risk management presentation october 8 2012

7/28/2019 Risk Management Presentation October 8 2012

1/104

P a g e | 1

International Association of Risk and ComplianceProfessionals (IARCP)

1200 G Street NW Suite 800 Washington, DC 20005-6705 USATel: 202-449-9750www.risk-compliance-association.com

Top 10 risk and compliance management related news storiesand world events that (for better or for worse) shaped the week's

agenda, and what is next

George LekatisPresident of the IARCP

Dear Member,

We have some very interesting principles for the supervision offinancial conglomerates.

What I really enjoyed:

Supervisors should require that financial conglomeratesnot make overlyambitious diversification assumptionsor imprudent correlation claims,particularly for capital adequacy and solvency purposes.

Also:

While it is possible that the spread of activities within a financialconglomerate may create diversification effects and reduce correlation, itis also true that membership of a financial conglomerate group maycreategroup risksin the form offinancial contagion, reputationalcontagion, ratings contagion (where a subsidiary accesses capital througha parentscredit rating and then suffers stress following the utilisation ofthe capital), double /multiple-gearing(use of same capital more thanonce within a group), excessive leveraging (upgrade in the quality ofcapital as it moves through a group), and regulatory arbitrage.

Read more at N umber 1

Welcome to the Top 10 list.

International Association of Risk and Compliance Professionals (IARCP)www.risk-compliance-association.com
http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/


2/104

P a g e | 2

Joint Forum, Principles for the supervision offinancial conglomerates

Corporate Governance

Broadly, corporate governance describes theprocesses, policies and laws that govern how acompany or group is directed, administered orcontrolled.

It defines the set of relationshipsbetween acompanysmanagement, its board, itsshareholders, and other recognised stakeholders.

Final Basel I I I Rules inAustralia

Australian PrudentialRegulation Authority (APRA)

To: All locally incorporated authorised deposit-taking institutions BaselI I I capital: interim arrangements for Additional Tier 1 and Tier 2 capitalinstruments

Public Hearings on the draft factual Report ofthe EU-US Insurance Regulatory Dialogue

Project

http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/


3/104

P a g e | 3

Five Questions about the Federal Reserve andMonetary Policy

Chairman Ben S. Bernanke, at the Economic Club of

Adoption of UpdatedEDGAR Filer Manual

The Securities and

Exchange Commission (the Commission) is adopting revisions to theElectronic Data Gathering, Analysis, and Retrieval System (EDGAR)Filer Manual and related rules to reflect updates to the EDGAR system.

Dealing with financial systemic risk:

the contribution of macroprudentialpolicies

Panel remarks by Jaime Caruana,General Manager of the Bank forInternational Settlements, CentralBank of Turkey/ G20 Conference on"Financial systemic risk", Istanbul



4/104

P a g e | 4

EU to Gabriel Bernardino (EIOPA)

2013 work programmeEuropean Securities and MarketsAuthority

ESMAs key objectives and priorities in 2013



5/104

P a g e | 5

Solvency I I monitoring the ongoingappropriateness of internal models

Julian Adams, Director, Insurance

In June 2012 I wrote to all firms in ourinternalmodel approval processto share our thinking on the way we will monitorthe ongoing appropriatenessof internal models after approval.

The UK CorporateGovernance Code

Important parts

The first version of the UK Corporate Governance Code (the Code) wasproduced in 1992 by the Cadbury Committee.

Its paragraph 2.5 is still the classic definition of the context of the Code:

Corporate governance is the system by which companies are directedand controlled. Boards of directors are responsible for the governance oftheir companies.

The shareholdersrole in governance is to appoint the directors and theauditors and to satisfy themselves that an appropriategovernance structure is in place.

The responsibilities of the board include setting the companys strategic

aims, providing the leadership to put them into effect, supervising themanagement of the business and reporting to shareholders on theirstewardship.The boardsactions are subject to laws, regulations and the shareholdersin general meeting.



6/104

P a g e | 6

NUMBER 1

Joint Forum, Principles for thesupervision of financial conglomerates

Corporate Governance

Broadly, corporate governance describes theprocesses, policies and laws that govern how acompany or group is directed, administered orcontrolled.

It defines the set of relationshipsbetween acompanysmanagement, its board, itsshareholders, and other recognisedstakeholders.

Corporate governance also providesthe structure through which theobjectives of the company are set, and the means of attaining thoseobjectives and monitoring performance are determined.

Good corporate governance should provide proper incentivesfor theboard and management to pursue objectives that are in the interests ofthe company and its shareholders and should facilitate effectivemonitoring.

The presence of an effective corporate governance system, within anindividual company or group and across an economy as a whole, helps toprovide a degree of confidence that is necessary for the proper functioningof a market economy.

Financial conglomerates are often complex groups with multipleregulated and unregulated financial and other entities.

Given this inherent complexity, corporate governance must carefullyconsider and balance the combination of interests of recognisedstakeholders of the ultimate parent, and the regulated financial and otherentities of the group.



