bb proposal v2
TRANSCRIPT
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 1/15
Boubyan BankBoubyan Bank
Assistance in developing the Organization Assistance in developing the OrganizationStructure of RMDStructure of RMD
November 2009
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 2/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
1
Contents
Page
Your Needs 2
Scope & Approach 4
Engagement Approach 5
Role of Risk Management Department (RMD) 6
RMD Organization Structure 7
Composition of RMD 8
Job Descriptions of RMD Staff 9
Deliverables 12
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 3/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
2
Your Needs
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 4/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
3
Boubyan Bank (BB) is a Kuwaiti Islamic commercial bank established in 2004 by Amiri Decree No. 88 with a paid-up capital of 100 million Kuwaiti Dinars for the purpose of exercising all activities of the banking business in accordance with the rules and
regulations of the Central Bank of Kuwait. The bank¶s total revenues increased by 9% to KWD 59.7 million (USD218.5 million),
in 2008, while its net profits dropped by 89.6% to KWD1.9 million (USD7 million), due to provisions of KWD20.4 million
(USD74.7million), set aside at the end of 2008.
The Bank¶s primarily operates in four segments: Treasury, Corporate Banking, Investment and Retail Banking. Treasury
includes handling local and international Murabaha and other Islamic financing, primarily with financial institutions, as well as
the management of the Bank's funding operations. Corporate Banking includes handling Murabaha and Ijarah facilities for corporate and institutional customers. Investment provides services like direct investment, international real estate, business
development and management of marketable securities. Retail Banking includes handling deposits of individual customers
and small businesses, and consumer type Murabaha and Islamic covered card facilities.
The Bank has requested Protiviti Member Firm (Middle East) Ltd, for assistance in developing the organization structure of the
RMD, specifically comprising of
Role of the Risk Management Department
RMD composition (staffing strength, experience, qualifications etc.)
Job descriptions
The Bank has requested Protiviti to submit a proposal to achieve this scope, and this proposal is a response to that request.
Our Understanding of Your Needs
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 5/15
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 6/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
5
Engagement Approach
Analyzerisk environment
Understand the current state
DevelopDeliver ables
Management
Inputs
Conduct discussions withmanagement to understandexisting activities and businessunits of the Bank.
Discuss internal controls andrisk management measurespresent in business criticalprocesses.
Assess the Bank¶s organizationstructure and the fit of RMD inthe Bank¶s activities.
Understand the Bank¶s existingportfolio and key risksemanating from the same.
Evaluate the Bank¶s riskenvironment and identify major risks to which it is exposed.
Consult regulatory guidelines
(CBK) and best practice (e.g.Basel II, HKMA etc.)requirements with respect tothe role and composition of RMD.
Determine role of the RiskManagement Department onthe basis of senior managementdialogue, CBK requirementsand best practices.
Determine Composition of theRMD based on the Bank¶s riskenvironment and requirements.
Develop job descriptions for theRMD staff of the Bank.
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 7/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
6
Identifying the Bank¶s
Risk Universe
Conducting periodicevaluation of Bank¶s
processes & practices
to identify material
risks
Evaluating new
products launched by
the Bank, in order to
identifymaterial risks
Role of the RMD
Protiviti will conduct discussions with the Bank¶s Senior Management and Business Unit Heads to determine the extent of involvement of the RMD in the Bank¶s activities. We will document the role of the RMD considering the following key factors and
regulatory guidelines which will dictate RMD¶s fit into the Bank¶s organizational and functional structure ±
Bank specific factors - e.g. scale of the Bank¶s operations, material risks faced by the Bank, exotic instruments or products,
sophistication of risk management methodologies and practices etc.
Central Bank of Kuwait Guidelines
Roles and responsibilities of the RMD as per other regulatory documents (e.g. Basel II, FSA, Austrian National Bank (OeNB),
Hong Kong Monetary Authority (HKMA) etc.)
The activities of a typical RMD may be broadly grouped under three main groups as indicated in the figure below -
Risk Governance
Setting the Bank¶s Risk Appetite
and Risk Strategy.
Developing polic ies and
procedures for specific risks (e.g.
credit, market etc.) and for key
business units (e.g. Treasury,
Credit Department)
Establishing essential
committees such as ALCO,
RMC, Credit Committee etc. and
preparing committee charters.
Developing authority matrices for
financial, non-financial and
strategic activities.
Reporting & Monitoring
Consolidating reports from
respective business units.
Generating risk reports for
MTM market losses
Collateral Coverage
Portfolio concentration
FX reports
VaR reports
Liquidity levels etc.
Monitoring business units for
limit breaches/
Developing and implementing
escalation matrices reporting to
Senior Management
Risk Management
Risk
Identification
Risk
AssessmentRisk Control
Assessing impact and
likelihood of risks
identified Identifying key risks for
prioritizing action plans
Evaluating adequacy
and effectiveness of
controls in place
Identifying risks which
require further control
or management
Developing and
implementing action
plans for the treatmentand control of risks
Developing models for
risk measurement and
instituting processes
for risk control
Communicating risk
management practices
to business lines
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 8/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
7
RMD Organization Structure
Protiviti will consult CBK guidelines and other regulatory documents (e.g. FSA, HKMA) to identify the minimum requirements for theRMD, assess the major risks faced by the Bank and develop the RMD organization structure in order to enable the RMD to identify,
assess, monitor and control the risks faced by the Bank. The nature of the Bank¶s activities would typically dictate the organization
structure of the Risk Management Department.
