arrow an overview dr john hedges. overview framework framework recording recording some history some...
TRANSCRIPT
ARROWARROW
An OverviewAn Overview
Dr John HedgesDr John Hedges
OverviewOverview
FrameworkFramework RecordingRecording Some HistorySome History The ARROW processThe ARROW process ARROW 2 importance of governanceARROW 2 importance of governance Objectives-no surprisesObjectives-no surprises PreparationPreparation The VisitThe Visit An ongoing processAn ongoing process
Importance of FrameworksImportance of Frameworks
A place to put facts/impressions and A place to put facts/impressions and assists with analysis of and an assists with analysis of and an understanding of the factsunderstanding of the facts
Assists with a common languageAssists with a common language Provides continuity when reviewing an Provides continuity when reviewing an
issueissue Can be developed as knowledge of Can be developed as knowledge of
the issues improvesthe issues improves
The Importance of Frameworks The Importance of Frameworks cont.cont.
Can be used as predictor and Can be used as predictor and effectiveness and may be subject to effectiveness and may be subject to back testingback testing
Danger: too rigid a view and facts Danger: too rigid a view and facts may be ignored if they apparently do may be ignored if they apparently do not fit frameworknot fit framework
More overall points: More overall points: RecordingRecording
Why record?Why record? Reflects thinking process at the timeReflects thinking process at the time Reflects what appears reasonable at the timeReflects what appears reasonable at the time Reference point for the futureReference point for the future Clarifies assumptions madeClarifies assumptions made Explains reasons for action made at the timeExplains reasons for action made at the time For example; why did we think these risks For example; why did we think these risks
were more important than those when we were more important than those when we carried out the risk assessment?carried out the risk assessment?
Some Risk Profiling HistorySome Risk Profiling History
Growing need for regulators to Growing need for regulators to account for their actionsaccount for their actions
They need to explain why they look at They need to explain why they look at certain issues and not otherscertain issues and not others
Resource constraints: cannot look at Resource constraints: cannot look at everythingeverything
Important to have an audit trail Important to have an audit trail reflecting decision making processreflecting decision making process
Some Risk Profiling History Some Risk Profiling History cont.cont.
SFA’s experience and how risk profiling SFA’s experience and how risk profiling grewgrew
My group of 500 odd firms; which one to My group of 500 odd firms; which one to visit next and what was the ranking of visit next and what was the ranking of their importance in relation to their their importance in relation to their potential to damage the securities potential to damage the securities sector?sector?
The Bank of England’s RATE system The Bank of England’s RATE system developed post Baringsdeveloped post Barings
Common denominators in Risk Common denominators in Risk Assessment systemsAssessment systems
CapitalCapital LiquidityLiquidity Systems and controlsSystems and controls ManagementManagement
Focus very much on mitigation of business risk Focus very much on mitigation of business risk and little analysis of types of business risk taken and little analysis of types of business risk taken on by the industry and therefore a need to on by the industry and therefore a need to understand and select appropriate mitigation.understand and select appropriate mitigation.
But an important start and industry is receptive to But an important start and industry is receptive to the risk based approachthe risk based approach
Implications of risk based Implications of risk based assessmentsassessments
Moves away from the tick box mentalityMoves away from the tick box mentality Moves away from “carpet bombing”Moves away from “carpet bombing” But it is risk based and the assessment of But it is risk based and the assessment of
risk can be incorrect; that something that risk can be incorrect; that something that was abandoned in the interest of an issue was abandoned in the interest of an issue that was deemed to be important at the that was deemed to be important at the time could “get up and bite”.time could “get up and bite”.
Hence the importance of developing a Hence the importance of developing a robust framework that records the robust framework that records the decision making process.decision making process.
What do you wish to get out of What do you wish to get out of the ARROW Assessmentthe ARROW Assessment
Survival with as little inconvenience as Survival with as little inconvenience as possible?possible?
Reassurance that the business is running as Reassurance that the business is running as expected?expected?
Check that management focus is in the Check that management focus is in the right place?right place?
The control infrastructure is effective in The control infrastructure is effective in supporting the business in a safe way?supporting the business in a safe way?
