Enterprise Risk Management in Designing Meta-Regulation under Risk-based Regulatory Strategy: An Empirical Evidence from Financial Regulation

Table of contents

1. I. Introduction

he regulatory landscape is a big tent. The last two decades have been witnessed a move towards more "flexible regulation" as an alternative to traditional "command-and-control" regulation (1). Several labels have been devised for these alternative regulations titled: management-based regulation, principles-based regulation, system-based regulation, meta-regulation, self-regulation, enforced selfregulation, reflexive regulation (2)(3)(4). These new forms of flexible regulation are also advocating as a "new governance" style of the regulation (5)(6)(7) and belong to the family of "process-oriented regulation" (4). In addition, a shift has been marked in regulatory governance towards performance-based or outcomebased regulation (8) and risk-based regulation, particularly in financial and public domains (9).

These "new governance" regulatory techniques and the "flexible regulatory alternatives" were lauded as superior in various ways over the "prescriptive" regulation in the last two decades, particularly in the precrisis era. However, the latest financial crisis has exposed the shortcomings of these "new governance" regulatory techniques and forced the regulators to rethink the governance mechanism (1,7). Likewise, there is a sparkling debate in regulatory scholarship regarding the effectiveness of different alternatives of flexible regulation (7). However, among the process-oriented regulations, meta-regulation is likely to have comparative advantages over the other alternative form of process-oriented regulations (4). It has drawn a great deal of attention from both scholars and regulators (3). It is often regarded as a much flexible alternative to the traditional "command-and-control" regulation (10).

However, the new governance regulatory techniques are not unproblematic. There is evidence of the regulatory failure of meta-regulation and risk-based strategy in the financial industry following the global financial crisis (11). Despite this, the relevance of riskbased regulation and meta-regulation is still surviving among regulators and have gained much popularity in recent years (11). Nevertheless, there is a dearth of empirical research in flexible regulatory scholarship to explore how a meta regulatory approach can be designed using a new regulatory innovation, i.e., enterprise risk management (ERM) in achieving riskbased regulatory goals. This research intends to fill this gap.

This study anticipates contributing to flexible regulation scholarship by providing an account of how a new "regulatory mix" (12) can be developed using an emergent regulatory innovation to ensure regulatory governance in financial regulation. Precisely, how riskbased regulation, meta-regulation and enterprise risk management are integrated into a regulatory platform as a "regulatory mix". Besides, the evidence would have practical value to other regulators in adopting risk-based regulation using ERM as a meta-regulatory toolkit. Further, the study's outcome would be useful to the international standard-setting bodies of financial institutions like Basel Committee on Banking Supervision and the international development institutions like the World Bank, International Monetary Fund and many more being a stakeholder of the global financial industry.

The rest of the paper is organized as follows. Section 2 reviews the literature on risk-based regulation, meta-regulation and ERM and delineates the research gap to explore. Section 3 explains the research design, while Section 4 reports the gradual development of the meta-regulation in practice using ERM in achieving riskbased regulatory aims. Section 5 provides an account of how ERM, as a meta-regulatory toolkit, integrates these notions as a "regulatory mix" in achieving the regulatory objective. Section 6 concludes the paper with avenues for further research and limitation of the study.

2. a) Risk-Based Regulation, Meta-Regulation and Enterprise Risk Management -An Integrated Framework

Risk-based regulation is deemed as a "new governance" regulatory technique (7). This philosophy enables regulators to govern by "risk" and provide a powerful justification to achieve the regulatory aims in a legitimate way (13). In the regulatory regime, "risk" is now deemed as the central doctrine for "better regulation" (14). Consequently, risk-based regulation becomes a common trend for regulatory reform. It is argued that the risk-based regulation facilitates robust governance through defining regulatory goals, monitoring performance, and securing compliance in effective, economical, proportionate, and legitimate ways (13,15). Thus, it becomes a popular regulatory strategy in many countries, including the UK, Australia, New Zealand, Canada, and the USA in diverse areas like environment, food safety, health and safety, legal service including financial regulation (7,16). In fact, international organizations such as the World Trade Organization (WTO), the Organization for Economic Cooperation and Development (OECD), the European Union (EU), and the World Bank (WB) have also been advocating to adopt risk-based regulation (17).

The central proposition of risk-based regulation is that regulators should focus mainly on the risky factors preventing them from achieving their objectives (18). Regulators are not able to address all types of risk with their limited resources. They have resource constraints. Therefore, risk-based regulation is the management of three 'Rs' in practice, namely risk, resources and reputation (7). As a new governance technique, risk-based regulatory philosophy is highly praised as a superior technique over traditional prescriptive regulation. However, the limitations of this approach revealed following the recent financial crisis and the regulatory failure. The risk-based approach is assessed as an "inherently complex and potentially a self-contradictory strategy" (7). The scholarly evidence also reflects the regulatory failure of this strategy (11,13). Despite this, it has gained much relevance in Anglo-Saxon scholarship, particularly in financial regulation (11,19) and remains still under the banner of "new governance" (7).

The framework of the risk-based regulation is relatively technical and complex. Various regulatory approaches, tools and techniques are used to design the framework of risk-based regulation. Among the approaches, the meta-regulatory style is highly preferred by the regulators. Consequently, the risk-based regulation and meta-regulation have received considerable attention from academics, policymakers, practitioners and broad stakeholders' groups (13,19), particularly after the lesson learnt following the recent global financial crisis and large-scale corporate collapse during the last two decades.

The meta-regulation is a flexible alternative over the traditional command-and-control based regulation and conceptualized as a dynamic process-oriented regulatory institution (4). It entered the mainstream of the Peter Grabosky has primarily developed the concept of meta-regulation in 1995. However, it is subsequently advanced by Darren Sinclair (1998) and Christine Parker (2002).

In defining meta regulation, it is mentioned as a deliberate effort of the regulator to induce regulated firms to create their own internal regulation (3). The regulator may direct the regulated firms to regulate themselves in a number of ways ranging from enforcement, sanction and rewards (21). Therefore, it sometimes refers as "management-based regulation" (2) or as "regulation of self-regulation" (22).

Under this approach, regulators promote regulated firms to develop their self-regulation. After that, the self-regulation of the regulated firms is enrolled directly into the regulatory process for supervision.

3. Regulators achieve the regulatory aims by relying

The meta-regulatory approach is the most appropriate and collaborative form of regulation in the regulatory regime (12). This approach immensely helps the regulators and the regulated firms to work together in practice.