7/104

P a g e | 7

Ensuring that a common strategy supports the desired balance and thatregulated entities are compliant with regulation on an individual and onan aggregate basis should be a goal of the governance system.

This governance system is the fiduciary responsibility of the board ofdirectors.

When assessing corporate governance across a financial conglomerate,supervisors should apply these principlesin a manner that is appropriateto the relevant sectors and the supervisory objectives of those sectors.

This section describes the elements of the governance system mostrelevant to financial conglomerates, and how they should be assessed bysupervisors.

Corporate governance in financial conglomerates

10. Supervisors should seek to ensure that the financial conglomerateestablishes a comprehensive and consistent governance frameworkacross the group that addresses the sound governance of the financialconglomerate, including unregulated entities, without prejudice to thegovernance of individual entities in the group.

Implementation criteria

10(a) Supervisors should require that the corporate governance frameworkof the financial conglomerate has minimum requirementsfor goodgovernance of the entities of the financial conglomerate which allow forthe prudential and legal obligations of its constituent entities to beeffectively met.

The ultimate responsibility for the sound and prudent management of afinancial conglomerate rests with the board of the head of the financial

conglomerate.

10(b) Supervisors should require that the financial conglomerateemphasises a high degree of integrity in the conduct of its affairs.



8/104

P a g e | 8

10(c) Supervisors should seek to ensure that the corporate governanceframework appropriately balances the diverging interests of constituententities and the financial conglomerate as a whole.

10(d) Supervisors should require that the governance framework respectsthe interests of policy holders and depositors (where relevant), and shouldseek to ensure that it respects the interests of other recognisedstakeholders of the financial conglomerate and the financial soundness ofentities in the financial conglomerate.

10(e) Supervisors should require that the governance framework includesadequate policies and processes that enable potential intra-groupconflicts of interest to be avoided, and actual conflicts of interest to beidentified and managed.

Explanatory comments

10.1 The corporate governance framework should address whereappropriate:

Alignment to the structure of the financial conglomerate;

Financial soundness of the significant owners;

Suitability of board members, senior management and key persons incontrol functionsincluding their ability to make reasonable and impartialbusiness judgments;

Fiduciary responsibilities of the boardsof directors and seniormanagement of the head company and material subsidiaries;

Management ofconflicts of interest, in particular at the intra-group leveland remuneration policies and practices within the financial

conglomerate; and

Internal control and risk management systems and internal audit andcompliance functionsfor the financial conglomerate.



9/104

P a g e | 9

2.The groupscorporate governance framework should notably include astrong risk management framework (refer to the Risk Managementsection), a robust internal control system, effective internal audit andcompliance functions, and ensure that the group conducts its affairs withappropriate independence and a high degree of integrity.

3.Group-wide governance not only involves the governance of the head ofthe financial conglomerate, but also applies group-wide to all materialactivities and entities of the financial conglomerate.

4. In the event the localcorporate governance requirements applicable toany particular material entity in the financial conglomerate are below thegroup standards, the more stringent group corporate governancestandards should apply, except where this would lead to a violation of

local law.

5.Supervisors should require that the corporate governance framework ofthe financial conglomerate includes a code of ethical conduct.

6.Supervisors should require that the financial conglomerate have in placepoliciesfocused on identifying and managing potential intra-groupconflicts of interest, including those that may result from intra-grouptransactions, charges, up streaming dividends, and risk-shifting.

The policies should be approved by the board of the head of the financialconglomerate and be effectively implemented throughout the group.

The policies should recognise the long-term interest of the financialconglomerate as a whole, the long term interest of the significant entitiesof the financial conglomerate, the stakeholders within the financialconglomerate, and all applicable laws and regulations.

Structure of the financial conglomerate

11. Supervisors should seek to ensure that the financial conglomerate hasa transparent organisational and managerial structure, which is consistentwith its overall strategy and risk profile and is well understood by theboard and senior management of the head company.



10/104

P a g e | 10


11(a) Supervisors should understand the financial conglomeratesgroupstructure and the impact of any proposed changes to this structure.

11(b) Supervisors should assess the ownership structure of the financialconglomerate, including the financial soundness and integrity of itssignificant owners.

11(c) Supervisors should seek to ensure that the structure of the financialconglomerate does not impede effective supervision. Supervisors mayseek restructuring under appropriate circumstances to achieve this, ifnecessary.

11(d) Supervisors should seek to ensure that the board and seniormanagement of the head of the financial conglomerate are capableofdescribing and understanding the purpose, structure, strategy, materialoperations, and material risks of the financial conglomerate, includingthose ofunregulated entitiesthat are part of the financial conglomeratestructure.

11(e) Supervisors should assess and monitor the financial conglomerate'sprocess for approving and controlling structural changes, including thecreation of new legal entities.

11(f) Where the financial conglomerate is part of a wider group,supervisors should require that the board and senior management of thehead of the financial conglomerate have governance arrangements thatenablematerial risks stemming from the wider group structure to beidentified and appropriately assessed by relevant supervisory authorities.

