The regulatory dynamics affecting companies that run their businesses in sectors under the inspection and surveillance of a regulatory and supervisory authority, require an understanding of a multiplicity of rules of different levels and sources. Those rules, promoted by the different regulators, are aimed at ensuring that the businesses are developed with a high level of public interest in mind.
Specifically in the case of financial institutions, risk-based supervision models are being developed under a new regulatory approach that demands strong efforts at the operational level. It is not only the supervision of the solvency of private individuals that is a concern, but also their corporate governance and business conduct.
All of the above is based, not necessarily on prescriptive rules, but rather on general international principles and standards (ISO 19600, IAIS, BASEL, IOPS, IOSCO, OECD). Relevant adjustment to the particularities of each regulated subject allows a proportional application of the rules, considering factors such as ownership structure and the legal nature of the entity, the scope and complexity of its operations, the corporate strategy, the risk profile and the potential impact of its operations on third parties.
It is necessary to exercise sound practices that contribute to improving the management of the entity, and identify and manage the relevant risks. With this in mind, authority and responsibility are assigned to the board of directors and senior management, as regards the entities' business and substantive activities. These responsibilities include, among other things, defining the entity's strategy and objectives, protecting the interests of clients and other stakeholders, establishing a healthy corporate culture, defining functions and controls, and accountability.
Risk assessment is needed, focused on identifying material risk, which is the potential for loss for the entity, clients or stakeholders. This model requires a forward-looking analysis and an early intervention based on the understanding of drivers of material risk. This, in turn, involves deep knowledge of the business model (products, activities, strategies and risk appetite, and external environment) and an understanding of the differentiation between the risks inherent to the activities undertaken by the entity and its management of those risks (at operational and supervision levels). This risk assessment is continuous and dynamic so that changes in risk arising from the entity and its external environment can be identified early, to determine appropriate and timely corrective actions.