Address by Deputy Governor Matthew Elderfield, to the ACCA, PRISM - Risk based supervision in Ireland 01 December 2011 Speech Introduction Good evening ladies and gentlemen. I would like to thank ACCA Ireland for inviting me to speak to your members and guests and to compliment ACCA on its continuing drive to ensure its members are well briefed on matters relating to the accountancy profession. It is very encouraging to see such a large audience here this evening interested in hearing about the Central Bank’s new risk-based approach to supervision. This evening I will tell you about PRISM – our name for our new risk based supervisory framework. First, I will explain why we have decided to adopt this system of supervision, then I will set out how it will work and what it will mean in terms of our interaction with supervised firms and, after that, there will be an opportunity for you to ask questions. PRISM: Why? We can all see for ourselves the very significant costs and other consequences of past financial and regulatory failures both domestically and internationally. For Ireland it has meant the need for an €85 billion assistance programme from the EU/IMF and difficult cost savings, cutbacks and other measures to restructure the public finances. We have had multiple credit rating downgrades with their knock-on impacts on the banking sector and the International Financial Services Centre. The banking sector has been recapitalised at a cost to taxpayers of some €63 billion, the entire domestic banking sector is either in full or partial State ownership and is engaged in major deleveraging or, in some cases, wind down. There is significant stress on the credit union sector. We have had the failure of one major domestic insurance company, and a major IFSC banking subsidiary and significant reputational damage to Ireland, including the IFSC. I could go on at length – but you all know this story very well. Internationally we have seen similar failures and in every case, and certainly in Ireland, supervisors relied too much on the market and on firms’ directors to ensure that their firms had sound and robust business models. In many cases, the markets and boards failed to deliver that, leaving taxpayers to pick up the pieces because the costs of a disorderly collapse by a major institution were higher than the cost of bailing out an institution. Our recent history proves that the consequences of market failures can be severe. Many hope that reinvigorated financial services regulation can provide at least a partial antidote to the adverse consequences of unfettered markets. But it has to be the right sort of regulation. Patrick Honohan summarised past problems acutely when he said, “..the style of supervision adopted did not generate the most relevant or useful information to anything near the extent required. By relying excessively on a regulatory philosophy that emphasises process over outcomes, supervisory practice focused on verifying governance and risk management models rather than attempting an independent assessment of risk, whether on a line-by-line or whole-of-institution basis. This approach involved a degree of complacency about the likely performance of well-governed banks that proved unwarranted.” It is in the light of these failings that we have to strengthen supervision. Market failures can happen in many different ways and have many different consequences. We cannot avoid all failures but we can prioritise our supervision so as to protect against the potential failures that would have the most severe consequences. We believe, against the backdrop of the problems of both firms and regulators in the recent past, that PRISM offers an important step forward towards more challenging and outcome focused supervision: that is supervision where real problems are identified earlier and where serious efforts are made to mitigate them before the problems morph into crises. It should help us deploy our finite means to deliver better ends. Introducing PRISM Over the early part of this year much attention was paid to the bank recapitalisation exercise carried out by the Central Bank. That was about resolving past failings and putting our banks on more stable footing, to ensure they were sufficiently capitalised to deal with the consequences of the financial and economic crisis. It was about dealing with issues which had, in the jargon, crystallised. While that was happening, we were also busy developing a system of supervision aimed at providing better protection for the taxpayer and the financial system against such significant losses and costs in the future. In an ideal world, a financial regulator would identify and deal promptly with issues at major firms – issues which had a significant chance of causing losses to taxpayers. In that ideal world, the regulator would deal with these issues before they crystallised, that is to say, early enough to avoid the losses actually happening. To be able to do this, the regulator needs to be forward looking and to build a good understanding of these key firms, the quality of their governance and the robustness of their business models. But the world is not ideal and as a result we must accept some degree of failure in our population of regulated entities. The question is - which failures are more tolerable to the Irish public given