However, the general focus of meta-regulation is given on the roles of rationality and morality or normative control to ensure the public interest. However, this normative approach of meta-regulation is criticized in the regulation scholarship (24). The potential differences among individuals, including moral and cultural differences, are much responsible for the ineffectiveness of such normative approach. Therefore, a system-based approach of meta-regulation is advocating as an alternative to the normative approach In an alternative approach of meta-regulation, regulators follow both a system-oriented approach and a performance-oriented approach in its design (8,11). Under the system-oriented approach, regulators focus on regulated firms' systems and processes rather than prescribing rules and regulations to comply. Thus, the regulated firms' internal control systems and management process are the main aspects of the system-based approach. Contrarily, regulators focus on the performance and outcome of the regulated firms under the performance-oriented approach. Here, regulated firms are allowed to decide their best choices to achieve their targeted objectives. They also have the freedom to design their system in a cost-effective way (11).

Thus, meta-regulation may design considering both the system and performance of the regulated firms. Therefore, the supervision through meta-regulation is not merely monitoring the regulated firms' compliance with the system and process but also evaluating and monitoring the firm's awareness of the risks created by their business, internal controls, and risk management framework (12). However, in designing a system and performance-oriented meta-regulation, a regulatory innovation has evolved in the regulatory regime, which is 'enterprise risk management (ERM)'. Although, it is yet to explore the practical use of ERM as a regulatory innovation in designing meta-regulation.

In "new governance" scholarship, risk management also emerges as an overarching form of new governance (26). The risk regulation and the risk management responses of organizations are most explicitly recognized as a form of new governance (27). However, a new institution has evolved in the risk management domain called "enterprise risk management". The rise of ERM is regarded as one of the significant organizational shifts in the past decade's risk management practice (28). To define, ERM is a topdown and holistic approach that integrates all interrelated risks throughout an organization. It is a philosophy to address the risks comprehensive and coherent manner after prioritization, instead of managing them separately (29). Thus, ERM is a systematic and coherent approach to risk management (29,30), enabling organizations to manage a wide range of risks in an integrated and holistic fashion (31). The COSO is a dominant proponent of ERM. It defines ERM as:

"?a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives"(COSO -Committee of Sponsoring Organizations of the Treadway Commission, 2004, p.2).

In ERM scholarship, evidence shows that it has entered in the management jurisdiction as organizing and controlling concepts (33,34) . Besides, it becomes an approach for organizational value creation (35) and a strategic decision-making tool (36). Moreover, it improves operational performance through better allocation of organizational resources (Baxter et al., 2013) and assists to remain compliant with the regulatory requirements and corporate governance code (37).

However, ERM has drawn the regulators' attention following the regulatory failure, priced experience of the recent financial crisis, and large corporate giants' collapse (38). Therefore, ERM is now a regulatory agenda for better governance, regulation and improved risk management practice (33,39) . The adoption of ERM is growing on a wholesome basis, particularly in the financial industry due to regulation (40). Consequently, ERM has emerged with the feature of a self-control mechanism within the firms. Regulators can rely on such ERM based self-control apparatus for regulation and supervision.

Despite this, empirical evidence is limited to investigate how a new regulatory innovation or a new emerging institution of risk management i.e., ERM transpires as a self-regulatory apparatus among regulated firms in designing meta-regulation to achieve the regulatory goals, particularly risk-based regulatory aims in the financial industry. Henceforth, this research attempts to address this gap by integrating the notions of risk-based regulation, meta-regulation and ERM into one manifesto. In achieving the aim, a conceptual framework is developed to understand this integration conceptualizing the meta-regulation as a dynamic process-oriented regulatory institution and as a "regulation of self-regulation" (22), which is illustrated in Figure 1:

4. II. Research Methods

This study focused on the banking sector of Bangladesh to discern the implementation of ERM as a meta-regulatory toolkit under the framework of riskbased regulation. Regulators in financial industry in different countries experiment with different regulatory tools that best suit to archive their regulatory aims. Therefore, this context provides a typical case (41) to understand the gradual development of the metaregulatory approach and the risk-based regulatory framework mainly for three reasons. Firstly, the central bank of Bangladesh i.e., the Bangladesh Bank (BB) has initiated a strategic shift for its supervisory approach from the "compliance-based" supervision to the forward-looking "risk-based" regulation since 2011. To pursue this risk-based supervisory approach, the BB hastaken meta-regulatory approach and developed diverse tools and techniques to achieve the risk-based regulatory goals. Secondly, the BB has made it mandatory for regulated banks to implement ERM based self-regulation. Therefore, it becomes an "enforced self-regulation". Finally, the BB has enrolled such enforced self-regulation into the regulatory process to oversee the self-regulation and discharge the regulatory responsibility relying on it. Therefore, the contextual background provided a unique research setting to explore an evolving dynamic of ERM as a meta-regulatory toolkit to achieve the risk-based regulatory goals.

This study analyzed BB's annual report from 2009 to 2019 to capture the gradual development of the meta-regulation under the risk-based regulatory framework in the banking industry. "Chapter Five" from the annual reports was mainly examined as the banking sector's performance, including the BB's regulatory and supervisory measures are disclosed only in this chapter. Although the initiative for risk-based regulation began in 2011, the annual reports before the initiative were also considered to draw a holistic picture of the development. In addition, data were extracted from the BB's risk management guidelines, circulars, risk management templates, statutory laws, and sectoral assessment reports that were issued during those eleven years.

Furthermore, the study examined the annual report of ten regulated banks for the year 2019, selected randomly, ranging from the first-generation to the fourthgeneration banks for understanding firm level implementation of ERM based self-regulation. Risk management disclosures of the banks were read several times through close reading to examine the implementation and practice of self-regulation following the BB's risk management reform.

The qualitative content analysis (42) technique was followed to analyze the data. The content analysis technique is useful for analyzing text units, narratives, short sentences, and single paragraphs to identify a specific theme and common theme (43). Three phases were followed for systematic data analysis using the content analysis technique: data familiarization, data extraction and coding, and theme development and refinement. Following these steps, two broad themes mainly emerged from the data to demonstrate the gradual development of the meta-regulation using ERM under risk-based regulatory philosophy namely, "sectoral risk management reform" and "institutional capacity building".

5. a) The Trajectory of Meta-Regulation under Risk-based Regulatory Strategy using ERM

The evidence shows that the BB has made a strategic change to supervise and regulate the banking sector by shifting from the "compliance-based" approach to the "risk-based" approach. In its annual report for 2013-2014, the BB explicitly disclosed this shift, although such strategic change began in 2011 when the Basel-II implementation pressure was mounting in the industry. The BB disclosed:

[?] in particular, BB is shifting its strategy from the compliance-based approach to the forward-looking risk-based approach aiming at matching with international best practices.

