Monday, August 17, 2009

BaFin Adopts New Risk Management and Executive Compensation Regulations

In light of the financial crisis, and in reaction to the G-20 mandate, The German Federal Financial Supervisory Authority (BaFin) has adopted new regulations for risk management and executive compensation at banks and other financial institutions. The new risk management regualtions enhance stress testing, liquidity risk and oversight of risk concentrations. The executive compensation regulations are modelled on principles enunciated by the Financial Stability Board and endorsed by the G-20. The regulations apply to German financial institutions, including branches of German institutions abroad. BaFin Executive Director Sabine Lautenschlager said that the financial crisis has pointed to the utmost importance of financial institutions implementing effective operational risk management systems.

The firms must develop and document a strategy for group-wide risk management. BaFin also emphasized that risk management provides a basis for the proper exercise of the oversight functions of the supervisory board and demands the board’s appropriate involvement.

Firms will have the flexibity to develop risk management strategies appropriate for their business model. Management cannot delegate the implementation of effective risk management systems. Management should review the risk management strategy at least annually. More granularly, the adequay of the stress tests and their underlying assumptions should be reviwed at regular intervals, at least annually. The stress tests should focus on significant risks, including risk concentrations, and risks from off-balance sheet vehicles.

According to the BaFin regulations, adequate and effective risk management involves taking into account the risk-bearing capacity, in particular the definition of strategies and the establishment of internal control procedures consisting of internal control and internal audit. The internal control system includes rules on operational and organizational structure and procedures to identify, assess, monitor and communicate risks.

Risks are to be managed organizationally regardless of which unit caused the risks. Measuring the following risks is considered essential to an effective risk management system: default ris, market risk, liquidity risk, and operational risk. Risks associated with significant risk concentrations should also be considered. Firms should also consider risks arising from off-balance sheet vehicles, such as special purpose entities.

Noting that agressive compensation schemes with perverse short-term incentives contributed to the taking of excessive risks financial crisis. BaFin said that compensation must be designed so as to avoid incentives to enter into harmful disproportinately high risk positions. Financial institutions will now have to link variable compensation with the long-term success of the organization. If the variable compensation, such as a bonus, is not risk-based acceptable, there should be claw back.

The G-20 endorsed regulations ensuring that compensation structures are consistent with firms’ long-term goals and prudent risk taking. Specifically, firms' boards of directors and supervisory boards must play an active role in the design, operation, and evaluation of compensation schemes. Compensation, particularly bonuses, must properly reflect risk; and the timing and composition of payments must be sensitive to the time horizon of risks. Payments should not be finalized over short periods where risks are realized over long periods, said the communiqué, and firms must disclose comprehensive and timely information about compensation. Stakeholders, including shareholders, should be adequately informed on a timely basis on compensation policies in order to exercise effective monitoring. The inclusion of stakeholders in the communiqué portends a role for shareholder advisory votes on executive compensation.


.