the resources of the Central Bank? What I want to explain this evening is how the Central Bank is now building this system of supervision and how we are changing the way we supervise firms to ensure that we are better equipped to spot problems before they become crises, to allow us to be on the front foot more often when dealing with our highest impact firms so that we can intervene early and effectively to resolve problems and prevent crises. The reforms we are introducing centre on our new risk based supervision framework – PRISM which stands for the Probability Risk and Impact SysteM. I will explain how the PRISM framework operates in due course but perhaps it is helpful to start by explaining why we have chosen to adopt a risk based supervision system. Why Risk Based Supervision Fundamentally we need risk based supervision because we have to make sure we deal adequately with the main risks to financial stability and consumers posed by our regulated financial firms. If we were to simply divide our front line supervisors evenly between the 10,000 plus firms we regulate, we would not be able to do very much proactive work at all and we would certainly not have enough resources to understand our major firms well. One alternative would be to recruit more supervisors. So, let me pause here for a moment to update you on our staff resources at the Central Bank. By the end of the year we hope to be near to our increased regulatory staff complement of 714, up from 531 at the end of 2010 and 385 at the end of 2009. This significant increase in staff numbers together with internal restructuring is necessary to ensure we can operate effectively and efficiently. Next year our headcount will remain flat – after such growth it now makes sense to pause and consolidate. Our benchmarking shows that while we may still be a little behind our peers relative to the size of our financial services sector, we have closed much of the gap and now have a reasonable level of resources in light of our current responsibilities. It is also helpful to pause at this stage to see whether our initial calibration of the resources required to operate the new PRISM supervisory framework is adequate and to focus our efforts on efficiency and process improvement. What does this mean for the supervisory levy on regulated firms? Next year will see the full year costs of our new resource levels feed into the levy while intensifying our enforcement effort will drive up our legal costs in the short term as we ramp up to take on the big cases. But going forward, cost increases should moderate. And our up-front investment in enforcement has a significant potential return in the form of lower future costs as we hope to win back our legal costs and also recoup costs from penalties. To make good use of our budget, we need to target the energy and expertise of our supervisors to where they will make the greatest difference. Targeting entails accepting that not all firms are equal, dividing them on the basis of their ability to have an impact on financial stability and the consumer, and then allocating scarce supervisory resources accordingly. It is also about making sure that we assess the real risks which different firms present in a consistent manner. It is about making sure that we put our energy into actually resolving unacceptable risks rather than merely analysing firms to understand their processes. We need to do these things, and to make sure that we quality assure our output, if we are to be successful in materially reducing the risks to financial stability and to the consumer posed by the firms we regulate. How are we assessing impact and what is our risk appetite? Impact is one of the core building blocks of a risk based system of supervision. You will recall that we consulted publicly between December last year and February this year about how we should assess the impact of different types of firms. Various individuals, industry bodies and firms responded to that consultation with their suggestions. Based on those responses and on the views of experts from within the Central Bank, we developed a number of quantitative impact metrics. We then combined these metrics together to provide us with an empirically-driven score for each firm. This score, we believe, approximates to the importance of a firm in terms of its ability, were it to experience problems, to adversely affect the Irish economy, the public finances and ultimately taxpayers. We used these impact scores to divide our firms into four categories – low impact, medium-low impact, medium-high impact and high impact. We are now allocating our supervisory resources on the basis of these impact categorisations. There is also a small sub-set of high impact firms which we call ultra-high impact, principally the domestic banks and largest insurance firms. We have different risk tolerance to failure for firms in different impact categories. Our risk tolerance is highest for low impact firms while, for obvious reasons, we have a very low tolerance to failure in the highest impact firms. We are prepared - no - more than that - we expect some low impact firms to fail each year. I will return to the subject of the supervision of low impact firms in more detail later. For the moment I want to stress that we require all low impact firms to comply with the