CSRC Regulators are Experts

As a practicing risk manager, one of the most common complaints I hear against regulators from China Securities Regulatory Commission (“CSRC”) is their lacking expertise. This can come from both risk managers and front-office bankers in domestic and foreign-owned securities companies. It typically means that certain regulatory rule is not to their liking or that regulators do not exhibit knowledge in the specific business practices. Particularly for bankers who do not interact with regulators often or those whose work grow exponentially harder, the grievance is high and deep.

I share this grief to an extent. I sometimes went on a stampede to search for ways to comply with exploding new rules on risk management, such as bond trading whitelists or daily monitoring of certain regulatory limits, and I occasionally struggled to explain to the CSRC on-site bank examiners the details of bond trading approval process or the validation methodology for derivative pricing models. What is more frustrating is that those bank examiners seem never grow experienced regardless of time – they are always a team of late twenties supervised by a mid-thirty vice department head, driven, composed, yet never quite confident in their judgement of the regulated, namely us.

With my years in the industry growing, my battle scorecard against various enemies of sound risk management also rolls longer, and I started to see the expertise and value of regulators. In general, I believe much of the grievance arises from the distinct objectives between us and them. ?

While both regulators and we manage risk, we manage risks for an institution, while CSRC regulators manage the entire system, which is the mandate of most regulators in the world. The difference in scope forces CSRC to focus on the macro-system, rather than the intricacies of a particular bank or business. Currently, the Beijing headquarter of CSRC has a headcount of 248[1], which manages its subordinate organizations and branch bureaus in each province and key financial infrastructure with total staff of around 10,000, yet it needs to regulate about 20,000 institutions (securities companies, futures companies, and mutual funds), 400,000 industry professionals[2], and at least 180 million investors. In comparison, even the largest securities company (CITIC Securities) has only 12,000 employees and a fraction of the investors as its clients. Inevitably, CSRC would have to prioritize issues and knowledge, and the priority will be quite different in terms of depth and perspective.

This can also be observed from the skillset of regulators. Some of my colleagues are former CSRC regulators (through “revolving door”), and they all share the pros and cons of that institution. Almost all of them are skilled at the coordinating actions for large organizations. They can always quickly identify the validity of regulatory information from various sources and communicate across organization through formal reports or informal chats, a skill adopted to work in a large bureaucracy. They know the rough functions of all departments in securities companies and the personal characters of most workers, an insight acquired from years of being onsite examiners and of interactions with the industry professionals. Their weakness is also what most professionals complains about the CSRC: their understanding of securities business and clients is almost always superfluous, and most of them are quite na?ve at working with real financial data and IT system (infrastructure IT and industry data center personnel are two noticeable exceptions).

This difference of objective results in many finger-pointing towards CSRC regulators. The major one is the lack of accumulated knowledge, or their “eternal youth” – that is, no matter when you meet onsite examiners, they are most likely to be a group of late-twenties supervised by a mid-thirties, and knowledge you had taught their predecessors seems absent in their mind. In 2018, I met my first CSRC examiner, a late-twenties lady from a provincial CSRC bureau, who was charged with examining the comprehensiveness of the risk management capability of my company. At the time, the new overhaul for industry-wise asset management regulation was recently issued[3], which perhaps motivated her to dig deep and wide into that business in my firm. She was quite ignorant of the industry practices, convention and the motivation behind them, and her question results in a lengthy educational presentation from my colleagues, me, and even the chief risk officer. Almost four years later, I met another late-twenties examiner, a gentleman with composure and good theoretical knowledge, who was interested in the risk measurement and modeling of Snowball, an exotic option that had been popular in early 2000s in Europe and U.S. He was so passionate about the detailed practices in the Snowball’s trading and risk management that my superiors and I gave an several-hours long educational presentation again, some of which repeating what I said in 2018. ?

While I grow frustrated over this sometimes, I think it insufficient to say those examiners and other CSRC regulators are not experts. Though they never seem to grow in the depth of knowledge about industry practices, their understanding in the breath exceeds most practicing securities professionals. Most bond traders only know the bond trading systems and their counterparties, and most risk managers only know the way their own firm manage risks. Any knowledge beyond their immediate playfield turns to be either hearsay or academic. However, CSRC examiners need to examine all securities companies under their jurisdiction, talking with traders, investment bankers, risk managers, and management heads with the authority of the Chinese government. Most onsite examiners need to work on almost all areas of compliance, from front-office to back office. It should not be difficult to talk about a vast area of business operation with a regulator, despite the lack of depth in each area. To repeat my point, the breadth of knowledge, not the depth, is what is needed for their work as systemic risk manager, and it is this requirement, not their innate deficiency, that shapes their body of knowledge.

