Full Text

Regulating (From) the Inside: The Legal Framework for Internal Control in Banks and Financial Institutions Iris H-Y Chiu (Oxford and Portland, Oregon: Hart Publishing, 2015 xix + 331 pp. US$110

The failure of financial regulation and supervision to prevent the Financial Crisis has led to a new emphasis on use of financial institutions' own internal control processes to reduce excessive risk taking and improper conduct. Iris H-Y Chiu's book, Regulating (From) the Inside provides an indispensable guide to these developments, especially in the UK and EU and other countries that traditionally have relied heavily on principles-based regulation.

Enlisting internal governance and management processes to serve the aims of external regulators is easier said than done. This was seen in the financial sector's experience with the Basel II capital standards before the crisis. Large financial institutions eagerly accepted reduced capital requirements and in return established risk management functions that too often seemed to be gestures rather than effective parts of firms' decision-making. It almost seems to involve a form of the Heisenberg Uncertainty Principle: when a company establishes a risk management function because it perceives the need, the function works much better than if the company establishes the same function merely in response to a government regulator. Government involvement seems to distort the very function that it seeks to establish.

On the other hand, as Ms. Chiu points out, external regulation has significant limits. Regulators simply can't police the myriad of decisions that a firm needs to address to remain safe and sound, and avoid improper conduct. If regulators could enlist elements of a firm's internal control function, they might be able to affect firm culture and decision-making in a way that isn't possible with other regulatory approaches. Thus the effort at what Chiu calls "metaregulation": regulators essentially enlist firms' internal control processes to reinforce prudential objectives and avoid improper conduct to an extent that firms by themselves might not consider profitable.

Regulating (From) the Inside is organized as follows. Part I of the book, comprising chapters 1-5, assesses the elements of internal control. Chiu explains that internal control is an evolving and multifaceted management function. She defines internal control to include three distinct elements: (1) compliance, (2) risk management, and (3) internal audit. Chapter 1...