building a modern risk management department seminar
DESCRIPTION
Building a Modern Risk Management Department Seminar. Financial Services Volunteer Corps (FSVC) January 19 – 22, 2009 Tripoli, Libya. Day One. Period 9:50 to 11:00 AM. Setting the Stage: Principles of Bank Risk Management. Core Objectives of Risk Management. - PowerPoint PPT PresentationTRANSCRIPT
1
Building a Modern Risk Management Department Seminar
Financial Services Volunteer Corps (FSVC)January 19 – 22, 2009Tripoli, Libya
2
Day One
Period 9:50 to 11:00 AM
3
Setting the Stage: Principles of Bank Risk Management
4
Core Objectives of Risk ManagementCore Objectives of Risk Management
• Maintenance of solvency: constrain losses to within acceptable levels at all points through the economic cycle
• Ensure risks are transparent and well understood, both internally and externally (owners must understand the risks they are investing in; government/regulators should understand important and systemic risks)
• Ensure risks taken are consistent with organizational capability and risk appetite
• Risk Management as a source of competitive advantage
5
The “Vicious Cycle” of Risk
Incur Large Losses
Forego Economic Risks
Clamp Down on Lending/Risk
Taking
Take Uneconomic Risks
Lose Market Share/Profits
Drive Growth Aggressively
6
Some principles about banking and risk
Since the future is uncertain, you can’t generate returnswithout taking risk:
•Capital and expenses come first, and are certain – revenues come later (and are uncertain)
•You can’t divorce the level of risk from the expected level of return: the higher the desired return, the more risk you must be willing to take
•Half the time you can expect the mean return or more, and half the time the mean return or less
•Diversification is necessary to lower the average total risk
7
Some principles about banking and risk (Cont.)That said, banks need to be low-risk:
•Society relies on the effective functioning of the banking system
•The system is based on confidence and trust
•The main source of funding in most countries is customer deposits
•Banks are the main mechanism for domestic and international payments
•Banks are the main vehicle for storing non-real estate wealth
•In many countries banks raise most of the country’s external debt…
•… hence the importance of reputation and confidence
Reputation follows behavior; thus need to build and sustain trust
8
Some principles about banking and risk (Cont.)There is a finite limit to the level of risk a commercial bank can take
•Fundamentally businesses depend on their ability to fund themselves and generate cash
•Companies go bust when they run out of cash. They run out of cash when they are not viable economically, or lose confidence
•Failure usually happens when you get the basics wrong, not the subtleties
•The amount of risk that is acceptable is fundamentally determined by the need to raise funding (and, where applicable, to preserve credit ratings)
•Banking is a cyclical business:
– Leveraged to the economic cycle
– High financial leverage
– High operating leverage – fixed costs often approximate 50% of revenues
– Average margins on assets and liabilities are often very low so financial risk tolerance must also be low, so high confidence levels are used in risk measurement
9
Some principles about banking and risk (Cont.)
To be successful banks must remain successful and viable at every point on the economic cycle.
• If you take all the opportunities on the way up…
• You get all the losses on the way down!
10
Fundamentally the level of risk is determined by:
• the decision to be in a business,
• the extent to which you participate,
• the capability and culture of the organization, and
• the quality of the people you put in charge of the business
•This governs 80% of the outcome
•The balance is in how this is executed
• Note: Culture is a dominant factor in risk outcomes, including incentives
• Strong leadership from the top on risk matters is essential to ensure a strong “risk culture”
Some principles about banking and risk (Cont.)
11
Components of an Effective Risk Management Process
•Governance
•Risk Identification
•Risk Measurement
•Risk Management: Policy and Process
•Risk Reporting
•Policy and Process Compliance (Internal Audit; Legal / External Audit; Regulatory Compliance; Supervisory Examinations; etc)
12
• History shows that banks periodically get it materially wrong (eg early 1990’s in USA, UK, Australia; Currently in the U.S., Europe and globally)
• Until recently, advances in risk management (especially credit risk) have borne fruit
– e.g. very few bank failures in the USA, UK and Europe during the economic downturn of 2001 - 2002
• But the current crisis has brought a lot of bank failures. Have the recent advances in risk management bred complacency, misguided quantification and modelling, or did they encourage inappropriate risk appetites?