Another common finger-pointing character is the perceived excessive granularity of the regulatory rule from CSRC, which is particularly voiced by the foreign subsidiary of international banks. In my early risk training in schools, I was almost exclusively taught the framework based on different variants of Basel Accords, as well as necessary subjects such as financial engineering, accounting, and relevant civil laws. Investment banking risk management, while conceptually reasonable, has never been part of my academic training. My industry professors and alumni in the U.S. also had never mentioned this area. When I became an investment banker in China, I was surprised by the enormous amount of the dirty legal and accounting work, which I had assumed to be the work of lawyers and accountants. After a while, I became a mini expert in conducting independent due diligences in both areas as well as drafting prospectus, and then I decided to do what I had been trained to do, risk management. Around that time, CSRC issued the overhaul guidance on the internal control of investment banking business[4], mandating risk department to participate in the project initiation, internal verification, and continuing management. I was not surprised given my fieldwork in the business, but it had agitated many in foreign-owned securities companies. A risk department head (of a European bank subsidiary) I spoke with expressed great anger, alleging CSRC to be micro-managing and unprofessional. From her perspective, just like how I was taught in American schools, investment banking risk is mostly for lawyers and accountants to manage. Risk managers might just validate the valuation model, but no more.

However, Chinese securities industry follow a legal system and business culture different from what most Western bank is familiar with. She did not know that Chinese securities companies have the obligation by law and regulation to independently express opinion on the legality, financial standing, and business quality of the securities issuer, regardless of what lawyers and accountant might say. And she did not know that any sober Chinese investment banker who bet with their own money would not trust any security without underwriter’s opinion in the prospectus. Naturally, the truthfulness of the opinion is a major risk for securities companies. I personally have seen great exposure risk or loss due to companies’ misrepresentation and negligence in the disclosure documents. My personal view is that CSRC put risk department in the internal control process to utilize its expertise in the secondary market, typically where the early warning signal for the investment banking risk lights up. In any case, industry professionals, particularly those from foreign-owned securities companies, often lack the understanding of the overall industry premise, and mistook proper regulation with lack of expertise.

Of course, CSRC and other Chinese financial regulators make mistakes, and I personally resent some of their rules and mandates. However, categorically claiming CSRC to lack expertise is plain wrong, for largely they are excellent at what they do, that is, managing systemic risk. In my opinion, the root of many resentments towards it lies in the conflict of interest：industry professionals oftentimes do not care about what happens to the financial system. In addition, since most securities companies are also state-owned, in my view, CSRC acted as both a regulator in the Western sense and an agent of the state to exercise its power as shareholder. I believe most securities regulations are made from this perspective, and naturally foreign-owned securities company would resent such parental intervention, which increases the cost of compliance. Again, this is just my personal conjecture, but I do believe it to be a good working assumption. Regardless of the reason, as a professional, my advice is to work with the regulators and to take efforts to understand them. Afterall, CSRC has imposed a financial order on which all securities companies in China can possibly operate. Given the very observable chaos and distortions in Chinese business culture and investors’ expectation, this financial order is precious and necessary for both industry professionals and companies’ owners to survive and thrive. Pointing fingers does not help anyone.

[1] Notice of the General Office of the State Council on Printing and Distributing the Provisions on the Function Allocation of China Securities Regulatory Commission, Internal Bodies and Staffing, 《国务院办公厅关于印发中国证券监督管理委员会职能配置内设机构和人员编制规定的通知》，https://www.gov.cn/zhengce/content/2010-11/19/content_7710.htm

[2] 2021，https://www.jwview.com/jingwei/html/09-17/429415.shtml

[3] Guiding Opinions of the People's Bank of China, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, and the State Administration of Foreign Exchange on Regulating the Asset Management Business of Financial Institutions（No. 106 [2018] of the People's Bank of China），《中国人民银行、中国银行保险监督管理委员会、中国证券监督管理委员会、国家外汇管理局关于规范金融机构资产管理业务的指导意见》（银发〔2018〕106号）

[4] Guidelines for the Internal Controls of the Investment Banking Business of Securities Companies (Announcement No. 6 [2018] of the China Securities Regulatory Commission) 《证券公司投资银行类业务内部控制指引》（证监会公告[2018]6号）