In fact, it is revealed that there was a recommendation of the World Bank (2010, pp.1, 5) under the "Financial Sector Assessment Program" to enhance the supervisory initiatives of the BB by shifting towards risk-based supervision. The WB recommended:

[?] BB's initiatives to shift to risk-based supervision also need enhancement. [?] continue to strengthen BB by automating its operations, improving supervisory capacities (including more effective riskbased supervision), increasing transparency, enhancing disclosure policies, and providing it with greater independence and autonomy. (44) Since then, the BB has gradually been designing the meta-regulation framework under riskbased regulatory strategy using ERM as a metaregulatory apparatus, although it is still evolving. However, the two board themes, namely, "sectoral risk management reform" and "institutional capacity building" will assist in drawing the trajectory of the gradual development of meta-regulation in the sector:

6. b) Sectoral Risk Management Reform

Soon after the strategic shift towards risk-based regulation, the BB embarked on sectoral risk management reform based on ERM in 2012. The BB realized that risk-based regulation is not possible in the industry without an improved risk management practice in the banks. The BB, therefore, initiated both "structural" and "functional" reforms for an integrated risk management practice based on the ERM notion and made it mandatory for all banks. Consequently, the ERM has become an "enforced self-regulatory" toolkit to manage the risks within the regulated banks.

7. c) Structural Reform -An Architecture of ERM based Self-Regulation

The structural reform had begun when the BB issued a mandatory guideline for integrated risk management practice on 15 February 2012 for the commercial banks. It was a landmark for the industry to integrate and manage bank-wide risks based on ERM philosophy. Following narrative disclosed in the guideline:

[?] this document promotes an integrated, bankwide approach to risk management that we hope will propel banks in Bangladesh to the forefront among banks in our region in adopting contemporary methods to identify, measure, monitor, and control risks throughout their institutions. (Bangladesh Bank 2012, p. v).

In this guideline, banks were instructed to establish an independent "Risk Management Unit (RMU)" headed by the "Chief Risk Officer (CRO)" and advised the Unit to act as a secretariat of "All Risk Committee". In addition, the oversight roles of the board and the senior management were redefined in respect of the risk management practice.

Following this risk management guideline, the Bank Company Act 1991 was amended in the year 2013 with the provision of having a "Board Risk Management Committee (BRMC)" to engage the board in the ERM process. The BB also issued guidelines regarding formation, composition, eligibility, qualification and responsibilities of the board and the BRMC to manage risks. With this structural change, the ERM received significance within the banks. Afterwards, the BB advised all the regulated banks to form a team for "Supervisory Review Process (SRP)" headed by the Managing Director/Chief Executive Officer (MD/CEO) under the guideline on risk-based capital adequacy (revised regulatory capital framework for banks in line with Basel III). The BB also instructed to the heads of all functional departments to be a member of this team and assigned the SRP team to monitor the implementation of the supervisory review process and develop the "Internal Capital Adequacy Assessment Process (ICAAP)" document. In the guideline, banks were instructed as follows:

[?] Banks must have an exclusive body naming SRP team which will be constituted by the concerned departmental heads of the bank and headed by the Managing Director. (Bangladesh Bank 2014, p. 51).

However, the structural design of ERM-based self-regulation received a momentum in the industry when the BB issued a new circular on 9 September 2015 to further strengthen the banks' risk management practice. The sophistication of ERM based selfregulation was institutionalized following this promulgation. In addition to the previous risk management guidelines, banks were instructed to establish a separate division for risk management under the title "Risk Management Division (RMD)". The organogram of the RMD with eight separate desks and the communication hierarchy were also prescribed in this circular. Besides, a CRO was instructed to appoint as the chief of the RMD from a senior management position who shall not be incharge of the internal control and compliance department. In that circular, it is quoted as:

8. from at least the AMD/DMD level who is not incharge of the Internal Control and Compliance (ICC) department and shall also form a management-level risk management committee with the CRO as the head. (Bangladesh Bank 2015).

Likewise, the "Head of the RMD" was instructed to be appointed after the position of CRO. Further, the RMD was prescribed to communicate the risk reports directly to the BRMC with a copy to the MD/CEO for information. Similarly, a risk committee was advised to form at the management level comprising heads of all functional departments under the chair of the CRO, and the Head of RMD was instructed to act as a member secretary of this committee. Consequently, the architecture of ERM based self-regulation became visible in the banks following this regulation.

After three years, the BB further revised the risk management guideline in 2018, superseding the previous guideline issued in 2012 and the circular issued in 2015 to upgrade the risk management practice of the banks. A few revisions have made in the guideline; nevertheless, the spirit of the previous guideline and the circular prevails in this revised guideline. In the revised guideline, banks are instructed to reconstruct the risk management organogram, although the responsibility of risk management is entrusted to a dedicated and independent department (i.e., RMD) as like before headed by the CRO. In the revised guideline, it is instructed as:

9. [?] banks shall reconstruct its risk management organogram and appoint Chief Risk Officer (CRO) as the head of Risk Management Department (RMD) following the instructions of the revised risk management guidelines issued by BB. (Bangladesh Bank 2018).

Besides, the CRO is advised to be an independent senior executive whose position should be equal to or at least one grade higher than the other departmental heads. However, the position "Head of RMD" has been removed from the organogram of the RMD. Despite this, banks are given the flexibility to enhance the organogram of the RMD considering the size and complexity of the bank, keeping at least five dedicated desks. In addition, a BASEL implementation unit is advised to establish. Further, banks are instructed to form an "Executive Risk Management Committee (ERMC)" comprising the CRO as a Chairman and all the departmental heads as members, where RMD will act as the secretariat of this committee. Similarly, the RMD is instructed to communicate the risk reports directly to the BRMC with a copy to the MD/CEO for information. Moreover, the board's oversight role and the top management have also been redefined in the revised guideline, including the role and responsibilities of the BRMC, ERMC, RMD, the CRO, and all functional desks under the RMD. Currently, this guideline is effective in the banking sector for the management of risks.

10. d) Functional Reform -Integration of Risks from Bottom to the Top

In line with the structural reform, a number of risk reports and documents are operationalized as a part of functional reform of risk management that integrates risk management functions from the bottom to the top in the banks. Part of this reform, the BB provides a detailed guideline to banks in 2018 to submit a "Risk Appetite Statement (RAS)" on a yearly basis within February for each year in advance with an option of interim revision if required, although the concept of "risk appetite" was first introduced in the risk management guideline issued in 2012 and was also included in the subsequent circular issued in 2015. In the guideline, it is mentioned as:

Banks are instructed to submit Board approved Risk Appetite Statement (RAS) on yearly basis within first two months of the year [?] the risk appetite must reflect strategic planning of the bank which includes shareholder aspirations within the constraints of regulatory requirements, creditor and legal obligations. (Bangladesh Bank 2018, p. 16).

