THE GOVERNANCE OF RISK MANAGEMENT. Session 5

Similar documents
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

Principles for An. Effective Risk Appetite Framework

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Basel Committee on Banking Supervision

ENTERPRISE RISK MANAGEMENT POLICY

Risk committee performance evaluation

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Managing Risk at Bank of America Corporation. Overview

Revised May Corporate Governance Guideline

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

MISSION VALUES. The guide has been printed by:

February Audit committee performance evaluation

Internal Audit Terms of Reference

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

Operational Risk Management Program Version 1.0 October 2013

A Guide to Corporate Governance for QFC Authorised Firms

What Every Director. How to get the most from your internal audit. Endorsed by

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Eclipx Group Limited Risk Management Policy

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

Corporate Governance and Enterprise Risk Management Derek Jackson, Senior Manager 5 September 2005

Sample risk committee charter

Sound Practices for the Management of Operational Risk

Board Risk & Compliance Committee Charter

Internal Auditing Guidelines

Issued on: 1 March Risk Governance

CORPORATE GOVERNANCE AND THE ROLE OF MANAGEMENT. Dr. Tariq Hassan

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes

THE BOARD SUBSCRIBES TO ETHICAL LEADERSHIP, BUSINESS SUSTAINABILITY, STAKEHOLDER INCLUSIVITY AND SOUND VALUES OF GOOD CORPORATE GOVERNANCE.

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

Enterprise Risk Management

Risk Management Policy

Corporate Governance Guidelines

EQT HOLDINGS LIMITED BOARD CHARTER (ACN )

NORTHERN TRUST CORPORATION BUSINESS RISK COMMITTEE CHARTER

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

CORPORATE GOVERNANCE FRAMEWORK

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

Audit, Risk Management and Compliance Committee Charter

Supervisory Policy Manual

December, Asset Management Valuation survey

Basel Committee on Banking Supervision

AUDIT COMMITTEE TERMS OF REFERENCE

Saxo Capital Markets CY Limited

DRAFT TEMPLATE FOR DISCUSSION CORPORATE GOVERNANCE COMPLIANCE STATEMENT

For personal use only

EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS

6/8/2016 OVERVIEW. Page 1 of 9

Solvency II Detailed guidance notes

2nd Edition Board Effectiveness What Works Best

Integrated Risk Management:

RISK MANAGEMENT AND COMPLIANCE

Board Charter. May 2014

Progen Pharmaceuticals Limited ABN

How To Set Up A Committee To Check On Cit

AUDIT COMMITTEE OF THE TRUSTEES TEXAS PACIFIC LAND TRUST CHARTER

FINANCIAL SERVICES FLASH REPORT

Board means the Board of Directors of each of Scentre Group Limited, Scentre Management Limited, RE1 Limited and RE2 Limited.

Supervisory Board Bank Zachodni WBK REPORT ON THE SUPERVISORY BOARD ACTIVITY IN February 2012, Warsaw

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. on remuneration policies in the financial services sector

RISK MANAGEMENT. Risk governance. Risk management framework MANAGEMENT S DISCUSSION AND ANALYSIS RISK MANAGEMENT

Sample Financial institution Risk Management Policy 2011

The Role of the Board in Enterprise Risk Management

Audit and Risk Committee Charter. 1. Membership of the Committee. 2. Administrative matters

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Audit, Risk and Compliance Committee Charter

Corporate Governance Statement

Assessing Credit Risk

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

MALAYSIAN CODE ON CORPORATE GOVERNANCE

Supervisory Policy Manual

Corporate Governance. Document Request List Funds

Delphi Automotive PLC. Corporate Governance Guidelines

DRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial

Enterprise Risk Management: From Theory to Practice

FSB Principles for Sound Compensation Practices. Implementation Standards

APPENDIX 50. Enterprise risk management - Risk management overview

Corporate Governance. Coca-cola amatil limited annual report

Introduction from Chairman Chairman Role Profile Charter of Expectations Deputy Chairman Role Profile... 7