Some principles about banking and risk (Cont.)
13
Risk Management Framework
14
The Risk Management and Control Framework defines the key elements necessary for effective risk management & control
Organization and Culture
Monitoring
Risk Assessment Process
Objective Setting
Information and Communication Ongoing Control
Activities
•Organizational structure
•Accountability
•Authority levels
•Staffing and capability
•Ethics and integrity
•Risk Management philosophy & culture
•Risk limits
•Business performance monitoring
•Risk measurement and analysis
•Management control self-assessment
•Independent evaluations
•Strategic planning and budgeting process
•Measurability and alignment of objectives
•Communication and understanding of objectives
•Self-assessment planning
•Risk (event) identification
•Risk assessment
•Risk response
•Information infrastructure
•Common reporting metrics
•Information reports
•Communication channels and methodologies
•Business process controls
•IT controls
•Physical controls
•Control documents – policies, procedures, standards and guides
15
Five criteria define excellence in risk management
1. Business areas take ownership, and risk management is an ingrained, actively managed process
2. External stakeholder expectations are met
3. We operate in a no-surprise environment
4. Each type of risk, and risk experience in the aggregate, is within our risk appetite
5. We know where we are
16
Risk Philosophy
17
Risk philosophy guides development and action
Governance
• Board Awareness – of risks and related strategies
• Senior Management Accountability – for risks in their respective areas, within policy
• Independent Risk Management – apart from the business areas and Audit
Decision-Making
• Business Plan Integration – of risks and required mitigation strategies
• Cost/Benefit Analysis – for consideration of alternate risk strategies and/or risk acceptance
18
Risk Philosophy (cont.)Infrastructure
• Explicit Capital Charge – to measure risk exposure and create incentives
• Self-Assessment Performed by Each Business/Functional Area – following enterprise methodology
• Loss Data – collected, quantified and reported by all business areas
• Formalized Policies & Governance – document policies, procedures, and guidelines
Culture
• Explicit Risk Performance Goals – define an acceptable level of risk appetite and performance measures
• Transparency and Openness – sharing and reporting of risk exposures, weaknesses and events
19
Governance Elements
Framework consists of:
• Board oversight & involvement
• Organizational structure– Independence of each of three functions
• MIS and reporting
• Culture
20
Risk Management Framework – Summary
• A sound governance structure is essential for establishing an appropriate framework and implementing effective risk management
• Banks have flexibility in creating organization structures so long as the required elements – and independence – are incorporated
• The governance process should continuously monitor existing risk measurement and management processes (risk architecture) and development and implementation of a framework for newer risk types using sound project management and oversight methodologies
21
Board
CEO etc.Board Risk
&/or Audit Committee
Chief Risk Official
Business Head
Internal Audit
“Independent Risk”
Management
Line of Business
Risk Management
22
“Independence” Hierarchy
R
Constituencies
Rating Agencies
Capital Markets
Debt & Equity Markets
Other Stakeholders
Government
Regulatory Supervision
Owners
Board of Directors
External Audit
Internal Audit
“Independent Risk Management”
Business Risk Management
23
The Current Crisis
24
Factors• Flawed risk decisions
– Statistical– Judgmental
• Extreme leverage• Mismatched book: Short finances long• Mismatched book:
– Off-balance sheet assets & liabilities were actually on balance sheet liabilities
– Sold risk participations circled back to seller upon default• Weak due-diligence (trust, but verify)• Lax regulation / Complacent regulation• Poor rating-agency performance• Moral hazards• Misguided macro-economics• Risk types misunderstood so not analyzed or analyzed by wrong skill sets
Is it a Financial Crisis or an Economic Crisis – or both?
25
Libya
• Small participant in the global economy
• Vulnerable to oil price volatility (a significant factor in the global economy and in the current crisis)
• But …– “Libyan Energy Fund to acquire minority stake in Italy's Eni and
might push for representation on Eni’s board” (WSJ 12/8/08)– “Libyan Investment Authority has agreed to buy a large office
building in the City of London” (FT – 12/10/08)
• As Libya becomes more externally focused (and if it becomes more welcoming of internal investment and travel) it will become more subject to the global economy.