Newsletter Old site

Newsletter Dec 2002

News update 021219: December 2002

A monthly newsletter on risk management in financial services,
operational risk and user-developed software from Louise Pryor
( Comments and feedback to Stop receiving this newsletter by sending
an e-mail to Newsletter archived at

In this issue:
1. Welcome to this newsletter
2. FSA briefing: The future regulation of insurance
3. The true significance of bugs in spreadsheets
4. FSA update
5. Seasonal risks
6. Newsletter information

1. Welcome to this newsletter

This is the first issue of a monthly newsletter on risk management
in financial services, operational risk and user-developed
software. It will contain brief articles, often with more detailed
reports available on the web site. Its coverage won’t be
exhaustive, but will reflect my own interests and expertise: mainly
risk management processes and frameworks rather than capital
adequacy, and the application of software engineering techniques to
spreadsheet development as part of managing operational risk. I’m
always interested in your comments and feedback: just e-mail

2. FSA briefing: The future regulation of insurance

The FSA held a half-day briefing on “The future regulation of
insurance” on 4th December 2002. Nearly 200 people attended, from a
variety of organizations: insurance companies, banks, building
societies, solicitors, accountants and other consultants. There
were surprisingly few consulting actuaries present.

The emphasis throughout the briefing from the FSA speakers was on
risk management frameworks, and the importance of regulated firms
having good systems and controls. The risk management framework
should be comprehensive, integrated throughout the firm, and well
documented. Senior management are ultimately responsible regardless
of outsourcing or other arrangements. Good controls, together with
a compliance culture, should lead to less crystallization of risk
and hence less regulatory intervention. None of this was new, but
there is clearly some concern that the risk-based approach has not
been fully taken on board throughout the industry.

Both Richard Harvey of Aviva and Mary Francis of the ABI,
representing those who are regulated, expressed some concerns about
the burdens being placed on many insurance companies by the new way
of doing things. Would better systems and controls really lead to a
lighter touch from the supervisor? Is the emphasis on high impact
firms ignoring the risk to the FSA’s objectives posed by the
simultaneous failure or shortcomings of several smaller firms? It
is important that regulatory creep is minimized: the FSA shouldn’t
go too far towards protecting people from risk rather than
educating them to understand it and take responsibility for

A fuller report on the briefing is available at
The presentations and transcripts are on the FSA web site at

3. The true significance of bugs in spreadsheets

There are many reports of extremely high occurrence rates for bugs
in spreadsheets. From reading them, you might think that very few
spreadsheets are error-free.

However, many people who are aware of the likelihood of errors in
spreadsheets go to great lengths to find and remove them. I have
found few significant errors in the often large and complex
spreadsheets I have reviewed (mainly in the insurance industry).

I believe that the true significance of bugs lies not in their
existence, which can lead to spreadsheets producing erroneous
results, but in the enormous amount of time and effort that goes
into preventing them. Spreadsheets are usually built and maintained
by people who have little or no software engineering
expertise. These people often:

– Do not have good software development processes;

– Are not aware of the characteristics of good software and how
they apply to spreadsheets;

– Do not know good methods of testing and reviewing software;

– Do not know how to design software (especially spreadsheets) so
as to reduce the likelihood of bugs;

The use of simple software engineering techniques can help. Some of
these techniques are described, somewhat briefly, in notes on my
web site. A good starting point is:
I have written about this topic at greater length in a workshop
paper for GIRO 2002: Managing the operational risks of
user-developed software, available from

4. FSA update

Howard Davies is to leave the FSA to become director of the London
School of Economics. As an ex-academic myself, though not at that
exalted level, I am not convinced that his life will be much
easier. General opinion is that the change at the top won’t lead to
any major changes in the way the FSA operates: risk-based
regulation is clearly here to stay. However, the view has been
voiced from several quarters that now might be a good time to split
the roles of chairman and chief executive. After all, people say,
principles of good governance should surely apply to the FSA, of
all organizations.

Two major fines have been announced so far this month, compared to
three in the first eleven months of the year. In both cases (Abbey
Life and RBS) a major factor was stated to be weaknesses in
internal controls. Will these fines be counted as operational
losses for the purposes of risk monitoring?

New consultation papers out this month:
CP158 Mortgage endowment complaints – Changes to time limits for
making a complaint
CP159 Appointed Representatives – extending the current regime
CP160 Insurance selling and administration – the FSA’s high-level
approach to regulation

Feedback published this month:
CP147 Implementation of the Fourth Motor Insurance Directive

Current consultations, with dates by which responses should be
received by the FSA, are listed at

5. Seasonal risks

If you want to stay sane, don’t even think about doing an
operational risk assessment of the holiday season. On top of the
basic health and safety issues, such as carrying large and
extremely hot objects around the kitchen without the appropriate
equipment, what about your systems and controls on the admin side?
Who was left off the Christmas card list and will never forgive
you? Who has been given the same book two years in a row? (Believe
me, it has happened!)

Best wishes for a relaxed Christmas and New Year.

6. Newsletter information

This newsletter is issued approximately monthly by Louise Pryor
( Copyright (c) Louise Pryor 2002. You
may distribute it in whole or in part as long as this notice is
included. To subscribe, e-mail To
unsubscribe, e-mail All comments,
feedback and other queries to Archives