Risk Management

Calendar Program for FY2006/07

VRBM Part II

Building the Risk Adjusted Capital Model

2

Risk Management Mission & Goal

MISSION

To apply a consistent, best practise framework for the management of risk group wide.

STRATEGY

To instill risk management awareness through continuous learning

To facilitate integration of risk management culture and process into the business operations

To facilitate the learning process with the aim of building risk management capability group wide

To inculcate the ownership and accountability for both risks and controls

To integrate “risk return consideration” into business decisions

GOALS

•To avoid value destruction & reduce threats to value creation

•To improve chances of meeting an objective

•To maximize value creation opportunities.

3

Risk Adjusted Capital Model-Economic Capital

IntroductionTo VRBM

PART I

FRM

Investment Mandate/ALM

IRM

Cost of Capital

Product Guidelines

Embedded Value

ORM- Foundation

Self Risk Assessment (RCSA)

KRI Reporting

Loss data collection (IMDC)

BCP

PART II

FRM

Financial Modeling & Scenario

KRI linkage

IRM

Cost of Capital by business line (CoC)

Risk Based Capital (RBC)

Risk Adjusted Return on Capital (RAROC)

KRI linkage

ORM

OP risk analytics, OpVaR ,ORM capital charge, MIS, Risk adjusted performance

Basic Measurements to

Advanced Measurements

4

VALUE & RISK BASED MANAGEMENT (VRBM-PART 1)

Shareholder

Invested capital

Free Surplus

Tied surplus

ALM

ACTIVA

LIABILITIES

"RISKSLIABILITIES"

ASSETS

"RISKSASSETS"

FREECASH FLOW

LM

AM

EVAR R

BC

Cost of capital

FREE CASH FLOW

P&L*

RM

RAROC

EV

BasicComponentsVRBM

5

VALUE & RISK BASED MANAGEMENT (VRBM)

MIS, Risk AdjustedPerformance Management

KRI Linkages and Integration

IRM Phase IIRBC, RAROC

Risk SelfAssessment (RSA)

2003 20052004

Policies, Procedures Guidelines, Operating Structure, Communication, Harmonization

Gap Analysis, Foundation, Governance Structure, Awareness, Capacity

FRM Phase IIFinancial Modeling & Scenarios

FRM Phase I Investment Mandates & ALCO

Integrated Group-wideORM Solutions Project

BRCP, BCP, Compliance,Group-wide ORM, Basel II ORM Programme

ORM Blueprint & Foundation

IRM Phase I Product Guidelines, Cost of Capital, Embedded Value, Actuarial Reporting

KRI Analysis and Reporting

IT Solutions for Loss Data Management

Operational Loss Data Collection & Categorization

Value & Risk Based Management (VRBM) Building Blocks

6

The Risk-Value LinkagesPART 2

Risk, Capital, Risk Adjusted Returns On Capital (RAROC), Value at Risk (VaR) and Value of the business

Risk Adjusted Capital Model-

Economic Capital

Earning at Risk

RAROC

Dividend Policy

Embedded Value

Capital Allocation

Cost of Capital

7

OVERVIEW OF RISK CHARACTERISTICS

Risk Management = Knowledge Management

Shareholder Results = Business Results - Risk Results

Managing Risk = Managing the Business = Managing the Knowledge of the Elements

The better the knowledge, the better the management of risk

8

Highlights of FY2006/07 Program

• Integration/harmonization of risk management framework, governance & practices

• Common risk language for the enlarged group

• Review & standardization of product approval process, investment agreements & portfolio mandates

• ORM Solution rollout (RCSA/scorecard, loss data collection & database/IMDC and KRI)

• RBC rollout (parallel run 2006/07, compliance 2007/08) and RBC workshops

• BCP/CMT/CMST for enlarged Mayban Fortis and Dataran Maybank

• Establishment of Dataran disaster/crisis scenario command & recovery centre

• Live testing of pre-merger MFHB entities’ BCP/CMT/CMST/DRP

• Dashboard of total risk health check

• Embedded Value reporting, analysis and EV workshop

• Risk assessment/due diligence for outsourcing & shared service arrangements

9

FY2006/07 Risk Management

Summarize CalendarFinancial Risk Mgt

No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Financial Risk Management (FRM)

