibilities and mandates. The respective responsibilities and mandates of these entities may differ depending on the Member State in question.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 119

For that reason, the technical standard specifying the details of the information to be accessed (to be adopted by the Commission on the basis of article 81(3)) will follow a 'functional approach'.
In some Member States, depending on the existing national regulatory / supervisory regime, certain functions may also be exercised by affiliates or subsidiaries of entities listed under EM IR Article 81(3). A trade repository shall make the necessary information available to the affiliates or subsidiaries of entities listed under EM IR Article 81(3) in order to enable them to fulfil their respective responsibilities and mandates, provided these entities access trade repositories data via their parent entity and in line with the functional approach defined in the technical standard.

When can counterparties start applying for the intragroup exemptions?


The intragroup exemptions are exemptions to the clearing obligation and margin requirements and therefore cannot be applicable before the date of application of the clearing obligation or risk mitigation techniques. Counterparties may start applying for this exemption when the technical standards relevant to the intragroup exemptions enter into force. ESMA and the national authorities are still developing the most appropriate process for applications. In accordance with the procedures set out in Article 1 1 (7) and (9), non-financial counterparties may benefit from the exemption from margin requirements as of the date of notification of their exemption to their competent authority. This exemption should remain valid unless the competent authority considers that the conditions to benefit from this exemption are not met, within a period of three months after the notification.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 120

Are intragroup transactions excluded from the calculation of the clearing threshold?
No, EM IR only excludes OTC derivatives that are directly related to the commercial activity or treasury financing activity of non-financial counterparties from the calculation of the clearing threshold. Therefore, if non-financial counterparties conclude intragroup transactions that do not fall within the hedging definition, as specified in draft technical standards to be adopted by the Commission on the basis of article 10(4), those transactions would be counted for the purpose of the clearing threshold.

Are Special Purpose Vehicles (SPVs) covered as non-financials?


There is no common definition of SPVs. If SPVs do not fall under the definition of financial counterparty (see EM IR Article 2(8)), they are by default a non-financial counterparty.

Are pool structures subject to the clearing and risk mitigation obligations?
Indirectly yes, because the investment funds whose assets are pooled in a portfolio are subject to EM IR obligations. A pool structure has no legal personality of its own, but the legal counterparty to the OTC derivative contract will need to fulfil the relevant EM IR provisions arising from that.

Does EMIR allow CCPs to offer omnibus segregation only?


No. Article 39 (2) and (3) of EM IR provides that CCPs should offer individual client segregation and omnibus client segregation.
CCPs authorized under EM IR must offer these two types of segregation as a minimum.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 121

What are the requirements for financial counterparties and non-financial counterparties in respect of timely confirmations?
In accordance with EM IR Article 1 1(1), financial counterparties and non-financial counterparties that enter into an OTC derivative contract not cleared by a CCP, shall ensure, exercising due diligence, that appropriate procedures and arrangements are in place to measure, monitor and mitigate operational risk and counterparty credit risk, including the timely confirmation, where available, by electronic means, of the terms of the relevant OTC derivative contract. The Regulatory Technical Standards on risk mitigation techniques for OTC derivatives contracts not cleared by a CCP (adopted pursuant to Article 1 1(14) of EMIR), as adopted by the Commission on December 19 2012 (Commission Delegated Regulation of 19.12.2012, supplementing Regulation (EU) No 648/2012 of the European Parliament and of the Council with regard to regulatory technical standards on indirect clearing arrangements, the clearing obligation, the public register, access to a trading venue, non-financial counterparties, risk mitigation techniques for OTC derivatives contracts not cleared by a CCP) further specify the timelines for confirmation that those procedures and arrangements should be designed to achieve. Article 12 of Chapter VII I of the aforementioned Delegated Regulation provides that firms should have procedures in place that will allow them to confirm trades within specific timelines that range from 1 to 7 days depending on the derivative class and the date when the trade was concluded. The requirements set out in Article 12 of Chapter VII I of the Delegated Regulation should be read in conjunction with Article 1 1(1) of EMIR.

They do not introduce hard deadlines to be complied with case-by-case.


