credit union supervision workshop kingstown, st. vincent courtney christie-veitch financial sector...

CREDIT UNION SUPERVISION WORKSHOP

KINGSTOWN, ST. VINCENT

COURTNEY CHRISTIE-VEITCHFINANCIAL SECTOR SUPERVISOR, CARTAC

AUGUST 20 - 22, 2014

Risk-based Supervision for Credit Unions

Presentation Outline

BackgroundSignificant ActivitiesMaterialityInherent risksQuality of Risk ManagementResidual Risk

Presentation Outline

Direction of RiskCapital AssessmentEarnings AssessmentLiquidity AssessmentComposite Rating

Background: Role of Prudential Supervision

Background: How Supervisors Carry Out Their

Role

The Essence of Risk Taking

“Experience taught me a few things. One is to listen to your gut, no matter how good something sounds on paper. The second is that you're generally better off sticking with what you know. And the third is that sometimes your best investments are the ones you don't make.” Donald Trump

Rationale for Risk-based Approach

Resources are not infinite / allocation of scarce resources

Mechanism to prioritize work/on-sites – focus efforts on greatest risks

Focus on risks to institution's aims and objectives

Basis for justifying approach, action and decision

Documented and consistent approach to risk management

Risk Management StagesDecision

to be Risk-based

Set Risk Context

Step I: Identifying Significant Activities

Line of businessBusiness unitsEnterprise wide process e.g. information

technologyActivities can be identified from:

Organization structure Strategic plans Operational and Business plans Capital allocations, Financial reporting (internal/external)

Step II: Determining Materiality

Assets generated by the activity relative to total asset size

Revenue generated by activity in relation to total revenue

Net income before tax/total net income before tax

Risk weighted assets generated by activity / total RWA

Capital allocation / total capitalStrategic importance

Group Exercise # 1

Using the Annual Reports and Audited Financial Statements provided for the five Credit Unions,Identify the significant activitiesDetermine materiality of the significant activity identified

Step III: Assess Inherent Risks

Inherent risk is risk which cannot be segregated from the activity. It is intrinsic to an activity and arises from exposure to and uncertainty from potential future events. Inherent risks are evaluated by considering the degree of probability and the potential size of an adverse impact on an institution’s capital, liquidity or earnings.

Inherent Risk Assessment

High

Current Risk Levels

Medium High

Mitigation

Moderate

Medium Low

Target Risk Levels

Low

Low Medium Low Moderate Medium High High

Impact

Probability

Inherent Risk Framework - Traditional

Business .Environ

Operating .Environ

Inherent Risk Framework - Revised

Business .Environ

Operating .Environ

Inherent Risk Rating

Assessing Inherent RiskThe CAMELS Rating System

Uniform Financial Institutions Rating System (UFIRS)Adopted by Federal Financial Institutions Examination

Council (FFIEC) in 1979Assesses six components of a deposit taking financial

institution’s performance.Driven by both component and composite ratingsTakes into consideration financial, managerial and

compliance factors common to all financial institutions.Licensees evaluated in a uniformed and comprehensive

mannerSupervision attention appropriately focused on the

financial institutions exhibiting financial and operational weaknesses or adverse trends.

Assessing Inherent RiskThe CAMELS Rating System

References to the CAMELS Rating System in this Presentation are based on the Office of the Comptroller of the Currency (OCC) On-site Process Handbook, updated September 2012.

The CAMELS Rating System is: Used to assess credit unions in the USA Used by the majority of Financial Institution Regulators in the

Caribbean A risk assessment tool / not just a management or reporting tool as

the PEARLS system

Objectives of the CAMELS Framework

Additional Risks Not Explicitly Considered by CAMELS

CAMELS Asset Quality Assessment

Soundness of risk identification practices, credit underwriting standards and credit administration practices

Level, distribution, severity and trend of problem, classified, non accrual, restructured, delinquent and nonperforming assets (on and off balance sheet)


Adequacy of allowances for loans and lease losses and other valuation reserves

Credit risks arising from or induced by off-balance sheet transactions, e.g. unfunded commitments, credit derivatives, commercial and standby letters of credit and lines of credit.