11(g) Supervisors should seek to ensure that there is a frameworkgoverning information flowswithin the financial conglomerate and

between the financial conglomerate and entities of the wider group (egreporting procedures).



11/104

P a g e | 11


1.A financial conglomerate may freely set its functional, hierarchical,business and/ or regional organisation, provided all entities within the

financial conglomerate comply with their relevant sectoral and legalframeworks.

2.Elements to be considered for assessing the significant ownershipstructure of the financial conglomerate may include the identification ofsignificant owners, including the ultimate beneficial owners, thetransparency of their ownership structure, their financial information, andthe sources of their initial capital and all other requirements of nationalauthorities.

At a minimum, the necessary qualities of significant owners relate to theintegrity demonstrated in personal behaviour and business conduct, aswell as to the ability to provide additional support when needed.

3.Supervisors should seek to ensure that a financial conglomerate has anorganisational and managerial structure that promotes and enablesprudent management, and if necessary, orderly resolution aligned withcorresponding sectoral requirements.

Reporting lines within the financial conglomerate should be clear andshould facilitate information flows within the financial conglomerate,both bottom-up and top-down.

4.Supervisors should be satisfied that the board and senior managementof the head of the financial conglomerate understand and influence theevolution of an appropriate group legal structure in alignment with theapproved business strategy and risk profile of the financial conglomerate,and understand how the various elements of the structure relate to oneanother.

Where a financial conglomerate creates many legal entities, their numberand, particularly, the interconnections and transactions between them,may pose challenges for the design of effective corporate governancearrangements.



12/104

P a g e | 12

This risk should be recognised and managed.

This is particularly the case where the organisational and managerialstructure of the financial conglomerate deviates from the legal entitystructure of the financial conglomerate.

11.5 Supervisors should assess changes to the group structure and howthese changes impact its soundness, especially where such changes causethe financial conglomerate to engage in activities and/ or operate in

jurisdictions that impede transparency or do not meet internationalstandards stemming from sectoral regulation.

Suitability of board members, senior managers and key persons

in control functions

12. Supervisors should seek to ensure that the board members, seniormanagers and key persons in control functions in the various entities in afinancial conglomerate possessintegrity, competence, experience andqualificationsto fulfil their role and exercise sound objective judgment.


12(a) Supervisors should be satisfied of the suitability of board members,

senior managers and key persons in control functions.

12(b) Supervisors should require financial conglomerates to havesatisfactory processes for periodically assessing suitability.

12(c) Supervisors should require that the members of the boards of thehead of the financial conglomerate and of its significant subsidiaries actindependently of parties and interests external to the wider group; andthat the board of the head of the financial conglomerate include a number

of members acting independently of the wider group (including owners,board members, executives, and staff of the wider group).

12(d) Supervisors should communicate with the supervisors of otherregulated entities within the conglomerate when board members, senior



13/104

P a g e | 13

management and key persons in control functions are deemed not tomeet their suitability tests.


1.Board members, senior managers and key persons in control functionsneed to have appropriate skills, experience and knowledge, and act withcare, honesty and integrity, in order to to make reasonable and impartialbusiness judgments and strengthen the protection afforded to recognisedstakeholders.

To this end, institutions need to prudently manage the risk that personsin positions of responsibility may not be suitable.

Suitability criteria may vary depending on the degree of influence on orthe responsibilities for the financial conglomerate.

2.Supervisors of regulated entities of the financial conglomerate aresubject to statutory and other requirements in applying suitability tests tothese entities in their jurisdiction.

The organisational and managerial structure of financial conglomeratesadds elements of complexity for supervisors seeking to ensure thesuitability of persons.

For instance, the management of regulated entities within the financialconglomerate can be extensively influenced by persons who are notdirectly responsible for such functions.

A group-wide perspective regarding suitability of persons is intended toclose any loopholes in this respect.

Supervisors may rely on assessments made by other relevant supervisors

in this area regarding suitability.

Alternatively they may decide on concerted supervisory actions regardingsuitability if required.



14/104

P a g e | 14

3. In order to meet suitability requirements, board members, seniormanagers and key persons in control functions, both individually andcollectively, should have and demonstrate the ability to perform the dutiesor to carry out the responsibilities required in their position.

Competence can generally be judged from thelevel of professionalism(egpertinent experience within financial industries or other businesses)and/ orformal qualifications.

4.Serving as a board member or senior manager of a company (from thewider group) that competes or does business with the regulated entitiesin the financial conglomerate can compromise independent judgmentand create conflicts of interest, as can cross-membership on boards.

A boardsability to exercise objective judgment independent of the viewsof executives and of inappropriate political or personal interests can beenhanced by recruiting members from a sufficiently broad population ofcandidates.

The key characteristic of independence is the ability to exercise objective,independent judgment after fair consideration of all relevant informationand views without undue influence from executives or from inappropriateexternal parties and interests and while taking into account therequirements of applicable law.

Responsibility of the board of the head of the financialconglomerate

13. Supervisors should require that the board of the head of the financialconglomerate appropriately defines the strategy and risk appetite of thefinancial conglomerate, and ensures this strategy is implemented andexecuted in the various entities, both regulated and unregulated.