appropriate prudential and consumer regulations just as much as we require our higher impact firms to comply with such regulations - but we accept that, in any market economy, firms will be created and they will fail for a whole variety of reasons. When they fail, we will work to ensure that the rights of customers are appropriately protected according to the law, supported by the extensive retail consumer protection framework in Ireland. We will also work to ensure appropriate cancellation of permissions and winding up in accordance with insolvency regulation. As you would expect our risk appetite for such failure in our highest impact firms is markedly less. We do not expect these firms to fail regularly and, when it appears that it is possible they are at risk or may fail, you will find us working pro-actively to mitigate the risks. We will work to ensure that, if there is to be failure, that it is not disorderly and that there is no requirement for taxpayer support to preserve financial stability. How we will implement our risk appetite? The first stage in implementing our risk appetite is through investigating and challenging the firms we regulate. We are deploying a set of engagement tasks which are designed to help us understand the firms better and to put us in a place where we can effectively unearth and discuss the key issues with a firms’ leadership team, with a view to achieving swift and effective mitigation where necessary. To make this approach plausible, we have been investing in practical training for supervisors to help them conduct high quality qualitative and quantitative evaluations of firms. We have also recruited a considerable number of staff with deep industry knowledge and we will continue to invest in training all our supervisory teams. As supervisors provide us with feedback on different aspects of different PRISM engagement tasks we will be able to commission further training to enhance specific skills – thereby further improving performance. This year, for example, we have commissioned focused business model training for some supervisors, to ensure they have the requisite skills to evaluate, working with our specialist business model analytics team, the strengths and weaknesses of firms’ strategies. This means that firms can expect their engagements with our supervisors to be demanding. I am asking our supervisors to ask firms difficult questions, to be sceptical, to challenge established truths and to not necessarily take the first answer they are given. I wish them to be assertive. Assertive does not mean rude or aggressive – it is perfectly possible, indeed it is highly desirable, to be both polite and challenging. That said, I will support our supervisors in being robust where they need to be robust in the face of obfuscation where this arises. But I would hope many firms will find their conversations with our supervisors stimulating, helpful and thought provoking. We are all familiar with poor consultants; he or she may tell you what you want to hear as they believe that will be how they are engaged for further work. Our supervisors should not be consultants. They can and should differ with both firm’s management and consultants hired by the firm. Their career prospects depend not on being agreeable to a firm but on being able and prepared to engage in sometimes unpalatable but always necessary conversations and analysis. This challenge by supervisors will occur during the PRISM engagement tasks. These engagement tasks will vary according to the impact category of the firm. High impact firms can expect to receive an inspection visit every quarter with each visit having a different focus – for example governance, business model, credit risk, operational risk, underwriting risk or liquidity risk. Some of these inspection visits will be tailored to the type of firm being examined – underwriting risk is classically important for an insurer whilst liquidity risk is invariably important for a bank. Medium-high impact firms and select medium-low impact firms will receive regular full risk assessments which will look at a full spectrum of risks at a high level with in-depth analysis of key problem areas. We will hold regular meetings with the senior management and directors of all high to medium-low impact firms to ensure that we have an up-to-date understanding of where the firms are going and what risks they face. A key point is that a number of our engagement tasks or tools will be forward looking. We are determined to avoid those unfortunate accidents which tend to occur when trying to drive using only the rear view mirror. Stress tests explicitly model possible adverse future scenarios so that management and regulators are aware of what might happen to a firm were a plausible but severe macro-economic scenario to become reality. Understanding business models and strategic plans can help the regulator to understand how the firm is evolving, what the competitive threats to its key products are and how the firm’s risk profile is likely to evolve as the strategy is implemented. Finally, the focus we are putting on corporate governance is important. The structure of your board and board committees does not, of course, help predict the future. But the calibre, skills and experience of key members of the leadership team will provide us with some