We are enhancing our approach to risk based supervision so that we allocate our resources to areas or firms which are higher risk.
We do not seek to eliminate risk completely, but to make the best use of our limited resources to proactively reduce risk to an acceptable level.
We also take an explicitly non-zero failure approach to regulation, meaning we do not seek to prevent every harm from occurring, choosing instead to allow greater flexibility for firms to operate freely, and in the best economic of Jersey as long as risks remain within tolerable levels.
In the course of letting firms operate freely, risks will crystalise that fall both within and outside our tolerance. When they occur our focus will be recovery, prevention of repetition, and action in respect of any regulatory breach.
Risks to what?
Any risk we identify in the financial services sector, or in the way we carry out our business, must be something that has the potential to impact on the Guiding Principles set out in the Financial Services (Jersey) Law 1998.
The risks we identify will be embedded at the heart of our risk-based methodology for supervision, and all our activities and reporting will be aligned to those risks.
To provide a common language for our dialogue with regulated businesses, and ensure a consistent and transparent view of the risks that both we and Industry have to manage, we have published our Risk Overview.
These are risks caused by the strategy, business model and structure of a regulated business, and are an inherent factor in the overall level of risk a firm may pose and are usually a result of the firm’s legitimate choices rather than a regulatory breach.
Example: A regulated business with a business model focused on higher risk jurisdiction will have a higher inherent risk than one that doesn't.
These are the risks that relate to a firms’ operations and arise from its people, policies, processes and systems. Although they can be a regulatory breach, are not always associated with any harm that can impact on the JFSC’s Guiding Principles.
Example: a firm may be in financial distress for some time, without any direct harm to its customers, and can eventually trade its way out of difficulty.
These are the risks that have a direct and negative impact, causing harm. They are the result of an individual or set of action(s) or omission(s) on the part of a firm, and will always impact on the guiding Principles.
Example: a firm loses or inadvertently discloses client data, which could cause financial loss or reputational damage to the customer or firm, and also damage the reputation of Jersey.
How we will assess these risks
We assess risk by the combination of impact (the potential harm that could be caused) and probability (the likelihood of a particular risk occurring).
In our risk-based approach, impact and probability are combined to give a measure of the overall risk posed to our guiding principles. We then compare this assessment to our appetite for risk and to prioritise and select the appropriate response.
We typically consider risk at an individual, entity and thematic level. In some cases, risks may already have occurred, meaning that we actually assess and respond to the consequences rather than the potential harm posed by a risk.
A key advantage to taking a risk-based approach is that it enables us to become much more proactive, identifying and tackling risks before they occur, rather than acting retrospectively once harm has arisen.
Consistent assessment, across the broad spectrum of risks that we monitor, is essential to ensure that our action is targeted proportionately at controlling the risks that we will not tolerate.
Our assessment takes into account both risks that have occurred and those that could potentially occur.