Head, RMD
(CRO)
Senior Manager, Risk Analytics &Governance
Manager,Model
DevelopmentUnit
Manager, RiskGovernance
Unit
Senior Manager,
OperationalRisk
Manager,
RCSA Unit
Manager,
MIS Unit
Senior Manager,
Market Risk
Manager,
Market Risk
Risk Analyst,Liquidity Risk
Risk Analyst,FX & Equity
Risk
Risk Analyst,Profit Rate Risk
Senior Manager,
Credit Risk
Manager,Credit Review
Unit
Manager,Credit Admin &
Control Unit
Limit InputMonitoring &
ControlDocumentation
CollateralManagement
Manager,Credit PortfolioManagement
Unit
Fig: Sample RMD Organization Structure
For instance, a bank whose assets are concentrated in the banking book would have a more robust credit risk unit as compared to
a Bank which has an active trading desk and would be exposed to considerable market risk. Due to the nature of its activities, an
Islamic Bank would typically have a relatively small trading book and a large banking book.
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 9/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
8
RMD Composition
Protiviti will assess the Bank¶s risk management requirements on the basis of dialogue with the management and key process
owners. The extent of involvement of RMD in the Bank¶s day to day activities will determine the staffing requirements for RMD.
The strength and area of expertise of the RMD staff would also depend on key factors concerning the Bank¶s environment such as
(illustrative list only)
Regulatory requirements
Scale of operations
Concentration across product lines / countries / sector etc.
Risk tolerance levels of the Bank
Major risks affecting the Bank (e.g. credit risk / market risk)
Extent of sophistication in risk management procedures
Established risk measurement methodologies
Established risk models (e.g. Value at Risk models, credit rating models etc.)
Future expansion plans of the Bank into newer markets
Best practices as documented in OeNB and HKMA regulatory guidelines
We shall analyze the relevance of the above factors in the composition of the Bank¶s RMD and recommend the appropriate
strength and ideal staff profiles for the Risk Management Department.
The nature of expertise required by the RMD staff will dictate what qualifications and prior experience would be required in such
staff. Experience in the banking / financial services industry would typically be a mandatory requirement in addition to advanced
degrees in finance / risk management where the designation so demands. Knowledge of local markets and regulations would also
count as a key requirement for some of the roles of the RMD staff.
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 10/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
9
Job Descriptions
Protiviti will conduct discussions with the Bank¶s management and RMD staff in order to determine the roles and responsibilities of
the RMD staff and their fit into the Bank¶s organization structure. Based on these discussions job descriptions will be developed for
the RMD Staff.
Key components of the job description include ±
Position / Designation
Unit
Reporting to
Reportees
Role Summary
Responsibilities
The following pages illustrate two sample job descriptions which will be developed for the RMD staff as part of the engagement.
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 11/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
10
Sample Job Description - CRO
Position: Chief Risk Officer
Unit: Risk Management Department
Reporting to: Chief Executive Officer
Reportees: Senior Manager, RMD; Manager, Credit Risk; Manager, Market Risk; Manager, Operational Risk
Role Summary: Responsible for establishing a comprehensive risk management framework outlining the risk management
strategies, governance structure, and risk mitigation strategies.
Responsibilities:
Establish a bank-wide framework for identifying, measuring, monitoring, reporting and mitigating risks
Develop risk management strategies, governance structure, risk identification, measurement and reporting policies
Develop and implement a methodology for articulating the risk appetite and risk capacity of the Bank.
Oversee development of business unit, risk limits; review daily exposures against limits and determine corrective actions as
appropriate.
Review reports pertaining to breach of limits and bring these to the attention of the senior management based on pre-
defined trigger points
Recommend to the Risk Management Committee, Board of Directors any amendments pertaining to policies, procedures,models, report formats, limit structure and information systems as reported by credit, market and operational risk
managers.
Provide status reports and risk review reports to the Chairman & Managing Director and the Chief Executive Officer
Identify / develop relevant training programs for personnel in risk management.
Periodically review best practices in the area of risk management such as Basel, IFSB norms, etc. and proactively identify
areas of improvement for the company
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 12/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
11
Sample Job Description - Risk Analyst
Position: Risk Analyst
Unit: Risk Management Department
Reporting to: Senior Manager, RMD
Reportees: None
Role Summary: Assist Senior Manager, RMD in establishing and managing the departmental functions
Responsibilities:
Establish and implement a comprehensive framework for the identification, monitoring and measurement and mitigation of
credit, market, liquidity and operations risk
Establish a suitable limits structure for the credit related activities of the Company.
Prepare and present various risk reports including
± Gap reports on liquidity mismatches; and
± Reports on breach of various limits.
Develop and periodically update policy and procedures document
Maintain a database of business processes, risks, controls, mitigation measures Assist the Senior Manager in other day-to-day activities or any risk management initiatives.
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 13/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
1212
Project Deliverables
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 14/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
13
Deliverables
On completion of the engagement, Protiviti will provide the following in the form of a report to the Bank
Role of the Risk Management Department
Composition of the Risk Management Department (sample organization structure on page 7)
Job Descriptions (sample job descriptions on page 10 & 11).
8/8/2019 BB Proposal v2
http://slidepdf.com/reader/full/bb-proposal-v2 15/15
© 2009 Protiviti Member Firm (Middle East) Ltd
This document is for your company¶s internal use only and may not be distributed to any other third party.
1414
At Protiviti, we believe the or ganizations that most
effectively understand and manage their risk are the
companies that most of ten succeed.