Our view of our Firm’s risk profile is the Our view of our Firm’s risk profile is the same as FSA’s?same as FSA’s?
Arrow 2 Arrow 2
A2 takes an holistic view of the firmA2 takes an holistic view of the firm Not issue focussedNot issue focussed Places an issue in the context of the Places an issue in the context of the
business and its control infrastructurebusiness and its control infrastructure Asks two fundamental questionsAsks two fundamental questions
How likely is it that the issue will How likely is it that the issue will materialise?materialise?
What would be the significance if it did?What would be the significance if it did?
““an issue”an issue”
Mismarking has occurredMismarking has occurred Types of sub issues to considerTypes of sub issues to consider Size of mismarkSize of mismark Transparency: OTCTransparency: OTC Discovered by?Discovered by? Trader experience?Trader experience? Does this issue compromise whole Does this issue compromise whole
trading operation of the firm?trading operation of the firm?
ARROW 2 GridARROW 2 Grid
A2 grid tries to mirror the organisation of a A2 grid tries to mirror the organisation of a firmfirm
Risk is analysed by Risk is analysed by Front Office (Customer, Products, Markets)Front Office (Customer, Products, Markets) Back Office (Business process)Back Office (Business process) Prudential Prudential Complemented by controls specific to these issuesComplemented by controls specific to these issues Plus overall controls plus capital and liquidityPlus overall controls plus capital and liquidity Generating net riskGenerating net risk
ARROW 2 MethodologyARROW 2 Methodology
The concept of net riskThe concept of net risk Focus on inherent business risk to get some Focus on inherent business risk to get some
idea of the gross risk and then an idea of the gross risk and then an assessment of the controls to offset that riskassessment of the controls to offset that risk
The overall controls of The overall controls of GovernanceGovernance ComplianceCompliance Risk managementRisk management Internal AuditInternal Audit Clarity on the role of capitalClarity on the role of capital
GovernanceGovernance
A big driver of the risk score and a subject I A big driver of the risk score and a subject I shall be speaking to in anther one of these shall be speaking to in anther one of these sessionssessions
What makes for effective governance?What makes for effective governance? A methodology I want to talk about in A methodology I want to talk about in
December December Correct mix of structure, process, management Correct mix of structure, process, management
information and culture to produce effective information and culture to produce effective controls, legal entity integrity the minimisation of controls, legal entity integrity the minimisation of client risk etcclient risk etc
Important to have a framework that provides Important to have a framework that provides meaningful feedback to the industry. meaningful feedback to the industry.
ComplianceCompliance
Profile within businessProfile within business Appropriate resourcingAppropriate resourcing Span of operationSpan of operation
AdvisoryAdvisory SurveillanceSurveillance Spectrum of legal (advisory) compliance Spectrum of legal (advisory) compliance
(surveillance) and internal audit(surveillance) and internal audit
Internal AuditInternal Audit
Profile within the organisationProfile within the organisation Career progression or dead end?Career progression or dead end? Resourcing- adequate skills baseResourcing- adequate skills base Risk based approachRisk based approach Liaison with external auditors and Liaison with external auditors and
extent to which they rely on Internal extent to which they rely on Internal AuditAudit
Role of Capital and LiquidityRole of Capital and Liquidity
Capital cannot replace effective systems and Capital cannot replace effective systems and controlscontrols
Can only be a cushion until issues are resolvedCan only be a cushion until issues are resolved Is a reserve to meet expected and unexpected Is a reserve to meet expected and unexpected
movements in risks faced by the business, movements in risks faced by the business, including market, credit and operational.including market, credit and operational.
LiquidityLiquidity Liquidity management is now and always was Liquidity management is now and always was
of prime importance and this is reflected in of prime importance and this is reflected in ongoing assessments.ongoing assessments.
