1 / 38

Enterprise Risk Management: Beyond Regulatory and Governance Standards

Enterprise Risk Management: Beyond Regulatory and Governance Standards. PRMIA Singapore July 23, 2004. James Lam President ph: 781.772.1961 jameslam@comcast.net. Our president, James Lam, has spent 20 years in risk management. Professional President, James Lam & Associates

Jimmy
Download Presentation

Enterprise Risk Management: Beyond Regulatory and Governance Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Risk Management: Beyond Regulatory and Governance Standards PRMIA Singapore July 23, 2004 James Lam President ph: 781.772.1961 jameslam@comcast.net

  2. Our president, James Lam, has spent 20 years in risk management Professional • President, James Lam & Associates • Founder and President, ERisk • Partner, Oliver, Wyman & Company • CRO, Fidelity Investments • CRO, Capital Markets Services Inc., a GE Capital company Industry Activities • PRMIA Blue Ribbon Panel Member • GARP Inaugural Financial Risk Manager of the Year (1997) • Published over 50 articles and book chapters • Quoted in Wall Street Journal, Financial Times, Risk Magazine, and CFO Magazine Academic • Senior Research Fellow, Beijing University • Adjunct Professor, Babson College • Lectured at Harvard Business School as the subject of a HBS case study • MBA, UCLA School of Business • BBA, Baruch College Consulting Projects • Enterprise risk management • Financial risk (market, credit) • Operational risk • Business/product strategies • Economic capital analytics • Risk policies and reporting • “Rent-a-CRO” services

  3. Our clients represent leading companies in a wide range of industries

  4. Industries Engagements • Commercial banks • Investment banks • Insurance companies • Asset management firms • Non-financial corporations • Government entities • Product/service providers • ERM vision and strategy • Risk policies & limits • Risk assessment • Analytics and reporting • Value-based strategies • M&A strategy/integration • Education and training While our experience is diverse, we are singularly focused on risk management

  5. As discussed in James’ recent book, we define ERM as a value added function Definition of ERM: “An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value.”

  6. Discussion outline • Key trends and requirements • Best practices and practical applications • ERM in the future

  7. Financial Risks Credit Risk Associated with Investments FX risk in a new foreign market MarketRisk Asset Liquidity CreditRisk LiquidityRisk Credit Risk Associated with Borrowers and Counterparties Derivatives documentation and counterparty risk Funding Liquidity IT and business process outsourcing ERM is useful because the risks faced by companies are highly interdependent Enterprise-Wide Risks FinancialRisk Business Risk OperationalRisk

  8. Traditionally, risks were managed within organizational “silos” Credit Risk Market Risk A/LM Risk Operational Risk • Chief Credit Officer • CFO • Business Managers • Treasurer • Asset/Liability Manager • Internal Audit • Corporate Actuarial Who • Investment Limits • Portfolio Return • Growth Limits • Exposure Limits • Portfolio Measurement • Securitization/ Derivatives • Trading and A/LM Limits • Value at Risk Management • Financial Derivatives • Controls • Audit Review • Insurance How

  9. Broadens risk awareness Aligns risk profile and strategy Minimizes surprises and losses Rationalizes capital requirements Assures regulatory compliance Improves ROE and shareholder value ERM provides an integrated value-added approach Early Adopters Barclays GE Capital Citigroup JP Morgan Chase CIBC Fidelity Investments Goldman Sachs Merrill Lynch Deutsche Bank Bank of Montreal Enterprise Risk Management Chief Risk Officer/Chief Financial Officer Operational Risk Internal Audit Corporate Actuaries Business Risk Business Managers Market Risk Treasurer Asset/ Liability Manager Credit Risk Chief Credit Officer Benefits

  10. Early adopters of ERM have reported significant and tangible benefits

  11. Annualized total shareholder returns (1998-2003) for differing degrees of risk model sophistication and risk tool usage Source: PA Consulting Survey of Global Banks

  12. Companies must overcome barriers to success • Inertia – absence of crisis; general resistance to change • Lack of management sponsorship or line support • Episodic initiatives with no long-term vision • Ineffective and inconsistent risk metrics and reporting • Insufficient human, systems, and data resources • Failure to clearly demonstrate “early wins” and sustainable benefits • Move too fast or too slow, without addressing change management issues

  13. Enron • WorldCom • Adelphia • Mutual Funds Corporate Disasters • Banks • Asset Managers • Energy Firms • Corporations Best Practices RegulatoryActions • S.E.C. • Sarbanes-Oxley • Basel II • Treadway Report, US • Turnbull Report, UK • Dey Report, Canada IndustryInitiatives The growing acceptance of ERM is driven by four key forces EnterpriseRiskManagement

