1 / 54

Developments in Risk Management people, process and systems considerations David Millar, COO, PRMIA Hyderabad, 9th

ellard
Download Presentation

Developments in Risk Management people, process and systems considerations David Millar, COO, PRMIA Hyderabad, 9th

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Developments in Risk Management – people, process and systems considerations David Millar, COO, PRMIA Hyderabad, 9th, October, 2007

    2. Why do we manage risks?

    3. Developments in Risk Management – people, process and systems considerations History, Dimensions and Drivers of Risk Management

    4. Risk in history

    5. Drivers of risk management Regulatory drivers Local Regional Global Business drivers Increased profitability Reduced losses Improved reputation (customers, public and analysts) Credit agency ratings

    6. Business drivers

    7. What the rating agencies say … “Moody's believes that the assessment of risk is becoming increasingly central to the fundamental analysis of a rated bank. Put simply, risk management improves the quality and stability of earnings, thereby enhancing the competitive position of the bank and facilitating its long-term survival.” “The ongoing integration of its subsidiary banks into a single network poses challenges in terms of operational, personnel, and systems integration. Moreover, the banks purchased by XXX may have hidden operational risks.” A Standard & Poor’s Report “Fitch (Ratings) expects financial institutions, in their response to both regulatory and management requirements, to adopt a balanced approach to risk. This includes an emphasis on tools and techniques designed to assist the management of a financial institution in the prioritization of its risk budgets and in where to focus its efforts.”

    8. Regulatory drivers

    9. Cross-border implications There is no international jurisdiction. Regulations (global or local) implemented by local courts or regulators. International implications are enforced by: Agreement by local bodies that they will implement international regulations (i.e. Basel II but also such as transport regulations), sometimes with local variations A local regulator imposing regulations on the local branch of an overseas company so that the implications extend to the home country and other branches, i.e. money laundering regulations, Australia’s Foreign Trade Practices Act, etc An overseas company taking advantage of national facilities (i.e. listing on their stock exchange) which then convey obligations across the whole company, i.e. Sarbanes-Oxley

    10. Developments in Risk Management – people, process and systems considerations Types of Risk

    11. Can we categorise risks?

    12. Basel II Risk Coverage

    13. Basel II Risk Coverage Credit Risk The risk of a bank not receiving payment for its assets. Market Risk The risk that a banks assets lose value due to market fluctuations. Operational Risk The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, including legal risk, but excluding strategic and reputational risk.

    14. Risk needs to be Categorised Credit Risk Counterparty categorisation, loan description, probability of default, expected loss, loss given default. Market Risk Trade details, market variables, probability calculations. Operational Risk Risk categories, event categories, probabilities, controls (descriptions, costs, effectiveness, etc), expected losses, unexpected losses, actual losses, indicators, responsibilities and authourisations, etc.

    15. Operational risk categorisation frameworks can be complex

    16. Financial risk management environment

    17. Operational risk management environment

    18. Technical implications Financial (credit, market, liquidity, etc) risk Real-time High availability High performance requirements Automated input, few users Very large amounts of relatively simple data Kept for a long time (5 years) Data comes from existing core systems Non-financial (operational) risk Once a day for input, once a month for reporting Low performance requirements Manual input, many users Relatively small amounts of fairly complex data Kept for a very long time (at least five years) New data collection systems need to be developed

    19. Developments in Risk Management – people, process and systems considerations Risk and Capital

    20. What is capital?

    21. Capital covers risk …

    22. Banks are very different

    23. A different level of risk cover …

    24. The Public is at the End of the Road … Greenspan: “… nor should we require individual banks to hold capital in amounts sufficient to fully protect against those rare systemic events which, in any event, may render standard probability evaluation moot. The management of systemic risk is properly the job of central banks. Individual banks should not be required to hold capital against the possibility of overall financial breakdown. Indeed central banks, by their existence, appropriately offer a form of catastrophe insurance to banks against such events …”

    25. Bank Capital … … differs from a non financial firm’s capital: it protects against future, unidentified risks and losses while enabling the bank to operate at the same level. … strengthens the stability and soundness of the (international) banking system and, if applied universally, the competitive inequality among banks is diminished. So banks simply need to cover themselves against the risk of insolvency due to losses exceeding allocated capital. Banks manage risks; regulators decided on an arbitrary capital to risk asset ratio: there is no correct answer. “Capital adequacy” for banks was conceived in 1988 (the Cooke Committee, to become the Basel Committee on Banking Regulations and Supervisory Practices).

