World Bank Risk Management Seminar

James LamPresidentph: 781.772.1961jameslam@comcast.net

Enterprise Risk ManagementMay 19, 2004

2

Enterprise risk management should be defined as a value added function

“An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value.”

Definition of ERM:

3

ERM is useful because the risks faced by companies are highly interdependent

Business Risk

OperationalRisk

FinancialRisk

Technology and operations

outsourcing

Derivatives documentation and counterparty risk

FX risk in a new foreign market

Enterprise-Wide Risks Financial Risks

MarketRisk

LiquidityRisk

CreditRisk

Credit Risk Associated with

Investments

Credit Risk Associated with Borrowers and Counterparties

Funding Liquidity

Asset Liquidity

4

The growing acceptance of ERM is driven by four key forces

Corporate Disasters

• Enron• WorldCom• Adelphia• Mutual Funds

IndustryInitiatives

• Treadway Report, US• Turnbull Report, UK• Dey Report, Canada

Best Practices

• Banks• Asset Managers• Energy Firms• Corporations

RegulatoryActions

• S.E.C.• Sarbanes-Oxley• Basel II

EnterpriseRisk

Management

5

While regulatory mandates are useful, don’t let the tail wag the dog

Reactive Approach Proactive Approach

Current state

New industry

standards

Sarbanes- Oxley

Basel II

Governance Requirements

Desired state (best practices or best-in-class

practices)

• Benchmarking • Gap analysis• Recommendations

• Common themes• Unique standards

Sarbanes- Oxley Basel II

New industry

standardsGovernance

Requirements

?

?? ?

?

CEO

6

“Not so long ago, risk managers were second-class citizens…that

was before LTCM …The result has been the rise of a powerful new

breed of risk manager.”

Risk Magazine 3/99

“This decade's hot executive is shaping

up to be the CRO.”

5/00

“As interest in enterprise risk management grows, so does the acceptance of the role of chief risk officers to manage such programs.”

5/00

“Once it sold its own

power…today Duke

[Energy] is a major

trader and marketer…

Hence Duke’s naming

of a chief risk officer.”

7/7/00

“The chief risk officer has come to

all kinds of companies.”

3/00

Over the past decade, CROs have gained acceptance and prominence

7

An ERM framework should encompass seven key building blocks

2. Line Management

Business strategy alignment

3. Portfolio Management

Think and act like a “fund manager”

4. Risk TransferTransfer out

concentrated or inefficient risks

5. Risk Analytics

Develop advanced analytical tools

6. Data and Technology Resources

Integrate data and system capabilities

7. Stakeholders ManagementImprove risk transparency for key stakeholders

1. Corporate Governance

Establish top-down risk management

8

Inertia – absence of crisis; general resistance to change

Lack of management sponsorship or line support

Episodic initiatives with no long-term vision

Ineffective and inconsistent risk metrics and reporting

Insufficient human, systems, and data resources

Failure to clearly demonstrate “early wins” and sustainable benefits

Move too fast or too slow, without addressing change management issues

CROs must overcome significant barriers to success

9

Case study:

• $1 trillion of assets under management

• Private company

• Decentralized business culture

Background 3-Year ERM Program• Organized Global Risk Forum

• Implemented annual Global Risk Review

• Automated loss accounting

• Developed ERM framework

• Implemented intranet-based Global Risk MIS

• Experienced significant reduction in loss ratio

10

Early adopters of ERM have reported significant and tangible benefits

Benefit Company Actual Results

Market value improvement Top money center bank Outperformed S&P 500 banks by 58%

Early warning of risks Large investment bank Global risk limits cut by 1/3 prior to Russian crisis

Loss reduction Top asset management company

Loss-to-revenue ratio declined by 30%

Regulatory capital relief Large commercial bank $1 billion regulatory capital relief

Insurance cost reduction Large manufacturing company

20-25% reduction in insurance premium

11

1. ERM will become the industry standard

2. CROs prevalent in risk-intensive companies

3. Audit committees will evolve into risk committees

4. Economic capital in; VaR out

5. Risk transfer executed at enterprise level

6. Advanced technologies key to advancement

7. A measurement standard will emerge for operational risk

8. Risk-based or economic reporting becomes standard

9. Risk becomes part of corporate and college programs

10. Salary gap among risk professionals continues to widen

Ten predictions on the future of enterprise risk management