assurance that in this important area skilled managers within the firm and non-executives directors are actively digesting issues, challenging one another and continually assessing the business model as the firms make key decisions, react to events and plan future growth. Judging Engaging with and challenging firms to acquire information only gets you so far as a regulator. Having challenged firms and acquired the data - both quantitative and qualitative - the PRISM application provides the supervisor with a structured way to assess credit risk, market risk, operational risk, insurance risk, liquidity risk, capital risk, governance risk, business model risk, environmental risk and conduct risk. Every supervisor will - assisted by general and sector specific guidance - be asked to make structured judgements as to how probable it is that a risk at a firm will cause that firm to fail. They will all make judgements using the same qualitative risk scale against the same probability risk categories I have just listed. Our supervisors will make systematic judgements on different risk categories to build up an overall risk profile of the firm. The PRISM system will guide each supervisor but it will not tell them the answers. The PRISM application contains a lot of quantitative data, drawn from the financial returns which regulated firms submit to us. This data is analysed by PRISM to provide supervisors with a set of key risk indicators and standardised peer group comparators to help them make appropriate judgements. The application will even send the supervisor an alert when new data is submitted which appears to indicate that something significant has changed at a firm. Nevertheless, the system will merely assist the supervisor – it isn’t a black box. Instead, what we have built helps the supervisor work the answer out for him or herself. We have built a system which helps, encourages and trusts supervisors to do good-quality analysis of the risks a firm faces. We have also put in place a number of quality control mechanisms internally - to help ensure that we make the right risk judgements. First and foremost, we have sought to achieve greater consistency in the approach of supervisors through the use of risk governance panels. For example, under the PRISM framework, when a medium-high or medium-low impact firm has been subject to a full risk assessment – a comprehensive inspection visit if you prefer that language – the supervisory team will return to the Central Bank and use PRISM to write up the findings of their visit and to make structured judgements about the risk profile of the firm. They will then present their evaluation and proposed next steps to a risk governance panel. These panels consist of senior staff drawn from across the Central Bank. They offer their expertise to the front line supervisors, debating, discussing and challenging their findings and bringing wider expertise and perspectives to the table. Classically, a high impact firm panel would be chaired by a director, assisted by a risk advisor, a conduct specialist, the supervision team’s head of division and an independent head of division as well as senior representatives from the risk and financial stability divisions. Sometimes an issue will arise outside of the cycle of major engagement tasks for a firm. In this instance the supervisor may develop a plan to deal with the risk but, here again, he or she will need to get sign off from an appropriately senior manager within the supervisory division before action is required from the firm. That manager will challenge the supervisor and will only let mitigation actions be set for a firm when he or she is content that they are sound and appropriate. In practice, whilst our quality control mechanisms are becoming well established, there will be adjustments on both sides - between regulators and regulated firms – as our regulators refine their approach. I’d welcome a little patience from those we regulate when we start sharing our judgements with firms as we inform them of the steps we think they should be taking to mitigate the risks we judge to be too great. Mitigating unacceptable risk As well as being a tool to help supervisors form judgements, the PRISM application also assists the supervisor in formulating and tracking risk mitigation programme actions designed to reduce risks at firms to an acceptable level. The system requires the supervisor to set out clearly what is the issue which gives rise to the concern. It then requires him or her to set down the outcome they wish to see before inviting the supervisor to formulate an action or series of actions which are likely to lead to the issue being mitigated in a way which achieves the desired outcome. Risk mitigation programme actions are not new but the way in which PRISM helps a supervisor to formulate them is designed to ensure that we put the outcomes - the financial stability and consumer protection - we seek on behalf of the public, at the forefront of our risk mitigation thinking. A further quality control mechanism built into the PRISM framework is giving firms a chance to comment on draft Risk Mitigation Programmes. Once Risk Mitigation Programmes are written using the PRISM application, we plan to share them with firms in draft form, giving each firm ten working days to highlight factual