Enterprise Risk Management: Beyond Regulatory and Governance Standards
Download
1 / 38

Our clients represent leading companies in a wide range of industries - PowerPoint PPT Presentation


  • 317 Views
  • Uploaded on

Enterprise Risk Management: Beyond Regulatory and Governance Standards. PRMIA Singapore July 23, 2004. James Lam President ph: 781.772.1961 [email protected] Our president, James Lam, has spent 20 years in risk management. Professional President, James Lam & Associates

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Our clients represent leading companies in a wide range of industries' - Jimmy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Enterprise Risk Management: Beyond Regulatory and Governance Standards

PRMIA Singapore

July 23, 2004

James Lam

President

ph: 781.772.1961

[email protected]


Slide2 l.jpg

Our president, James Lam, has spent 20 years in risk management

Professional

  • President, James Lam & Associates

  • Founder and President, ERisk

  • Partner, Oliver, Wyman & Company

  • CRO, Fidelity Investments

  • CRO, Capital Markets Services Inc., a GE Capital company

Industry Activities

  • PRMIA Blue Ribbon Panel Member

  • GARP Inaugural Financial Risk Manager of the Year (1997)

  • Published over 50 articles and book chapters

  • Quoted in Wall Street Journal, Financial Times, Risk Magazine, and CFO Magazine

Academic

  • Senior Research Fellow, Beijing University

  • Adjunct Professor, Babson College

  • Lectured at Harvard Business School as the subject of a HBS case study

  • MBA, UCLA School of Business

  • BBA, Baruch College

Consulting Projects

  • Enterprise risk management

  • Financial risk (market, credit)

  • Operational risk

  • Business/product strategies

  • Economic capital analytics

  • Risk policies and reporting

  • “Rent-a-CRO” services



While our experience is diverse we are singularly focused on risk management l.jpg

Industries industries

Engagements

  • Commercial banks

  • Investment banks

  • Insurance companies

  • Asset management firms

  • Non-financial corporations

  • Government entities

  • Product/service providers

  • ERM vision and strategy

  • Risk policies & limits

  • Risk assessment

  • Analytics and reporting

  • Value-based strategies

  • M&A strategy/integration

  • Education and training

While our experience is diverse, we are singularly focused on risk management


As discussed in james recent book we define erm as a value added function l.jpg
As discussed in James’ recent book, we define ERM as a value added function

Definition of ERM:

“An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value.”


Discussion outline l.jpg
Discussion outline value added function

  • Key trends and requirements

  • Best practices and practical applications

  • ERM in the future


Erm is useful because the risks faced by companies are highly interdependent l.jpg

Financial Risks value added function

Credit Risk Associated with Investments

FX risk in a new foreign market

MarketRisk

Asset Liquidity

CreditRisk

LiquidityRisk

Credit Risk Associated with Borrowers and Counterparties

Derivatives documentation and counterparty risk

Funding Liquidity

IT and business process outsourcing

ERM is useful because the risks faced by companies are highly interdependent

Enterprise-Wide Risks

FinancialRisk

Business Risk

OperationalRisk


Traditionally risks were managed within organizational silos l.jpg
Traditionally, risks were managed within organizational “silos”

Credit

Risk

Market

Risk

A/LM

Risk

Operational

Risk

  • Chief Credit Officer

  • CFO

  • Business Managers

  • Treasurer

  • Asset/Liability Manager

  • Internal Audit

  • Corporate Actuarial

Who

  • Investment Limits

  • Portfolio Return

  • Growth Limits

  • Exposure Limits

  • Portfolio Measurement

  • Securitization/ Derivatives

  • Trading and A/LM Limits

  • Value at Risk Management

  • Financial Derivatives

  • Controls

  • Audit Review

  • Insurance

How


Erm provides an integrated value added approach l.jpg

Broadens “silos”

risk awareness

Aligns risk profile and strategy

Minimizes surprises and losses

Rationalizes capital requirements

Assures regulatory compliance

Improves ROE and shareholder value

ERM provides an integrated value-added approach

Early Adopters

Barclays

GE Capital

Citigroup

JP Morgan Chase

CIBC

Fidelity Investments

Goldman Sachs

Merrill Lynch

Deutsche Bank

Bank of Montreal

Enterprise Risk Management

Chief Risk Officer/Chief Financial Officer

Operational Risk

Internal Audit

Corporate

Actuaries

Business Risk

Business Managers

Market Risk

Treasurer

Asset/ Liability Manager

Credit Risk

Chief Credit Officer

Benefits



Slide11 l.jpg
Annualized total shareholder returns (1998-2003) for differing degrees of risk model sophistication and risk tool usage

