credit union supervision workshop kingstown, st. vincent courtney christie-veitch financial sector...
TRANSCRIPT
CREDIT UNION SUPERVISION WORKSHOP
KINGSTOWN, ST. VINCENT
COURTNEY CHRISTIE-VEITCHFINANCIAL SECTOR SUPERVISOR, CARTAC
AUGUST 20 - 22, 2014
Risk-based Supervision for Credit Unions
Presentation Outline
BackgroundSignificant ActivitiesMaterialityInherent risksQuality of Risk ManagementResidual Risk
Presentation Outline
Direction of RiskCapital AssessmentEarnings AssessmentLiquidity AssessmentComposite Rating
The Essence of Risk Taking
“Experience taught me a few things. One is to listen to your gut, no matter how good something sounds on paper. The second is that you're generally better off sticking with what you know. And the third is that sometimes your best investments are the ones you don't make.” Donald Trump
Rationale for Risk-based Approach
Resources are not infinite / allocation of scarce resources
Mechanism to prioritize work/on-sites – focus efforts on greatest risks
Focus on risks to institution's aims and objectives
Basis for justifying approach, action and decision
Documented and consistent approach to risk management
Step I: Identifying Significant Activities
Line of businessBusiness unitsEnterprise wide process e.g. information
technologyActivities can be identified from:
Organization structure Strategic plans Operational and Business plans Capital allocations, Financial reporting (internal/external)
Step II: Determining Materiality
Assets generated by the activity relative to total asset size
Revenue generated by activity in relation to total revenue
Net income before tax/total net income before tax
Risk weighted assets generated by activity / total RWA
Capital allocation / total capitalStrategic importance
Group Exercise # 1
Using the Annual Reports and Audited Financial Statements provided for the five Credit Unions,Identify the significant activitiesDetermine materiality of the significant activity identified
Step III: Assess Inherent Risks
Inherent risk is risk which cannot be segregated from the activity. It is intrinsic to an activity and arises from exposure to and uncertainty from potential future events. Inherent risks are evaluated by considering the degree of probability and the potential size of an adverse impact on an institution’s capital, liquidity or earnings.
Inherent Risk Assessment
High
Current Risk Levels
Medium High
Mitigation
Moderate
Medium Low
Target Risk Levels
Low
Low Medium Low Moderate Medium High High
Impact
Probability
Assessing Inherent RiskThe CAMELS Rating System
Uniform Financial Institutions Rating System (UFIRS)Adopted by Federal Financial Institutions Examination
Council (FFIEC) in 1979Assesses six components of a deposit taking financial
institution’s performance.Driven by both component and composite ratingsTakes into consideration financial, managerial and
compliance factors common to all financial institutions.Licensees evaluated in a uniformed and comprehensive
mannerSupervision attention appropriately focused on the
financial institutions exhibiting financial and operational weaknesses or adverse trends.
Assessing Inherent RiskThe CAMELS Rating System
References to the CAMELS Rating System in this Presentation are based on the Office of the Comptroller of the Currency (OCC) On-site Process Handbook, updated September 2012.
The CAMELS Rating System is: Used to assess credit unions in the USA Used by the majority of Financial Institution Regulators in the
Caribbean A risk assessment tool / not just a management or reporting tool as
the PEARLS system
CAMELS Asset Quality Assessment
Soundness of risk identification practices, credit underwriting standards and credit administration practices
Level, distribution, severity and trend of problem, classified, non accrual, restructured, delinquent and nonperforming assets (on and off balance sheet)
CAMELS Asset Quality Assessment
Adequacy of allowances for loans and lease losses and other valuation reserves
Credit risks arising from or induced by off-balance sheet transactions, e.g. unfunded commitments, credit derivatives, commercial and standby letters of credit and lines of credit.
CAMELS Asset Quality Assessment
Diversification and quality of the loan and investment portfolio
Extent of securities underwriting activities and exposures to counterparties in trading activities
Existence of asset concentration
CAMELS Asset Quality Assessment
Ability of management to properly administer its assets, including timely identification and collection of problem assets
Adequacy of internal controls and management information systems
Volume and nature of credit documentation exception.
CAMELS Sensitivity to Market Risk Assessment
Sensitivity of earnings or the economic value of capital to adverse changes in interest rate, foreign exchange rates, commodity prices or equity prices
The ability of management to identify, measure, monitor and control exposure to market risk given the size, complexity and risk profile of the FI
CAMELS Sensitivity to Market Risk Assessment
The nature and complexity of interest rate risk exposure arising from non trading positions
The nature and complexity of market risk exposure arising from trading, asset management activities and foreign exchange operations
Reputational Risk Assessment
Corporate GovernanceManagement integrityStaff competence / supportCorporate cultureRisk management and control environment
Reputational Risk Assessment
Financial Soundness / Business viability
Business practicesCustomer satisfactionLegal / regulatory complianceContagion risk / rumorsCrisis managementDisclosure and transparency
Concentration Risk Assessment
Geographic concentrationSingle nameRelated partyBalance sheetBusiness / Product line
Operational Risk Assessment
Operational risk is "the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". Basel Definition
Operational Risk Assessment
Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery
External Fraud- theft of information, hacking damage, third-party theft and forgery
Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety
Clients, Products, & Business Practice- market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
Damage to Physical Assets - natural disasters, terrorism, vandalism
Business Disruption & Systems Failures - utility disruptions, software failures, hardware failures
Execution, Delivery, & Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets
Strategic Risk Assessment
Strategic Risk is the risk of current or prospective impact on the financial institution’s earnings, capital, reputation or standing arising from change in the environment and from adverse strategic decisions, improper implementation of decisions or lack of responsiveness to industry, economic or technological changes.