15/104

P a g e | 15


13(a) Supervisors should require that the board of the head of the financialconglomerate has in place a framework formonitoring compliancewith

the strategy and risk appetite across the financial conglomerate.

13(b) Supervisors should require that the board of the head of the financialconglomerate regularly assesses the strategy and risk appetite of thefinancial conglomerate to ensure it remains appropriate as theconglomerate evolved.

13(c) Where the financial conglomerate is part of a wider group,supervisors should assess whether the head is managing its relationshipwith the wider group and ultimate parent in a manner that is consistent

with the governance framework of the financial conglomerate.

13(d) Supervisors should require that a framework is in place which seeksto ensure resources are available across the financial conglomerate forconstituent entities to meet both the group and their own entitysgovernance standards.


13.1 Supervisors should assess if the board of directors exercises adequateoversight over the management of the head of the financial conglomerate.

This includes assessing the actions taken by the board of the head todefine the strategy for the financial conglomerate and ensure theconsistency of the operations of the various entities in the financialconglomerate with such strategy.

To this end, the head company should set up an adequate corporategovernance framework in line with the structure, business and risks of the

financial conglomerate and its entities and applicable laws.

This framework should ensure that the strategy is implemented andmonitored throughout the financial conglomerate and reviewed on a



16/104

P a g e | 16

regular basis and following material change including due to growth,increased complexity, geographic expansion, etc.

2.The head company should exercise adequate oversight ofsubsidiaries, both regulated and unregulated, while respectingindependent legal and governance responsibilities.

Supervisors should satisfy themselves that entities within a financialconglomerate adhere to the same group-wide corporate governanceprinciples or at least apply policies that remain consistent with theseprinciples.

The board of a regulated subsidiary of a financial conglomerate will retainand set its own corporate governance responsibilities and practices in line

with its own legal requirements or in proportion to its size or business.

These should not, however, conflict with the broader financialconglomerate corporate governance framework.

Appropriate governance arrangements will address arrangements suchthat legal or regulatory provisions or prudential rules of regulatedsubsidiaries will be known and taken into account by the head company.

3.Where the financial conglomerate is part of a wider group structure, the

head of the financial conglomerate is responsible for managing therelationship with its wider group.

This includes ensuring there are appropriate arrangements forcapital andliquidity management, assessing any material risk impact that may comefrom decisions made at its ownership level, service level agreements,reporting lines and regular top-level consultations with related companiesin the wider group and the ultimate parent.

4.For smaller institutions within a larger conglomerate, it may beunnecessary to duplicate systems and controls.

Such smaller institutions can rely on the systems and controls of the headif they have assessed that this is suitable to address group risks.



17/104

P a g e | 17

13.5 Supervisors should be satisfied with the amount and quality ofinformation they receive from the head company of the financialconglomerate on its strategy, risk appetite and corporate governanceframework.

Remuneration in a financial conglomerate

14. Supervisors should require that the financial conglomerate has andimplements an appropriate remuneration policy that is consistent with itsrisk profile. The policy should take into account the material risks thatorganisation is exposed to, including those from its employeesactivities.


14(a) Supervisors should require that an appropriate remuneration policyconsistent with established international standards is in place andobserved at all levels and across jurisdictions in the financialconglomerate.

An appropriate policy aligns risk-takersvariable remuneration withprudent risk taking, promotes sound and effective risk management, andtakes into account any other appropriate factors.

The overarching objective of the policy should be consistent across thegroup but can allow for reasonable differences based on the nature of theconstituent entities/ units and local legal requirements.

14 (b) Supervisors should require that ultimate oversight of theremuneration policy rest with the financial conglomeratesheadcompany.

14(c) Supervisors should require that the remuneration of board members,senior managers and key persons in control functions be determined in a

manner that does not incentivise them to disregard the obligations theyowe to the financial conglomerate or any of its entities, nor to otherwiseact in a manner contrary to any legal or regulatory obligations.



18/104

P a g e | 18

14(d) Supervisors should require that the risks associated withremuneration are reflected in the financial conglomeratesbroader riskmanagement framework.

For example, staff engaged in financial and risk control at the group-widelevel should be compensated in a manner that is consistent with theircontrol role and should be involved in designing incentive arrangements,and assessing whether such arrangements encourage imprudentrisk-taking.

14(e) Supervisors should require that the variable remuneration receivedby risk management and control personnel is not based substantially onthe financial performance of the business units that they review but ratheron the achievement of the objectives of their functions (eg adherence to

internal controls).


1.Remuneration is a key aspect of any governance framework andneeds to be properly considered in order to mitigate the risks that mayarise from poorly designed remuneration arrangements.

The risks associated with remuneration should be reflected in thefinancial conglomeratesbroader risk management framework.

2.Remuneration may serve important objectives, including attractingskilled staff, promoting better organisation-wide and employeeperformance, promoting retention, providing retirement security andallowing personnel costs to vary with revenues.

