Key Components of Enterprise Risk Management (ERM) Framework Talha Karim May 7, 2014 2:00 pm 3:00 pm
Objectives Introduction ERM Components ERM Implementation ERM Challenges 2
Introduction An ERM Framework provides a comprehensive view of Risk by taking an Integrated and Holistic approach. The key aim of an effective ERM Framework is to provide the organization the necessary controls, communication & risk-informed decision making to achieve the right balance between risk & reward. ERM: Provides higher effectiveness of the Risk Framework, resulting in lower/less unexpected losses & incidents. Promotes more forward-looking & strategic Risk related decision making. Is a concept, & not a system or ready-made methodology. Framework s maturity ladder is organic & unique for each organization. RMD-Risk Group 3 IIF MENA CRO - May 7-8, 2014
Introduction Ongoing process flowing through the organization Engages employees at every level ERM essentials: Applied in Business Strategy across the organization Provides assurance to the Management & Board of Directors Identifies potential events that may affect the Risk Appetite 4
Introduction ERM Framework Map Environment Infrastructure Process Strategy Execution Business Strategy Risk Strategy Risk Appetite Validation/ Reassessment Risk Identification Risk Assessment Risk Response Risk Control Organization & People Limits Methodologies Data Systems Policies Operations Reporting Governance Culture Performance Source: PricewaterhouseCoopers 5
Objectives Introduction ERM Components ERM Implementation ERM Challenges 6
ERM Components Business & Risk Strategy. Aligned with Strategic Objectives & Risk Appetite. 1 2 Mechanics of how the Risk Strategy & Risk Framework is assessed, executed, validated. Linked to systems, limits, & methodologies in order to provide a comprehensive view of Risk. 3 4 Framework is only successful via training, communication & a mature Risk Culture, complemented with a Riskbased Performance & Reward criteria. 7
ERM Components Risk Strategy/Risk Appetite/Risk Tolerance Risk Strategy is the base on which the Board of Directors will assess the Risk Appetite Framework in consideration of the organization's Business plan. The Risk Strategy is the best place for ERM to begin! Risk Appetite Statement Defines the Risk Appetite and Risk Tolerance parameters which are translated into Key Risk Indicators. Risk Appetite is an expression of the maximum level of Risk that the Bank is prepared to accept in order to deliver Business Objectives. Risk Appetite & Risk Tolerance Risk Tolerance are the boundaries of Risk taking outside of which the Bank is not prepared to venture in the pursuit of Business Objectives. Alternatively, Tolerances are defined as the tripwires that alert the organization to an impending breach of Risks. Risk Tolerance per Risk Category Risk Tolerance per Risk Category will be cascaded to specific maximum Risk that the Bank is willing to take related to each of the following: Wholesale Banking Credit Risk Consumer Banking Credit Risk Market Risk Interest Rate Risk Liquidity Risk Operational Risk Risk Limits Risk Limits are cascaded down further from the Risk Appetite, Risk Tolerances, Risk Tolerances per Risk Category to the various Business units. These are the existing Board of Directors approved limits in policies. 8
ERM Components Risk Strategy/Risk Appetite/Risk Tolerance (Cont d) 1 Performance 2 Risk Universe (all possible outcomes) Unexpected Performance Performance A Expected Performance Performance A Risk Universe t 0 Time t 1 t 0 Time t 1 Unexpected Negative Performance 3 Risk Tolerance 4 Risk Appetite Performance Y Risk Tolerance Performance A Risk Appetite t 0 Time t 1 t 0 Time t 1 Source: The Institute of Risk Management 9