Diversification and quality of the loan and investment portfolio

Extent of securities underwriting activities and exposures to counterparties in trading activities

Existence of asset concentration


Ability of management to properly administer its assets, including timely identification and collection of problem assets

Adequacy of internal controls and management information systems

Volume and nature of credit documentation exception.

Asset Quality Rating

CAMELS Sensitivity to Market Risk Assessment

Sensitivity of earnings or the economic value of capital to adverse changes in interest rate, foreign exchange rates, commodity prices or equity prices

The ability of management to identify, measure, monitor and control exposure to market risk given the size, complexity and risk profile of the FI

CAMELS Sensitivity to Market Risk Assessment

The nature and complexity of interest rate risk exposure arising from non trading positions

The nature and complexity of market risk exposure arising from trading, asset management activities and foreign exchange operations

CAMELSSensitivity to Market Risk Rating

Reputational Risk Assessment

Corporate GovernanceManagement integrityStaff competence / supportCorporate cultureRisk management and control environment

Reputational Risk Assessment

Financial Soundness / Business viability

Business practicesCustomer satisfactionLegal / regulatory complianceContagion risk / rumorsCrisis managementDisclosure and transparency

Reputational Risk Rating

Concentration Risk Assessment

Geographic concentrationSingle nameRelated partyBalance sheetBusiness / Product line

Operational Risk Assessment

Operational risk is "the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". Basel Definition

Operational Risk Assessment

Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery

External Fraud- theft of information, hacking damage, third-party theft and forgery

Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety

Clients, Products, & Business Practice- market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning

Damage to Physical Assets - natural disasters, terrorism, vandalism

Business Disruption & Systems Failures - utility disruptions, software failures, hardware failures

Execution, Delivery, & Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets

Strategic Risk Assessment

Strategic Risk is the risk of current or prospective impact on the financial institution’s earnings, capital, reputation or standing arising from change in the environment and from adverse strategic decisions, improper implementation of decisions or lack of responsiveness to industry, economic or technological changes.


Four Key Elements:Strategic PlanningAlignment and change management

Implementation and monitoringPerformance evaluation and feedback


Compatibility or suitability of the institution’s goals and objectives (consistent with - corporate vision, values, culture, business direction, risk tolerance)

Financial objectives consistent with strategic goals

Strategic decisions are prudent relative to size and complexity


Responsiveness to changes in environment

Adequacy of resources in carrying out strategic decisions

Implementation of strategic decisions

Impact of strategic decisions

CORBASCEL Proposed Risk Assessment System – Inherent

Risks

Group Exercise # 2

1. Using a scale of 1 – 5 (1 = Strong and 5 = Critically Deficient), develop a risk scoring (definition) matrix for the following inherent risks: Strategic Risk Operational Risk Concentration Risk

2. Identify the inherent risks in each of the significant activities and score on the scale of 1 – 5 for each of the five credit unions provided for the case studies.

Quality of Risk Management and Oversight

Operational Management Compliance FunctionInternal Audit / Supervisory Committee

FunctionExternal Audit FunctionRisk Management FunctionSenior ManagementBoard Oversight

Quality of Risk Management Assessment

Operational management Day to day management of significant activities Adequate and appropriate for nature, size and

complexity of the financial institution Sufficient and effective in managing and

mitigating key risks Policies processes Control systems Staff levels and experience


Board Oversight Vary based on size, structure and complexity of

institutions Institutions required to have in place an effective

board of directors and senior management Board agree risk appetite e.g. aggressive or

conservative Board of directors ultimately accountable for

management and oversight of the institution Depending on size, board may delegate some

oversight responsibilities to board sub-committees e.g.. audit, risk management and human resource