Further analysis revealed that the RAS is a strategic paper of a bank that reflects vision, mission and strategic goals. Diverse areas are considered in its preparation, for example, an analysis of external and internal environment, SWOT analysis, strategic goals, corporate governance, compliance with laws and regulation, internal control system and its evaluation system, investment portfolio, loan growth, last three years' performance, sector-wise loan concentration, non-performing loan, loan recovery, loan written-off, loan classification, profitability, capital maintenance, liquidity position, risk management culture, risk profile, risk tolerance, risk limit/threshold, management action trigger point, credit rating, CAMELS rating, core risk rating and many more including a provision to include other areas if the bank thinks fit.

However, following the RAS, the development of "Comprehensive Risk Management Report (CRMR)" and "Monthly Risk Management Report (MRMR)" is a breakthrough for formal integration of bank-wide risks for management with a holistic view. It is found that the BB has developed a template of CRMR and prescribed the banks to fill it up. The CRMR was instructed to prepare through the circular issued in 2015; nevertheless, it is still effective following the revised circular issued in 2018. Banks are instructed to prepare the CRMR according to the prescribed format on a halfyearly basis and asked to submit both soft and hard copies of this report to the BB by successive month with a signature of the CRO. This risk management template is prescribed as a minimum to provide the banks' information with the flexibility to include additional information depending on the nature, size and complexity of the business. It is mentioned in the guideline as:

Banks Further analysis of the CRMR revealed that it acts as a dashboard of a bank. It is also considered as a blueprint that integrates with the RAS of a bank. Bankwide risks are incorporated into this report for a holistic view to manage. This template is prescribed with nine distinct segments to narrate the risks and risk management information namely, investment risk, market risk, liquidity risk, operational risk, reputational risk, core risk, compliance risk, capital management, and money laundering risk. After the identification of risks in every segment, banks are also instructed to state their mitigating tools and techniques to address those risks. Therefore, the CRMR integrates bank-wide risks into a report as a dashboard for holistic and integrated management of risks.

In addition to the CRMR, banks are also instructed to prepare a MRMR putting the focus on the CRMR relatively in a short version except for the months of June and December. Banks are also advised to submit this monthly report to the BB by the end of the successive month. Further analysis of this template denoted that the MRMR includes an assessment of capital adequacy, assessment on operational risk, large loan investment with funded and non-funded categories including their limit and outstanding balance, top 30 depositors, investment performance branch wise, and comparison with the budget, sectoral and divisional performance of the investment, liquid asset, recovery, profitability, loan classification, investment growth, top 20 defaulters, deposit mix with growth, top 10 depositors and many more as a major disclosure. Like CRMR, banks must mention their action plan to address the risks after the identification.

In parallel to the risk reports, it is also marked that banks are advised to hold BRMC meeting at least four times annually, preferably one meeting in every quarter and instructed to submit the meeting minutes to the BB within seven days following the meeting. Besides, banks are also instructed to hold ERMC meeting at least monthly and ask to submit the meeting minutes to the BB within the following month of the meeting. Moreover, the CRO is instructed to chair the ERMC meeting and report the material risks directly to the BRMC with a copy to the MD/CEO for information.

It is further noted that banks are instructed to prepare a tailor-made "Comprehensive Risk management Guideline" based on the BB's revised risk management guideline issued on 8 October 2018 depending on the business nature, size, and complexities, subject to an annual review to cope with the changing environment. Besides, this guideline is also asked to submit to the BB after taking approval from the board. Also, banks must submit a "Review Report" on own risk management policies and effectiveness of the risk management functions after approval of the board by the end of the second month

11. Banks are also instructed to submit [?] A review report of Risk Management Policies and effectiveness of risk management functions with the approval of the board of directors by the end of 2nd month following the end of each year. (Bangladesh Bank 2018, p. 37).

It is also evidenced that banks are asked to submit the soft copy of the "Stress Testing" report on a half-yearly basis to the BB within the successive month of the half-year. The framework of the stress testing report is designed by the BB considering Pillar 2 of the Basel-III framework, which mainly includes sensitivity tests and scenario analysis and advised the banks to carry out the stress testing as per the given framework at regular intervals. Besides, it is marked that the BB has revised the core-risk management guidelines in six core risk areas namely, credit risk, asset-liability management risk, internal control and compliance risk, foreign exchange risk, money laundering risk, and information and communication technology security risk during the years 2016 and 2017 and made it mandatory for banks to follow. After this revision, banks are also instructed to evaluate the effectiveness of the core risk management and advised to conduct internal risk rating of the core risks both individual and composite way on a half-yearly basis. The core risk rating is also directed to disclose in the CRMR. It is guided as:

12. Meanwhile, core risk management guidelines and other risk related guidelines have been revised. [?] BBB's shall comply with latest core risk guidelines and risk management guideline circulated by BB for effective risk management (Bangladesh Bank 2018, p. 20).

Further, it is found that banks are instructed to submit the "Capital to Risk-weighted Asset Ratio (CRAR) Report" on a quarterly basis to the BB through a prescribed format on a consolidated basis and a solo basis by the end of the month following the quarter based on Pillar 1 of the Basel III framework. Besides, it is asked to submit the "Internal Capital Adequacy Assessment Process (ICAAP) Report" annually after approval of the board by 31 May based on the latest audited financial report. In preparation of the ICAAP report, an SRP (Supervisory Review Process) Team is instructed to form in the banks headed by the MD/CEO comprising heads of all functional departments. The main aim of the SRP Team is to reveal whether a bank has a prudent risk management system in place and have sufficient capital to cover its own risk profile. However, there is a provision of a joint meeting between the BB's "SREP (Supervisory Review Evaluation overall risk profile and a strategy for maintaining adequate capital (Bangladesh Bank 2014, p. 51)

In addition, banks have asked to prepare and submit a "Self-assessment Report on Internal Control and Compliance" so that the operational risk can be kept at a minimum. The format of the report was introduced in 2012 with 53 questionnaires in the areas of anti-fraud internal controls, fraud and forgery. However, the format was revised subsequently in 2017. This report shall be submitted to the BB on a half-yearly basis after the signature of the MD/CEO of the bank and a countersignature by the chairman of the board's audit committee. Currently, this report is comprising of a questionnaire divided into five sections namely, Internal Control and Compliance (ICC), General Banking and Operation, Loans and Advances, Foreign Exchange Operation, and Information and Communications Technology (ICT) along with two statements containing detailed information regarding fraud-forgeries.