ERM Components Process Identify Risks that may impact strategy. Establish an integrated or crossdiscipline approach. Risk Assessment Impact & prioritization of identified Risks. Categories of avoidance or acceptance of Risks. Risk Control Adherence to procedures, policies, & Regulations. Risk Identification Risk Response 10
ERM Components Infrastructure: Capacity Targets IDEAL HIGH Value Capacity HIGH Reporting Two dimension stage of reporting and analyzing. Analyzing There are thousands of dimensions that should be created via a cube in order to analyze effectively. Financial Engineering Stage where there will be capability of modeling and decision making. 11
ERM Components Infrastructure: Map Components in Phases Phase II: Advanced Measurements & Analytics Phase III: Good to Have Phase I: Foundation & Data Accessibility Basic quality & timely MIS needs to be available. Risk Managers require access to MIS for regular analytics. Strategic implementation of systems & enhanced technology requirements. Optimize projects with Enterprise Risk Management systems, leading to cost efficiencies, holistic functionality. 12
Objectives Introduction ERM Components ERM Implementation ERM Challenges 13
ERM Implementation Getting Started Step 5 Formulate a structured & realistic Road Map with timelines & accountability. Step 1 Endorsement from the Board of Directors via the Risk Committee Step 4 Conduct Gap Analysis & Review Risk-Related Initiatives Step 2 Define Stakeholders & Responsibilities Step 3 Establish a Task Force/Committee 14
ERM Implementation Stakeholders & Responsibilities Board of Directors Risk Committee Internal Audit Endorse ERM initiative & delegate oversight to the Risk Committee & internal Task Force/Committee. Evaluate the effectiveness of the ERM Framework in its planned meetings. Independently evaluate the effectiveness of the ERM Framework, & ensure the objectives are adhered to. Risk Finance IT Lead & manage the establishment of ERM initiative & implementation plan, supported by Finance& IT. Educate key stakeholders on ERM, & continuously update progress. Support and provide the necessary MIS required for the ERM architecture & road map. Support and provide the necessary technology/system requirement for the ERM architecture& road map. 15
ERM Implementation Task Force or Committee A Project Task Force/Committee, should be Chaired by the CRO & the Project Office (headed by ERM Champion from the Risk Group). Members in the ERM Project Task Force or Committee should be: Chief Risk Officer (Chairman) Chief Financial Officer Chief Information Officer ERM Champion, Risk Group (Project Office) * There are benefits to include other members & engage more C level Management, even invite the CEO for updates! 16
ERM Implementation Sample Gap Analysis & Risk Initiatives Functionality Low Medium High 1 STRATEGY 2 PROCESS 3 INFRASTRUCTURE 4 ENVIRONMENT Comprehensive Business & Risk Strategy aligned with the Risk Appetite. Clear links between Risk-based Capital Modeling and Strategic Planning. Comprehensive & timely processes for Identifying, Monitoring & Measuring Risks. Systematic procedures to anticipate and respond to emerging Risks. Training and Talent Management strategy to ensure sufficient skills and resources. Ensure appropriate data quality and availability. Development of viable Risk Technology architecture. Comprehensive Risk Measurements. Common metrics for Risk and Finance. Set and enforce bank-wide Risk Policies & Limits. Adequate Governance Structure. Risk Culture Framework (Awareness, Respect, etc.). Risk-Adjusted Performance. 17