  14. Companies are faced with an influx of new requirements • New accord consists of three pillars: • Minimum capital requirements • Supervisory review • Public disclosure • Explicit treatment of operational risk • More granular analyses of credit risk Basel II • Section 404: Management assessment of internal controls for financial reporting attestation by auditor • Section 302: CEO/CFO certification of financial statements • Establish criminal penalties for executives and independence requirements of auditors Sarbanes-Oxley Act of 2002 • SEC/NYSE/NASDAQ corporate governance rules • State attorney general probes • Patriot Act; anti-money laundering and bank secrecy act Other Requirements

  15. A proactive approach to ERM is driven by best practices, not regulations Proactive Approach Reactive Approach Currentstate CEO ? ? ? • Benchmarking • Gap analysis • Recommendations ? ? Desired state (best practices or best-in-class practices) Sarbanes- Oxley Basel II • Common themes • Unique standards New industry standards Sarbanes- Oxley New industry standards Basel II Governance Requirements Governance Requirements

  16. CFOs are not meeting the expectations of board chairmen and corporate executives for internal controls and ERM … but poor performance to date High stakeholder expectations… 55% 43% 34% 19% SOX SOX ERM ERM CFO/finance doing good job of enforcing internal controls CFO/finance doing a good job of managing risk “Tight internal financial controls” is one of the most important business success factors The CFO – rather than the CRO, CEO or board – should take lead in ERM Source: 2004 Economist Intelligence Unit survey of 182 executives at U.S. and foreign companies. Respondents included board chairmen, CEOs, corporate and line managers; about 2 percent were CFOs

  17. Discussion outline • Key trends and requirements • Best practices and practical applications • ERM in the future

  18. Key takeaways from the 2004 Federal Reserve ERM Conference • The Federal Reserve Board and all twelve district Banks are in the early stages of ERM development. Should have cascading impact on bank supervision. • Governor Olson – In 1966 the First Bank System conducted its first external audit as a optional exercise, but now it is a requirement. Predicts the same for ERM. • Governor Bies – ERM and internal controls (COSO) are not the same: • ERM is a management process focused on risk/return dynamics of customers, products, pricing, and costs. • Internal controls are part of a governance process focused on authorizations, documentation, and process integrity.

  19. 1. Corporate Governance Establish top-down risk management 3. Portfolio Management 4. Risk Transfer 2. Line Management Transfer out concentrated or inefficient risks Business strategy alignment Think and act like a “fund manager” 6. Data and Technology Resources 5. Risk Analytics Develop advanced analytical tools Integrate data and system capabilities 7. Stakeholders Management Improve risk transparency for key stakeholders An ERM framework should encompass seven key building blocks

  20. ERM Dashboard BUSINESS RISK CREDIT RISK MARKET RISK OPERA-TIONAL RISK RISK “PILLARS” Data Mining Internal and External Data An ERM system should address all risk types, qualitative and quantitative data, and risk monitoring and management applications • Basic ERM applications: • Executive reporting • Key risk indicators • Loss/incident tracking • Control self assessments • Early warning indicators • Risk mitigation projects tracking • ERM content management • Advanced ERM applications: • Risk transfer • Economic capital • Scenario analysis • Shareholder value management

  21. Data warehouse based information value chain Query Reporting ERP Enterprise Analytic Apps BPM Data warehouse ETL Extraction Transformation Loading CRM Department Analytic Apps CRM SCM Datamart Datamart Datamart Data Mining Statistical Modeling Legacy OLAP Analytics Warehouse Management Meta Data Reporsitory Predictive / Strategic Intelligence Transactional Applications BI Tools BI Technology Enormous Inventory Expensive Distribution Channel Proprietary Supply Chain Increasing Business Value

  22. An “executive dashboard” based technology approach Executives Presentation Presentation Consumable Metrics Model Model Network Network Presentation Model - Metrics, Information CXO Systems Business Information Network • Risk Systems • Credit • Market • Operational • Desktop Data • Excel • Word • Analytical Systems • Data Warehouse • BI Data Sources

  23. An ERM dashboard should provide the CRO and senior management with full risk transparency • Compliance with risk policies and regulations • Exposures vs. policy limits • Regulatory compliance • Earnings-at-risk • Major internal drivers • Key external variables • Risk/return performance tracking • Business units • Customer segments • Products • “Right time” risk reporting • One touch visibility • Drill down capabilities • 24x7 escalation • Early warning signals

  24. Example: monthly risk report Risk Incidents Gross Losses CurrentYTD Operational Losses Credit Losses Market Losses Other Losses Sub-Total: Loss/Revenue Ratio: Management Assessment CurrentYTD Operational Losses Credit Losses Market Losses Other Losses Sub-Total: Loss/Revenue Ratio: IncidentExposureResponse 1. 2. 3. 4. 1._____________________________________________________________________ 2. 3. 4. Management discussion of major risk issues (“what keeps me up at night”) Accounting for actual losses incurred Reporting of risk incidents, exposures, and near misses Losses 1992 1993 1994 1995 1996 Q1 97