2

Review of Investment Management Guidelines

3 Review of IIM Audit Report

4

Guidelines on Investment Income for Investment Linked Funds

5

Revision of Capital Management guideline

6 Derivatives

7

Adoption of Financial Risk Management framework & guidelines for MNI & TN

8

Revision and harmonisation of Key Risk Indicators (KRI) Report for FRM

9

ALM for MLA, MGAB, MTB, MNI & TN as at 30/06/2006

10 ALM - next steps

11

Briefing on Financial Risk Management framework (with IIM) to IC members

2006 2007

= deliverables

10

FY2006/07 Risk Management Calendar

Insurance Risk Management

No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Insurance Risk Management (IRM)2 RBC Analysis

3 RBC Workshop

4EV for MNI, MLA, TN and MTB (FYE 05/06)

5 EV Reporting for MIG (quarterly)

6 Product Approval Guideline

7 Revision of Cost of Capital Guidelines

8

IRM KRI revision and discussion with Risk Owners & Result Producers

9

Monitoring Of Existing Products Profitability (Life)

2006 2007

= deliverables

11

FY2006/07 Risk Management CalendarRisk Policy and Standard

No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Policy & Standards (P&S)

2Harmonization of MFHB Framework

3 Common Risk Language Booklet

4Risk Management Awareness Program

5 Top KRIs

6Benchmarking and statistical compilation

7Updates of Regulation of BNM, PIAM and LIAM

8 Knowledge Management System

2006 2007

= deliverables

12

FY2006/07 Risk Management Calendar

Operational Risk Management – ORM Solution

No.

Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun

1 Operational Risk Management (ORM)2 ORM Solution / OpVantage System - Phase 1 (IMDC)3 ORM Solution / OpVantage System - Phase 2 (RCSA & KRI)

4KRI, LED & Contingent Liability revision, update & assessment

5 Harmonisation & consolidation of existing RCSA & KRIAcross all

entities6 Risk Scorecard Half Yearly Review at Operating Entities MLAB MGAB TN/MTB MNI

7 Post Merger Risk Review (Quarterly)

2006 2007

= deliverables

13

FY2006/07 Risk Management Calendar

Operational Risk Management – Outsourcing & BCP

No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Operational Risk Management (ORM)2 Outsourcing

3 Adoption of MF Outsourcing Policy

4 MNIB

5 TN

6

Define scope & reponsibilities on outsourcing with Performance Mgt and Compliance

7 Distribution of OS Risk Survey

8

Quarterly reporting to RMM and RMCmapped to Maybank Group format to focus on:i. Audit Issuesii. Service Performanceiii. Customer Complaintsiv. Disputes vi. Risk Issues

9 ORM - Business Continuity Planning10 BCP Integration 11 Formation of BCP Structure12 Establishment of Dataran BCP CMT13 Establishment of Dataran BCP Secretariat14 Establishment of Dataran CMST15 BCP Test16 IT Disaster Recovery17 IT Disaster Recovery (MF)18 IT Disaster Recovery (Dataran)19 Checklist and Integrated table top testing20 Communication tree testing21 BCP Crisis Simulation at Dataran22 Awareness Program

23 Wallet Card Distribution

24 Talk & Campaign (Quarterly Basis)

25 Digest (Bi-monthly basis)

26 Survey (Half yearly basis)

2006 2007

Completed

= deliverables

14

Risk Management FunctionRoles & Responsibilities

CFO

Head, Risk Management

• Develop and maintain comprehensive risk management policy,

governance, framework and guidelines• Together with operating heads, drive identification,

measurement, mitigation and control of group-wide risks• Facilitate development and improvement of risk management

know-how, tools, methodologies and systems• Independent risk review and assessment on products, projects,

assets, capital, investment and group-wide business activities• Apply global best-practices in the area of risk management• Supervise and develop risk management personnel in line with

immediate objectives and long-term plans

Job:

Identify, measure, mitigate and control group-wide risks to

assure the achievement of goals and objectives through

effective risk management

Role:

Second line of defense, promoting good corporate governance

and providing reasonable assurance on integrity and validity of

risk measurement and reporting

• Independent check-and-balance mechanism• Provide second opinion• Offer perspective on potential downsides• Risk reviewer for business/insurance risk• Central aggregator for financial risk• Frontline and organizational support for operational risk• Make risk a management agenda and risk awareness happen

throughout the organization• Strengthen business cases and plans• Give assurance on the integrity and validity of self-assessment,

measurements and KRIs

15

Success Factors & Qualifiers

Key Success Factors

- Top management ownership and buy-in- Transparency and integrity of data- Consistency of approach throughout Mayban Fortis Group- Capability of the risk management function & systems- Meet (Basel II) AMA Qualifiers (below)

10-Point Basel II AMA (Advanced Measurement Approach) Qualifiers

- Active oversight by the board and senior management- Sound risk management system implemented with integrity- Sufficient resources in major business lines, control and audit- Independent and capable risk management function- Integration of risk measurement into day-to-day risk management- Comprehensive, regular and timely risk reporting- Proper documentation of risk management system and processes- Regular review by internal and external auditors- Validation of risk measurement system by auditors and regulators- Sound AMA standards and risk model

Regulators will accept advanced measurements based on AMA approach only upon meeting the above qualifiers. Although Basel II place the emphasis on Operational Risk, the principle applies equally to other types of risk

16

Proposed StructureCentral Risk Management

CFO

Head, Risk Management

• Develop, implement and maintain comprehensive risk framework, guidelines and programmes

• Drive risk identification, profiling, reporting and mitigation processes• Independent review and assessment of risk control programs at

operating units• Participate in projects requiring risk management review & signoff• Facilitate development and improvement of risk matrices, tools,

methodologies and systems• Acquire/develop and maintain advanced risk measurement

analytics & systems• Risk reporting, analysis and compliance with internal and external

requirements• Program management for VRBM, BCP/CMT and other group-wide

risk initiatives• Secretariat to ALCO, RMM and other risk-related governance and

projects

Insurance Risk Management

Financial Risk Management

Risk Policy& Standards

Embedded Risk Managers/Units

• Policy & procedures on adoption of regulations, standards & best-practices

• Consolidate & integrate reports and returns

• Risk reporting MIS & data integrity

• Risk communication & change management programs

• Effectiveness feedback, surveys & improvements

• Risk benchmarking & knowledge management

• “Educating” the organization on risk management

• Risk management ownership at operating level

• Champion risk management programs at operating level

• KRI development, reporting and management

• Facilitate BCP programme at operating level

• Facilitate RCSA and loss database management and reporting

• Risk officer for respective entity/function

Operational Risk Management

17

Proposed StructureInsurance Risk Management

Embedded Risk Managers/Units

Head, Financial Risk

Management (4)

Head, Operational Risk Management (5)

Head,Risk Policy & Standards (4)

• Risk review of product portfolio• Participate in product development &

review activities• Review business case, profitability &

pricing assumptions• Risk compliance and signoff for new

products/business lines• Review reserve adequacy and

reserving assumptions• Review liability/valuation/modelling

assumptions and ensure compliance with guidelines

• Review capital adequacy/solvency/ embedded value/RBC levels

Head, Insurance Risk Management (3)

Life & Family Takaful Products Non-Life & General Takaful Products Embedded Risk Managers

• Risk review of product portfolio• Participate in product development &

review activities• Review business case, profitability &

pricing assumptions• Risk compliance and signoff for new

products/business lines• Review reserve adequacy and

reserving assumptions• Review liability/valuation/modelling

assumptions and ensure compliance with guidelines

• Review capital adequacy/solvency/ RBC levels

• Participate and coordinate the corresponding activities at the respective units

Head, Risk Management 17 FTEs exc. Administrator, Embedded Units

18

Proposed StructureFinancial Risk Management

Embedded Risk Managers/Units

Head, Financial Risk

Management (4)

Head, Operational Risk Management (5)

Head,Risk Policy & Standards (4)

• Develop asset management risk framework

• Formulate/update investment agreement & mandates

• Develop hedging & derivative framework and procedures

• Carry out portfolio risk-performance analysis

• Financial risk compliance and review of operational procedures & processes

Head, Insurance Risk Management (3)

Asset Management Market Risk Analysis ALM/Financial Modeling Embedded Risk Managers