    26. Basel Capital Accord (Basel I), In 1988 the Basel Committee on Banking Supervision recommended a risk-weighted capital ratio for internationally active banks, This set minimum standards of capital adequacy, A “New Capital Accord” (Basel II) proposed in 1999, Extended to cover regulatory (Pillar 2) and disclosure (Pillar 3) requirements, (Pillar 1 = approaches as how to calculate regulatory capital) Final (reviewed) version released November 2005 (over 100 countries to implement – still some questions regarding the US implementation Complete Accord will take effect from 2007 (earliest participants) onwards to 2012 The BIS created standards on capital

    27. … and decided that … Risk-weighted assets would be basis for capital requirements

    28. 8% is the minimum

    29. Citigroup’s Capital ratios (2003)

    30. Commercial banks, which comply with Basel II, can decide (or their regulator can decide) which approaches to calculating regulatory capital they adopt, but … … regardless of capital approaches all Basel II compliant organisations must develop: an appropriate risk management environment, risk identification, assessment, monitoring and mitigation/control, regular independent evaluation of policies, procedures and practices, and make sufficient public disclosure to allow the market to assess their approach to operational risk management. But Basel Capital Adequacy is not all

    31. Even if the bank goes for the simplest approach to Risk-weighted Capital:- A risk assessment culture must be created, Credit and operational risks must be monitored, Risk must be tracked, A risk trend history must be created, Risk actions must be disclosed. Regardless of Pillar 1 approach

    32. Developments in Risk Management – people, process and systems considerations Current Implementation considerations

    33. Banks are not homogeneous – with respect to risk management implementation

    34. Implementation

    35. From financials to processes Credit/market risk relatively mature (liquidity risk still causing concerns!) But still needs data and model validation, corrections, backdating of parameters, etc Operational risk still immature Specifying it What is it? How to recognise and classify it? Setting it up Involving the users, gaining commitment, regulatory approval, etc Rolling it out and maintaining it Collecting accurate data - feedback – validation - correcting errors – changing classifications – renewing systems, etc

    36. The Pillar II Maze

    37. Some implementation issues Processes, systems and capital allocations are easy – the problems are the “people issues”: Build the governance processes Creating the framework – consensus on risk categorisation Getting user involvement – from the right people Achieving user acceptance – “why am I doing this? I have better things to do!” Deciding on how much data to collect – too little = poor statistics, too much = inaccurate data Ensuring clean data – cleaning old data, ensuring new data is completing correctly Gaining regulatory approval – different interpretations/numerics in different jurisdictions Building a risk culture – everyone knows what risk is Integrating feedback and statistics – to improve the system How to update the systems – validating and changing processes, risk categories (framework) and systems upgrades

    38. #1. Why a governance process? Basel II (and Sarbanes-Oxley and others) requires that the Board takes overall responsibility for risk management – and is aware of risk developments It requires that all senior management takes responsibility for the risk processing and management within their areas, and It mandates a “risk culture” with in the organisation.

    39. Commitment Commitment on risk management is needed from: Owners/shareholders The Board Senior management Departmental managers Audit, asset and liability management and compliance Human resources Staff Geographies

    40. #8. Building a risk culture

    41. Examples of staff risk culture All staff know: What a risk control or risk event is Why they exist What their risk responsibilities are Prime and alternative reporting routes What happens to their reports What was the result of “their” event’s mitigation What the institution’s risk status is (overall and their part) How it is improving (or getting worse) What their risk training plan is

    42. Examples of management risk culture All Board and senior management know: What the institution’s risk policy is What their risk appetite is What their own risk responsibilities are What major risk controls have been infringed or what risk events have taken place What cumulative risk situation have accumulated What the institution’s risk status is How it is improving (or getting worse) What the business impacts are

    43. Why are Risk Cultures important? Risks are managed by people People can apply standards with greater or lesser degrees of efficiency – or they can make mistakes People must apply the appropriate risk management standards to the best of their ability Regulators appreciate that the best standards and guidelines are only effective if implemented correctly – and with diligence and enthusiasm. Regulators will therefore test an organisations’ risk culture along with its risk standards, best practices, capital robustness and disclosure procedures.