Put Yourself in the shoes of the Put Yourself in the shoes of the FSA and ask the followingFSA and ask the following
What are their core statutory What are their core statutory responsibilitiesresponsibilities
How would you relate your firm to How would you relate your firm to thesethese
How would you go about a risk How would you go about a risk assessment of your firm if you were assessment of your firm if you were the FSAthe FSA
What conclusions would you arrive atWhat conclusions would you arrive at How would you mitigate identified risksHow would you mitigate identified risks
Importance of preparationImportance of preparation
FSA personnel busy and will welcome FSA personnel busy and will welcome information that isinformation that is Pertinent and clearPertinent and clear You know your firm best and in a good position to You know your firm best and in a good position to
supply relevant informationsupply relevant information Clarify from FSA exactly what is required when and Clarify from FSA exactly what is required when and
in what format. Be specific and as focussed as in what format. Be specific and as focussed as possible; try and be proactive rather than reactivepossible; try and be proactive rather than reactive
FSA will also gather information from other divisions FSA will also gather information from other divisions within FSA so it is worth while reviewing the total within FSA so it is worth while reviewing the total exposure of the firm to FSA.exposure of the firm to FSA.
The VisitThe Visit
The discovery conceptThe discovery concept The importance of meetings (CEO, heads The importance of meetings (CEO, heads
of business and control heads)of business and control heads) Agenda is clear between Firm and FSAAgenda is clear between Firm and FSA Appropriate people to attend meetingsAppropriate people to attend meetings Avoid back to back meetingsAvoid back to back meetings Importance of summing up the main Importance of summing up the main
points after each meeting.points after each meeting.
The Close Out MeetingThe Close Out Meeting
Understand and agree issues raised; clarify in Understand and agree issues raised; clarify in a constructive way. The controls are weak; a constructive way. The controls are weak; which controls and why are they weakwhich controls and why are they weak
Issues raised should give contouring to the Issues raised should give contouring to the risk profile; are they a surprise or not. Avoid risk profile; are they a surprise or not. Avoid talking about risk profiles without concrete talking about risk profiles without concrete examples.examples.
Above all it is important that there is a Above all it is important that there is a convergence of views if the firm is to get convergence of views if the firm is to get anything out of ARROWanything out of ARROW
The Risk Mitigation The Risk Mitigation ProgrammeProgramme
Each risk mitigation will be analysed and Each risk mitigation will be analysed and recorded as followsrecorded as follows Issue; intended outcome; action to accomplish thisIssue; intended outcome; action to accomplish this The concept of tools and the tool boxThe concept of tools and the tool box Use of Firm’s resources to conduct the workUse of Firm’s resources to conduct the work Be clear on scope and what constitutes an Be clear on scope and what constitutes an
effective outcomeeffective outcome Clear on resource commitment from FSA and FirmClear on resource commitment from FSA and Firm Clear on time frameClear on time frame
OutputOutput
Draft letter- chance to correct factual Draft letter- chance to correct factual errors but overall message remains the errors but overall message remains the same if not affected by factual errorsame if not affected by factual error
If the close out meeting is successful the If the close out meeting is successful the draft letter should contain no surprisesdraft letter should contain no surprises
Letter formatLetter format Addressed to?Addressed to? Main message clearly understood?Main message clearly understood? Scores and their roleScores and their role RMP clear and related to the main message?RMP clear and related to the main message?
Ongoing ProcessOngoing Process
Thank god it is all over?Thank god it is all over? ARROW should be a live process and not ARROW should be a live process and not
cast in stone but subject to alteration as cast in stone but subject to alteration as firm’s profile changes.firm’s profile changes.
What changes profileWhat changes profile Change in business activityChange in business activity Rapid expansion causing control and Rapid expansion causing control and
management stretchmanagement stretch It pays to keep FSA informed so that in the It pays to keep FSA informed so that in the
next ARROW the firm’s risk profile does not next ARROW the firm’s risk profile does not have to be built up from the ground againhave to be built up from the ground again
Staying in touchStaying in touch
It pays to stay in touch and keep the It pays to stay in touch and keep the FSA abreast of strategic developments FSA abreast of strategic developments and how these will be supported by an and how these will be supported by an effective control infrastructureeffective control infrastructure
Try and avoid springing surprises on Try and avoid springing surprises on the FSA; discuss potential problems the FSA; discuss potential problems and think through effective mitigation and think through effective mitigation well before the issue crystalliseswell before the issue crystallises