It is also clear, however, that ill-designed compensation arrangements canprovide incentives to take risks that are not consistent with the long termhealth of the organisation. Such risks and misaligned incentives are of

particular supervisory interest.

3.Ultimately a financial conglomerates remuneration policy shouldaim to ensure effective governance of remuneration, alignment of



19/104

P a g e | 19

remuneration with prudent risk-taking, and engagement of recognisedstakeholders.

4.Supervisors should ensure that the governance system identifies andcloses loopholes that allow the circumvention of conglomerate, sectoral orentity-level remuneration requirements.

5.Board members, senior managers and key persons in control functionsshould be measured against performance criteria tied not only to theshort-term, but also to the long-term interest of the financialconglomerate as a whole.

V. Risk Management

Since financial conglomerates are in the business of risk-taking, good riskmanagement is a crucial focus of supervision.

This section provides principles for the sound and comprehensivesupervision of risk management frameworks in financial conglomerates.It covers factors ranging from risk culture and tolerance, to the use ofstress and scenario testing and the monitoring of risk concentrations.

Risk management framework

21. Supervisors should require that an independent, comprehensive andeffective risk management framework, accompanied by a robust systemof internal controls, effective internal audit and compliance functions, isin place for the financial conglomerate.


21(a) Supervisors should ensure that the risk management framework iscomprehensive, consistent across entities supervised in all sectors and

covers the risk management function, risk management processes andgovernance, and systems and controls.



20/104

P a g e | 20

Risk management function

21(b) Supervisors should require that the risk management function isindependent from the business unitsand has asufficient level of authority

and adequately skilled resourcesto carry out its functions.

21(c) Supervisors should require that the risk management functiongenerally has a direct reporting line to the board and senior managementof the financial conglomerate.

21(d) Supervisors should, where they consider it appropriate, require thata separate risk management committee at the board of directors level isestablished by the financial conglomerate.

Risk management governance

21(e) Supervisors should require that the board of the head of the financialconglomerate has overall responsibility for the financial conglomeratesgroup-wide risk management, internal control mechanism, internal auditand compliance functions to ensure that the group conducts its affairswith a high degree of integrity.

21(f) Supervisors should require that the financial conglomerate has anestablished enterprise-wide risk management processfor, among others,

periodically reviewing the effectiveness of the group-wide riskmanagement framework and for ensuring appropriate aggregation ofrisks.

21(g) Supervisors should require that the risk management process coveridentification, measurement, monitoring and controlling of risk types (egcredit risk, operational risk, strategic risk, liquidity risk) and these belinked where appropriate to specific capital requirements.

Systems and controls

21(h) Supervisors should require that financial conglomerates have inplace adequate, sound and effective risk management processes andinternal control mechanisms at the level of the financial conglomerate,



21/104

P a g e | 21

including sound administrative and accounting procedures.

21(i) Supervisors should require that risk management processes andinternal control mechanisms of a financial conglomerate areappropriately documented and, at a minimum, take into account the:

nature, scale and complexity of its business;

diversity of its operations, including geographical reach ;

volume, frequency and size of its transactions;

degree of risk associated with each area of its operation;

interconnectedness of the entities within the financial conglomerate(using intra-group transactions and exposures reporting as one measure);and

sophistication and functionality of information and reporting systems.


1.Financial conglomerates, irrespective of their particular mix ofbusiness lines or financial sectors, are in the business of risk taking.

Therefore, strong risk management is of paramount importance.

2.The comprehensive risk management framework and process shouldinclude board and senior management oversight.

3.In identifying, evaluating, monitoring, controlling and mitigatingmaterial risks (from regulated and unregulated activities), financialconglomerates should consider the prospect for these to change over timeand prepare themselves accordingly.

4.The risk management processes and internal control mechanisms of afinancial conglomerate should include clear arrangements for delegatingauthority and responsibility; segregation of the functions thatinvolve committing the financial conglomerates funds and accounting



22/104

P a g e | 22

for assets and liabilities; reconciliation of these processes; safeguarding ofthe financial conglomerates assets; and appropriate independent internalaudit and compliance functions to test adherence to these controls as wellas applicable laws and regulations.

Risk tolerance levels and risk appetite policy

23.Supervisors should require that the financial conglomerate establishesappropriate board approved, group-wide risk tolerance levels and a riskappetite policy.


23(a) Supervisors should require that key staff, senior management and

the board of the head of the financial conglomerate be aware of andunderstand the financial conglomeratesrisk tolerance levels and riskappetite policy.

23(b) Supervisors should require that the financial conglomerate identifyand measure against risk tolerance limits (and in line with its risk appetitepolicy) the risk exposure of the financial conglomerate on an on-goingbasis in order to identify potential risks as early as possible.

This may include looking at risks by territory, by line of business, or byfinancial sector.


1.Financial conglomerates should establish risk tolerance levels and arisk appetite policy which set the tone for acceptable and unacceptablerisk taking.

This should be aligned with the financial conglomeratesbusiness

strategy, risk profile and capital plan.

