Rameswurlall Basant Roi: Regulatory challenges in a fast-evolving banking system
Speech by Mr Rameswurlall Basant Roi, Governor of the Bank of Mauritius, at the conference hosted by the Mauritius Commercial Bank Limited for Le Club des Dirigeants de Banques et Etablissements de Credit d'Afrique (Club of Leaders of Banks and Credit Institutions in Africa), Balaclava, 21 July 2017.
Ladies and Gentlemen
It's always a great pleasure for me, as a career central banker, to be in the midst of bankers. Thank you Mr Pierre Guy Noel for inviting me to address this august audience of prominent bankers from our Continent this morning.
In such a gathering of bankers, I cannot find a more relevant subject to speak on than "Regulatory Challenges in a Fast Evolving Banking System". As you must be aware, regulators have been challenged by episodic currency crises, debt crises, banking crises and financial crises in general over the past few decades. Let me begin with an analogy drawn from history.
For centuries, nation states were meant to be sovereign in their territory. Authorities from outside had virtually no role in a nation's domestic affairs. Sovereignty was sustained through a system of borders, armies, guards, gates and guns. Mobility of people in and out of the country was controlled. Movements of goods and services across countries were controlled through customs and structures established for the purpose. We have lost that kind of sovereignty today. It's an online world. Bits and bytes flow freely across borders without restrictions. Compare a bank robbery decades ago with the infamous 1994 Internet bank robbery carried out by a single person from his apartment in St Petersburg, Russia. That person was accused of hacking the bank accounts of the corporate customers of a large US bank. He had left no fingerprints, no DNA evidence at all, no trace whatsoever. Just a mouse and a keyboard did the job. Which country had jurisdiction over the case? Is it the US where most of the victims lived or Russia from where the crime was allegedly committed? We still have the physical borders as in the past. Yet, we have to do with a borderless world in our profession. Many of the barriers of the earlier world have been dismantled. One can imagine the formidable challenges that regulatory authorities world over are faced with.
In the post-Bretton Woods system era, the banking and finance industry has innovated considerably and is technologically mutating. The ubiquitous manifestations of a new banking reality have been with us for quite some time now. Throughout the world, the banking sector has undergone game-changing transformations, both in coverage and scope. Some changes, propelled by the forces of de-regulation in the 1980s, were revolutionary and some are driven by regulatory overhauls triggered by episodic financial meltdowns in some of the world's major economic hotspots. Quite some radical innovations have been prompted by the inexorable inroads made by digital and other technological breakthroughs into banking activities. Our financial industries in Africa have certainly not been impervious to the game-changing transformations.This is an area where Africa has conspicuously not played absent.
The paradigmatic changes that have swept the world's financial landscape have engendered compelling forces requiring regulatory authorities to construct new regulatory structures and to come up with new regulatory and supervisory toolkits. The transformations have been so fast that even the toolkits have had to be updated again and again as evidenced by the Basel I followed by Basel II and further followed by Basel III. Central banks that fail to appreciate the importance of adapting their regulatory and supervisory toolkits in line with the new exigencies of the banking business have often been left to repair the financial and reputational damages they suffered in the aftermath of some form of financial crisis.
Topping the list of central banks' preoccupations about regulatory and supervisory implications of banking sector transmutations are the following:
i. financial engineering and complex risk transfer mechanism,
ii. complexity and opacity resulting from banks operating under the aegis of banking groups or conglomerates,
iii. the role of financial technology in morphing the nature of the banking business, and
iv. enhanced macroeconomic sensitivity of banking activities.
Each of the aforesaid developments creates opportunities as well as threats to banks. It becomes imperative for discerning central banks to develop the required foresight to protect the banking system with the right suite of toolkits - such as robust risk-based supervisory and stress testing frameworks. Before outlining what we, at the Bank of Mauritius, have been doing in these areas, let me elaborate each of these elements in some finer details.
Financial engineering and complexity
The 2008 financial crisis demonstrated, in no ambivalent terms, that the range and scope of the banking business has become unprecedentedly multi-faceted and highly complex. Partly driven by a desire to exploit regulatory loopholes across borders, banks had increasingly engaged in networks of overlapping contractual claims with other financial institutions domestically or abroad. A poignant reminder of this is the repeal of the Glass-Steagall Act in the US in 1999 that coaxed banks to indulge into non-bank activities, including investment banking and insurance.