Finally, the RMD of the bank is encouraged to prepare a "comparative analysis report" of risk management functions and advised to send the report to the senior management and to the board of the bank and thereafter to the BB on a yearly basis. It is instructed as:

13. RMD of the bank is encouraged to prepare a comparative analysis report on bank's gain/loss due to/lack of proper risk management activities and its impact on capital and send the same to senior management & board of the bank and DOS of BB on yearly basis. (Bangladesh Bank 2018, p. 20)

Moreover, the RMD is empowered to perform the risk management functions independently, keeping it separate from the business operation. In view of that, the appointment, remuneration, promotion, dismissal of the CRO is vested on the board or BRMC. Being an independent department, the CRO is also advised not to take any dual responsibility as Chief Operating Officer (COO), Chief Financial Officer (CFO), Chief of Internal Audit (CIA) and others. Likewise, the RMD is made responsible for recommending and monitoring the bank's risk appetite and policies, and for following up and reporting on risk-related issues across all types of risks. In addition, the RMD is made responsible for risk reporting, both internal and external authorities on a regular basis. These functional reforms over the years assist the banks to integrate bank-wide risks from the bottom to the top for effective self-regulation. At the outset, the BB strengthened the capacity of its two supervision departments namely, the Department of Off-site Supervision (DOS), responsible for conducting off-site supervision of banks and rating of the bank's financial condition based on the various risk management reports and documents submitted to it and the Department of Banking Inspection (DBI), responsible for conducting the physical inspection of banks throughout the year. As part of the capacity building of DOS, BB formed six banking supervision specialist sections chaired by "Bank Supervision Specialists (BSS)" in 2013, who works as an early signal provider for the banks. They mainly prepare "Diagnostic Review Report (DRR)" and "Quick Review Report (QRR)" for banks and provide possible solutions to problems. In addition to BSSs, a new cell named "Observer Cell" is established under DOS in 2017 to appoint observers in banks if needed. The BB disclosed:

In

14. order to strengthen banking supervision, BB has recently formed six Banking Supervision Specialist Sections in the Department of Off-site Supervision (DOS). Each section is headed by a Banking Supervision Specialist (BSS), at the Deputy General Manager level [?] Supervision Specialists monitor treasury functions, capital adequacy, ADR, etc. of the portfolio banks and prepare diagnostic review report (DRR) on audited financial statements. They also examine the internal control systems to improve its resilience (Annual Report 2015-2016, p. 43)

The CAMELS rating is one of the major supervisory tools used by DOS to assess and review the financial soundness of banks. It helps to identify the problem banks. The BB takes necessary inspection measures for the individual bank based on the outcome of "CAMELS rating". However, the BB revised the "CAMELS rating" guidelines from time to time latest in 2013. The BB disclosed:

The previous CAMELS rating guideline has been reviewed by the Department of Off -site Supervision BB has strengthened the capacity of its inspection departments, formed an SREP Team for ICAAP review,

[?] the SRP team must meet at least bi-monthly to monitor the implementation of SRP. Banks must have a document (called Internal Capital Adequacy Assessment Process-ICAAP) for assessing their

15. III. Institutional Capacity Building

In parallel to the sectoral risk management reform, the BB has gradually taken various initiatives for institutional capacity building since its strategic shift in order to full-fledged functioning the risk-based regulation. Part of this capacity building initiatives, the [?] the revised CAMELS rating guideline came into effect from 2013. (Annual Report 2016-2017, p. 39) dividend payment depends on such "risk rating" of an individual bank. The BB mentioned:

A risk rating procedure has been developed to quantify all possible risks based on available information [?] this risk rating is done on a halfyearly basis and carries 15 percent weight in the management component of CAMELS rating (Annual Report 2014-2015, p. 43).

The BB also disclosed in the following year:

[?] Besides, this rating plays an important role in getting branch licence, AD licence, permission for dividend declaration, etc. for banks. (Annual Report 2015-2016, p. 44).

Further, the DOS is made responsible for reviewing the "self-assessment reports" of banks in order to provide proper instruction to keep the operational risk at a minimum level. The DOS verifies this report with the help of the on-site inspection department.

Likewise, BB strengthened the capacity of its on-site inspection department. The number of on-site inspection department has been increased to conduct a field-level inspection and exercise regulatory power to receive the desired outcome from the regulated banks. The individual bank has CAMELS rating between "3" and "5" are inspected every year. Banks rated "1", or "2" are inspected once in every two years, although the foreign banks are inspected in every year irrespective of the rating. In addition, the on-site department reviews the accuracy of the ICAAP Report of the banks. The BB disclosed:

As part of statutory function, currently six departments of BB are conducting on-site inspection activities [?] These departments conduct mainly two types of inspection, which may be summarized into three major categories like comprehensive/ regular/ traditional inspection (ii) Core risks evaluation and (iii) special/surprise inspection. (Annual Report 2018-2019, p. 45).

Similarly, the BB formed an SREP Team under the Basel framework headed by an Executive Director and revised the process document for ICAAP Report in 2014. The SREP of BB includes a dialogue between the BB and the bank's SRP Team to evaluate the bank's ICAAP Report. Further analysis revealed that the BB determines if any additional capital requires for banks In addition, the BB established a new department titled "Financial Stability Department (FSD)" in 2012 as a part of its supervisory initiatives. This department is working relentlessly to build up a stable macro-prudential framework. It publishes annual financial stability report, quarterly financial stability assessment report, and develops various tools techniques like Financial Projection Model, Interbank Transaction Matrix, Composite Financial Stability Index (CFSI), and Bank Health Index and many more. It has also developed a framework for identifying and dealing with the Domestic Systemically Important Banks (DSIB) and a new oversight framework titled "Central Database for Large Credit (CDLC)" to enhance financial discipline through monitoring the large exposures of banks. Further, it has developed Bangladesh Systemic Risk Dashboard (BSRD) as an early warning system. In addition, a framework for "Coordinated Supervision for Bangladesh Financial System (CSBFS)" is under progress in this department.

Moreover, the BB established an "Integrated Supervision and Management Department (ISMD)" in 2015 to monitor the banks through Integrated Supervision System (ISS) software. The ISS is an outcome of BB's comprehensive and risk-based supervisory initiatives. It is a web-based monitoring tool integrating the information of a bank's overall activities i.e. balance sheet exposure, off-balance sheet exposure, credit operation, foreign exchange business, money market operation and regulatory compliance related to their head office to root level branch operations. The head office of all scheduled banks and their branches currently are under the coverage of ISS. This department also complements the on-site inspection department. prudence in determining the level of adequate capital. However, information of the ICAAP document is rechecked with the departments of on-site inspection and off-site supervision.

