PSD Capital Review: A Tractable Approach to Supervisory Philosophy and Resourcing

Ref #6995852 MEMORANDUM FOR Governors FROM Toby Fiennes and the PSD management team DATE 15 May 2017 SUBJECT PSD: Monkeys, FSAPs, Philosophy, and Resourcing. A tractable approach to a complex process. FOR YOUR Reactions

1. This paper builds on previous papers about potential revisions to our supervisory model. There are reasonably complex interactions between the detail of regulations and supervision, and the philosophy of what sort of a supervisor we want to be. This poses challenges of a ‘chicken and egg’ nature, so in order to move things along, we articulate a preferred model, and a staged approach. We believe this approach should provide us with sufficient mandate to progress the detail in a way that will be internally consistent with a broadly agreed revised supervisory model (which is in turn consistent with expected resourcing and our philosophy). It should also assist to explain to industry and other stakeholders such as the MoF, any evolution in our policy and supervisory approach.
2. The second part of the paper deals very briefly with the resource implications of the preferred model. The intention here is to provide an order of magnitude and a sense of what people would be spending their time on. We are not presenting it as a key driver of decisions about our approach: indeed we strongly believe that logically the philosophy should come first and the resource implications follow – albeit perhaps with a final overlay to reflect budgetary reality. Background
3. PSD management began revisiting the Reserve Bank’s prudential regulatory philosophy, approach, and resourcing at the beginning of last year, following an offsite session. This resulted in a paper to FSO (“A Monkey on our back?” #6475710), which posed a number of questions about whether the balance was right (with the sub-text that it wasn’t, or at least had drifted away from the optimal, given our philosophy). It also suggested that the next step was to reassess and/or confirm our philosophy, so that we at least establish the desired end-point for any subsequent changes or rebalancing of trade-offs.
4. A “philosophy” (supervisory framework #6567350) and an accompanying on-the￾record speech in September 2016 set out the broad parameters of our preferred approach – a key element was that we should focus our resources on areas where private and society’s incentives were not well-aligned.
5. We also underwent the 2016 FSAP. Papers have described the myriad of recommendations (#6740694 and #6826553), but for the purposes of this paper, the two key recommendations to point out are the following. First, the IMF was firmly of

2 Ref #6995852 the view that we should change elements of our regulatory model and philosophy. Second, that even if we were not inclined to accept their first view, we are inadequately resourced to deliver on our current philosophy. 6. The IMF advice was like the curate’s egg: good in places. That is, we are not inclined to fundamentally change our regulatory philosophy and approach, although concede that some rebalancing to reinforce our commitment to an incentive-compatible, three pillars approach, is warranted. On their second point, we agree, and this was indeed raised in the ‘Monkey’ paper as a key trade-off (on the assumption of fixed resources). 7. Following the FSAP, FSO asked us to come up with a work plan for taking the post￾FSAP work forward. The first paper, a ‘gaps analysis’ (#6740694), provided a high level overview of the areas for improvement recommended by the IMF. It also introduced broad-brush options for responding to the FSAP recommendations. 8. This was followed by a paper entitled “Responding to the FSAP – options and resource implications” (#6826553). This paper further developed our thinking and posed a number of questions, some of which were really designed to tie down specific action points and/or test articles of faith (e.g. testing whether more verification does actually undermine self-discipline). 9. So, four papers have come through FSO, raising internal and external questions about whether improvements could be made to the coherence of our philosophy/resourcing trade-off, starting from an extremely broad and open position and progressively narrowing down options. We have effectively ruled out some options, but at this point are of the view that we should cut to the chase, and lay out our preferred option. 10. This approach has many benefits. First, it rules out what are really non-starter options (such as full orthodoxy) and enables us to make the (PSD) preferred option somewhat more concrete. On a spectrum of strawperson to working prototype to fully formed proposal we would characterise it more as the working prototype – something that has enough detail to draw out the intuition, without fully baking in all of the details. This should make it easier for FSO, Governors and ultimately the MoF to get a better sense of the points of difference with the status quo, and to react to the elements of it that resonate and those that may need further thinking. 11. Secondly, it will make the process more tractable. We are juggling FSAP responses, handbook rewrites, capital and IPSA reviews, Basel consultations, thematic reviews, data initiatives, system development work and day jobs. Trying to progress all of these issues without narrowing down supervisory approaches makes for a complex task. 12. Finally, as we work through FSAP responses and policy reviews, decisions can be made with reference to the type of regulator we want to be. This should help guide judgements and reduce the risk that decisions don’t stray from the resourcing and philosophical constraints implied by the revised supervisory approach – even if such decisions may make sense in the current context. Sequencing the discussion and decisions 13. We are roughly on-track with the timetable envisaged within PSD. That is, we have completed a high level assessment of the gaps, provided feedback through our Board and the MoF and Cabinet. We had anticipated allocating staff to work on detailed

