back office conference 02 10 2009
DESCRIPTION
Marcus Evans presentation held in 2009TRANSCRIPT
2nd Annual Back-Office Conference
Establishing an efficient flow of information from the Front to Back Offices to minimize operational risk
SEU RISK MANAGEMENT 2
A. Overhauling systems that hinder essential communication between the offices.
B. Standardizing methods of documentation to guarantee all are kept up to speed.
C. Examining practices for eliminating errors or ensuring that a discrepancy is immediately made known to all involved should one be found.
D. Making sure that the proper firewalls are in place so that fraud cannot occur.
E. Keeping the right people doing the right things at the right time.
AGENDA
SEU RISK MANAGEMENT 3
“The ideal transaction processing system would be a seamless entity capable of passing deal data all the way from the front office to the back with no human intervention.” Obvious, but is it cost effective and a realistic ambition?
Overhauling systems that hinder essential communication between the offices
SEU RISK MANAGEMENT 4
Overhauling systems that hinder essential communication between the offices (continued)
Focus on what needs to be communicated and what data elements are needed. Avoid a situation where the tools set the rules, but steer towards an environment where the “rules defines the tools.”
An overall data flow overview exist that displays the life cycle of a transaction regardless of implemented systems.
Straight through processing (STPI) should be considered to enhance the use of same types of files and data.
Evaluate whether systems should interface or be integrated.
Interfacing allows data to be transmitted between two systems that do not normally share the same database tables by use of a utility, adaptor or added code.
Integration requires modifying systems to work together in a 'seamless' fashion."
SEU RISK MANAGEMENT 5
Identify the business requirements necessary for Front, Middle and Back Office operations. Expectation of what should be reported by each “Office” in aggregate and detail must be defined.
An overall common definition of what constitutes a transaction and what needs to be recorded exists. If it needs to be measured, it must be recorded.
The business requirements must be formulated by actual business end users themselves who will be ultimately the ones to certify that integration between the offices works or not. How well does our systems and each of our offices meet regulatory/stakeholder expectations for the ability to Quantify / Monitor and Manage?
Transaction standards / message types / formats should be established and audited between each of the offices with clear definition of what data elements are required.
Overhauling systems that hinder essential communication between the offices (continued)
SEU RISK MANAGEMENT 6
Standardizing methods of documentation to guaranteeall are kept to speed
What should be documented ? (What, Why and When) – Create an overview of technical and business context documentation.
Adopt standardized documentation data flow format / requirements in cooperation with stakeholders – consider the use of experts to document data flows and what needs to be documented.
Focus on documenting data flow, calculation methods and reports.
Describe business context / purpose, recording process, calculation method and reporting method. In essence, put equal emphasis on purpose as the details of transaction flow and reporting.
Make sure documentation and overviews are included in training programs.
SEU RISK MANAGEMENT 7
What should be documentedWhat should be documented
a) Architecture A data flow overview of all recordings, processes, storage and reports of data regardless of systems, offices, automatic or/and manual processes.
b) Data flow within office and between offices
A specific overview of recordings, processes, inventory and reports of data including integration method templates with other offices/systems.
c) The format and use of message types / transaction types with other systems
Description of methods and format of data integration with other systems including record layouts, fields and relevant communication rules (standards).
d) The ability to use, review and modify data recordings
A detailed description of the ability to record, edit and modify data within systems (automatic and manual processes).
e) Processing of data within each office (calculations)
A structured documentation of data processes implemented (automatic, manual) to transform data within each office.
f) Aggregation of data Description and summation of data routines and storage of main summation procedures within systems.
g) Reports Detailed description of data reports with audit trail to a,b,c,d,e,f identifying data elements as well as the description of data processes preceding the report layout.
SEU RISK MANAGEMENT 8
Examining practices for eliminating error or ensuring that adiscrepancy is immediately made known to all involvedshould one be found
What quantification, monitoring processes have been deemed important on a daily and/or periodic basis?
How does the organization log deviances – and what type of deviances are recorded?
Transactional Calculation based – recordings from various systems in agreement
and independently verified?
Reconciliation processes between internal and external data sources essential as well as providing an independent review of these processes.
Communicate status of Operational Errors to stake holders. Mistakes are expected to be made – what is important is that processes are in place to enhance, improve systems.