Strategic Risk Assessment
Four Key Elements:Strategic PlanningAlignment and change management
Implementation and monitoringPerformance evaluation and feedback
Strategic Risk Assessment
Compatibility or suitability of the institution’s goals and objectives (consistent with - corporate vision, values, culture, business direction, risk tolerance)
Financial objectives consistent with strategic goals
Strategic decisions are prudent relative to size and complexity
Strategic Risk Assessment
Responsiveness to changes in environment
Adequacy of resources in carrying out strategic decisions
Implementation of strategic decisions
Impact of strategic decisions
Group Exercise # 2
1. Using a scale of 1 – 5 (1 = Strong and 5 = Critically Deficient), develop a risk scoring (definition) matrix for the following inherent risks: Strategic Risk Operational Risk Concentration Risk
2. Identify the inherent risks in each of the significant activities and score on the scale of 1 – 5 for each of the five credit unions provided for the case studies.
Quality of Risk Management and Oversight
Operational Management Compliance FunctionInternal Audit / Supervisory Committee
FunctionExternal Audit FunctionRisk Management FunctionSenior ManagementBoard Oversight
Quality of Risk Management Assessment
Operational management Day to day management of significant activities Adequate and appropriate for nature, size and
complexity of the financial institution Sufficient and effective in managing and
mitigating key risks Policies processes Control systems Staff levels and experience
Quality of Risk Management Assessment
Board Oversight Vary based on size, structure and complexity of
institutions Institutions required to have in place an effective
board of directors and senior management Board agree risk appetite e.g. aggressive or
conservative Board of directors ultimately accountable for
management and oversight of the institution Depending on size, board may delegate some
oversight responsibilities to board sub-committees e.g.. audit, risk management and human resource
Quality of Risk Management Assessment
Senior Management Oversight Depending on size, senior management
may delegate some oversight responsibilities to other oversight functions: Risk management Supervisory Committee/Internal Audit Compliance
Quality of Risk Management Assessment
Level and quality of oversight and support of all institution activities by the board of directors and management
The ability of the board of directors and management, in their respective roles to plan for, and respond to risks that may arise from changing business conditions or the initiation of new activities or products
Quality of Risk Management Assessment
Adequacy of, and compliance with appropriate internal policies and controls addressing operations and risks of significant activities
Accuracy, timeliness and effectiveness of management information and risk monitoring systems appropriate for the FI’s size, complexity and risk profile.
Quality of Risk Management Assessment
(Audit and Internal Controls)
Compliance with laws and regulationsResponsiveness to recommendations from auditors and supervisory authorities
Management depth and successionExtent that board of directors or management is affected by, or susceptible to, dominant influence or concentration of authority.
Quality of Risk Management Assessment
(Audit and Internal Controls)
Reasonableness of compensation policies and avoidance of self dealing
Demonstrated willingness to serve the legitimate FI needs of the community
The overall performance of the institution and its risk profile
Residual Risk Assessment
How key risks are managed in each significant activity – operational management
Effectiveness of oversight functions Governance / Board Internal audit / Internal controls Compliance
Each key inherent risk is considered separately for each significant activity
Determine aggregate residual risk
Residual Risk Assessment
Quality of Risk Management
1 2 3 4 5
LowMedium
Low ModerateMedium
High High
1 Strong Low Low LowMedium
Low Moderate
2 Satisfactory Low LowMedium
Low ModerateMedium
High
3Needs Improvement Low
Medium Low Moderate
Medium High High
4 DeficientMedium
Low ModerateMedium
High High High
5Critically Deficient Moderate
Medium High High High High
Level of Inherent Risk
Risk ImpactCapital Adequacy Assessment
Level and quality of capital Overall financial conditionManagement’s ability to address emerging capital needs
Nature, trend and volume of problem assets and adequacy of provision for loans and investment losses and adequacy of other reserves
Risk ImpactCapital Adequacy Assessment
Off balance risk exposuresGrowth prospects and past experiences in managing growth
Balance sheet composition, nature amount of intangible assets, concentration risks, market risks, risks in non traditional activities
Access to capital
Risk ImpactEarnings Risk Assessment
Levels of earnings including trends and stability
Ability to provide for adequate capital through retained earnings
Quality and sources of earningsLevel of expenses in relation to operations
Risk ImpactEarnings Risk Assessment
Adequacy of the budgeting systems, forecasting processes, management information systems
Adequacy of provisions to maintain the allowance for loan and lease losses and other valuation allowance
The earnings exposure to market risk, such as interest rate, foreign exchange and price risks
Risk ImpactLiquidity Risk Assessment
Availability of assets readily convertible to cash without undue loss
Access to money markets and other sources of funding
Level of diversification of funding sources, both on and off-balance sheet
The degree of reliance on short-term, volatile sources of funds, including borrowings and brokered deposits, to fund longer term assets
Risk ImpactLiquidity Risk Assessment
The trend and stability of depositsThe ability to securitize and sell certain
pools of assetsThe capability of management to
properly identify, measure, monitor and control institution’s liquidity position, including the effectiveness of funds management strategies, liquidity policies, management information systems, and contingency funding plans