2.A financial conglomerates risk tolerance should be kept under periodicreview so as to ensure that it remains relevant and takes account of thechanging dynamics of the financial conglomerate.



23/104

P a g e | 23

The financial conglomerates risk appetite policy is re-assessed regularlywith respect to new business opportunities, changes in risk capacity andtolerance, and operating environment.

New business

24.Supervisors should require that the financial conglomerate carries out arobust risk assessment when entering into new business areas.


24(a) Supervisors should, where they consider it appropriate, review therisk assessment carried out by a financial conglomerate in the context of

entering into new business.

24(b) Supervisors should require that financial conglomerates not expandinto new products unless they have put in place adequate processes,controls and systems (such as IT) to manage them.

24(c) Supervisors should make sure that a financial conglomerate carriesout the ongoing risk assessment after entering into new business areas.


1.At the time of assessing whether or not to enter into a new businessarea or product line, it is imperative that financial conglomeratesundertake risk assessments and analyses to identify potential risksinherent in the new activity.

2.They shouldseek to understand the potential interaction between therisks of the new activity and the existing risk profile of the financialconglomerate.

This should include a consideration of whether the new activity couldadversely affect the risk appetite or risk tolerance of the financialconglomerate.



24/104

P a g e | 24

Outsourcing

25.Supervisors should require that, when considering whether tooutsource a particular function, the financial conglomerate carries out an

assessment of the risks of outsourcing, including the appropriateness ofoutsourcing a particular function.


25(a) Supervisors should require that financial conglomerates haveprocesses and criteria in place to review decisions to outsource a functionin order to ensure that such outsourcing does not imply delegation ofresponsibility for that function.

25(b) Supervisors should be satisfied that the decision to outsource afunction does not impede effective group-wide supervision of thefinancial conglomerate.


1. I t is important that supervisors be satisfied that, when consideringwhether to outsource a particular function, financial conglomerates haveconsidered the risks involved and the appropriateness of outsourcing a

particular function.

This includes considering the appropriateness of outsourcing to aparticular provider and the cumulative risks of all outsourced functions.

The supervisor should require the financial conglomerate to review theprovider in advance to ensure it is in a position to provide the services,comply with the contractual terms, and observe all applicable laws andregulations.

2.Supervisors should periodically assess the outsourced function withregard to policy compliance, risk management measures and controlprocedures.



25/104

P a g e | 25

25.3 Outsourcing should never result in a delegation of responsibility for agiven function.

There may be certain functions within financial conglomerates whichshould not be outsourced under any circumstances, while there may besome that may only be outsourced if certain safeguards are put in place.

Stress and scenario testing

26. Supervisors should require, where appropriate, that the financialconglomerate periodically carries out group-wide stress tests andscenario analyses for its major sources of risk.


26(a) Supervisors should require that stress tests are sufficiently severe,forward looking and flexible.

They should cover an appropriate set of business activities and include avariety of different types of tests such as sensitivity analyses, scenarioanalyses and reverse stress testing.

26(b) Supervisors should require the financial conglomerate to document

its stress and scenario tests, including reverse stress tests.

Stress tests should be conducted under a robust governance frameworkthat encompasses policies, procedures, and adequate documentation ofprocedures as well as validation of results.

26(c) Supervisors should require that the group-wide stress tests andscenario analyses conducted by the financial conglomerate areappropriate to the nature, scale and complexity of those major sources ofrisk and to the nature, scale and complexity of the financial

conglomeratesbusiness.

26(d) Supervisors should require that group-wide stress tests and scenarioanalyses include a group-wide approach (which takes account of the



26/104

P a g e | 26

interaction between different parts of the group and different risk types)and consider the results of sectoral stress tests.

26(e) Supervisors should require that, when carrying out reverse stresstests, a financial conglomerate identifies a range of adversecircumstances which would cause its business to fail and assess thelikelihood of such events crystallising.


1.A financial conglomerate should have a good understanding ofcorrelation between its respective sectors and the heterogeneity of suchrisks when conducting its stress tests.

Stress tests should be robust and should consider sufficiently adversecircumstances.

The group-wide stress test analysis should measure and evaluate thepotential impact on individual entities.

2.Attention should be paid to covering all risks, including off-balancesheet items.

For example, a financial conglomeratesstress tests and scenario analyses

should take into account the risk that the financial conglomerate mayhave to bring back on to its consolidated balance sheet the assets andliabilities ofoff-balance sheet entities as a result of reputational contagion,notwithstanding the appearance of legal risk transfer.

3.Where reverse stress tests reveal a risk of business failure that isunacceptably high relative to the financial conglomeratesrisk appetite orrisk tolerance, the financial conglomerate should evaluate and adopt,where appropriate, effective arrangements, processes, systems or other

measures to prevent or mitigate that risk.



27/104

P a g e | 27

Risk aggregation

27.Supervisors should require that the financial conglomerate aggregatethe risks to which it is exposed in a prudent manner.


27(a) Supervisors should require that financial conglomerates***notmake overly ambitious diversification assumptions*** or imprudentcorrelation claims, particularly for capital adequacy and solvencypurposes.