Source: PA Consulting Survey of Global Banks


Companies must overcome barriers to success l.jpg
Companies must overcome barriers to success differing degrees of risk model sophistication and risk tool usage

  • Inertia – absence of crisis; general resistance to change

  • Lack of management sponsorship or line support

  • Episodic initiatives with no long-term vision

  • Ineffective and inconsistent risk metrics and reporting

  • Insufficient human, systems, and data resources

  • Failure to clearly demonstrate “early wins” and sustainable benefits

  • Move too fast or too slow, without addressing change management issues


The growing acceptance of erm is driven by four key forces l.jpg

  • Enron differing degrees of risk model sophistication and risk tool usage

  • WorldCom

  • Adelphia

  • Mutual Funds

Corporate Disasters

  • Banks

  • Asset Managers

  • Energy Firms

  • Corporations

Best Practices

RegulatoryActions

  • S.E.C.

  • Sarbanes-Oxley

  • Basel II

  • Treadway Report, US

  • Turnbull Report, UK

  • Dey Report, Canada

IndustryInitiatives

The growing acceptance of ERM is driven by four key forces

EnterpriseRiskManagement


Companies are faced with an influx of new requirements l.jpg
Companies are faced with an influx of new requirements differing degrees of risk model sophistication and risk tool usage

  • New accord consists of three pillars:

    • Minimum capital requirements

    • Supervisory review

    • Public disclosure

  • Explicit treatment of operational risk

  • More granular analyses of credit risk

Basel II

  • Section 404: Management assessment of internal controls for financial reporting attestation by auditor

  • Section 302: CEO/CFO certification of financial statements

  • Establish criminal penalties for executives and independence requirements of auditors

Sarbanes-Oxley Act of 2002

  • SEC/NYSE/NASDAQ corporate governance rules

  • State attorney general probes

  • Patriot Act; anti-money laundering and bank secrecy act

Other Requirements


Slide15 l.jpg

A proactive approach to ERM is driven by best practices, not regulations

Proactive Approach

Reactive Approach

Currentstate

CEO

?

?

?

  • Benchmarking

  • Gap analysis

  • Recommendations

?

?

Desired state (best practices or best-in-class practices)

Sarbanes- Oxley

Basel II

  • Common themes

  • Unique standards

New industry standards

Sarbanes- Oxley

New industry standards

Basel II

Governance Requirements

Governance Requirements


Slide16 l.jpg
CFOs are not meeting the expectations of board chairmen and corporate executives for internal controls and ERM

… but poor performance to date

High stakeholder expectations…

55%

43%

34%

19%

SOX

SOX

ERM

ERM

CFO/finance doing good job of enforcing internal controls

CFO/finance doing a good job of managing risk

“Tight internal financial controls” is one of the most important business success factors

The CFO – rather than the CRO, CEO or board – should take lead in ERM

Source: 2004 Economist Intelligence Unit survey of 182 executives at U.S. and foreign companies. Respondents included board chairmen, CEOs, corporate and line managers; about 2 percent were CFOs


Slide17 l.jpg

Discussion outline corporate executives for internal controls and ERM

  • Key trends and requirements

  • Best practices and practical applications

  • ERM in the future


Key takeaways from the 2004 federal reserve erm conference l.jpg
Key takeaways from the 2004 Federal Reserve ERM Conference corporate executives for internal controls and ERM

  • The Federal Reserve Board and all twelve district Banks are in the early stages of ERM development. Should have cascading impact on bank supervision.

  • Governor Olson – In 1966 the First Bank System conducted its first external audit as a optional exercise, but now it is a requirement. Predicts the same for ERM.

  • Governor Bies – ERM and internal controls (COSO) are not the same:

    • ERM is a management process focused on risk/return dynamics of customers, products, pricing, and costs.

    • Internal controls are part of a governance process focused on authorizations, documentation, and process integrity.