3 Ref #6995852 modules, but we have put this on hold at this point, as we have come to the view that the regulatory approach needs to be anchored first, so that the regulatory framework (policies, capabilities, resourcing) are developed in an internally consistent way. 14. So, we see the sequence as: agreement to a revised supervisory model; agreement to the resources needed to implement it; and a transition path. 15. A revised supervisory model includes potential changes to: • policies (new things we pick up as a part of Basel, the capital or IPSA reviews, or things we drop, again as a part of the capital review for example); • new powers; • how we use existing powers and supervise / check (for example, we have but rarely use enforcement powers or section 95s); • the mix of skill sets/capabilities with staff, as well as the number of staff and the use of external expertise; • our risk appetite (across all dimensions of financial stability, stakeholder management and so on). 16. The first three bullet points have been relatively well canvassed in previous papers. The fourth is important and work is well-advanced (though on hold pending this broader review) in articulating a risk appetite framework within the supervisory area. 17. Risk appetite nests within our risk-based approach. For example, we have distinguished between large and small insurers, reflected in the designated and portfolio categories. We are explicit that we will devote more resources to the designated entities as they will matter more (generally) in the event of failure, and this is also true in our approach to oversight of FMIs. Similarly, NBDTs receive far less attention than banks or insurers, and banks are singled out as the main sector to monitor within our AML responsibilities. 18. On the other hand, we have sometimes responded in a way that could be argued to be disproportionate (admittedly often with the benefit of hindsight) from a system risk perspective in terms of the impost on our resources. Examples could be the amount of time spent on Kiwibank’s IRB application, the development of a bespoke solvency standard for a novel individual entity that has yet to make use of the standard (and may never), or the disproportionate amount of policy and supervisory time spent on small banks (Heartland and the Chinese banks for example). One could argue that we have been more responsive to persistent stakeholders than to financial stability. A more positive way to put it would be to emphasise possible efficiency benefits of a more tailored approach. However one prefers to characterise this, clearly a less responsive approach would require fewer resources. See later discussion. 19. In terms of the agreement to the resources needed to implement we aim for a good sense of the direction of travel by mid-year so that we can engage meaningfully with Treasury and (election permitting) the MoF. This should be on the basis of providing a degree of certainty around some key overarching features (what sort of regulator do we want to be? What resources do we need and might be available?). We will need to have then worked the ideas up in sufficient detail to hold constructive, soundly-based post-election conversations with Ministers in Q4.

4 Ref #6995852 20. And, in terms of the details and the transition, including the IPSA and Capital reviews, and our response to detailed FSAP recommendations, our intention is to set the overarching objective and ballpark resource requirements, and then project manage the detailed modules. We have identified project managers (Kevin Hoskin and Vicky Learmonth). FSAP modules would be grouped together, and be coordinated and consistent with other workstreams (e.g. the capital review). 21. For this to work, we will need sufficient political buy-in to the direction of travel and ballpark resource implications so that detailed plans can be developed in the knowledge that they are not ‘out of the question’ simply because of resource constraints. Alternatively – but undeniably a suboptimal policy process – we could get an indication of a capped increase to funding and cut the coat to suit the cloth. ‘Working prototype’ revised supervisory approach, or ‘Who do we want to be?’ 22. The three pillars framework has delivered good outcomes in banking and insurance supervision and should be retained. However, experience applying the framework over many years, along with a recent external expert assessment by the IMF against international benchmarks, indicates that certain enhancements can make the framework more effective. These enhancements are of the nature of refinements and strengthening rather than substantial change in the philosophical approach. 23. To recap on the self, market, regulatory discipline framework: Primary responsibility for the prudent management of regulated firms rests with the Board of Directors and senior management of these firms. Investors and policyholders also have a responsibility in choosing who they undertake transactions with and for monitoring their financial risk. The self and market discipline pillars are bolstered by the imposition of certain regulatory rules and mandatory requirements in key areas such as capital/solvency, liquidity, governance, fitness and propriety, and disclosure. Given the focus on a handful of policy areas, the Reserve Bank’s non-intrusive approach and New Zealand’s risk profile, policy settings in those areas should be expected to be relatively conservative. 24. This is all designed to ensure that minimum standards are met, incentives are well aligned to prudence and the risk of institutional failure is kept within acceptable bounds. The approach taken is risk-based whereby tougher requirements, and / or exercise of more intensive supervision are applied where risks to our objectives are perceived to be higher. 25. Enhancements to this framework would deliver better outcomes. They include: a. Shifting to a supervisory relationship where there is more verification and being less trusting/more sceptical of institutional arrangements. This results from PSD managers’ discussions leading to a view that we should place less emphasis on (the still valid) concerns about the moral hazard implications than was the case in the 1990s. The idea here would be to do selective verification that reinforces the existing framework through sharpening the incentives on self-discipline, and deepening the understanding of supervisors to enhance regulatory discipline. The intention is not to move to a heavy-handed, adversarial model of intrusive compliance checking. It is a buttressing of our three pillars approach.

