II-6.11: The Ministerial Order of 19 January 2010 modifies the Banque de France’s Comité de la réglementation bancaire et financier's (Banking and Financial Regulatory Committee) Regulation n° 97-02 of 21 February 1997 relating to the internal control of banks and investment firms.

http://www.legifrance.gouv.fr/affichTexte.do;jsessionid=B87C282BC36071CD3F191032FA7FC56A.tpdjo08v_1?cidTexte=JORFTEXT000021817461&categorieLien=id

Context and Summary

Although the best way to manage risk is not a recent question, the subprime crisis has brought the debate on systemic risk back to the forefront and has even initiated an in-depth reflection on risk management methods. The Ministerial Order of 19 January 2010 is a perfect illustration of this will to reform and supervise Financial risk. Formerly, internal control of banks and investment firms was fragmented between market risk, credit risk, operational risk, legal risk, and compliance risk. From now on, a single ‘risk department’ will be instituted, composed of “the agents and departments in charge of measuring, supervising, and controlling risk” (Article 11-8 of the Ministerial Order of 19 January 2010).

This department will be managed by a manager, who will be part of the executive committee of the firm—which means he will be forbidden to exercise a commercial, financial or accounting function—in charge of (i) supervising the coherence of risk-management policies and the effectiveness of risk measurement, supervision and control systems used by the establishment, (ii) and ensuring that the level of risk exposure of the business is compatible with the goals set by the company’s deliberative organ. The manager can, if he or the deliberative organ thinks it is necessary, produce a report for the deliberative body, or if necessary, to the audit committee, on the exercise of his functions. The manager of the ‘risk department’ has a duty to alert the deliberative organ on any situation that could possibly have significant repercussions on risk management. Besides the manager’s missions, the Order of 19 January 2010 highlights that the ‘risk department’ must not only be organised in a fashion appropriate to the firm’s business and circumstances, but must also be provided with sufficient means, personnel, information systems, and access to information. 

Moreover, risk management policies within banks and investment firms must also include reinforced risk measurement and monitoring systems with (i) the implementation of risk-mapping to have a coherent picture of all risks, including risks not included on the balance-sheet (in other words, engagements that are not included in the firm’s accounts, such as leasing agreements, exchange rate risk management contracts, and guarantees on corporate assets and liabilities during the sale of a company). Besides this transversal approach to risk analysis and measurement, an analysis to identify and estimate potential risks in operations on new financial products, internal and external growth operations, and exceptional transactions, must be carried out beforehand.

To conclude, the modification of internal supervision is combined with an improvement in transparency towards the Commission Bancaire (Banking Commission), since absorbed within the new  Autorité de contrôle prudentiel (Prudential Control Authority), by communicating to the General Secretariat of the regulator all documents relating to business analysis as well as the results of internal audits submitted to the deliberating organ, and transcripts of the meetings during which they were examined.

Brief commentary

Two points concerning this modification of risk management within banks and investment firms deserve more in-depth attention. Special risks, like credit risks, market risks, legal risks, are still present, but are supplemented by a global approach to risk management. This modification is inspired by the lessons learned from the subprime crisis, which brought to light the important role of correlated risks, or risks that, although created alone by each separate branch, are exponentially magnified in force and vigour when they pass from the hypothetical sphere to the real world. As a consequence, the implementation of ‘risk departments’ fulfils the need to know not only the amount of exposition to each risk, but also the possible interactions between the different aspects of these risks.
Furthermore, the subprime crisis has not simply caused a modification in the way risk is approached, but also includes a redefinition of risk-geography. Therefore, besides the obligatory risk-mapping that has to be performed in order to obtain a global view of risk exposition in banks and investment firms, the Ministerial Order modifies risk-management philosophies by including operations external to the balance-sheet in the risk-map. These operations were formerly neglected, and were often used to get around solvability ratios, such as the old Cook ratios, the current McDonough ratios recommended by the Basel II Committee, limit the amount of outstanding credit a bank can have at any one time in function of its financial stability. The realisation of the consequences of the overuse of securitisation, an operation that makes it possible to transform a debt into a capital share freely traded on financial markets, thereby promoting the uncontrolled diffusion of risk, makes a strong case for the measures decided in the Administrative Order, even though the essential question is still whether the current aversion towards risk is a value on which financial regulation can be durably built.
In a much more general sense, the very expression of ‘risk department’ illustrates that regulation was conceived in terms of sectors (telecommunication, energy, finance, banking, etc.) twenty-five years ago, and has encountered unexpected problems, precisely because dangers can pass from one sector to the other, and contamination can rapidly spread. Therefore, the notion of “filière” (department), taken in its classical sense, supposing the transformation of products and the possible contagion of not immediately visible and understandable dangers contained in each “department”, has regained pertinance. This can be seen for the first time in the financial sector, for risks are no longer contained within individual sectors. One might think that next theatre to which this type of reasoning will be applied is the Internet.