The incursion of banks into financial market activities, including concocting financially engineered products, constituted one aspect of the new banking order that gave awful headache to regulators. Opacity in many of banks' activities - including creation of off-balance sheet Special Purpose Vehicles (SPVs) - and the addition of collateralized obligation terminologies had mushroomed and escaped scrutiny by regulators worldwide. I believe, as bankers, you know as much as I do in this area. The urgency of building international rules as a firewall against banks' mounting risk-taking appetite and of developing supervisory capacity to assess, detect, pre-empt, and monitor such behaviour rapidly became the cause for concern to central bankers and regulators. In the years that immediately followed the 2008 financial crisis, concrete actions finally superseded rhetoric and the new Basel rules were developed.
Cross-border expansion and affiliates of Holdings
In the wake of the fall of barriers between countries, banks have been quick at tapping into the enormous opportunities offered by cross-border banking. As you must be aware, cross-border banking activities within the African continent have intensified. The challenges posed by this development are more daunting than it used to be in the past. The lack of proper regulatory oversight of many bank holding groups on the continent is often inimical to consolidated supervision. While many of cross-border operations take the shape of separately capitalised subsidiaries, the issue of contagious transmission of a crisis from the subsidiary to the parent bank is not completely suppressed. Consolidated supervision is important for proper risk assessment of banks expanding across borders, either through subsidiaries or branches.
In a world fraught with risks it's imperative to have a framework for ensuring effective coordination with host countries through properly defined Memoranda-of-Understanding (MOUs). The Bank of Mauritius has signed MOUs with seven domestic authorities and with thirteen overseas regulators where local banks conduct business. More than MoUs, what we need to do in Africa is to have appropriately designed regional regulatory structures. In my personal opinion, this would be a bold attempt and an effective way forward that our regional and pan-African political and other official organisations need to take on board aggressively. I would urge you to give a push to this idea because, after all, risks are clear and present and increasingly so. I cannot help mentioning that one of the biggest challenges is to have an effective and efficient crisis resolution framework - one that duly takes into account rules, laws and by-laws of the home-host countries.
Enhanced macroeconomic sensitivity
The nexus between the macro-economy and the banking sector has become more intricate and intensively inter-twined. Banks lend to sectors whose performances are linked to overall economic activity (e.g., construction, trade, manufacturing, tourism, GBC etc). For instance, the relatively high degree of euro-centricity of the Mauritian economy makes it vulnerable to a protracted period of slower growth in Europe and to the vicissitudes of any shocks that are peculiar to Europe. As a result, tourism and trade, as well as FDI, could all take a hit, should a shock materialise in Europe (e.g., fallouts of Brexit or European banking crisis).
Similarly, geopolitical events affect international commodity prices and consequently influence domestic inflation and the exchange rate. Such a setback can spark off worries for banks that have lent to economic sectors for which the exchange rate, for instance, is a critical element. Indeed, while micro-surveillance of the banking system remains essential, it needs to be topped up by macro-surveillance mechanisms, including macro-prudential policy measures, aimed at reinforcing the battery of defence mechanisms available to central banks.
Economic convention has often stressed on the impact of banks on the macro-economy as the 'financial accelerator' which creates financial cycles that may not be in sync with traditional business cycles. On the other hand, macroeconomic measures (e.g., interest rate policy) may create new avenues for financial fragility, including the so-called 'risk channel' of monetary policy. Central banks have given attention to the relationships between monetary policy and financial stability and have frontloaded this interface in designing monetary and financial policies.
Initiatives taken by the Bank of Mauritius
The Bank of Mauritius has, over time, deployed an array of stringent prudential and regulatory rules, leveraging its supervisory capabilities, to protect the banking sector and consolidate the reputation of the Mauritian jurisdiction. At an early stage in the post 2008 financial crisis, the Bank of Mauritius was mindful of the importance of aligning its capital regulatory toolkit with international best practices. The Bank of Mauritius phased in the Basel III capital requirements, the regulatory framework for Domestic Systemically Important Banks and macro-prudential measures in 2014.
Not only do Basel III standards contain dampeners that stymie excessive risk-taking behaviour by banks, but it also carries a sound macro-prudential overlay in the form of capital conservation buffers and countercyclical capital buffers.
Our supervisory capacity is currently being reinforced to embrace a more risk-based approach. Going forward, our levers for conducting supervisory work will carry more risk-sensitive elements. Macro-prudential measures are helping to contain excessive risk-building among banks and borrowers, with limits on the loan-to-value ratio and debt-to-income ratio, and higher portfolio provisioning risk weights for certain categories of exposures. These measures coalesce to cement the resilience of banks.