ERM Implementation Sample Flight Plan for the ERM Champion ID Task Name Duration Start Finish % Complete Actual Finish Resource Names 1 1. Phase I- Foundation & Data Accessibility 392 days Jan 2 '13 Jun 30 '14 0% NA Finance,IT & Risk Q1 '13 Q2 '13 Q3 '13 Q4 '13 Q1 '14 Q2 '14 Q3 '14 Q4 '14 Q1 '15 Q2 '15 Q3 '15 Q4 '15 Q1 '16 Q2 '16 1. Phase I- Foundation & Data Accessibility Jun 30 '14 2 A) Basic Strategic Planning & Risk Appetite 389 days Jan 2 '13 Jun 30 '14 0% NA Finance and Risk 3 1. RAROC 346 days Jan 2 '13 Jun 30 '14 25% NA Finance 4 1.3. Whole Sale Banking 91 days May 28 '13 Sep 30 '13 100% Nov 3 '13 Finance & Risk 5 1.3.1 Q2 results will be presented to the CEO1 day Jul 31 '13 Jul 31 '13 0% NA Finance & Risk IB and obtain a high level agreement on the model. 6 1.3.2. Follow-up with Finance ; As per Finance 1 day Sep 30 '13 Sep 30 '13 0% NA on track to be delivered for Nov. BRC meeting. A) Basic Strategic Planning & Risk Appetite 1. RAROC Finance May 28 '13 1.3. Whole Sale Sep 30 Banking '13 Finance & Risk Finance & Risk Sep 30 '13 Jun 30 '14 Jun 30 '14 7 1.4. Retail Asset Products 263 days Mar 28 '13 Mar 31 '14 50% NA Finance & Mar Risk28 '13 1.4. Retail Asset Products Mar 31 '14 Finance & Risk 8 1.5. LoB and Bank-wide Reporting 285 days May 28 '13 Jun 30 '14 0% NA Finance & RiskMay 28 '13 1.5. LoB and Bank-wide ReportingJun 30 '14 Finance & Risk 9 1.6. Use of RAROC as a parameter for new 285 days May 28 '13 Jun 30 '14 0% NA Finance & Risk May 28 '13 1.6. Use of RAROC as a parameter Jun for new 30 '14loan agreements (projection). loan agreements (projection). Finance & Risk 10 2. Risk Strategy 153 days Jun 2 '13 Dec 31 '13 100% Nov 3 '13 Risk Jun 2 '13 2. Risk Strategy Dec 31 '13 Risk 11 2.1 Conducted kick off meeting with Business. 1 day Jun 12 '13 Jun 12 '13 0% NA Risk,IB & Consumer Banking Jun 12 '13 Risk,IB & Consumer Banking 12 2.2.Conducted meeting with Finance 1 day Jul 31 '13 Jul 31 '13 0% NA Finance & Risk Jul 31 '13 Finance & Risk regarding budget. 13 2.3. Met with CEO & Senior Management to10 days Sep 1 '13 Sep 13 '13 0% NA Sep 1 '13 discuss content of the Risk Strategy Policy and Risk Appetite. 14 2.4. Draft Policy to be completed by Oct. 15.11 days Oct 1 '13 Oct 15 '13 0% NA Oct 1 '13 15 3. Consolidated Earnings at Risk 521 days Jan 2 '13 Dec 31 '14 75% NA Risk 3. Consolidated Earnings at Risk Risk Dec 31 '14 18
ERM Implementation Sample Task Force/Committee Dashboard 19
ERM Implementation Sample Task Force/Committee Dashboard (Cont d) Cube Analytics Concentration Risk Colleteral Managemenet Nice to Have (Reports) 90% 35% 40% 32% AFU Strategic Analytics Business Banking Collections 10% 15% 25% 30% RCSA KRI Heat Map Fraud Protection Deals Reservation 100% 96% 100% 20% 10% Advanced VaR Internal Migration Production 100% 90% 0% Advanced Basel Training Analytics 63% 35% Kick Off Requirement Gathering UAT Phase Production Roll out Project Closure 100% 100% 40% 0% 0% 20
Objectives Introduction ERM Components ERM Implementation ERM Challenges 21
Sample ERM Challenges Risk Strategy/Risk Appetite Acceptability. Qualitative Risks (Reputational, Strategic). Appetite, Tolerance, Limits not synchronized. Process Integrated or cross-discipline Risk approach. Unclear Risk Response. Infrastructure Harmonization of Risk Technology/ MIS (legacy & new). Talent. Priorities are not clear or realistic. Reliable Data. Dynamic reporting vs. Static. Project Management. Environment Communication, awareness, & embedded Risk Culture needs higher priority. Organizational support. 22
Q&A Talha Karim Head of Risk Management, CIB talha.karim@cibeg.com 23