The FSA has developed the ARROW risk assessment framework with the following objectives:
- Help FSA meet its statutory objectives by focusing on key risks
- Influence resource allocation to make efficient and effective use of limited resources
- Use appropriate regulatory tools to deal with risks or issues
- Undertake proportionally more work on a thematic (or cross-sectional) basis
ARROW stands for Advanced Risk Response Operating frameWork: a bit contrived, but we get the picture.
Firms are assigned to one of four supervision categories, based on the risk they pose to the FSA’s objectives, as perceived by the FSA. The ARROW framework describes how the FSA assesses the risk. Although the requirements are the same for all firms, the level of the FSA’s involvement depends on the supervision category. Firms in category A can expect a close and continuous relationship; those in category D can expect little or no individual contact.
An extremely important aspect of the whole regulatory approach of the FSA is that only the risks to the FSA’s objectives are considered. These objectives are concerned with market confidence, public awareness, consumer protection and the reduction of financial crime. Risks to shareholder value, for example, do not explicitly concern the FSA.
The FSA assesses the risk that a firm poses to its objectives by considering the impact and
probability separately. The unit of assessment may be the individual firm, or a business unit consisting of several firms (in large groups) or within a firm.
The impact assessment depends on the size of the firm, and is expressed as high, medium high, medium low, or low. The size of the firm is measured by premium income, assets/liabilities, funds under management, annual turnover, or other similar measures, depending on the firm’s sector.
The probability assessment is performed on a firm by firm basis, by considering each element in a matrix of risks. The thoroughness of the probability assessment depends on the impact rating of the firm. Low impact firms won’t be assessed individually; high impact firms will be assessed in great detail, with visits from the FSA; those in the middle will get desk-based assessments.
After performing the probability assessment, the FSA develops a risk mitigation programme (RMP) for the firm. The RMP will use a selection of regulatory tools intended to reduce the risks that have been flagged as requiring action. Usually, this means that the firm has to take some action: produce and implement a plan for introducing a risk management process, for example.
The following external links are relevant:
- The firm risk assessment framework
- Building the new regulator: Progress report 2
- Building the new regulator: Progress report 1
- The future regulation of insurance: A progress report
- A new regulator for the new millennium
- Financial Services Authority
- CP190: Enhanced capital requirements and individual capital assessments for non-life insurers
- CP195: Enhanced capital requirements and individual capital assessments for life insurers
- PS04/16: Integrated Prudential sourcebook for insurers