The importance of addressing the systemic importance of banks in funding activities of groups to which they belong, had been flagged in the aftermath of the East Asian crisis of 1997. The so-called Korean 'Chaebols' or Japanese 'Keiretsus', generic terms to describe complex systems of conglomerates with interlocking contractual arrangements and shareholdings, were brought to the limelight in view of the profligacy displayed by some banks in lending to these groups in the absence of prudential regulation and supervision in these countries. More recently, in Mauritius, we witnessed an event that was reminiscent of the Chaebol-Keiretsu saga: the demise of the BAI group in April 2015, amid unbecoming practices by the group's flagship bank, the defunct Bramer Banking Corporation Limited, which also served as the group's pivotal purveyors of funding.
The Bank more determined than ever to end such malfeasance. In September 2016, a number of amendments were brought to the Banking Act 2004 and Bank of Mauritius Act 2004 to empower the Bank of Mauritius to discharge effective conglomerate and consolidated supervision. The Bank of Mauritius is now empowered to request information from any financial entity with a view to conducting in-depth analysis for financial stability purposes. Further initiatives are in the process of implementation to enhance consolidated and conglomerate supervision.
In recent years, the Bank of Mauritius has made great strides in enhancing its prudential guidelines with updated regulatory elements in line with international best practices. For financial stability purposes, the Bank of Mauritius came up with a guideline for dealing with systemically important banks in 2014. Five banks have been identified as being systemically important on the basis of a number of metrics, namely size, interconnectedness, exposure to large groups, complexity and substitutability. These banks are now required to maintain a capital surcharge ranging from 1.0 to 2.5 per cent for their systemic importance, effective 1 January 2016. The surcharge will have to be met over a four-year period. Liquidity requirements under Basel III are in the process of being applied in Mauritius. The draft guideline on Liquidity Coverage Ratio (LCR) has already been released to the banking industry for consultation and will be issued to the industry this year.
The credibility of a financial jurisdiction depends on a host of factors such as the regulatory regime, reporting systems of licensees, transparency, disclosure standards, and accountability. Malfeasance practices can easily undermine confidence in such a manner that it can shatter a jurisdiction's reputation. Promoting transparency and fortifying the anti-corruption toolkit are mandates of central banks keen to preserve the integrity of the banking sector. Indeed, robust anti-money laundering rules and managing risks associated with politically exposed persons are important elements of a sound regulatory regime. These are usually topped up by a robust system of corporate governance and by measures designed to stimulate a culture of integrity in banks. The Bank of Mauritius has travelled a long way in the endeavour to combat money laundering. We have aligned our AML/CFT and our corporate governance guidelines with international best practices. Since 2016, the Bank has established a dedicated team to monitor AML/CFT issues and it will shortly start conducting specialised on-site inspection of financial institutions.
Against a backdrop of heightened risks associated with an increasingly challenging environment, the Bank of Mauritius has established a distinct financial stability division with the aim of conducting macro-based surveillance, macro-prudential policies, and carrying out micro as well as macro-based stress testing of banks. The stress testing framework is assisting the Bank of Mauritius to assess whether individual banks and the banking system as a whole is adequately capitalized to withstand shocks. Results from the Bank's stress testing model indicate that the Mauritian banking system as a whole is relatively robust to credit losses resulting from macroeconomic shocks.
The Bank has also embarked on the following main projects aimed at containing build-up of vulnerabilities and at enhancing resilience of the financial system:
i. a complete review of the banking legislation and the inclusion of a crisis management and resolution framework within the revamped legislation;
ii. a deposit insurance scheme;
iii. the setting up of an Asset Management Company to strengthen the balance sheet of banks, and
iv. a national payments system legislation.
At the start of this address, I referred to cyber-risks. The more banks, like individuals, are plugged to the global information grid, the more vulnerable they become to criminals familiar with the underlying technologies. When everything is connected, everyone is vulnerable. The cyber underworld is not short of people conversant with the art and craft of digital criminality. The financial sector is an appealing target for cybercriminals, the more so given that they can access the core systems of financial institutions even from far removed places in the world. Payment systems are increasingly relying on sophisticated IT platforms for clearing and settlements. Systemic risks are very much present, with potential loss of confidence of the public at large should anything go wrong with the payment systems. These risks do pose a genuine threat to the very foundation of a financial institution and to financial stability in general. Regulatory and supervisory authorities worldwide have taken measures to address cyber risks. But they are never adequate. The digital underworld is an ever growing threat to financial stability. Prevention of cyber-attacks is a constant challenge for both the bankers and the regulatory authorities.
Ladies and Gentlemen, no matter how elaborate, effective and comprehensive our regulatory and supervisory firepower will be, there will always be some element of residual risk that will defy our endeavours to contain them.
The Mauritius Commercial Bank Ltd hosts events elegantly. I am sure you will be pampered amply by the bank's proverbial hospitality. I wish you all a pleasant and memorable stay with us.
Thank you for your attention.