Navigating Supervisory Challenges, Without Missing The Woods For The Trees

The Financial CHOICE Act, a bill proposed by Congressman Jeb Hensarling (R-Texas) that passed the House in 2017, sought to give banks the option to hold more capital in lieu of undergoing CAMELS evaluations and stress tests. This essentially means banks that can absorb their own financial risks through elevated capital cushions need not be heavily regulated. They can qualify for relief from virtually all other safety and soundness requirements. More skin in the game, less oversight.

The idea may sound reasonable, but it is ‘not that intelligent’ to implement. Maybe that is why it could not secure the 60 votes required in the Senate to become a law.

Higher capital requirements would limit the quantum of lending and hence would choke the major source of earning, leading to an accelerated race to failure in the absence of supervision, thus forcing citizens to bear the socialised losses. The point is clear. Recapitalising banks and refocusing on risks through closer supervisory attention are not either or, both are required. Allowing banks to choose may not be a worthy policy option. 

There has been a clear shift in the colour, contour and characteristics of risks that are required to be managed by the banks and mandated to be supervised by the supervisor. ‘Known unknown’ risks, such as cyber threats, technological vulnerabilities, and reputational concerns, are difficult to measure and hence are vaguely managed. ‘Unknown unknown’ risks, such as systemic shocks, environmental crises, and geopolitical risks, and ‘known unknowables’ like moral hazard, irresponsible behaviour, excessive risk-taking, and distorted incentive structures “where outcomes and probability distributions cannot be meaningfully defined” and hence are clubbed under the definition of Uncertainty carry negative externalities as also unintended consequences. (Risk Vs Uncertainty: Supervision, Governance & Skin-in-the-Game by Sanjeev Sanyal – February 2020). 

While a ‘sense’ on the former is getting envisaged, the latter still remains a black box for regulatory arsenal as they may apply to “senior management, key employees or shareholders of a firm” and “the actions of such key market players and decision-makers are sometimes not directly observable, and given the inherent uncertainty of outcomes, it is not easy to hold them accountable”. (ibid)

“It would be far better, therefore, to have a simpler regulatory framework supplemented by active and efficient supervision” (ibid). Fernando Restoy, Chair of the Financial Stability Institute at the Bank for International Settlements, argues that rather than relying on ever-tightening regulation, policymakers should focus on strengthening qualitative supervision. By developing tools to identify and address weaknesses in governance, business models, and internal controls before they translate into financial losses, authorities can resolve firm-specific vulnerabilities more effectively while keeping compliance burdens in check.

Regulation should be sector-sensitive, and hence dynamic to changes and should be in sync with other policies in the ecosystem. 

What, then, does good supervision look like?

Fundamentally, it should be reckoned as a public good, a kind of civic responsibility. Whether one likes it or not, supervision needs to be all-pervasive or even intrusive. Anything, implicitly or explicitly, embodying the potential adverse effects for the depositors should be the focus of a supervisory probe. In this sense, supervision is both an art and a science and cannot be confined to a checklist-based approach or rigid format. 

Frank Elderson, Vice-Chair of the Supervisory Board of the ECB, in a speech on June 12, 2025, presents the view that “supervision must confine itself strictly to balance sheet metrics and refrain from probing deeper into the qualitative foundations of a bank’s risk profile”. Supervisory effectiveness has come to increasingly depend on the ability to identify and address the unresolved qualitative weaknesses, such as poor governance and flawed business models, in which failures are often rooted. It is neither effective nor efficient to focus only on the symptoms of risk while ignoring what lies beneath.

He cites the recent failure of the Amsterdam Trade Bank, a Dutch bank owned by a Russian parent, which failed abruptly as it lost access to its IT systems, which were run by third-party providers, a consequence of Russia’s invasion of Ukraine and the international sanctions imposed on it. He elaborates on an international consensus growing around certain core supervisory values.

Elderson outlines core supervisory values: 

• Risk-based and forward-looking - identifying vulnerabilities before they materialise and assessing whether banks can remain resilient under adverse but plausible scenarios. 
• Judgement-based and engaged - connecting data points across silos, probing for root causes rather than symptoms, and escalating issues promptly when risk management responses fall short. 
• Independent and accountable – earning public trust that rests on a clear sense of institutional responsibility: the willingness to own decisions, acknowledge missteps and continuously improve the way the supervisory mandate is fulfilled.
• Action-oriented and enforceable – challenging the status quo with the required willingness to act to make sure that findings are addressed promptly, thus delivering on the mandate in a way that reflects the realities of modern banking and the expectations of those we serve.

Tailoring banking regulations and driving innovation in the supervision and management of culture and conduct risk in the banking sector have been a burning topic in the financial ecosystem. Michelle W. Bowman, Vice Chair for Supervision Board of Governors of the Federal Reserve System, in a speech on June 6, 2025, called for the tailoring of bank regulation and supervisory approach since risks are not uniform, and each bank is unique based on its business model, complexity, and business profile. 