SEU RISK MANAGEMENT 9
Draft - Operational Status Summary (Month of May-2008)Draft - Operational Status Summary (Month of May-2008)
CATEGORY Occurrences $ Impact % of total Trend last month
Wrong price 17 ($10,456) 0.68%
Wrong volume 8 ($45,000) 0.32%
Wrong counterpart 12 $0.00 0.48%
Wrong premium 5 ($45,000) 0.20%
Wrong location 7 ($76,000) 0.28%
Wrong commodity 8 ($89,435) 0.32%
Wrong time period 10 $56,700 0.40%
Unconfirmed transaction 17 ($145,000) 0.68%
Wrong settlement amount 2 ($43,000) 0.08%
Un recorded transaction 3 ($34,000) 0.12%
Wrong scheduled volume 5 ($76,000) 0.20%
94 ($507,191) 3.76%
By tracking Categories ofoperational errors over specific timeperiods, an organization can track operational risk / performance against total recorded transactions and thereby institute processes for improvements and focus,
SEU RISK MANAGEMENT 10
Draft - Operational Status SummaryDraft - Operational Status Summary
CATEGORY Deviances $ Impact Action
a) Daily confirmation: Exchange transactions
None NA NA
b) Daily confirmation: OTC physical and financial transactions
None NA NA
c) Daily settlement margin accounts (Exchange/ISDA)
2 deviances ($265,000) Recorded in Interim
Account, reconciliation
started
d) Daily reconciliation cash wires against internal / external records
None NA NA
e) Daily P&L attribution None NA NA
f) Daily Risk Metrics attribution None NA NA
g) Daily Audit trail accounting – deal capture systems
None NA NA
SEU RISK MANAGEMENT 11
Making sure that the proper firewalls are in place sothat fraud cannot occur
a) Internal definition of “fraud” supported by processes and monitoring reports eliminating possibility of fraud situations that addresses the following;
i. Identify categories of fraud (Logins, systems, wire, confirmations, reconciliations).
ii. Determine what monitoring process should be in place to report incidents.
b) Make sure processes are communicated and independently reported and agree on how to manage situations through a breach policy.
c) Proactively position control functions through systems, policies and monitoring reports and consequences (breach implications).
d) Reassess: a) periodically to assess organization definitions and capability to detect.
SEU RISK MANAGEMENT 12
CATEGORY STATUS
a) Establish controls that reduce the opportunity for unauthorized use of organizational resources (firewalls, email scanning, ID Access)
b) Delineating clear lines of responsibility, providing sufficient employee monitoring, segregation duties for operational processes and regularly rotating staff in key positions.
c) Using thorough recruitment screening and educating employees about the legal repercussions of being involved in illegal activities - to act as a deterrent.
d) Instituting control such as automated detection systems and advanced analytical technologies that look for suspicious behavior and anomalous patterns that may require investigations.
e) Corporations will need to define and understand the layout of internal data and the business process data flows in order to determine the necessary sources of data feeds for fraud solutions.
g) Proper security breach protocols including the use of laptops in insecure areas, accountability for security procedures, consequences for failing to follow security protocols
Guidelines - Fraud Control (Draft example)Guidelines - Fraud Control (Draft example)
SEU RISK MANAGEMENT 13
Keeping the right people doing the right things at the right
time
Keep on top of operational tasks – what is the production pattern for each of the offices – who is doing what / when.
Is a daily operational plan in place to address sequence of tasks and when they should be completed with dependencies?
Identify for your business model / context - what skill set needs to be in place for each of the offices?
Acumen across offices – What skill set and understanding is essential for each of the offices?
Acumen specific to office – What skill set will be proprietary?
SEU RISK MANAGEMENT 14
Daily Operational Plan (Draft for illustrative purposes)
Time Process Dependency Resource Tracking
08:00 AM Double check wire status of
all accounts and reset credit
Lines in systems
Fed-wire / Swift
report completed in
SAP
Back-Office
group 1
Daily log report for
counterpart account status to
be completed
08:45 AM Option exercise Electricity
and Natural Gas
Option Exercise
report Deal Capture
Mid-Office
Group 1
Daily log of exercise in deal
capture system
09:00 AM Daily forecast of base load
demand and load demand
Weather demand
report
Forecasting Forecast logged in
scheduling system
09:20 AM Daily unit characteristics
report to be completed
Unit operational report
(PCI)
Mid-Office
Group 1
Characteristics logged in
deal- capture system
09:40 AM Electricity to be scheduled
by node. Natural Gas to
be scheduled
Production of
aggregate schedule by
deal capture system
Mid-Office
Group 1
Log of scheduling
aggregation in deal capture
and scheduling system
09:45 AM Day ahead financial settlement
(shadow report to be
completed all commodities)
Financial settlement
prices to be read into
deal capture system
Back-Office
group 1
Log of settlement prices in
deal capture system
09:45 AM Week ahead position report to
be completed all commodities
Computation of all
position components
Mid-Office
Group 1
Position components logged
in system by date
SEU RISK MANAGEMENT 15
BIBLIOGRAPHY
Bjornar Eide has been a Director of Risk Management for Sempra Energy Utilities since September 2005. Bjornar oversees the risk governance structure for San Diego Gas & Electric and Southern California Gas Company. He is a member of the Risk Management Committee for each of the utilities, which is responsible for managing each of the utility’s exposure to market, credit, liquidity and operational risk. Bjornar has over 15 years of experience from energy markets, serving in a variety of capacities in an international environment. Prior to joining Sempra Energy Utilities, he worked as an independent strategic risk consultant for a variety of clients in Europe and the US focusing on strategic risk management related issues and the design of risk assessment capability. As a Director of Risk Management for NRG (from 2000 – 2002) he built up the risk management department and during his four year tenure with Statoil A/S as a portfolio manager, he actively managed positions that involved petroleum products, crude, natural gas & electricity including the build-up of the power marketing department. Eide holds an MBA in Finance from San Francisco State University and a BA in Business Administration from California Lutheran University.