27(b) Supervisors should require financial conglomerates to haveadequate resources and systems (including I T) for the purpose of

aggregating risks.


1.Risk aggregation should include a clear understanding ofassumptions and be robust enough to support a comprehensiveassessment of risk.

2.While it is possible that the spread of activities within a financial

conglomeratemay create diversification effectsand reduce correlation, itis also true that membership of a financial conglomerate group maycreategroup risksin the form of financial contagion, reputationalcontagion, ratings contagion (where a subsidiary accesses capital througha parentscredit rating and then suffers stress following the utilisation ofthe capital), double /multiple-gearing (use of same capital more thanonce within a group), excessive leveraging (upgrade in the quality ofcapital as it moves through a group), and regulatory arbitrage (it isimportant that risks are assessed at the financial conglomerate level aswell as at the level of its constituent parts).



28/104

P a g e | 28

Risk concentrations and intra-group transactions and exposures

28.Supervisors should require that the financial conglomerate has inplace effective systems and processes to manage and report group-wide

risk concentrations and intra-group transactions and exposures.


28(a) Supervisors should require that the financial conglomerate has inplace effective systems and processes to identify, assess and reportgroup-wide risk concentrations (including for the purposes of monitoringand controlling those concentrations).

28(b) Supervisors should require that the financial conglomerate has in

place effective systems and processes to identify, assess and reportsignificant intra-group transactions and exposures.

28(c) Supervisors should require the financial conglomerate to reportsignificant risk concentrations and intra-group transactionsandexposures at the level of the financial conglomerate on a regular basis.

28(d) Supervisors should consider setting quantitative limits andadequate reporting requirements.


1.Supervisors should ensure that financial conglomerates aremanaging their risk concentrations and intra-group transactions andexposures satisfactorily.

2.Supervisors should encourage adequate public disclosure of riskconcentrations and intra-group transactions and exposures.

3.Supervisors should liaise closely with one another to ascertain eachothers concerns and coordinate as deemed appropriate any supervisoryaction relative to risk concentrations and intra-group transactions andexposures within the financial conglomerate.



29/104

P a g e | 29

28.4 Supervisors should deal effectively with material risk concentrationsand intra-group transactions and exposures that are considered to have adetrimental effect on the regulated entities or the financial conglomerateas a whole.

Off-balance sheet activities

29.Supervisors should require that off-balance sheet activities, includingspecial purpose entities, are brought within the scope of group-widesupervision of the financial conglomerate, where appropriate.


29(a) Supervisors should require that there is a process for determiningwhether the nature of the relationship between the financial conglomerateand a special purpose entity (SPE) requires the SPE to be fully or

proportionally consolidated into the financial conglomerate for regulatorypurposes.

29(b) Supervisors should require that the financial conglomerates stresstests and scenario analyses take into account the risk associated with offbalance sheet activities.

29(c) Supervisors should require that the overall nature of the relationshipbetween the financial conglomerate and the SPE is considered includingthe risk of contagion from the SPE. This assessment should go beyondtraditional control and influence relationships.


1.A financial conglomerates risk management framework andprocesses should cover the full spectrum of risks to the financialconglomerate. This includes risks from regulated and unregulatedentities, including SPEs and off-balance sheet activities.

2.The fact that a financial conglomerate does not own or control theSPE in the traditional sense should not mean that it should not beconsolidated.

Other channels of contagion should be considered, such as the provisionof (actual or contingent) liquidity support, reputational risk, and whether



30/104

P a g e | 30

the assets of the SPE previously belonged to the financial conglomerateor were third-party assets.

3.It is important that financial conglomerates assess all economic risksand business purposes of an SPE throughout the life of a transaction,

distinguishing between risk transfer and risk transformation.

Financial conglomerates should be particularly aware that, over time, thenature of these risks can change.

Supervisors should require such assessment to be ongoing and thatmanagement has sufficient understanding of the risks.

4.Financial conglomerates should have the capability to aggregate, assessand report all their SPE exposure risks in conjunction with all other firm-wide risks.

5.Supervisors should regularly oversee and monitor the use of all SPEactivity and assess the implications for the financial conglomerate of theactivities of SPEs, in order to identify developments that can lead tosystemic weakness and contagion or that can exacerbate pro-cyclicality.



31/104

P a g e | 31

NUMBER 2

Final Basel I I I Rules inAustralia

Australian PrudentialRegulation Authority(APRA)

To: All locally incorporated authorised deposit-taking institutions BaselI I I capital: interim arrangements for Additional Tier 1 and Tier 2 capitalinstruments

APRA has released final prudential standards implementing the Basel I I Imeasures to raise the quality, consistency and transparency of the capitalbase, including Prudential Standard APS 111 Capital Adequacy:

Measurement of Capital (APS 111).

This letter sets out APRAstreatment of new Additional Tier 1 and Tier 2capital instrumentsissued before the new standard comes into effect on +

To be eligible for inclusion in regulatory capital, all capital instrumentsthat have not been submitted to APRA for review before close of businesstoday must comply with the final version of APS 111 issued today.