inaccuracies, and, if it wishes, to propose alternative actions to mitigate unacceptable risks. Our plans to share drafts and listen to alternative risk mitigation suggestions are conditional on industry interacting appropriately. We do not plan to soften our risk mitigation in response to feedback from firms that they are too demanding or too difficult. We are introducing the sharing of draft Risk Mitigation Programmes on the basis that firms will react to them in an intelligent fashion, letting us know promptly when an issue is inaccurate but not seeking to deflect us from our desired outcome. The final judgement on what must be done to mitigate unacceptable risks to financial stability and the consumer will remain with Central Bank supervisors. I believe in constructive dialogue and I believe in giving firms the chance to say how the outcomes we seek can be delivered in a better or more efficient way. I also don’t believe that we are ever going to get every issue and every action right first time – hence my desire to trial this interaction with firms to help us quality assure our risk mitigation programmes. I’d urge all firms to use this opportunity wisely. I should say, for the record, that we won’t invariably give all firms the opportunity to review draft risk migration actions. We will, on occasion, simply send firms final Risk Mitigation Programmes - sometimes matters are urgent and the facts are clear - and we will always seek to act with the requisite speed whenever circumstances demand it. The risk mitigation programme having passed through our internal quality control procedures will be issued in final form to a firm. The PRISM application will then track progress with Risk Mitigation Programme actions until they are complete. It will send the supervisor alerts as actions by the firm become due. It will also prompt the supervisor to assess and rerate the riskiness of the firm following the completion of the Risk Mitigation programme action. If the supervisor judges that the way in which a firm has effected an Risk Mitigation action has not resulted in the risk being reduced to an acceptable level, he or she will write a replacement Programme, requiring further action by the firm or, perhaps, requiring a third party or a specialist team from within the Central Bank to take action. Wilful non-compliance with Risk Mitigation Programme will be taken seriously with enforcement action being considered in instances where it is apparent that failure to comply with a Risk Mitigation Programme has left a firm in breach of a regulation or law. Spotting trends and tracking risks One advantage of supervisors using an integrated system to challenge firms, judge risk and mitigate unacceptable risk is that, over the course of time, the Central Bank will assemble a powerful quantitative and qualitative database about the riskiness and behaviour of firms. The senior leadership of the Central Bank will be able to review management information on evolving risks across sectors and sub-sectors, enabling us to consider whether a policy or enforcement response might be appropriate, alongside the firm centric work of individual supervisors. We will also be able to track which firms are habitually non-compliant in terms of working with us in a timely manner to mitigate key risks and take appropriate action. As a Central Bank we have Management Information already but PRISM will offer us a new dimension by cutting newly aggregated data in fresh ways, enabling us to monitor emerging risks in different sectors much more easily. Clarity and Consistency for Regulated Firms As you’d expect, I’ve focused for much of this speech on the benefits which PRISM will deliver in terms of financial stability and consumer protection but, moving to risk based supervision offers real benefits for firms, particularly for firms with sound business models. Let me explain what I mean: Firstly, PRISM creates a common framework for Central Bank supervision of financial firms. In doing so it should help us achieve consistent supervisory interaction with equivalent firms. Concerns around inconsistency between firms have been raised with me in the past; I hope firms and trade bodies will find PRISM helps address those concerns. Secondly, PRISM will allow us to see patterns across the different sectors within financial services much more easily, allowing senior management to obtain a real time overview of where supervisors perceive most risks to be. PRISM will allow us to see the sectors in which new risks are emerging and to take actions focused on the characteristics of that sector or sub-sector. This will materially reduce the likelihood – and I know some in industry perceive this to be a potential risk – that funds are treated like insurers and insurers like domestic banks. Thirdly, PRISM will be proportionate. It is a firm-centric approach which will mean that the actions are tailored to the firm in question, with the sharing of risk ratings and the risk mitigation programme giving each firm clarity around our individually tailored supervisory agenda and depending on the firm’s impact rating to us. Of course, none of the above means that firms will necessarily like what we say any more than they have done in the recent past. PRISM means that individual firms can expect us to be consistently challenging and assertive