5 Ref #6995852 b. There are several ways to achieve this objective, and the details need further investigating along with the pros and cons of various types of validation. Conceptually, the various types could include: thematic reviews of “prudence” e.g. governance, system and controls, capital and disclosure compliance on a proactive basis and perhaps with a frequency of one or two a year in each sector; more use of external independent expert reviews of material institutional vulnerabilities or where material non-compliance is suspected (section 95 RBNZ Act for banking, section 130 IPSA for insurance); or random spot checking of compliance with requirements and of prudential data submitted to the Bank. The first two of these tools (thematic reviews and section 95 reviews) are established mechanisms that we are increasingly using. They are primarily analytical tools, although banks are much more resistant to being subject to a section 95 review than a thematic review (the views of insurers are not so well-known). ‘Spot checks’ would be new for us and industry and, while they may turn out to be a useful tool in certain circumstances, their fit with the current framework (for banks, certainly) is less obvious and may be a concept to revisit after the transition phase. Whichever tool is used, a “risk-based, value-add” filter would be applied to determining which activities were pursued, with a firm leaning towards areas where incentives are less aligned. c. Accompanying this would be a strengthening in our response, whether that be to non-compliance or enforcement. To be clear, we are not suggesting a move to zero tolerance, or mindless enforcement: we have yet to take an enforcement action against a bank, and while we should not rule court-based enforcement out, we continue to see that as an option reserved for the most serious non-compliance. (Moving to a zero tolerance approach on all non￾compliance, or implementing administrative fines for minor breaches, could absorb/deflect significant resource on our part while also deterring institutions from being open with us.) We should also consider whether we have an appropriately graduated set of tools. For example, at the lighter end of the spectrum, we can currently privately remonstrate with a bank, impose additional requirements, and force disclosures; at the heavier end of the spectrum we can, with the consent of the MoF, issue directions or initiate court action. A more graduated suite of tools could include, for example, enforceable undertakings (which require regulated entities to make good on transgressions or shortcomings, with legal force). d. Legislative change to address weaknesses and gaps. The IMF FSAP review identified many areas for improvement. These ranged from support for our FMI proposals to a wider range of enforcement tools. They also noted that our emphasis on the self and market discipline was not adequately reflected in IPSA where governance requirements weren’t backed by primary legislation (i.e. a Standard) and disclosure support was weak. e. More clearly articulated policy requirements are desirable for several reasons. They provide more certainty for all parties, and will certainly assist with enforceability. The re-write of the Handbook is a very good step in the right direction, but this is not a one-off undertaking. New or updated requirements need to be to the same professional standard, and ongoing maintenance of standards is resource intensive.