Besides, the BB introduced for the first time a "comprehensive risk rating" in 2015 for each bank on a half-yearly basis based on the risk reports (i.e. RAS, CRMR, MRMR) and other documents (i.e. stress testing report, meeting minutes, other compliance reports) during the SRP-SREP dialogue on the basis of quantitative and qualitative judgment. If any bank fails to produce their own ICAAP report backed by proper evidence and rigorous review regarding risk management, the SREP Team of BB applies their Further analysis revealed that Enterprise Data Warehouse (EDW) and Foreign Exchange Monitoring On the other hand, examining the annual report of the ten regulated banks provided evidence of implementation of ERM based self-regulation at the firm level. All the banks under scrutiny were provided risk management reports in the annual report along with disclosures regarding compliance with the BB's risk management guideline and circulars, risk governance, risk management framework, risk management committee at board level and management level with photographs, the number of the meeting of the risk committees, establishment of a dedicated department for risk management, role and responsibilities of the risk management department, organogram of the RMD and CRO, preparation and submission of risk appetite statement, comprehensive and monthly risk management reports, stress testing report, ICAAP report and many more. Non-compliance with regulation might attract physical inspection, punishment, and sanction, including non-approval for dividend payment, opening a new branch, and getting an authorized dealership for foreign transactions.

normative rationales for risk-based approaches, less attention has been paid to how this new governance technique was designed using meta-regulation, particularly in the financial industry. The meta-regulatory approach has received much acceptance from the regulators and becomes a key regulatory technique of risk-based approaches (9). Prior literature focusing on the roles of rationality and morality in meta-regulation. Consequently, it becomes problematic to generate an acceptable framework of meta-regulation. Thus, the process-oriented meta-regulation is advocating for moving beyond theory into practice (4,45) . This article provides an account how the process oriented metaregulation implemented in practice using a regulatory Risk-based regulation is now a widely promoted strategy across policy domains and still under the pavilion of "new governance" as a flexible regulation and an alternative to the "command and control" based regulation. While much attention has been paid to the Dashboard (FEMD) are some of the milestones of ISMD. It has developed "Pre-Inspection Assessment Report (PIAR)", an excel-based risk calculator of a bank branch, which is mandatory to use for on-site inspection teams before starting their inspection. In addition, Bank Branch Risk Index, PIAR for Head Office, and Foreign Exchange Inspection are under process of development in this department. Moreover, this department prepares a report titled "Report for Banks' Observer" based on ISS data which is provided to the "Observer" if appointed to any problem bank. This department also conducts some risk-based inspections on selective branches of banks and their head offices.

The trajectory of the design of meta-regulatory framework using ERM under the risk-based regulation over the years in the banking sector of Bangladesh is summarised in Figure 2 Meta-regulation can take a variety forms. Sometimes it is referred to as "enforced self-regulation," wherein firms devise their own detailed rules in light of regulatory goals (46). However, it is found that ERM has entered in the regulatory regime. The use of ERM as enforced self-regulation indicative to the use of the meta-regulatory approach under the risk-based regulatory strategy. Therefore, an archetype of metaregulation based on ERM has evolved in financial regulation to achieve the risk-based regulatory aims.

Drawing on the conceptual framework depicted in Figure 2.1, it can be stated that ERM based enforced self-regulation induced the regulated banks s to develop both system-based and performance-based architecture of the self-regulation.

The structural reform under ERM compels banks to develop the system-based or managementbased architecture of self-regulation. More focus is given to the board of governance and top management of banks. In one end of the architecture, the board of directors is put in place and made them responsible for oversight of bank-wide risks with the help of a subcommittee of the board (i.e. BRMC) and the RMD. Likewise, a risk committee at the executive level (i.e. ERMC) is formed at the other end of the architecture comprises of the heads of all functional departments. The RMD, as an independent department, is placed between the governance and the operations (i.e. BRMC and ERMC) with the CRO as the Head of the department through a defined communication hierarchy. In addition, a supervisory review process team is formed with the MD/CEO as the Head to monitor the risk-based internal capital adequacy and hold a dialogue with the central bank's team. Thus, the system-based or management-based architecture for regulation become effective in banks following the ERM based structural reform.

Similarly, the functional reform under ERM helps to operationalize the performance-based or outcomebased regulation. The banks use a range of risk management reports such as RAS, CRMR, MRMR, ICAAP, Stress Testing Report and many more, including the meeting minutes of the risk committees as operational control tools to integrate the bank-wide risks from the bottom to the top. The RAS acts as a strategic paper of a bank, whereas the CRMR considers as a blueprint. Bank-wide risks are articulated in CRMR for a holistic focus on a half-yearly basis. This report accelerates all material risks from the operation to the board along with the course of actions. The board becomes aware of bank-wide risks and can take necessary measures to address those risks. Besides, the meeting minutes of the risk committees are required to prepare on time. Thus, the formal responsibility to prepare the risk reports, including meeting minutes of the risk committees and the board's oversight role, brings a bank into performance-based or outcomebased self-regulation. Thus, the performance-based /outcome-based regulation becomes effective in banks after the functional reform.

However, in parallel to sectoral risk management reform, the central bank enrols the ERM based regulation of the regulated banks into the regulatory process as a part of a meta-regulatory approach. The approach regulator used based on ERM characterised as enforced meta-regulation under the risk-based approach. In this strategy, the regulator discharges the regulatory duties through administrating the self-regulation of the regulated banks. The enhanced institutional capacity and advanced tools and techniques help the central bank to achieve the riskbased regulatory aims relying on substantially on such ERM based enforced self-regulation of the banks.

It reflects that the central bank exercises its regulatory power in administrating the self-regulation of the banks. It develops a "comprehensive risk rating" system on a half-yearly basis for each bank based on the bank's risk reports and documents submitted to it and align certain regulatory approvals with this "risk rating" result like approval for new branch opening, authorized dealership, dividend declaration. Besides, it carries out a CAMELS rating to identify the problem bank where the "comprehensive risk rating" carries 15 per cent weight in the "Management" component of the CAMELS rating. It also carries out the physical inspection of the bank's ERM architecture and its operation based on the CAMELS rating report. Further, it forms a supervision specialist unit to carry out the "diagnostic review report" and "quick review report" as an early signal provider, including an "observer cell" for appointment of observers in banks' board if required. In addition, an SREP Team is formed to conduct the oneto-one review with the bank's SRP Team to evaluate the ICAAP report and determine if any additional capital requires based on the BASEL-III framework.

Moreover, the central bank establishes some other departments equipped with advanced tools and techniques to supervise the industry under risk-based regulation. A software is launched for integrated supervision as a part of comprehensive and risk-based supervisory initiatives that integrate all the regulated banks' head offices and branch offices. Thus, the enrolment of self-regulation of the regulated banks into the central bank's regulatory process and the institutional capacity building assures the use of ERM as a meta-regulatory toolkit in achieving the risk-based regulatory aims. The entrenchment of ERM among regulated firms through enforcement, the emergence of ERM based self-regulation, enrolment of the selfregulation into the regulatory process and subsequently administer the self-regulation by the regulator with enhanced capacity warrant the use of ERM as a meta- Thus, the evidence reflects that the financial regulation is moved away from compliance-based regulation to risk-based regulation incorporating the meta-regulation. The development of the enforced metaregulation based on ERM gives a risk-based approach to regulating the firms with a flavour of system /management-based and performance/outcome-based approaches. With this mechanism, regulators expect that regulated firms will identify risks and devise internal control systems and continuously evaluate the efficacy of such self-regulation and incrementally improve them in light of the evaluation. Therefore, it can be argued that ERM strongly ties with meta-regulation and risk-based regulation.