Framing the future of corporate governance Deloitte Governance Framework

Financial Management Framework >> Overview Diagram

THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT. Session 4

Risk appetite in the financial services industry A requisite for risk management today

BOARD OF GOVERNORS FEDERAL RESERVE SYSTEM

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes for Islamic Banks

Risk management systems of responsible entities

Application of King III Corporate Governance Principles

KING III COMPLIANCE REGISTER 2015

Transcription:

THE GOVERNANCE OF RISK MANAGEMENT Session 5

Polling Question: Who is primarily responsible for risk governance in any organization? 0% A. The board or board risk committee (if applicable) B. The CRO 0% 0% 0% C. The business lines D. The head of internal audit 0 of 5

What s wrong with this picture? Risk Committee Only three members Members of committee included: Museum director, who was former director of a failed company Grandson of a well known billionaire CEO of a thermostat and work boot manufacturer Only one with relevant bank experience - had not worked in the industry for 25 years Same composition since 2008 None had worked as risk managers Risk Committee Museum director: accepted large donations from X for Museum, had personal loans from X, and was paid 250K for work on the board, resigned from compliance and governance committee of a failed institution Son of billionaire: Was on committee that chose Mr. XY to lead X. Had not worked in the industry for 25 years Thermostat manufacturer: CEO had received loans and advisory work from X, and X had purchased equipment and services from the thermostat manufacturer

JP Morgan Chase & Co. Naïve - poorly structured risk oversight - Nothing in their professional background JP Morgan is a complex financial institution Risk committee members unprepared to ask difficult questions lack depth of experience had questionable independence

CG Principles Revision Projects Include More Robust Risk Governance All drafts include new elaborate sections on the governance of risk! 5

What s Changed? Boards need to be Increasingly Focused on: Risk Appetite A Risk Appetite Framework (RAF) encompassing all risks and the resulting Risk Appetite Statement (RAS) Risk Compliance Particularly conduct risk, adherence to P&P, ethical standards, fairness and disclosure Reputational Risk Assessing the impact of potential reputational damage on returns, market share Capital Allocation Measuring where capital is at risk and how risks are related Risk Culture Shifting accountability to the front office and line (where conduct takes place) Stress Testing Looking at the potential impact of possible events, inter-relationships, on the overall portfolio Risk Technology/Architecture/Cyber-security improved risk information, reporting, data and analysis; and, stronger cyber security and anti-hacking measures Operational Risk Fraud, Fines, Business Ethics, etc.

Overview Risk Culture and Risk Appetite Overview of the governance of risk management Board-level risk management committee Conclusion / Lessons 7

Risk Culture: Definitions Principle I.i: A robust and pervasive risk culture throughout the firm is essential. Institute of International Finance, Final Report of the IIF Committee on Market Best Practices, 2008 Risk culture can be defined as the norms and traditions of behavior of individuals and groups within an organization that determine the way in which they identify, understand, discuss, and act on the risk the organization confronts and the risks it takes. Institute of International Finance, Implementing robust risk appetite frameworks to strengthen financial institutions, 2011 8

Risk Culture: Elements and Practices Principles, policies, procedures and controls An effective governance structure management objectives linked to risk management objectives Senior management sets the correct tone at the top Adequate budget and support for the risk management units, with those working in risk management having an effective voice Challenging and questioning by employees, management, board - willingness and ability to ask the right questions A top-down view of risk in the form of a Risk Appetite Framework (RAF) Stress testing to understand the portfolio effects 9 Risk Culture Recommended best practices Common values Tone at the Top Common risk language Application of risk management principles Timely, transparent and honest communication Risk management responsibilities Challenging discussions on risk matters Source: Risk Culture, Risk Governance, and Balanced Incentives (IFC Unpublished May 2014)

