Calculated risk-taking for gain is characteristic of the business of supervised entities. So as not to endanger a supervised entity’s existence, this risk-taking must be controlled. One of FIN-FSA’s key supervisory tasks is to ensure that supervised entities do not take on such a level of risk as may jeopardise their capital adequacy. The task is dual: on one hand we assess supervised entities’ risk-taking, while on the other hand we measure their capital adequacy, ie their risk-bearing capacity.
Risk-taking is supervised in three different ways:
- Quantitative or measurable risks are monitored through regularly submitted reports and supervised entities’ own risk reports. This pertains to eg credit and market risk.
- Qualitative risks are monitored through inspections. Qualitative risks are eg operational risk and internal governance. Supervision focuses on management operations, the adequacy of risk management systems and internal control, and the quality of operational systems and processes.
- Individual institutions also encounter risks arising from changes in the operating environment.
FIN-FSA monitors and assesses the impact of such changes on financial market stability in cooperation with the Bank of Finland.
Risk-taking is evaluated relative to a supervised entity’s risk-bearing capacity. Risk-bearing capacity is a broad concept where one factor is the entity’s equity capital, which is taken as a measurement of its capital adequacy. The components of risk-bearing capacity are profitability, risk premia, provisions, equity capital and risk management systems.
It is typical of financial business that even the best risk management cannot always protect a supervised entity against unexpected losses. In order to safeguard the stability of its business, a supervised entity must reserve sufficient capital to cover potential losses. The more capital it has allocated for expected and unexpected losses and the better it manages its risks, the better risk-bearing capacity it will have.
It is an integral part of good risk management that a supervised entity’s board of directors has an overall view of all essential risks arising from the entity’s business operations. Risk management is based on the risk-taking strategy and risk management policy included in the business strategy. These define the procedures to identify, assess or measure, limit, monitor and manage risks. The purpose of risk management and other internal control is to ensure that the risk-taking strategy is implemented in practice.
Supervisory review and risk assessment
FIN-FSA conducts analyses on regular basis covering material risks and risk-bearing capacity of its supervised entities (supervisory review) and conducts also more holistic reviews on financial sector activity and outlook (Financial position and risks). On the basis of the assessments and other information collected during the ongoing supervision FIN-FSA specifies the risk categories and supervised entities which will be the focus areas in subsequent periods.
The key conclusions of the supervisory review and corrective actions possibly required from the supervised entity are also submitted to the supervised entity concerned. The scope of the review reflects the nature, scale and complexity of the activities of the supervised entity and its significance to financial stability.
Typically the review is conducted on an annual basis but depending on the business model, internal governance, financial and risk position and their material changes the review can be conducted even more frequently.