Senior Management Oversight Depending on size, senior management

may delegate some oversight responsibilities to other oversight functions: Risk management Supervisory Committee/Internal Audit Compliance


Level and quality of oversight and support of all institution activities by the board of directors and management

The ability of the board of directors and management, in their respective roles to plan for, and respond to risks that may arise from changing business conditions or the initiation of new activities or products


Adequacy of, and compliance with appropriate internal policies and controls addressing operations and risks of significant activities

Accuracy, timeliness and effectiveness of management information and risk monitoring systems appropriate for the FI’s size, complexity and risk profile.


(Audit and Internal Controls)

Compliance with laws and regulationsResponsiveness to recommendations from auditors and supervisory authorities

Management depth and successionExtent that board of directors or management is affected by, or susceptible to, dominant influence or concentration of authority.


(Audit and Internal Controls)

Reasonableness of compensation policies and avoidance of self dealing

Demonstrated willingness to serve the legitimate FI needs of the community

The overall performance of the institution and its risk profile

Quality of Risk Management Rating

Residual Risk Assessment

How key risks are managed in each significant activity – operational management

Effectiveness of oversight functions Governance / Board Internal audit / Internal controls Compliance

Each key inherent risk is considered separately for each significant activity

Determine aggregate residual risk

Residual Risk Rating

Residual Risk Assessment

Quality of Risk Management

1 2 3 4 5

LowMedium

Low ModerateMedium

High High

1 Strong Low Low LowMedium

Low Moderate

2 Satisfactory Low LowMedium

Low ModerateMedium

High

3Needs Improvement Low

Medium Low Moderate

Medium High High

4 DeficientMedium

Low ModerateMedium

High High High

5Critically Deficient Moderate

Medium High High High High

Level of Inherent Risk

Direction of Risk

Stable

Risk ImpactCapital Adequacy Assessment

Level and quality of capital Overall financial conditionManagement’s ability to address emerging capital needs

Nature, trend and volume of problem assets and adequacy of provision for loans and investment losses and adequacy of other reserves

Risk ImpactCapital Adequacy Assessment

Off balance risk exposuresGrowth prospects and past experiences in managing growth

Balance sheet composition, nature amount of intangible assets, concentration risks, market risks, risks in non traditional activities

Access to capital

Capital Adequacy Rating

Risk ImpactEarnings Risk Assessment

Levels of earnings including trends and stability

Ability to provide for adequate capital through retained earnings

Quality and sources of earningsLevel of expenses in relation to operations

Risk ImpactEarnings Risk Assessment

Adequacy of the budgeting systems, forecasting processes, management information systems

Adequacy of provisions to maintain the allowance for loan and lease losses and other valuation allowance

The earnings exposure to market risk, such as interest rate, foreign exchange and price risks

Earnings Risk Rating

Risk ImpactLiquidity Risk Assessment

Availability of assets readily convertible to cash without undue loss

Access to money markets and other sources of funding

Level of diversification of funding sources, both on and off-balance sheet

The degree of reliance on short-term, volatile sources of funds, including borrowings and brokered deposits, to fund longer term assets

Risk ImpactLiquidity Risk Assessment

The trend and stability of depositsThe ability to securitize and sell certain

pools of assetsThe capability of management to

properly identify, measure, monitor and control institution’s liquidity position, including the effectiveness of funds management strategies, liquidity policies, management information systems, and contingency funding plans

Liquidity Risk Rating

Composite Risk Assessment

Framework for Risk-based Supervision CORBACELS

CORBASCELS

CAMELS

Framework for Risk-based Supervision CORBASCEL

Thank you!Any questions?

credit union supervision workshop kingstown, st. vincent courtney christie-veitch financial sector...

Documents

risk management slide

essence of risk

riskfocused approach

riskbased supervision

inherent risks inherent

riskbased approach resources

risk management stages

tax risk weighted assets