Gideon Benari (Solvency II Wire) & Mike Power (London School of Economics)
22 February 2016, London
Working with and enhancing the governance of regulated entities has become regulatory orthodoxy after the 2008 financial crisis. Regulators now take an interest in – and rely on – the quality of boards and their ownership of risk oversight, the clarity of their strategic formulation, their ability to set and monitor risk appetite, and their cultural commitment to good conduct.
The strengthening of the governance requirements in the Basel III regulatory framework for banking and the introduction of the Own Risk and Solvency Assessment (ORSA) in Solvency II (the corresponding framework for insurance regulation) are an extension, some might even argue a radicalisation, of this governance agenda for regulators. The ORSA, and the ORSA report are intended as a living, dynamic process and document: both a window on governance, risk management and future solvency and also a tool for use by boards to control their businesses.
Elsewhere, calls for a general increase in governance and personal accountability are being echoed in other industries in the wake of corporate scandals such as the Deepwater Horizon oil spill in 2010, and more recently the Volkswagen emissions scandal.
In light of these developments we thought it would be interesting to dig a little deeper into this orthodoxy, to expose its underlying assumptions for discussion and possible challenge. Is the regulatory emphasis on governance still fit for purpose, or might we be trapped in an orthodoxy that is reaching its limits?
We asked several leading financial and non-financial regulators for their views and summarise some emerging themes below.
A number of regulators favoured the flexibility offered by relying on, and encouraging, good governance.
First, they echoed traditional views that formal law is slow to evolve and quickly to get out of date, whereas ideas about good governance practice can be quickly introduced at low cost.
Second, in terms of the traditional debate about the regulatory efficacy of rules versus principles, it was suggested that principles are only effective moderators of behaviour under conditions of good governance. So governance lowers the overall costs of enforcement.
Third, in the case of financial regulation, technical capital requirements can be responsive to the quality of organisational governance and to the oversight of the risk profile.
Question for discussion
- How far is the ideal of the flexibility of governance experienced by regulated firms themselves?
- Regulators require evidence of good governance, but is this evidence process itself flexible and can it have negative consequences?
Many regulators operate as agencies with statutorily supported objectives. As such they face complex legitimacy challenges both from the public and its parliamentary representatives, and from regulated organisations themselves. Relying on good governance balances these expectations of strong regulation on the one hand and proportionality on the other. One regulator noted the public’s disappointment about the lack of regulatory enforcement action against individual directors following the recent financial crisis.
There is a complex trade-off between making regulated entities and individuals publicly accountable for their contribution to statutory regulatory objectives, and allowing them to be flexible in their governance.
Question for discussion
- Is there a regulatory ‘expectations gap’ i.e. do the public understand how far a regulator relies upon and validates the self-governance arrangements of organisations?
- If an expectations gap exists, how far does this expose regulators themselves to a reputational risk?
It is argued that the fundamental purpose of regulation is to modify and influence the behaviour of regulated organisations to be aligned with regulatory purposes, such as utility price control, good conduct in financial advice, or the safety of employees. And, so the theory goes, this behaviour modification would not happen at all or sufficiently without coordinated regulation. Many regulators saw this issue of behaviour change as being central to their role, and governance as a critical mechanism for doing this. In the financial context, boards are now in no doubt about their responsibilities to know their risk appetite and to oversee the good management of risk, and NEDs are on notice that they must challenge and be seen to challenge management.
In principle, the ORSA shows how the very purposes of the business, its risk management and regulatory demands for maintaining adequate solvency can be aligned. Furthermore, the emphasis on governance is regarded as an effective preventative strategy, focusing on the capacity of regulated organisations to self-discover problems before they crystallise.
At the heart of this underlying behavioural agenda are questions about ‘individual responsibility’ regimes. While one utility regulator has not yet taken the step of making senior officers personally accountable, ‘senior manager’ regimes are now live in financial services, requiring both good personal conduct and also responsibility for oversight.
Questions for discussion
- Individual responsibility regimes seem to be the next logical step in the reliance on governance, but what are the pros and cons of this kind of accountability and the behaviour it generates?
- What do you do when governance looks ‘good’, but the behaviour is not changing?
- Is weak governance an effective early warning signal?
Regulators were also mindful that context matters.
First, governance may only be an effective tool in the context of organisations of a particular size, which can structure their internal oversight into distinct functions (such as ‘the three lines of defence’). For example, in the SME sector, an emphasis on rule-based compliance backed by inspection may be more appropriate and effective.
Second, regulators admitted to the governance challenges posed by large complex group structures and geographically distributed subsidiaries. What, for example should be the relation between board and subsidiary risk committees?
Third, context matters because the precise forms of governance required to drive good conduct in the retail space may differ from those required to ensure systemic goals, such as network integrity or financial stability.
Questions for discussion
- How far do you think that governance is context specific?
- Should we think of applying different levels or forms of governance for different sectors or even types of regulated entities?
- What are the challenges of regulating group governance?