An erm framework should encompass seven key building blocks l.jpg

1. Corporate Governance corporate executives for internal controls and ERM

Establish top-down risk management

3. Portfolio Management

4. Risk Transfer

2. Line Management

Transfer out concentrated or inefficient risks

Business strategy alignment

Think and act like a “fund manager”

6. Data and Technology Resources

5. Risk Analytics

Develop advanced analytical tools

Integrate data and system capabilities

7. Stakeholders Management

Improve risk transparency for key stakeholders

An ERM framework should encompass seven key building blocks


Slide20 l.jpg

ERM Dashboard corporate executives for internal controls and ERM

BUSINESS RISK

CREDIT RISK

MARKET RISK

OPERA-TIONAL

RISK

RISK “PILLARS”

Data Mining

Internal and External Data

An ERM system should address all risk types, qualitative and quantitative data, and risk monitoring and management applications

  • Basic ERM applications:

  • Executive reporting

  • Key risk indicators

  • Loss/incident tracking

  • Control self assessments

  • Early warning indicators

  • Risk mitigation projects tracking

  • ERM content management

  • Advanced ERM applications:

  • Risk transfer

  • Economic capital

  • Scenario analysis

  • Shareholder value management


Data warehouse based information value chain l.jpg
Data warehouse based information value chain corporate executives for internal controls and ERM

Query

Reporting

ERP

Enterprise

Analytic

Apps

BPM

Data warehouse

ETL

Extraction

Transformation

Loading

CRM

Department

Analytic

Apps

CRM

SCM

Datamart

Datamart

Datamart

Data Mining

Statistical

Modeling

Legacy

OLAP

Analytics

Warehouse

Management

Meta Data

Reporsitory

Predictive /

Strategic

Intelligence

Transactional

Applications

BI Tools

BI Technology

Enormous

Inventory

Expensive

Distribution

Channel

Proprietary

Supply Chain

Increasing Business Value


An executive dashboard based technology approach l.jpg
An “executive dashboard” based technology approach corporate executives for internal controls and ERM

Executives

Presentation

Presentation

Consumable

Metrics

Model

Model

Network

Network

Presentation

Model - Metrics, Information

CXO Systems

Business Information Network

  • Risk Systems

  • Credit

  • Market

  • Operational

  • Desktop Data

  • Excel

  • Word

  • Analytical Systems

  • Data Warehouse

  • BI

Data Sources


An erm dashboard should provide the cro and senior management with full risk transparency l.jpg
An ERM dashboard should provide the CRO and senior management with full risk transparency

  • Compliance with risk policies and regulations

    • Exposures vs. policy limits

    • Regulatory compliance

  • Earnings-at-risk

    • Major internal drivers

    • Key external variables

  • Risk/return performance tracking

    • Business units

    • Customer segments

    • Products

  • “Right time” risk reporting

    • One touch visibility

    • Drill down capabilities

    • 24x7 escalation

    • Early warning signals


Example monthly risk report l.jpg
Example: monthly risk report management with full risk transparency

Risk Incidents

Gross Losses

CurrentYTD

Operational Losses

Credit Losses

Market Losses

Other Losses

Sub-Total:

Loss/Revenue Ratio:

Management Assessment

CurrentYTD

Operational Losses

Credit Losses

Market Losses

Other Losses

Sub-Total:

Loss/Revenue Ratio:

IncidentExposureResponse

1.

2.

3.

4.

1._____________________________________________________________________

2.

3.

4.

Management discussion of major risk issues (“what keeps me up at night”)

Accounting for actual losses incurred

Reporting of risk incidents, exposures, and near misses

Losses

1992

1993

1994

1995

1996

Q1 97


Example monthly risk report cont d l.jpg
Example: monthly risk report (cont’d) management with full risk transparency


Given that risk is about the future early warning indicators should be developed l.jpg
Given that risk is about the future, early warning indicators should be developed

Risk Category

Early warning indicators

  • Borrower/counter party stock price declines

  • Widening of credit spreads in the debt and credit derivatives markets

Credit Risk

  • Increases in actual and implied price volatilities

  • Breakdowns in historical price relationships and patterns

Market risk

Business Operational Risk

  • Spikes in business growth, profitability, and complexity/change

  • High and undesirable turnover rates

  • Increases in any risk concentrations and/or organizational powers

  • Changes in intra- and inter-risk correlations

Enterprise-wide Risk


Companies should integrate erm into business processes and value drivers l.jpg

Risk Management Impact indicators should be developed

  • Risk-based pricing

  • Target customer selection

  • Relationship management

Revenue

-

Expenses

-

Losses

  • Risk oversight costs

  • Insurance/hedging expense

  • Credit, market operational write-offs

ROE

  • Capital management

  • Risk transparency

Equity

Shareholder Value

New Business

  • New business development

Growth

M&A

  • M&A/Diversification strategy

  • Risk Management by Silos (5, 6)

  • Integrated risk management (4–7)

  • Enterprise risk management (1-10)