2. Culture. Common Values? Returns versus Fairness. 1. A customer calls with an urgent need to deliver foreign exchange to a counterparty by end of day. Does your Bank a. Set an off-market FX rate so the bank makes lots of money? b. Set a competitive rate so the customer gets a fair deal? c. Charge a special processing fee? d. Inform the customer about these charges? 2. Consumer loans are currently in high demand. Does your bank: a. Increase rates and fees across the board without disclosing this? (Let them read the fine print )? b. Maintain disclosed rates? c. Increase rates for more risky customers? d. Reduce rates to gain market share? 3. You overhear a trader in you bank get a call from a friend at another bank suggesting that they collude in setting the same price on a product. Do you: a. Openly praise the Trader for keeping returns high? b. Tacitly approve of the Trader, and recommend his boss consider a bonus? c. Keep quite? d. Warn the Trader about ethical violations? e. Recommend the Trader be fired?

What is Risk Appetite? The aggregate level and types of risk a financial institution is willing to assume within its risk capacity to achieve its strategic objectives and business plan. Financial Stability Board, Principles for an Effective Risk Appetite Framework (2013)... the amount of risk, on a broad level, an organization is willing to accept in pursuit of value. Each organization pursues various objectives to add value and should broadly understand the risk it is willing to undertake in doing so. COSO Enterprise Risk Management, Understanding and Communicating Risk Appetite (2012).... is an expression of the amount of risk the firm is willing to take in pursuit of its strategic objectives, reflecting our capacity to sustain losses and continue to meet our obligations arising from a range of stress trading conditions Standard Chartered Bank, 2010 Annual Report The Board sets the Group s financial volatility risk appetite in terms of broad financial objectives (i.e. top down ) on through the cycle Barclays Plc, 2010 20-F filing the actual risk appetite is assessed over time covering both banking and trading book exposures Walker Report 2009 11

Risk Appetite How Much Risk Concentration A Really Thorny Issue In Risk Governance Concentration Risk: How do we measure risk concentrations; How much do we accept? Easy: Single borrower s Single products, loans, cards, mortgages, etc. Single sectors, manufacturing, agri, etc. Type of collateral, land, houses, cars, equipment, etc. Tenor Difficult: Group Borrowers multi-industry, multi-company, multi-country Related products Related Sectors covariance of losses in different industries Collateral valuations under stress Pre-payments and withdrawals under stress The Board needs to exercise significant judgment about what kinds of information they need to be able to effectively monitor and limit the risks a Bank is actually taking... the trick is to think about what could happen and assess this in enough depth to inform the Risk Appetite Framework and Risk Limits and create data and reporting that capture these risks. This is related to stress testing and financial modeling

Polling Question: An effective risk governance framework: 0% 0% 0% 0% A. Identifies risky activities and prohibits the organization from engaging in them B. Identifies risky activities and recommends strategies for managing and monitoring them C. Is responsible for risk monitoring and crisis management D. Is responsible for stress testing and scenario planning 0 of 5

Organization: Board & Management Roles in Risk Governance Board Business Operations Approve Implement Audit/Risk committee Review Senior management, risk management Board/board committee Monitor Policies, high level limits and stress tests Propose (adjustments) Senior management Executing and monitoring transactions 14

Organization: Three Lines of Defense: 15

5. Organization: Risk Governance Structure for FI Board of Directors Governance Audit Committee Corporate Governance Committee Remuneration Committee Risk Management Committee Management Committee Executive level risk committees Management Performance Asset & Liability Management Committee Credit Risk Committee Operational Risk Committee Senior Management Business Units Internal Audit Chief Risk Officer Risk Management Department 16

Risk Related Roles: Non-FI Board of Directors Other Committees CEO on BOD Possibly CFO, COO Audit Committee External Auditor Business line Head COO CFO Internal Audit 17

Risk Governance Responsibilities Audit Committee Board Senior Management Risk Management Committee Risk oversight, approve risk management framework Implement risk management Framework Executive-Level Risk Committee(s) CRO Setting risk limits within approved risk appetite levels and risk tolerance limits Risk Management Department Identification, assessing, monitoring & mitigation of risks Business Units Day-to-day responsibility for risk management 18