If a firm has appropriate procedures and arrangements in place, but nevertheless does not achieve the deadline for legitimate reasons, this should be reported to its competent authority.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 122

The competent authority should examine the procedures and arrangements of the firm in respect of its obligations under Article 1 1(1) of EM IR and determine whether the firm has made sufficient efforts to achieve the deadlines.

I I I. THIRD COUNTRY CCP/TRADE REPOSITORY When does a third country CCP have to apply for recognition under EMIR?
There are currently several third country CCPs providing clearing services in one or more Member State.
In some Member States those CCPs may have to be formally recognised in order to do so, in others they may operate without any formal recognition. In either case the third country CCP that provides clearing services in a Member State in accordance with the national law of that Member State must apply for recognition under EM IR within six months after the entry into force of the relevant technical standards (see EM IR Article 89(3)). To ensure that CCPs active in the EU can continue to provide services during the transitional period, they will remain subject to existing national regimes until they have been recognized under EM IR (see Article 89(4)). As a result, EU clearing members active on those CCPs may continue using their services if they continue to have the right to provide services under the applicable national law.

When does a third country TR have to apply for recognition under EMIR?
TRs that are currently providing services in the EU need to apply for recognition under EM IR within six months after the entry into force of the relevant technical standards (see EMIR Article 89(6)).
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 123

To ensure that TRs active in the EU can continue to provide services during the transitional period, they remain subject to existing national regimes until they have been recognised under EM IR (see Article 89(7)).

Do third country's CCPs providing services outside of the EU need to be recognized under EMIR to provide services to EU branches located in that third country?
Article 25(1) provides that "a CCP established in a third country may provide services to clearing members or trading venues established in the Union only where that CCP is recognized by ESMA". Third-country branches of EU clearing members are considered to be established in the EU. Therefore, the relevant third country CCPs need to be recognized under EM IR in order to provide services to those branches.

On the contrary, third country CCPs do not need to be recognized under EM IR to provide services to subsidiaries of EU firms incorporated in such third-country.
This recognition requirement applies to all types of CCPs. It covers CCPs providing clearing services for OTC derivatives, as well as CCPs providing clearing services for exchange traded derivatives and securities transactions.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 124

Corporate and Risk Governance: The IAIS Self-Assessment and Peer Review on ICPs 4, 5, 7 and 8
The I AIS has launched the Self-Assessment and Peer Review (SAPR) on Corporate and Risk Governance. This SAPR assesses observance and understanding of the Insurance Core Principles (ICP) related to licensing, suitability of persons, corporate governance, and risk management and internal controls (ICPs 4, 5, 7 and 8). The Standards Observance Subcommittee, which oversees the SAPR process, strongly encourages all I AIS Members to participate in this exercise.

This is an important initiative for the I AIS.


If your authority has not received an invitation to access the online survey tool for this SAPR, please contact conor.donaldson@bis.org.

What is the process?


The SAPR is not a traditional self-assessment. The process begins with development of an online survey prepared by an Expert Team. The Expert Team for this SAPR consists of representatives from the Standards Observance Subcommittee, the Governance and Compliance Subcommittee, as well as the World Bank. A link to the online survey will be circulated to all I AIS Members in early February.
I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 125

Members will then have four weeks to complete the survey.


Once the survey period is closed, the Expert Team will meet to review the survey results. Each I AIS Member who participates in the SAPR will receive a draft report containing the Expert Teams preliminary assessment of overall observance and each of the standards contained within ICPs 4, 5, 7 and 8. Once a Member receives their draft report, they are invited to provide comments and make corrections as necessary. The Expert Team will then consider the comments and corrections before issuing a final report to the jurisdiction. Once individual jurisdiction reports are finalised, the Expert Team will prepare an aggregate report of their findings. The SAPR on Corporate and Risk Governance should be completed by the first quarter of 2014.

Why should Members participate?


