Skip to main content

Jeremy Rudin, new OSFI head, speaks at Economic Club luncheon in Toronto, Tuesday September 30, 2014.Mark Blinch/The Globe and Mail

If you are the kind of person who thinks that speeches by Office of the Superintendent of Financial Institutions (OSFI) Superintendent Jeremy Rudin are occasion for excitement, and who thinks that OSFI draft guidelines on sound derivatives practices are even more exciting, then last week was like Thanksgiving dinner on Sunday and Monday.

if you are such a person, you probably went to law school. While most non-lawyers think law students spend their time learning how to draft contracts, most of a professional legal education consists of spending three years discussing academic legal esoterica like the "rules versus principles" debate.

Law students, if you think this seems somewhat arcane and pointless, Much the way a high school rugby player wonders "what use is algebra in the real world," law I direct you to Mr. Rudin's statement last week that "to the extent possible, we stay away from detailed, prescriptive rules. Rather, we prefer to rely on high-level, broadly stated principles." And, to back it up, the derivatives guidance offered big, principled statements like that value at risk (VAR) models should calculate risk based on "a sufficiently long series of historical data, including a period of stress."

I can imagine that this gave the directors of financial institutions hives: here are some big ideas and suggestive words, and we will fine you if your interpretation of these words differs from ours. As a director charged with increasing responsibility in supervising financial institutions, freedom and control are good things, but clear rules are nice as well. No one wants to be tasked with determining a "sufficiently long" period for an institution specific VAR model, .

This is the essence of the rules versus principles debate. Rules are binary and bright; principles are more graduated and flexible.

Principles tend to be flexible and consistent with policy purposes, while formal compliance with a set of rules doesn't necessarily mean that you're not going to engage in the harm that the rule was intended to prevent – take Enron and its rule-compliant "special purposes entities" that nonetheless obscured the true financial condition of the company. At the same time, rules help parties coordinate and predict each other's behaviour. The world is a much safer place because traffic laws are rules-based. There's not much debate that the rule of "stop on red, go on green" is preferable to the principle of "go through the intersection when it's safe."

Complex financial systems are going to require some measure of both rules and principles and Mr. Rudin's speech shows a strong commitment to a more principles based approach, which OSFI has generally been using for years. Take a look at OSFI's draft guidance to dealers for VAR models used to estimate the riskiness of a firm's derivatives position. There are, of course, some rule-like features to the guidance. It specifies the types of parameters VAR models should have, suggests risks factors that firms should consider, and specifies that risk measures be expressed in dollar terms. But the actual content of the models – how VAR is estimated, appropriate historical periods to consider, whether to use a 95 per cent or 99 per cent confidence level – is left up to the institutions.

OSFI regularly reviews the specifics of the financial institutions' risk-management strategies. It doesn't appear that Mr. Rudin is intent on having directors become part of that process, but guidance released in January suggests that the regulator does seem intent on giving directors more of the responsibility for complying with its guidance. This leaves directors torn between attempting to evaluate institutional policies on a more technical level and leaving it up to risk management to interpret OSFI's broad directives. Hence the hives.

This principles based policy encapsulates some of the lessons of the 2008 financial crisis. During the crisis, firms used VAR models as a crutch to avoid more searching risk analysis. Many models only included 20 years of time series data, meaning that they failed to include the 1987 crash. Similarly, many models assumed that risk was "normally" distributed – that it followed a bell curve with extreme events being confined to the low probability tails of the curve (Nassim Nicholas Taleb's famous "Black Swan" events) – and that certain markets were uncorrelated markets – say, the California and Florida housing markets. These seemingly reasonable assumptions turned out to be false.

Goldman Sachs was the firm that best survived the crisis and it's also the firm that took the most time to think about its VAR models. OSFI has taken this lesson to heart. While it requires VAR models, it allows firms to tailor these models to their own specific needs and it reminds firms that assumptions about "normality" and correlations have to be closely examined. While a rule saying that VAR models must go back thirty years may be easy to follow, it's not the best rule for limiting systemic risk. In order to do that, OSFI needs firms to follow principles that encourage the thoughtful analysis of risk models.

For boards, this is perhaps the scariest message of all: you have to think about it and come to a reasonable conclusion. For boards, who often lack technical expertise, an increased supervisory role with only high level principles to guide them, but few rules to given them certainty, OSFI's guidance can be a source of frustration.

Of course, directors do have legal shields if they get it wrong – business judgment and due diligence defenses protect directors from liability, not to mention directors' and officers' insurance. Still, it's easy to understand why boards may be skittish about derivatives guidance that requires them to approve risk limits and review risk policies.

Nonetheless, it's not a bad thing that OSFI's guidance often makes for uncomfortable directors. Principles based guidance requires that firms think carefully about their internal policies and that is exactly what OSFI wants. A bit of discomfort is a good thing.