6 Ref #6995852 f. More conservative and simplified settings (our thinking has mainly been around capital/solvency settings but the point is more general and should extend to liquidity, disclosure, governance). Abandon as far as possible the features of Basel II and III that don’t fit well with our framework. Convertible instruments and internal models are obvious areas for consideration, but so too is the question of capital conservatism more generally. We have signalled more conservative bank capital requirements on the grounds of relativity with Australia, and New Zealand being a small open economy. Further thought should also be given to whether additional conservatism can compensate for less activity elsewhere. For example, reducing or removing the role of approvals where there are bigger regulatory buffers and more s95 / s130 checking of compliance which in turn would be associated with appropriate enforcement to reinforce both regulatory and self-discipline. g. Moving away from issuing non-essential non-objections or approvals, especially for complex matters where there may be better alternative risk mitigants. Non-objections can give rise to moral hazard. Such a move would fit well with an increase in capital conservatism and an end to the undesirable features of Basel II and III. Examples under Basel II could include IRB models in areas of dubious value; examples under Basel III could include contingent instruments. How this would work for insurance solvency – where there are incentives to “model-shop” but where we currently deploy very limited assurance – does need to be worked through. 26. In essence, the enhancements proposed represent exercising more regulatory discipline than before to strengthen the self and market discipline pillars as well as to make the regulatory settings themselves more robust. The resulting framework would remain anchored to an incentive-compatibility regulatory approach with our efforts concentrated most on where public/private sector incentives are less aligned. 27. This enhanced BAU framework needs increased resources (some more policy and supervisory staff and some more external reviews). A wider skill mix will be needed including banking sector institutional experience, technical and legal specialists and experienced enforcers. 28. If we wanted a succinct articulation of what this means in practice, say to a regulated entity, it could be along the following lines. • Our framework continues to: oBe built on a three pillars approach (market, self, and regulatory discipline), and an emphasis on incentive compatible regulation. oBe relatively unintrusive, especially compared to the international orthodoxy of compliance checking, on-site, type supervision. o Apply international standards, except where they are not a good fit for New Zealand. oEmphasise the critical importance of sound governance. oEmphasise the importance of regulated entities being well capitalised with high quality capital. oPrefer simplicity over complexity. • Our framework is evolving to: oEnhance self-discipline through increased verification. oClearer, simpler, and more enforceable policies.

7 Ref #6995852 o Deepen regulatory understanding and ‘best practice’ through targeted reviews. oFurther distance the regulator from decisions that rightly sit with the directors, with simpler and conservative rules. 29. Even with the additional areas of focus and resource, our model will still be low￾resource, low-intrusion and in fact narrow by international standards. For example, we are not proposing to expand into any more than the current high-level oversight of specific areas of operational risk, such as cyber risk or business continuity. Resources 30. This section attempts to estimate the net change in resources arising from the prototype model, including by explaining what any additional people would do on a daily basis. We have not yet turned our attention to the precise mix of skills required, although in some cases this is fairly obvious. 31. In this section we are primarily focused on what our best estimate is of a realistic steady state, based on the current responsibilities of PSD. To unpick this more: • Our current responsibilities include AML; banking and insurance regulation and supervision; NBDT regulation and monitoring; FMI oversight and (anticipated increases to) regulation and monitoring. • We take “steady state” to mean where we think we should be in 3 or so years. Even if it were realistic to obtain funding for the upper end of the range, it is unlikely we could (or arguably even should) aim to move quickly to a full complement of staff. A cautious recruitment approach that ensures we maintain our standards and minimise growth pains seems prudent, and suggests a transition path, where the initial budget is agreed, with the final estimate re-assessed in a year or two. • Even if the re-assessment concludes the upper estimate is ultimately unnecessary, we think it is important to reflect now our best estimate in our response to the FSAP and our own thinking about the sort of regulator we should be. This staged approach, we think, should also be more politically palatable. • As such, the bottom of the following ranges represent the baseline number for the one to two year transition phase (a net increase of 10 staff), with the top of the range (a net increase of 19 staff) representing a plausible steady state mid￾point estimate, which will be fully re-tested. 32. Please note that both the supervisory and policy proposals include a small increase (+2-3 FTE in total) to reflect the fact that we are underresourced even for our current model. One area where we certainly need to step up is good process: recent events highlight the need for robust four-eyes checking on all important decisions. Having a capability for robust quality assurance of important decisions also has an important ancillary benefit – that of improving our business continuity capacity. We face serious key person risk in some areas. 33. Against that, we believe that our proposed new model can deliver some resource savings. A simpler regime will deliver savings (maybe -1 FTE) in areas such as internal model validation and complex capital instruments.