Companies should integrate ERM into business processes and value drivers


Economic capital represents a common currency for risk l.jpg

Probability indicators should be developed

Change in Value

Economic capital represents a common currency for risk

Credit Risk

Market

Risk

Operational

Risk

  • Credit Risk

    • Earnings volatility due to variation in credit losses

  • Market Risk

    • Earnings volatility due to market price movements

  • Operational Risk

    • Earnings volatility due to changes in operating economics (e.g. volume, margins or costs) or one-off events

Enterprise-wide Risk


Slide29 l.jpg

Measuring profitability and pricing indicators should be developed

Calculate ROE

Calculate Pricing

Exposure

$100 mm

$100 mm

Margin

2.50%

2.20%

Revenue

$2.5 mm

$2.2 mm

Risk Losses

<0.5 mm>

<0.5 mm>

Expense

<1.0 mm>

<1.0 mm>

Pre-Tax Net Income

$1.0 mm

$0.7 mm

Tax

<0.4 mm>

<0.3 mm>

Net Income

$0.6 mm

$0.4 mm

Economic Capital

$2.0 mm

$2.0 mm

RAROC

30%

20%


Rationalized risk transfer l.jpg

  • indicators should be developedReturn

    • Pay cashflows or insurance premium

    • Include transaction and ongoing management costs

    • Reduce Economic Capital ‘benefit’

  •  Economic Capital

    • Reduce Economic Capital held for risk

    • Increase Economic Capital counterparty exposure

    • Increase operating risk Economic Capital

 Return

Derivatives

Ceded RAROC =

 Economic Capital

Structured Finance

Insurance

Rationalized risk transfer

Different Structures

Common Cost/Benefit Framework


Applications of the economic capital l.jpg

Legend indicators should be developed

90%

75%

50%

25%

10%

Applications of the Economic Capital

Performance Measurement

on an Apples-to-Apples Basis

EVA: Enables Strategic Planning

  • Remuneration

  • Target setting

  • Drives risk-adjusted pricing

RAROC Compared to Peers by Line of Business

Value Creation by Business Unit

hurdle

Corporate Lending

Middle Market

Small Business

Credit Card

Mortgages

  • Grow businesses that create shareholder value

  • Overhaul/divest businesses that destroy shareholder value

  • What-if analysis


Erm requires balancing the hard and soft side of risk management l.jpg

Hard Side indicators should be developed

Soft Side

  • Measures and reporting

  • Risk oversight committees

  • Policies & procedures

  • Risk assessments

  • Risk limits

  • Audit processes

  • Systems

  • Risk awareness

  • People

  • Skills

  • Integrity

  • Incentives

  • Culture & values

  • Trust & communication

ERM requires balancing the hard and soft side of risk management


Case study l.jpg

Background indicators should be developed

2-Year ERM Program

  • New capital markets business

  • Traders hired from foreign bank

  • Aggressive business and growth targets

  • Established risk policies and systems

  • Instilled risk culture

  • Survived “Kidder” disaster

  • Captured 25% market share with zero policy violations

  • Recognized as best practice

Case study:


Hallmarks of success in erm l.jpg
Hallmarks of success in ERM indicators should be developed

  • Engaged senior management and board of directors

  • Established policies, systems, and processes, supported by a strong risk culture

  • Clearly defined risk appetite with respect to risk limits and business boundaries

  • Robust risk analytics for intra- and inter-risk measurement, summarized in an “ERM dashboard”

  • Risk-return management via integration of ERM into strategic planning, business processes, performance measurement, and incentive compensation


Discussion outline35 l.jpg
Discussion outline indicators should be developed

  • Key trends and requirements

  • Best practices and practical applications

  • ERM in the future


Ten predictions on the future of enterprise risk management l.jpg
Ten predictions on the future of enterprise risk management indicators should be developed

  • ERM will become the industry standard

  • CROs prevalent in risk-intensive companies

  • Audit committees will evolve into risk committees

  • Economic capital in; VaR out

  • Risk transfer executed at enterprise level

  • Advanced technologies key to advancement

  • A measurement standard will emerge for operational risk

  • Risk-based or economic reporting becomes standard

  • Risk becomes part of corporate and college programs

  • Salary gap among risk professionals continues to widen


What makes a good cro l.jpg
What makes a good CRO? indicators should be developed

  • Organizational and leadership skills to effect change

  • Communication skills – “to simplify without being simplistic”

  • Technical skills in credit, market, and operational risk

  • Judgment to balance business and risk requirements

  • Courage to push back and “say no”

  • High EQ (emotional quotient) in addition to high IQ

  • Ultimate CRO test: ability to integrate risk management into strategic planning and day-to-day business processes


Thank you l.jpg
Thank you indicators should be developed

James Lam’s contact information


ad