19 January 2017
In pursuit of their mission to ensure the integrity of financial systems, regulators have two distinct tasks. The first is developing the rules and regulations that govern the authorization and operations of financial institutions. The second is supervising those institutions to ensure that regulations are followed and risks are identified and addressed.
Over the last several decades, the drive to include populations formerly excluded from the formal financial system has introduced new kinds of financial products, service providers and digital technologies that have improved the lives of millions, but pose challenges for regulators on both the policy and supervision fronts. Though these developments have generated a significant amount of interest in regulatory policy, the impact of new policies on the task of actual supervision has received relatively little attention. And while there is still work to be done on the policy front, there is now an urgent need to address the practical impact of these policies on actual supervision of financial service providers (FSPs). In a rapidly changing environment, a definitive account of these impacts may not be possible, but it’s not too early to consider some of the major issues and the resulting need for capacity building among financial supervisors.
Most apparent among these issues is the dramatic expansion of the number and types of financial institutions that regulators are required to supervise. Once responsible for supervising a limited number of banks, they are now increasingly expected to supervise an array of non-bank financial institutions (NBFIs), including microfinance institutions, cooperatives, SACCOs, mobile money issuers, and others. In contrast to traditional banks which are relatively few and relatively large, NBFIs are for the most part numerous and small. A supervisor formerly responsible for at most a couple of dozen institutions may now be responsible for hundreds. And whereas all banks are broadly similar, there is now much greater heterogeneity among the types of institutions and products subject to oversight.
At the same time, the increasing use of agents that may number in the tens of thousands poses special challenges. Though it is widely accepted that principals are responsible for oversight of their own agents, the task of ensuring that principals are fulfilling this requirement adequately is generally a new and different responsibility for many financial regulators. To this must be added rapid evolution in electronic payment systems, involving a host of new types of payment service providers and payment technologies. Gone are the days when it was enough to keep an eye on things like check clearing, cards or the ACH.
Since the global financial crisis of 2008-09, there is everywhere a heightened concern for consumer protection. It is a concern of special significance to financial inclusion programs that aspire to reach customers with limited literacy (financial or otherwise). Enhanced supervision under new consumer protection rules is for many regulators a largely new domain of responsibility, again multiplied by the large number of service providers concerned.
Related to all these issues is the requirement that license applications for new entrants be reviewed prior to approval and increasingly a requirement also that all new financial inclusion products be pre-approved by the regulator before being introduced. This process is exceedingly labor intensive, often requiring multiple iterations of a cycle of feedback and re-submission before a final decision is reached. Workloads are directly proportional to the pace of expansion and change in a financial services marketplace where innovation and expansion in the name of greater inclusion is often strongly encouraged. That means that workloads are expanding rapidly, threatening careful review or timely decisions or both.
These challenges are uniformly driven by policies that are here to stay and the major implications are now clear. First of all, there will never be enough staff to meet these challenges using traditional approaches. For many FSPs on-site examinations will necessarily be cursory, relatively rare or both. Moreover, with very limited human resources (relative to the scale of the task), the adoption of a risk-based approach to supervision will cease to be merely a desirable goal and will become an absolute condition of effective supervision. Given the need to develop risk profiles on numerous FSPs and products, it will be necessary to concentrate on the development of sound sector-based risk assessments and validated risk indicators that can be monitored remotely. This in turn suggests that the traditional separation of on-site and off-site supervision will need to be overcome and individual supervisors will have to be equipped to employ both approaches as and where indicated without regard for geographic proximity or any sort of programmed schedule.
Beyond sheer numbers, the heterogeneity among types of institutions and products suggests that greater specialization among available staff will be essential. This is especially acute in the case of payment systems which have significantly different mechanics and operating rules from one to the next. Moreover, the risks associated with these systems are generally not the credit or market risks associated with prudentially regulated institutions, but are primarily operational and liquidity risks that need special attention. In particular, this applies to the complex technology upon which all modern payment systems rely. There is no possibility of adequate supervision of these payment systems absent properly specialized expertise on the part of individual personnel.
Thinking about possible means to address some of these challenges, a few things are clear. First, regulators will have to rely much more heavily on information technology and develop the ability to effectively gather and analyze large amounts of remotely-collected data. This means careful attention to the structuring of data collected in monthly or quarterly reports. It means the end of reports submitted as spreadsheets that are manually consolidated and the universal use of web-based report submission backed by automated preprocessing to ensure accuracy and completeness. There will need to be a much greater use of statistical techniques to establish what is normal among a particular set of providers so that anomalies can be isolated and investigated quickly.
With respect to licensing and pre-authorization of products, it will be essential to develop simple efficient systems whereby applications can be entered electronically, workflow can be tracked, and routine communications can be automated. Where regulators are granted discretion to judge the appropriateness or adequacy of an applicant’s proposed businesses or products, it will be necessary to articulate clear expectations and guidelines for the exercise of that discretion in order to alert applicants and reduce the volume of deficient applications that needlessly consume staff time.
For agents, the assignment of a unique ID for each agent and the creation of national agent registries will be necessary to provide principals with critical information about a prospective agent’s prior history as an agent (if any) allowing them to avoid the cost of taking on agents with a questionable background. The same registry will facilitate consumer protection if each agent’s ID number is displayed at its place of business, allowing customers to make complaints without having to otherwise collect identifying information on the agent in question.
Such a registry and ID system will also enable the development of apps allowing customers to easily rate agents or file complaints directly from their phone. That also means that supervisors will need to be prepared to process a potentially significant volume of customer complaints, some of which will be referred to a provider for resolution, others which may involve escalation of complaints that a provider has failed to address. Basic systems for tracking and analyzing these complaints will be necessary. Such systems are a common feature of many businesses, but will be very new to most regulators.
Finally, with regard to the rapidly evolving and ever more complex world of technology supporting financial inclusion, regulators will have to move away from the practice of directly inspecting provider’s IT infrastructure using the regulator’s own staff and will instead have to rely on a variety of qualified independent auditors and recognized international standards for certification of systems and the management of IT systems. At the same time, if not themselves conducting IT audits, supervisory staff will nevertheless need to be able to read and understand the recommendations contained in auditors’ reports in order to ensure that recommendations are followed and issues are addressed.
These are surely not the only changes to traditional regulatory practice that will ultimately be required. And there can be no expectation that the changes required will be easy or quick to achieve. But it is vital that regulators begin to contemplate the future and start to plan for it. At the same time, it is critical that technical assistance and capacity building help regulators adapt traditional supervisory approaches to the new environment. The needed changes will take time and inevitably proceed in stages. But with careful prioritization and a commitment to continual progress it will soon enough be possible to look back and wonder what it was that originally seemed so daunting.
Dr. Bryan Barnett is an advisor for banking and financial services with the Office of Technical Assistance of the U.S. Department of the Treasury. He works with financial regulators in developing countries to help them modernize and strengthen their financial systems. A major focus of his work is helping regulators adapt regulations and processes to support expanded access to financial services to underserved populations. He can be reached at email@example.com .