8 Ref #6995852 34. The model implies changes to FTE headcount as follows: Policy work (+ 3-5 FTE, which incorporates -1 FTE for a simpler regime) 35. Additional resources would be deployed in improved drafting of our rulebooks and in more regular, proactive maintenance of existing policies. • Prepare new policy documents, and maintain existing ones. • Convert policy intentions into text that delivers those intentions correctly, without areas of uncertainty or inconsistency, in a way that is as easy as possible for supervised entities and also PSD staff to understand. • More regular review of existing policies and the website content. • More Post Implementation Reviews. Treasury have encouraged us to do more of these. We have never for example reviewed the bank liquidity policy. • Overall a deeper and richer understanding of our policies, improved ability for robust quality assurance, and a reduction in key person risk. Banking and Insurance Supervision (+4-9 FTE) 36. New resources would be deployed in: more systematic, frequent and deeper thematic reviews; more verification of information and compliance, especially where incentives are misaligned; crisis exercises; stronger liaison with APRA. • Deeper dives into verifying that a regulated entity’s self and market discipline arrangements are meeting requirements and our expectations. • Deeper scrutiny of capital adequacy and solvency compliance, particularly for big impact institutions. • More regular verification of institutions’ compliance with key supervisory requirements where incentives are weak (e.g. OBR, outsourcing, catastrophe risk). • Organising and managing third party experts if specialist expertise is needed to perform these tasks. • Quicker resolution of vulnerabilities/issues identified. 37. Increased validation would occur in the areas of governance, disclosure issues, key business risks and mitigants. Validation would be selective with this being informed by the banking Press and insurance iPress reviews and the supervisory action plans emerging from these, from thematic review insights and the compliance record in PSD’s Compliance Issues Register. 38. It might take the form of desk-based reviews of information not usually provided to the Reserve Bank (e.g. Board minutes to get insights on governance), or supervisor interviews of key staff (e.g. the appointed actuary to determine influence on mitigating risks), or more fully formed investigations involving external experts and using the section 95 (for banks) and section 130 (for insurers) apparatus. Compliance resource (+1-2 FTE, not dedicated) 39. The overall purpose here is not to recruit a dedicated enforcer, but to better manage and respond to non-compliance. This would include a stronger focus on non￾legislative supervisory responses (such as warning letters, meetings, expert person

9 Ref #6995852 investigation and disclosure). The current role is reactive and we are looking to introduce a more strategic response to breaches. • Undertake investigations of compliance breaches that are referred from supervision, including interviews and a recommendation memo to managers or Governors. • Assess complex boundary issues. • Provide advice on compliance matters to members of the Department. • Assess lessons learned from compliance issues, including the need for an industry￾level response, changes in policies or scope for improved internal processes. • Feedback lessons to enable improvements in the enforceability of our requirements (drafting of requirements, legislative gaps and so on). • Incorporate non-compliance lessons into the supervisory day job. We will be better able to do this if the resource is not dedicated but spread amongst supervisors. FMI Supervision (+1-3 FTE) 40. The Cabinet paper said: “The Reserve Bank considers that in the first instance, it may need to allocate 1-2 additional FTEs to the supervision of FMIs, and that this cost can be met within the scope of its existing five-year funding agreement. Consideration of whether additional funding may be appropriate in the longer term will be factored into the negotiation of the Reserve Bank’s next five-year funding agreement.” 41. The Cabinet paper text represented a compromise and was written in the knowledge that it was mainly a story for the next Funding Agreement. We believe the right number may now be a little higher based on our expectations of how the landscape will evolve. The staff would be employed in the following new areas. • Oversight of the systems that are not currently designated (SBI and likely one or two overseas systems). • More horizon scanning, identifying trends and new players. • Implementing the new framework around crisis preparedness and standards. A measured increase in engagement with home supervisors of new overseas FMIs. Management and Admin (+1-3 FTE) 42. Any increase of more than 2-3 FTE would require us to rethink our structure. Setting aside any discussion about how to do this, at the very least, every 7-10 staff implies one additional manager (or possibly team leader) and maybe more admin resource. Total (+10-19 FTE) 43. The total adds to 10-19 FTE. Please treat this as indicative only. Note that the next, and equally important, stage would be to identify skillsets (legal drafting and industry experience are two obvious ones). Also, it does not include any macro-prudential initiatives, nor impacts on the rest of the Bank (Stats, Comms, KSG etc.), nor have we here quantified costs of employing third parties for some tasks.

10 Ref #6995852 Next steps 44. The resource numbers are indicative only and we suggest the focus be on the proposed model. It would be helpful if Governors could confirm the degree of comfort in proceeding with a prototype revised supervisory model. Similarly, guidance on areas that need more ‘meat on the bone’ and/or a different emphasis, perhaps by way of follow-up FSO papers. 45. Once a revised supervisory model is agreed, external communications could be considered, starting with engaging with Treasury and the MoF, consideration of a Bulletin article or speech and so on.