Instruments that have been submitted to APRA up to and includingtodaysdate and that were intended to be issued under the currenttransitional arrangements (including APRAs letters to industry dated 27May 2011 and 30 March 2012), will be assessed against these criteria.

To be counted as eligible regulatory capital, instruments approved byAPRA under these criteria must be issued before close of business on 31December 2012.

Any questions in relation to this letter should in the first instance be

directed to your Responsible Supervisor.

Yours sincerelyCharles LittrellExecutive General Manager



32/104

P a g e | 32

Notes

In December 2010, the Basel Committee on Banking Supervision (BaselCommittee) released a package of reforms to raise the level and quality ofregulatory capital in the global banking system (Basel I I I).

APRA is a member of the Basel Committee and fully supports theimplementation of these reforms.

In September 2011, APRA released a discussion paper outlining itsproposals to implement these Basel I I I capital reforms in Australia.

APRA subsequently released, in March and June 2012, draft prudentialand reporting standards on which submissions were invited.

In June 2012, APRA also invited submissions on its proposal that certaincapital instruments be subject to Australian law and on its proposedregulatory capital treatment of joint arrangements.

Fifteen submissions were received on the March and June 2012consultation packages.

APRAs capital adequacy prudential and reporting standards

Submissions were broadly supportive of the content of the draftprudential and reporting standards and mostly sought clarification ofparticular provisions.

In response, APRA has:

clarified its expectations for an ADIs Internal Capital AdequacyAssessment Process (ICAAP), which are included in the draft PrudentialPractice Guide CPG 110 Internal Capital Adequacy Assessment

Process and supervisory review (CPG 110) recently released for publicconsultation;

revised its proposed treatment of an ADIs funding of purchases of itsown capital instruments, including margin loans;



33/104

P a g e | 33

removed the profits test from Additional Tier 1 and Tier 2 Capitalinstruments;

clarified the operation of the countercyclical capital buffer;

simplified transitional arrangements for capital issued by consolidatedsubsidiaries and held by third parties; and

made minor changes to the prudential and reporting standards toimprove ease of use.

Submissions raised concerns about APRAs proposal that certain capitalinstruments should be subject to Australian law.

APRA acknowledges these concerns.

In response, it hasclarified areas of uncertaintyabout the loss absorptionand non-viability requirements and has refined its approach to thequestion of governing law for capital instruments, such that only thoseprovisions of capital instrument documentation dealing with lossabsorption and non-viability must be governed by Australian law.

In June 2012, the Basel Committee finalised its proposals to improve

consistency and ease of use of disclosures on capital positions and capitalcomposition.

These measures, which are to come into effect for reporting periodsending on or after 30 June 2013, include a common template anddisclosure provisions that, if implemented, would facilitate comparisonbetween the capital position of banking institutions across jurisdictions.

APRA will consult in early 2013 on these requirements.

Consultation with industry and other interested stakeholders



34/104

P a g e | 34

The Basel II I reforms also implement measures relating to external creditassessment institutions (ECAIs) and to minimise cliff effects arising fromguarantees and derivatives.

Objectives and key requirements of this Prudential Standard

This Prudential Standard requires an authorised deposit-takinginstitution (ADI) to maintain adequate capital, on both a Level 1 andLevel 2 basis, to act as a buffer against the risk associated with itsactivities.

The ultimate responsibility for the prudent management of capital ofan ADI rests with its Board of directors.

The Board must ensure the ADI maintains an appropriate level andquality of capital commensurate with the type, amount andconcentration of risks to which the ADI is exposed.

The key requirements of this Prudential Standard are that an ADIand any Level 2 group must:

- have an Internal Capital Adequacy Assessment Process;

- maintain required levels of regulatory capital;

- operate a capital conservation bufferand, if required, acountercyclical capital buffer;

- inform APRA of any adverse change in actual or anticipatedcapital adequacy; and

- seek APRAs approval for any planned capital reductions.

Interesting:

An ADI that is part of a group may rely on the ICAAP of the groupprovided that the Board of the ADI is satisfied that the group ICAAPmeets the criteria in respect of the ADI.



35/104

P a g e | 35

Group risk management

8.Paragraphs 9 to 13 of this Prudential Standard apply to an ADI thatheads a conglomerate group.

Where an ADI is part of a conglomerate group headed by an authorisednon-operating holding company (authorised NOHC), the requirementsset out in paragraphs 9 to 13 of this Prudential Standard apply to the ADIand its subsidiaries.

9.Forconglomerate groups headed by an ADI , the Board of the ADI isresponsible for ensuring that comprehensive policies and procedures arein place to measure, manage, monitor and report overall risk at a grouplevel.

To ensure that existing Board-approved policies and the relevant controlsremain adequate and appropriate for managing and monitoring overallgroup risk, the Board or a board committee must review them regularly(at least annually) to take account of changing risk profiles of groupentities.

Any material changes to group risk managem

risk management presentation october 8 2012

Documents