when we judge there to be risks to financial stability and consumers which require mitigation. Don’t be too thin skinned about this. Some in industry would doubtless like us to revert to pre-crisis approaches to regulation but I’d suggest that - rather than railing against what is in fact a new global supervisory approach - they work with us to adapt to the new reality. Timing Shaping the way an organisation operates takes time. We have already been using some aspects of the PRISM framework, such as risk governance panels and an increased focus on challenge and risk mitigation for many months. That said, today marks the formal launch of our new PRISM framework for supervision. We switched on the PRISM application which supports the framework last week and we will be applying it to banks and insurers from now onwards. We will develop the application further and roll it out to investment firms and credit unions in May next year and there will be more development in the later part of next year to ensure that PRISM can help supervisors undertaking focused thematic inspection work across a significant number of firms. We plan for it to evolve as supervisory requirements evolve and we will be developing the framework and application to, for example, incorporate key Solvency II supervisory activities and metrics at an appropriate juncture. Supervising low impact firms So far this evening I’ve focused mainly on how PRISM is going to help us supervise the high to medium-low impact firms where we have some capacity to undertake proactive work focused on individual firms. As I promised at the beginning of this speech, I would now like to return to low impact firms, to set out how we are going to deal with these firms going forward. I appreciate that it’s all too easy to think they will, in some sense, be neglected. I can assure you they won’t. We are all too aware that low impact entities such as, for example, retail intermediaries, can also cause consumer detriment through overcharging, mis-selling and poor systems and controls. There will be a different approach to low impact firms but they will not fly beneath our radar and will not have an easier time. We plan to monitor the financial aspects of these firms through semi-automatic reviews of their on-line returns as our technology infrastructure evolves. Our on-line returns programme, when combined with PRISM key risk indicators drawn from those returns and PRISM reporting functionality, is helping us advance rapidly down the automation route. We will box smarter through greater use of technology and make sure that the supervisory teams overseeing low impact firms are resourced to do focused thematic work, carefully targeted at higher risk areas, taking action when problems are identified. While we won’t be doing regular face-to-face meetings with every low impact firm, that doesn’t mean we won’t be watching them and that we can’t follow up when we discover wrongdoing. We may, on occasion, conduct spot-check inspections of low impact firms. We use themed inspections of regulated financial service providers to ensure that firms are meeting appropriate standards in terms of market conduct, consumer protection and financial crime controls, such anti-money laundering. So far this year, our Consumer Protection Directorate has carried out some 77 inspections over eight themes, including an inspection on product design and selling, on openness and transparency and on current account switching. Over the last 18 months, the Central Bank has targeted over a dozen investment firms and subjected them to a heightened level of prudential supervision. In some cases, this work has been augmented by themed inspections on consumer protection matters. In almost all cases, issues were identified requiring outcome focused mitigating actions ranging from improved governance arrangements to revocation of authorisation. Themed inspections will continue to be an important supervisory tool, and going forward, we will publish our intended thematic work plan. A themed inspection focuses on a specific topic rather than on a range of topics and is usually carried out on a number of relevant regulated firms or on firms that represent a significant proportion of market share - in line with our risk-based approach. Themes and firms for inspection are selected based on our market intelligence from a range of sources, including issues noted during on-going supervision, complaints received and referrals from the Financial Services Ombudsman. Following the themed inspection, we issue an information release and a letter to all firms for whom the theme is relevant - regardless of whether they were inspected. This letter sets out the issues and concerns identified through the inspection and asks firms to consider these findings fully in terms of their own compliance with statutory requirements. Its aim is to raise standards of behaviour by giving feedback to the individual firms and the market as a whole. Where specific issues have been raised with an inspected firm, these will be included in the letter to that firm. Where a themed inspection identifies serious non-compliance, the weakest firms we have inspected will be referred to our Enforcement Directorate. Our major on-going thematic exercise for the next year will be on mortgage arrears. This particular exercise