16. IV. Conclusion

The shift towards risk-based regulation and meta-regulation has attracted a great deal of interest, while this move is undoubtedly a complex and multifactorial phenomenon. However, the effectiveness of process-oriented regulation in the domain of flexible regulation is subject to debate. The enforcement of selfregulatory models is also always a matter of debate (1). The global financial crisis 2007-2009 also uncovered the key limitations of flexible regulations and the regulatory capacity (26). Further, meta-regulation is not perfect and unproblematic. Despite this, the relevance of risk-based regulation and meta regulation is growing to the regulators across the globe in diverse areas. The metaregulatory approach is an upright choice to the regulators in designing risk-based regulation (9), although it is not a naturally grown regulation. The empirical literature is limited to explore how metaregulation can be designed using an emerging regulatory innovation and risk-based regulation to achieve the regulatory aims. This article contributes to this research gap.

This article draws a connection between riskbased regulation and meta-regulation. It reveals a "regulatory mix" combining these two flexible regulations into one manifesto using a contemporary regulatory innovation to promote regulatory governance in financial regulation. It is stated in the regulation scholarship that a right regulatory mix is a promising regulatory tool (12). Besides, a hybrid nature of regulation is potentially valuable (4). Therefore, the study's context provides empirical evidence to draw the design of a "regulatory mix" to achieve the regulatory goals in financial regulation.

This study reflects that ERM has emerged as a robust regulatory innovation with the feature of selfregulation in designing the meta-regulatory approach to achieve the risk-based regulatory goals. The sectoral risk management reform based on ERM philosophy enforces the regulated firms to implement selfregulation's structural and operational architecture. Under the meta-regulatory approach, this ERM based self-regulation is enrolled in the regulatory process. With the enhanced institutional capacity and advanced tools and techniques, the regulator administers the regulated firms' self-regulation and attains risk-based regulatory goals intensely relying on such self-regulation. Thus, a new dynamic has evolved in ERM philosophy that enforce to bring out the inside of the regulated firms and act as a meta-regulatory toolkit in the risk-based regulatory framework.

This paper makes three contributions in major. First, this paper contributes to regulation scholarship, in particular to the "flexible regulation" and "new governance" landscape, including ERM literature by

Figure 1. Figure 1 :
1Figure 1: Conceptual Framework for Designing Meta-Regulatory Approach under Risk-based Regulation
Figure 2.
set up an electronic dashboard, established Financial Stability Department (FSD) and Financial Integrity and Customer Services Department (FICSD), launched Integrated Supervision System (ISS) Software and established Integrated Supervision Management Department (ISMD) among the major.
Figure 3. Figure 2 :
2Figure 2: Trajectory of Meta-Regulation under Risk-based Regulatory Strategy using ERM
Figure 4.
shall prepare Monthly Risk Management
Report (MRMR) and Comprehensive Risk
Management Report (CRMR) according to the
formats provided by BB as a minimum requirement.
They can also include additional information related
to the concerned risk areas depending on the
Note: nature, complexity and size of business (Bangladesh Bank 2018, p.37).
1
2

Appendix A

Appendix A.1 Global Journal of Management and Business Research

Volume XXIII Issue II Version I Year 2023 ( ) A © 2023 Global Journals regulation literature (i.e. 3,4,6,7,10,15,19,47) exhibiting a "new governance" in financial regulation. Besides, this paper advocates a new dimension of ERM as a "regulatory innovation" for a self-control device within firms in addition to the existing dimensions such as a strategic decision-making tool (36), a management control innovation (50), elements of improved corporate governance (51,52), including a tool for quality financial reporting (53) and the external audit efficacy (54).

Second, this paper has some practical implications. It demonstrates empirically how a system and performance-based self-regulation is designed within regulated firms based on ERM philosophy that ensures formal and operational integration of firm-wide control from the bottom to the top. It also presents how such self-regulation is used as a meta-regulatory strategy by enrolling into the regulatory process and how the regulator administers the self-regulation through enhanced capacity and advanced regulatory tools and techniques in succeeding the risk-based regulatory goals. Therefore, the empirical evidence of this study has practical value to the regulators of other industries such as aviation, exploration, insurance and many more. Besides, the evidence might have a practical value to the financial regulators and international donor agencies such as WB, the IMF, because the adoption of riskbased regulations is one of their policy recommendations to the regulators, particularly in the emerging economy.

Finally, this paper has opened the avenue of further research to assess the effectiveness of the "regulatory mix" based on ERM as a self-regulatory approach is always a matter of debate (1). Excessive dependency on the self-regulation of regulated firms without assessing its efficacy may arise the risk of regulatory failure. Besides, there is a likelihood to adopt ERM as a symbol under regulatory enforcement to display to the outsiders rather than doing the actual practice of the approach to comply with the regulation (55). We need to gain a better understanding regarding the efficacy of the meta-regulatory approach based on ERM under the risk-based regulatory framework as regulators intensely rely on such self-regulation to identify and prioritise the risks for supervision. Moreover, it could be explored how regulators determine the risk appetite under meta-regulation as it is one of the elements of risk-based regulation to succeed. However, like other research studies, this research is not free from limitation. This study entirely relied on secondary information to postulate the design choice of meta-regulation under the risk-based regulatory strategy. Findings would be enriched if some interviews could be taken from the central bank's top officials and risk managers of the regulated banks.

Besides, data was collected through qualitative content analysis of the narratives provided in the annual reports of the central bank, circulars and guidelines, which was highly subjective.