Cameron Lawrence observes that ‘trust’, which is the lifeline of banking business, “is in steep decline across core societal and market institutions, exposing latent vulnerabilities. What happens when the implicit social contracts that underpin compliance, risk-taking, and accountability begin to fray?” Supervision, being a civic responsibility, supervisory reinforcement of trust in financial intermediation is a ‘must’, especially when the systems of execution of private accountability mechanisms are still evolving. 

Further, shifting strategic imperatives across growth, innovation and competitiveness “introduce new pressures on supervisory frameworks, with potential trade-offs between dynamism and discipline”. In the face of cries for “deregulation and defenestration” in some part of the globe, regulatory independence “becomes both more essential and more fragile”. Strategies of “trimming and tailoring” are offered in some jurisdictions, while critics warn of increased opacity and uneven accountability. With varied challenges appearing in the regulatory and supervisory landscapes arising out of increasing governance opacity, the solution lies not just “in adapting frameworks, but in reaffirming the values that anchor them”. 

In the UK, the Financial Conduct Authority has recently announced new proposals for tackling non-financial misconduct to highlight concerns that workplace misconduct has far-reaching implications, not only for the individuals involved but also for the overall culture and reputation of financial firms, thus promoting a healthier workplace culture and enhancing accountability. It is seeking to use this change to provide clearer guidelines on what constitutes unacceptable behaviour across the industry and to encourage firms to take proactive measures in preventing and addressing non-financial misconduct. NFM. (‘CP25/18: Tackling non-financial misconduct in financial services’.)

Some experts, however, resent supervisory indulgence by activating through regulatory interventions, the contribution of the boards as avoidable overreach. Others surmise such renewed indulgence to have been triggered and rightly so, by a perceived want of expected contribution by the boards as the eyes and ears of the supervisors. While the stance of regulation/supervision has changed in the wake of the awareness of systemic risks and their profound impact on individual institutions and vice versa, the boards are lagging behind in the learning curve. The same holds true for management teams. Similarly, with the change in the “end”, namely ‘resilience’ in place of ‘stability’, the “means” needs to be rewired.

Unfortunately, stability and resilience are taken as synonymous in the literature. Stability is defined as the absence of instability, where instability can be defined as vast departures of the movement of a critical variable from its historical average. For example, if a non-performing asset is taken as a critical variable and its historical average is, say, 3%, then if it rises to, say, over 6%, then this can be taken as a state of instability. The state of instability is usually treated solo in a one-off manner and once fixed, is re-christened as stability, having been restored.

Resilience, however, has a much deeper implication. Resilience means not only preventing the recurrence of past issues but also significantly reducing the likelihood of related future problems. This state is no longer considered a ‘utopia’, with the use of big data, Gen AI and ML techniques, it should be possible to do an effective ‘root cause analysis’ by diving deep into the movements of various critical health indicators over a few decades and examining those versus the various points of distress which have occurred during the same period. 

Thereafter, solutions for adverse variabilities in the numbers of those variables are explored and put to use. This is the traditional art of boosting the resilience of the individual entities. If the resilience of deviant variables and the entity is achieved, their nature of contagion would also diminish, resulting in a resilient financial sector and hence the system. 

The objective of supervision is thus slowly but steadily transforming by way of identifying the impact of systemic risk on the health of individual entities and vice versa, and attempting to mitigate the same by boosting the resilience of the entities and thus the system. Like for the human body, for the individual financial entities, the immunity system should work perfectly. This can be achieved if ongoing emphasis is given on defining points of stress, identifying brewing stress, nipping those in the bud, boosting immunity to prevent recurrence, and creating distress immune entities and the system.

In India, the supervisory approach has been made to align with such a pioneering stance. What is new is strengthening the internal defences of the supervisory entities , a greater focus on identifying the warning signals at an earlier stage, and initiating prompt, proactive corrective action. The supervisory strategy has leaned considerably towards an orientation towards strengthening the supervisory entities' ability to identify, measure and mitigate the risks they are facing. These are aimed at enhancing the supervisory entities’ ability to anticipate risks early, absorb losses by higher provisioning or capital buffer, and adapt to the new operating environment. As is evident, such changes would require a 360-degree change in attitude towards the ways the entities are traditionally run. ‘Status quo’ needs to be challenged while welcoming the use of modern techniques and tools to deal with newer challenges.

The transformation, in fact, should begin with the supervisory entities themselves. They should strive to learn to create self–resilience architecture by design. The institutions will learn to improve their immunity to various shocks. They should do their own vulnerability assessments with the help of a robust early warning system and forward-looking stress testing techniques. Focus should be on the increased such reviews to identify incipient stress and take proactive corrective actions. Entities may conduct scenario assessments on an ongoing basis and ensure that sufficient provisions are maintained even in the case of stress scenarios. Ongoing exercise on incremental requirements of capital and programmes to raise capital on their own should be ingrained in the regular schedules of the senior management. Assurance functions will be strengthened.