  25. Example: monthly risk report (cont’d)

  26. Given that risk is about the future, early warning indicators should be developed Risk Category Early warning indicators • Borrower/counter party stock price declines • Widening of credit spreads in the debt and credit derivatives markets Credit Risk • Increases in actual and implied price volatilities • Breakdowns in historical price relationships and patterns Market risk Business Operational Risk • Spikes in business growth, profitability, and complexity/change • High and undesirable turnover rates • Increases in any risk concentrations and/or organizational powers • Changes in intra- and inter-risk correlations Enterprise-wide Risk

  27. Risk Management Impact • Risk-based pricing • Target customer selection • Relationship management Revenue - Expenses   -  Losses • Risk oversight costs • Insurance/hedging expense  • Credit, market operational write-offs ROE    • Capital management • Risk transparency Equity Shareholder Value   New Business • New business development  Growth M&A • M&A/Diversification strategy  • Risk Management by Silos (5, 6) • Integrated risk management (4–7) • Enterprise risk management (1-10) Companies should integrate ERM into business processes and value drivers

  28. Probability Change in Value Economic capital represents a common currency for risk Credit Risk Market Risk Operational Risk • Credit Risk • Earnings volatility due to variation in credit losses • Market Risk • Earnings volatility due to market price movements • Operational Risk • Earnings volatility due to changes in operating economics (e.g. volume, margins or costs) or one-off events Enterprise-wide Risk

  29. Measuring profitability and pricing Calculate ROE Calculate Pricing Exposure $100 mm $100 mm Margin 2.50% 2.20% Revenue $2.5 mm $2.2 mm Risk Losses <0.5 mm> <0.5 mm> Expense <1.0 mm> <1.0 mm> Pre-Tax Net Income $1.0 mm $0.7 mm Tax <0.4 mm> <0.3 mm> Net Income $0.6 mm $0.4 mm Economic Capital $2.0 mm $2.0 mm RAROC 30% 20%

  30.  Return • Pay cashflows or insurance premium • Include transaction and ongoing management costs • Reduce Economic Capital ‘benefit’ •  Economic Capital • Reduce Economic Capital held for risk • Increase Economic Capital counterparty exposure • Increase operating risk Economic Capital  Return Derivatives Ceded RAROC =  Economic Capital Structured Finance Insurance Rationalized risk transfer Different Structures Common Cost/Benefit Framework

  31. Legend 90% 75% 50% 25% 10% Applications of the Economic Capital Performance Measurement on an Apples-to-Apples Basis EVA: Enables Strategic Planning • Remuneration • Target setting • Drives risk-adjusted pricing RAROC Compared to Peers by Line of Business Value Creation by Business Unit hurdle Corporate Lending Middle Market Small Business Credit Card Mortgages • Grow businesses that create shareholder value • Overhaul/divest businesses that destroy shareholder value • What-if analysis

  32. Hard Side Soft Side • Measures and reporting • Risk oversight committees • Policies & procedures • Risk assessments • Risk limits • Audit processes • Systems • Risk awareness • People • Skills • Integrity • Incentives • Culture & values • Trust & communication ERM requires balancing the hard and soft side of risk management

  33. Background 2-Year ERM Program • New capital markets business • Traders hired from foreign bank • Aggressive business and growth targets • Established risk policies and systems • Instilled risk culture • Survived “Kidder” disaster • Captured 25% market share with zero policy violations • Recognized as best practice Case study:

  34. Hallmarks of success in ERM • Engaged senior management and board of directors • Established policies, systems, and processes, supported by a strong risk culture • Clearly defined risk appetite with respect to risk limits and business boundaries • Robust risk analytics for intra- and inter-risk measurement, summarized in an “ERM dashboard” • Risk-return management via integration of ERM into strategic planning, business processes, performance measurement, and incentive compensation

  35. Discussion outline • Key trends and requirements • Best practices and practical applications • ERM in the future

  36. Ten predictions on the future of enterprise risk management • ERM will become the industry standard • CROs prevalent in risk-intensive companies • Audit committees will evolve into risk committees • Economic capital in; VaR out • Risk transfer executed at enterprise level • Advanced technologies key to advancement • A measurement standard will emerge for operational risk • Risk-based or economic reporting becomes standard • Risk becomes part of corporate and college programs • Salary gap among risk professionals continues to widen

  37. What makes a good CRO? • Organizational and leadership skills to effect change • Communication skills – “to simplify without being simplistic” • Technical skills in credit, market, and operational risk • Judgment to balance business and risk requirements • Courage to push back and “say no” • High EQ (emotional quotient) in addition to high IQ • Ultimate CRO test: ability to integrate risk management into strategic planning and day-to-day business processes

  38. Thank you James Lam’s contact information • Phone: 781-772-1961 • Email: jameslam@comcast.net

More Related