better risk management in support of regulatory quality incorporating risk assessment tools in ria...
TRANSCRIPT
Better risk management
in support of regulatory quality
Incorporating risk assessment tools in RIA to prepare better rules
Charles-Henri MontinSenior regulatory adviserMinistry of Finance of Francehttp://smartregulation.net
Taipei, 7 October 2011
A few concepts to start with
Risk Hazard Risk analysis Precautionary principle Administrative certainty and security Risk management Risk based regulation
Definition of risk based regulation
Range of meanings(1) Regulation of risks to society(2) Loose collection of approaches expressed terms of risk(3) In banking and insurance regulation, the use of firm’s
own internal risk models to set capital requirements(4) Systematised decision making frameworks and
procedures to prioritise regulatory activities and deploy resources, principally relating to inspection and enforcement, based on an assessment of the risks that regulated firms pose to the regulator’s objectives
Definition (4) is that used here
Main elements of risk based regulation
Setting the risk tolerance Risk identification and risk assessment Assigning scores and ranking firms or sites Linking supervisory resources and responses
to the risk scores.
Key issues in design
Approaches taken to risk tolerance The choice between objective and subjective
indicators The relative roles of impact and probability The role of weighting Integrating broader external risks with firm
level risk assessments Dealing with ‘bulge’ –the low risk firms which
are usually the majority of the regulated population
Challenges in implementation
Combining simplicity with complexityKnowledge and data –getting the right data, and making
better use of the knowledge the agency hasStructure and operation of internal risk governance
processes –how to balance the need for organisational structures to ensure the accuracy and consistency of assessments with speed and responsiveness.
Changing the culture to embed the risk based approach across the whole organization
Ensuring internal compliance with the risk based regimeEnsuring that assessments of firms are forward looking
Going beyond the individual firm in assessing risk
Managing blameMaking resources follow risksManaging political risk
Lessons from OECD experiences
Starting out– Start with risks not rules– Ensure the organisation has sufficient powers to implement the
approach– Beware of other regulatory or governmental policies which may
contradict or hinder the adoption of a risk based approach– Ensure you know what your goals are-it is worth doing, but don’t do it
for the wrong reasons Dealing with transition
– Designing and implementing a risk based framework will take time– Organisational challenges are significant and shoud not be
underestimated – Think beyond the risk assessment to how the organisation will respond
Challenges of maintenance– Keep the framework simple to use and be prepared for the need to
make continual adjustments– Think in terms of achievability
Need for communication internally and externally Need to recognise that risk based processes require regulators, and
politicians, to take risks.
The risk cycle in policy making
Definition of risk analysis
Communication on Consumer Health and Food Safety (1) A systematic procedure comprising: the scientific evaluation of hazards and the probability
of their emergence in a given context (risk assessment) The assessment of all measures making it possible to
achieve an appropriate level of protection. It includes assessing the impact of policy alternatives in light of RA results and the desired level of protection (risk management)
The exchange of information with all the parties concerned (risk communication)
Principles for sound risk management
Separation between scientific advice and regulatory responsibilities
Risk assessment advice to be provided by independent scientific committees
Scientific committees to be structured and to work in accordance with principles of excellence (highest possible quality), independence and transparency
Members, minutes, opinions, minority opinions to be published
Open calls for expression of interest for membership
System of indemnities
11
Endorsed in 2005 OECD Guiding Principles for Regulatory Quality and Performance
Risk assessment helps avoid opportunity costs of regulatory failure: Failing to regulate when there is a need (type 1 error) Regulating when there is no need (type 2 error)
“Quantitative risk assessment improves the capacity of a government to focus on the most important risks and reduce them at lowest cost while identifying those risks that fall below a threshold justifying government action.” OECD 2002
RIA has been adopted by all OECD countries for at least some forms of new regulation
But formal risk assessment not comprehensively applied
Risk in Regulatory Impact Assessments (RIA)
Uptake of RIA in OECD Countries
12
13
1. Problem definition2. Objectives of Government action3. Consideration of alternative options4. Impact analysis – costs, benefits and
risk5. Consultation6. Recommendation7. Implementation and review
Steps in Regulatory Impact Assessment
14
Defining the problem What will occur under a ‘do nothing scenario’ ? What is the probability that the outcome will occur? How serious is the harm or injury that could occur? How widespread will it be and who will be affected? What is the level of uncertainty?
Govt objectives are often to “reduce risk” Any reduction in risk involves costs Need to determine how much risk is acceptable What is the value of the risk cost trade-off? Goal should be the minimum effective regulation to meet
objectives
Risk analysis is in all steps in a RIA
15
Alternative Options Risk avoidance – prohibit activity Risk transfer – cause another party to accept the risk
(contracts, compulsory insurance, privatization) Risk retention – accept the loss from the risk event Risk reduction – reduce the probability of the risk event
(licensing, codes and standards, enforcement strategies)
Impact Analysis Calculate costs and benefits of each option; show net
benefit Sensitivity analysis can reveal implications of uncertainty
for decision makers
Analyse the impacts of alternatives
16
Consultation Explore the consequences and probabilities of risk for
each option analyzed Obtain feedback from all groups likely to be affected Seek expert opinions
Recommendation Select option with highest net benefit, only after
accounting for risk in the analysis
Build in implementation and review Was the risk adequately identified? Has government intervention been effective? New science - what has changed, is it still appropriate?
Promoting Transparency
17
Managing complexity Getting the right data can be difficult
But the systematic framework of a risk assessments can be still be useful
Develop in house risk tools Even simple approaches have merit
Build the capacity for risk assessment over time Post implementation reviews reveal lessons
Recognize that risk based processes require regulators and politicians to take risks
Manage communication of risk cost trade offs
But not without its challenges…