Organization: What Helps a Board be Effective Risk Governors? 1. Avoid Concentration of Power - separate Chairman and CEO, have majority Independent Directors 2. Bring a balance of required risk expertise to the Board/committees - Credit, Market, Operational, IT, Reputational, Environmental and Social, Strategic, Successional, Incentives Structures -- with an understanding of the various roles of the front line units, the risk control units, and the audit functions within a bank 3. Set-out clear terms of reference and term limits for board members and committee members 4. Annually approves the bank s strategy, capital plan, financial plan and Risk Appetite Framework 5. Actively oversee managements implementation of the Risk Appetite Framework, insist on stress testing 6. Ensure Audit and Risk Committees have overlap and communicate 7. Meets with Regulators and other authorities quarterly 8. Engage independent parties to review board performance every 3 years

A Separate Risk Management Committee Rationale Risk management is a governance function A prevailing best practice Demonstrate the board s commitment to risk management Functions Ensure effective risk governance Monitor risks Oversee management actions to manage risks 20

A Separate Risk Management Committee Key board/risk management committee attributes for good risk governance Top risks are identified and agreed throughout the organization Risks inherent in the corporate strategy are thoroughly understood Risk appetite is clearly defined Responsibility for managing each top risk is clearly defined at the board level There is vigilance of excessive risk-taking by management 21

Risk Management vs. Audit Committee Role Risk Management Committee Focus Future performance Broader risks (strategic, managerial and operational) Risks with financial and non-financial consequences TOR Risk assessment (ensure management assesses risks and updates risk register & risk assessment is part of the decision-making process & risks are within board-set risk appetite) Risk management (ensure effective RM system in place to assess, control & monitor risks) Risk reporting (review information and report to board on major risks and exposures and their management) Audit Committee Focus Historical performance Effectiveness and efficiency of operations, financial reporting & compliance TOR Audit (ensure external and internal audit functions are adequate to address business risks) Internal control (ensure management has established adequate IC to address business risks & effective implementation of IC) Financial Reporting (review financial reports & ensure duties of directors regarding financial disclosure are discharged) Source: Aon Risk Solutions, White Paper on RMC, 2011 22

Good practices to implement Some common sense practices must be in place: Board structured to add value and avoid conflict of interest Board has appropriate skills to review and challenge management actions Ethical and responsible decision-making Clearly defined and documented ToR for directors & executives Independent verification and validation of financial reporting and processes Disclosure to stakeholders of all material matters Structure and process to identify and manage risk Clearly documented key roles & responsibilities, policies & procedures throughout the company 23

Key Questions to Ask about Risk Governance Who is responsible for developing the risk management system? How are the risks identified and risk appetite set? Does the board periodically review the risk management systems? What is the role of IA unit in the management of risk? How often is management of risks compared to targets approved by the board? How is this reported to the board? Do the board and management appropriately assess risks when planning new strategies, activities and products? 24

Key Messages Best practices and regulation has significantly changed recently and the Board clearly has responsibility for adequate risk governance: 1) Establish and Monitor Business Objectives and Strategy 2) Establish Corporate Culture and Values including Risk Culture, Fairness and Disclosure standards, Environmental and Social Responsibilities, Code of Conduct 3) Oversee Implementation of Appropriate Governance Framework including Risk Governance, levels of control 4) Establish the Bank s Risk Appetite Approve the Risk Appetite Statement (RAS) annually and monitor adherence at least quarterly, conduct stress tests 5) Establish Effective Risk Management Organization and Ensure Appropriate Staffing 6) Approve and Monitor Capital Adequacy, Liquidity, Compliance and internal controls 7) Select and Monitor Senior Management, Maintain Succession Plans, Staff Board Committees with Appropriate Experts 8) Design and Implement the Incentive Systems that reinforce good risk management 25

Thank you! 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information