Appendix B

  1. Business research methods, A Bryman , E Bell . 2007. New York: Oxford University Press Inc.
  2. Accounting for failure: risk-based regulation and the problems of ensuring healthcare quality in the NHS. A L Beaussier , D Demeritt , A Griffiths , H Rothstein . Heal Risk Soc 2016. 18 (3-4) p. .
  3. The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers. A P Liebenberg , R E Hoyt . Risk Manag Insur Rev 2003. 6 (1) p. .
  4. Meta regulation in practice: Beyond normative views of morality and rationality" by FC Simon (Routledge, 2017). B Lahneman . J Manag Gov 2018. 22 (1) p. .
  5. Understanding the New Regulatory Governance: Business Perspectives. B M Hutter . Law Policy 2011. 33 (4) p. .
  6. Enterprise Risk Management: Theory and Practice. B W Nocco , R Stulz . J Appl Corp Financ 2006. 18 (4) p. .
  7. Management-Based Regulation: Prescribing Private Management to, C Coglianese , D Lazer .
  8. Motivating without Mandates? The Role of Voluntary Programs in Environmental Governance. C Coglianese , J ; Nash , Nicholas S Robert L Glicksman , Bryner . Decision Making in Environmental Law Lee Paddock (ed.) p. .
  9. Meta-Regulation and Self-Regulation. C Coglianese , E Mendelson . The Oxford Handbook on Regulation, (Robert Baldwin, & Martin Lodge
    ) 2010. Oxford University Press.
  10. Regulatory Abdication in Practice. Fac Scholarsh Penn Law 2144, C Coglianese . 2020.
  11. Enterprise risk management and firm performance: The Italian case. C Florio , G Leoni . Br Account Rev 2017. 49 (1) p. .
  12. New governance in the teeth of human frailty: Lessons from financial regulation. C Ford . Wis L Rev 2009. 57 (3) p. .
  13. Principles-Based Securities Regulation in the Wake of the Global Financial Crisis. C Ford . McGill Law J 2010. 55 (2) p. .
  14. Introduction to "New governance and the business organization" special issue of law and policy. C Ford , M Condon . Law Policy 2011. 33 (4) p. .
  15. Financial Innovation and Flexible Regulation: Destabilizing the Regulatory State. 18 NC Bank Inst Spec Ed, C Ford . 2013. 18 p. .
  16. Flexible Regulation Scholarship Blossoms and Diversifies: 1980-2012. C Ford . Innovation and the State: Finance, Regulation, and Justice, (New York
    ) 2017. Cambridge University Press.
  17. Hybridized professional groups and institutional work: COSO and the rise of enterprise risk management. Accounting. C Hayne , C Free . Organ Soc 2014. 39 (5) p. .
  18. New governance, compliance, and principles-based securities regulation. C L Ford . Am Bus Law J 2008. 45 (1) p. .
  19. COSO -Committee of Sponsoring Organizations of the Treadway Commission, http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf 2004. September. New York. 3. (Enterprise Risk Management -Integrated. Internet)
  20. The Open Corporation: Effective Selfregulation and Democracy, C Parker . 2002. Cambridge: Cambridge University Press.
  21. Is meta-regulation all it's cracked up to be? the case of UK financial regulation. F Akinbami . J Bank Regul 2013. 14 (1) p. .
  22. Meta-regulation in practice: Beyond normative views of morality and rationality. Meta-Regulation in Practice: Beyond Normative Views of Morality and Rationality, F C Simon . p. .
  23. Developing a reporting and evaluation framework for biodiversity. Accounting. G Samkin , A Schneider , D Tappin . 44. World Bank. Financial Sector Assessment 2014. 27 (3) p. . (Audit Account J. Internet)
  24. Risk and the limits of governance: Exploring varied patterns of risk, H Rothstein , O Borraz , M Huber .
  25. The risks of risk-based regulation: Insights from the environmental policy domain. H Rothstein , P Irving , T Walden , R Yearsley . Environ Int 2006. 32 (8) p. .
  26. Responsive Regulation: Transcending the Regulatory Debate, I Ayres , J Braithwaite . 1992. New York: Oxford Univ. Press.
  27. Risk-Based Regulation: Choices, Practices and Lessons Being Learned. In: in Risk and Regulatory Policy: Improving the Governance of demonstrating the design of a "regulatory mix" in financial regulation. Therefore, this paper extends the Achieve Public Goals. J Black . Law Soc Rev 2003. 37 p. .
  28. The Emergence of Risk Based Regulation and the New Public Risk Management in the UK. J Black . Public Law 2005. March. 32 p. .
  29. Really responsive risk-based regulation. J Black , R Baldwin . Law Policy 2010. 32 (2) p. .
  30. Paradoxes and Failures: 'New Governance' Techniques and the Financial Crisis. J Black . Mod Law Rev 2012. July. 75 p. .
  31. Implementing Financial Regulation: Theory and Practice, J Gray , J Hamilton . 2006. Wiley Finance Series.
  32. Risk and risk management in management accounting and control. K Soin , P Collier . Manag Account Res 2013. 24 (2) p. .
  33. Is enterprise risk management real?. M Arena , M Arnaboldi , G Azzone . J Risk Res 2011. 14 (7) p. .
  34. Why do firms adopt enterprise risk management (ERM)? Empirical evidence from France. Manag Decis, M J Khan , D Hussain , W Mehmood . 2016. 54 p. .
  35. The growing importance of risk in financial regulation. M Ojo . J Risk Financ 2010. 11 (3) p. .
  36. Enterprise Risk Management: Review, Critique, and Research Directions. P Bromiley , M Mcshane , A Nair , E Rustambekov . Long Range Plann 2015. 48 (4) p. .
  37. Regulatory regimes and accountability. P J May . Regul Gov 2007. 1 (1) p. .
  38. Driving priorities in risk-based regulation: What's the problem?. R Baldwin , J Black . J Law Soc 2016. 43 (4) p. .
  39. The Value of Enterprise Risk Management. R E Hoyt , A P Liebenberg . J Risk Insur 2011. 78 (4) p. .
  40. , Risk , Paris , Publishing , Paris . Europe. Regul Gov 2010. 2013. OECD. 7 (2) p. .
  41. Risk-based Regulation in Continental Europe? Explaining the Corporatist Turn to Risk in German Work Safety Policies. R Paul , M Huber . Eur Policy Anal 2015. 1 (2) .
  42. Case study research: Design and methods, R Yin . 1994. Beverly Hills, CA: Sage Publishing. (2nd Editio)
  43. Why firms implement risk governance -Stepping beyond traditional risk management to enterprise risk management. S A Lundqvist . J Account Public Policy 2015. 34 (5) p. .
  44. It runs in the family: Meta-regulation and its siblings. S Gilad . Regul Gov 2010. 4 (4) p. .
  45. Meta-regulation of OTC derivatives contracts post reform. S Listokin-Smith . J Financ Regul Compliance 2013. 21 (2) p. .
  46. The integration of ERM and strategy: Implications for corporate governance. Account Horizons, T R Viscelli , D R Hermanson , M S Beasley . 2017. 31 p. .
  47. , U K Cheltenham . 2006. Edward Elgar Publishing.
  48. Optimizing enterprise risk management: a literature review and critical analysis of the work of Wu and Olson. Y Choi , X Ye , L Zhao , A C Luo . Ann Oper Res 2016. 237 (1-2) p. .
Notes
1
Enterprise Risk Management in Designing Meta-Regulation under Risk-based Regulatory Strategy: An Empirical Evidence from Financial Regulation
2
Enterprise Risk Management in Designing Meta-Regulation under Risk-based Regulatory Strategy: An Empirical Evidence from Financial Regulation innovation to achieve the risk-based regulatory aims in financial industry.
Home 
Date: 1970-01-01