The global financial crisis demonstrated the importance of a strong corporate governance and risk management framework. The revised 2011 I CPs incorporated lessons learnt by supervisors during the crisis, including in these areas. The SAPR will help IAIS Members enhance their observance and understanding of the standards in I CPs 4, 5, 7 and 8. Jurisdictions who participated in previous SAPR exercises have also found the individual reports helpful to improve understanding and observance of the I CPs.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 126

In fact, many jurisdictions have drawn on the SAPR exercise and the report provided to enhance their supervisory practices and legislative frameworks.
IAIS Member participation also provides insight into the understanding and observance of the I CPs. This insight forms a key aspect of the feedback loop between standard setting and implementation and is critical for helping the I AI S prioritise its future implementation and standard setting work.

The SAPR also compliments the World Bank (WB) and I nternational Monetary Funds (IM F) Financial Sector Assessment Program (FSAP) and contributes to the Financial Stability Boards supervisory intensity and effectiveness focus.
Through participation in the SAPR, jurisdictions gain further insight into the FSAP process and limit some of the work in the self-assessment stage of the FSAP. Further, the Self-Assessment and Peer Review process directly supports the I AIS mission to promote effective and globally consistent regulation and supervision through facilitating greater understanding of the I CPs.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 127

Disclaimer
The Association tries to enhance public access to information about risk and compliance management. Our goal is to keep this information timely and accurate. I f errors are brought to our attention, we will try to correct them. This information: is of a general nature only and is not intended to address the specific circumstances of any particular individual or entity; should not be relied on in the particular context of enforcement or similar regulatory action; is not necessarily comprehensive, complete, or up to date;

is sometimes linked to external sites over which the Association has no control and for which the Association assumes no responsibility; is not professional or legal advice (if you need specific advice, you should always consult a suitably qualified professional); is in no way constitutive of an interpretative document;

does not prejudge the position that the relevant authorities might decide to take on the same matters if developments, including Court rulings, were to lead it to revise some of the views expressed here; does not prejudge the interpretation that the Courts might place on the matters at issue. Please note that it cannot be guaranteed that these information and documents exactly reproduce officially adopted texts. I t is our goal to minimize disruption caused by technical errors.

H owever some data or information may have been created or structured in files or formats that are not error-free and we cannot guarantee that our service will not be interrupted or otherwise affected by such problems.
The Association accepts no responsibility with regard to such problems incurred as a result of using this site or any linked external sites. I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 128

Certified Risk and Compliance Management Professional (CRCMP) distance learning and online certification program.
Companies like IBM, Accenture etc. consider the CRCMP a preferred certificate. You may find more if you search (CRCMP preferred certificate) using any search engine. The all-inclusive cost is $297. What is included in the price:

A. The official presentations we use in our instructor-led classes (3285 slides)


The 2309 slides are needed for the exam, as all the questions are based on these slides. The remaining 976 slides are for reference. You can find the course synopsis at: www.risk-compliance-association.com/Certified_Risk_Compliance_ Training.htm

B. Up to 3 Online Exams
You have to pass one exam.
If you fail, you must study the official presentations and try again, but you do not need to spend money. Up to 3 exams are included in the price. To learn more you may visit: www.risk-compliance-association.com/Questions_About_The_Certif ication_And_The_Exams_1.pdf www.risk-compliance-association.com/CRCMP_Certification_Steps_ 1.pdf

C. Personalized Certificate printed in full color


Processing, printing, packing and posting to your office or home.

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com

P a g e | 129

D. The Dodd Frank Act and the new Risk Management Standards (976 slides, included in the 3285 slides)
The US Dodd-Frank Wall Street Reform and Consumer Protection Act is the most significant piece of legislation concerning the financial services industry in about 80 years. What does it mean for risk and compliance management professionals? It means new challenges, new jobs, new careers, and new opportunities. The bill establishes new risk management and corporate governance principles, sets up an early warning system to protect the economy from future threats, and brings more transparency and accountability. It also amends important sections of the Sarbanes Oxley Act. For example, it significantly expands whistleblower protections under the Sarbanes Oxley Act and creates additional anti-retaliation requirements. You will find more information at: www.risk-compliance-association.com/Distance_Learning_and_Cert ification.htm

I nternational Association of Risk and Compliance Professionals (I ARCP) www.risk-compliance-association.com