is unlike anything we have done on themes in the past because it will be on-going and will involve reviewing multiple work-streams. For our supervisory framework for low impact firms to work, it is important that there are strong safety nets in place to protect consumers in the event of the failure of a low impact entity including the Deposit Guarantee Scheme, the Investor Compensation Company (ICCL), the insurance compensation scheme and client asset rules. Client asset rules are important because even if an investment firm fails, they ensure that client assets would be secure. The recent Custom House Capital case is a stark and timely reminder of the importance of having an effective supervisory framework for client assets. Looking overseas, the case of MF Global appears to demonstrate this issue on a much bigger scale. Arising out of our concern following the Custom House Capital case - concern that large scale abuse of client funds could continue undetected by audit reports and our own and third party reviews - we have commissioned a Client Asset Review. Led by two of the Central Bank's Risk Advisers this review, which is due to report early in the New Year, will make recommendations to strengthen the current audit, supervisory and regulatory framework. This review is examining the scope of the current regime, the Central Bank’s current supervisory approach, the adequacy of the existing arrangements and guidelines for independent client asset audits, the potential for the use of “skilled persons” reports, and the sufficiency of the current rules and regulations that are in place for client asset protection taking account of forthcoming changes to the MiFID and UCITS directives. We want to make sure that we have the right technical skills available to do appropriate work on client money security. But I must caution that no amount of skilled supervision or enhanced audit can absolutely guarantee that determined and deliberately concealed efforts to misuse client funds can be prevented in the future. It is important to acknowledge that. Enforcement Enforcement action is very important in the client asset area. The Central Bank has sought powers in the forthcoming Central Bank (Supervision and Enforcement) Bill to allow investment firms be put into administration so that investors interests can be protected. As I said earlier, themed investigations will be a source of enforcement action. And we are gearing up for enforcement action where required on low impact firms – we see enforcement action having a powerful deterrent effect on other low impact firms. In our Enforcement Strategy we have set out the two broad categories for enforcement actions - pre-defined and reactive. Pre-defined enforcement derives from the work priorities of the Supervisory Divisions. We will announce our 2012 enforcement priorities early in the New Year. Reactive enforcement relates to the enforcement actions deriving from other sources of information and events, both internal and external. During 2011, we opened 32 enforcement case files with the vast majority of these in the reactive category. In 2011, our supervisory divisions identified 6 priority areas: governance and risk management; systems & controls; controls around charging issues; compliance with the Mortgage Arrears Code; compliance with client money requirements; and timeliness and accuracy of information received by the Central Bank from regulated entities. Six of the seven settlement agreements we have entered into so far this year have related to these pre-defined priorities. Over the same period we have taken reactive enforcement action in a single case which related to a breach of the MiFID suitability requirements by a spread trading firm. The Administrative Sanction Procedure cases concluded this year have resulted in monetary penalties totalling €1.59 million, 6 reprimands and the disqualification of two persons concerned in the management of a regulated entity for a period of three and a half years each. Over 2011 a number of our enforcement cases involved action against lower impact firms. We know that enforcement action can have a powerful deterrent effect on groups of low impact firms where we may not have a close supervisory relationship. We will also ensure that adequate enforcement resources are allocated to low impact firms to ensure that when our rules are breached, we have a capacity to take action, creating a credible deterrence. As I mentioned, we plan to announce our 2012 enforcement priorities early in the New Year at the same time as our thematic plan. Conclusion In summary, the PRISM framework will help us challenge ourselves and our firms in a constructive fashion. It will help us form consistent judgements about the risks firms pose to our objectives of financial stability and consumer protection and, having established what those risks are, it will help us formulate appropriate mitigation steps and monitor the success of that mitigation. We will work to ensure that we supervise all types of financial firm in an appropriate fashion but we will never be infallible – we cannot guard society against all risks. Our objective with the PRISM framework is to give ourselves the best chance to guard against the most severe threats to financial stability and consumers in the future. Thank you for your attention.