    44. Attributes of a risk management culture Attention is paid to quantifiable and unquantifiable risks. All risks are identified, reported and quantified. Awareness of risk through performance measurement, risk-adjusted pricing, pay structures and forecasting. Risk management is accepted as everyone’s responsibility. Risk managers have teeth. The enterprise avoids what it doesn’t understand. Uncertainty is accepted. Risk managers are monitored. Risk management is not to stop people from taking risks but to create value, by enhancing the chances of success. The risk culture is defined, the risk appetite is understood.

    45. … and finally Talk to the supervisors Regulations are interpreted and implemented by regulators, central banks and supervisors They will have national interpretations – and local preferences and good practices They are responsible for cross-border cooperation and interpretation They will set implementation practices – rule and regulation based – or risk and principle based Because commitment to the regulations is their primary function, whereas, for the bank it is a secondary activity

    46. Developments in Risk Management – people, process and systems considerations … and what of the future?

    47. What has the sub-prime crisis taught us? We have not solved liquidity risk How to model it? What is its impact on credit and market risk? How to put capital aside? Are Rating Agencies the right measurement? Are they trustworthy? They are paid by the sellers of instruments Rating agency arbitrage Is operational risk-derived capital enough? Is bad rating an op risk? Is bad loan manegment an op risk?

    48. Risk models have not yet been tested First banks move to advanced methods in 2008 No one is comparing model performance Will the US com into line? Can Basel survive double standards? Does scenario testing work? How long before we have sufficient data? Will models be rated? Is so, by whom?

    49. A global operational risk standard? There is no common practice for: Risk and event categorisation Risk assessment Global operational risk databases are limited ORX, what else? How to compare bank v bank? How do we merge operational risk data? Cross-border comparison

    50. Basel III Is risk-adjusted capital the only way to measure and control risk? Will operational risk-adjusted capital be a glorious failure? What will replace the rating agencies? Can we ever solve liquidity risk? Can we continue ignoring strategic and reputational risk? Why has it all become so complicated?

    51. Hyderabad Chapter, 9th October, 2007 A PRMIA Members Update

    52. The Global Organisation The Professional Risk Managers’ International Association (PRMIA) - the world’s leading risk professional’s association. 44,500+ risk professionals from all segments of the financial services industry in 179+ countries (both free and paid membership) Members from 4,000+ organisations, 200+ members meetings annually in 60+ chapters A quarterly journal and a monthly newsletter The Professional Risk Manager’s Handbook The PRM exam – the world’s most comprehensive risk manager’s exam with 2,150 candidates in 96 countries Member-led (400+ volunteers), grass-roots organisation with its own Code of Risk Ethics A “not for profit” organisation governed by its members Standards – accreditation – meetings – events – training networking – website – research

    53. PRMIA – the past year New chapters - Tokyo, Bangalore, Hyderabad, Vienna, Beijing, Amsterdam, Frankfurt, San Francisco, Kolkata and S Africa. First one day PRMIA conference given in NY in February, second already held and two more planned for 2007 Toronto University and NUS running PRM courses in China and Singapore. Regulators approve PRM in Singapore and Bahrain Indian chapters initiate research program Corporate membership services launched Website remodelled Publishers McGraw-Hill to reformat the Handbook, also wider availability and translation of the PRMIA Handbook Henry Stewart Publications to issue a quarterly Journal of Risk Management in Financial Institutions – free to PRMIA Full Sustaining Members PRMIA expand support team to take on marketing, sales and conference/event support staff

    54. PRMIA – the next 12 months New chapters - LA, Delhi, Brussels, Miami, West Indies, Turkey, Bermuda, Romania, Trinidad and re-open Dusseldorf, Madrid, Bangkok, KL, Taiwan and Australian chapters amongst others. 2008 Global Event Series – Credit Risk in February, ERM in April, Operational Risk in September, Valuation in an Environment of High Complexity and Liquidity Risk in November. Each month to include 3-4 one day events in major centres plus chapter events. Handbook to be updated via Academic Committee, reformatted to 10-12 books and released to public sale through bookshops via McGraw-Hill starting end 2007. Opening up the PRM exam to offer a non-quantitative, entry-level exam – the Foundation PRM – to be released Q1 2008 White papers sought for JRMFI – editorial committee of PRMIA and non-PRMIA. Also PRMIA quarterly members news newsletter David Koenig changes role. Objectives to increase PRM candidates: more solid financial status through exam and handbook income, sponsorships, corporate memberships, and Sustaining Memberships.

    55.

More Related