• Scan global economic outlook and risk factors

• Carry out financial & market risk research

• Analyse market, credit & liquidity risks

• External benchmarking of portfolio performance

• Interface with Group Market and Credit Risk units

• Gather & analyse historical financial data & info and make forward projections

• Carry out cash flow & asset modelling and VaR

• Facilitate/coordinate/review embedded value reporting

• Review/compute capital/ solvency/RBC charges

• Review or perform scenario & stress/sensitivity tests

• Establish risk acceptance limits and mandates based on ALM studies

• CoC/capital charge, RAROC & capital allocation

• Participate and coordinate the corresponding activities at the respective units

Head, Risk Management

19

Proposed StructureOperational Risk Management

Embedded Risk Managers/Units

Head, Financial Risk

Management (4)

Head, Operational Risk Management (5)

Head,Risk Policy & Standards (4)

• Facilitate & coordinate risk profiling/RCSA/scorecard

• Facilitate & coordinate rollout of ORM solutions

• ORM compliance reviews• Continuous review of

procedures and process for risk exposures

• Risk assessment & due diligence for outsourcing

• ORM mitigation, insurance & risk transfer

Head, Insurance Risk Management (3)

Integrated ORM Solutions BCP, Events & Projects (2) ORM Analytics Embedded Risk Managers

• Facilitate and coordinate establishment of BCP/CMT organization

• BCP/CMT secretariat• Coordinate establishment of

disaster recovery program• Organize BCP/CMT periodic

testing & reporting• Review BCP/DRP program

of outsourcing vendors• Implement BCP procedures

for threats & outbreaks

• Loss event data collection, database maintenance and data integrity

• ORM quantification, measurement & analysis

• Review of loss & near miss, trends & benchmarking

• Develop tools and data capture for Op Var analytics

• Develop requirements for advanced measurements and capital charge

• Champion and coordinate corresponding activities at the respective units

Head, Risk Management

20

Proposed StructureRisk Policy & Standards

Embedded Risk Managers

Head, Financial Risk

Management (4)

Head, Operational Risk Management (5)

Head,Risk Policy & Standards (4)

• Coordinate application of standards, best-practices & regulations

• Develop & implement risk language, policy & procedures

• Knowledge management & benchmarking for risk

• Develop & maintain internal risk ratings system

• Coordinate input/feedback for market/industry studies

Head, Insurance Risk Management (3)

Policy, Standards & Regulations

Risk MIS & ReportingProgram/Change

ManagementEmbedded Risk Managers

• Consolidate & integrate risk reporting and follow up on areas of concern

• Review/validate results & responses to low ratings

• Review adequacy of measurement systems & coordinate MIS acquisition

• Ensure integrity of data/ information

• Build risk management information assets

• Facilitate/coordinate risk communication and awareness programs

• Coordinate introduction of new risk procedures

• Conduct periodic surveys to gauge level of effectiveness for improvement

• Administer awareness programs such as whistle blowing, fraud hotline, risk education, etc

• Participate and coordinate the corresponding activities at the respective units

Head, Risk Management

21

Organisation StructureCentral Risk Management

Embedded Risk Managers

Head, Financial Risk Management

Rudie Erman Bahari

Head, Operational Risk

Management Abd Razak Sulaiman

Head,Risk Policy &

StandardsAzlan Md Alifiah

Head, Insurance Risk ManagementNoor Nashriq

Head, Risk ManagementRazin Murat

17 FTEs exc. Administrator, Embedded Units

Life & Family Takaful Products

Vacant

Non-Life & General Takaful Products

Vacant

Market Risk AnalysisVacant

Asset ManagementVacant

ALM/Financial Modeling

Vacant

BCP Events & Projects

Mohd Radzuan

Integrated ORM Solutions

Nik Mazli Mat Dalip

ORM AnalyticsNawal Ishak

BCP Events & ProjectsVacant

Risk MIS & ReportingVacant

Policy, Standards & RegulationsBadrul Izham

Program/Change Management

Vacant

CommercialGhulam Hussein

OperationsMs. Fong

& For Takaful

For Conventional

Insurance

Total Staff Required 17Current Available 10--------------------------------Staff Required 7--------------------------------

AdministratorNoriati

Headcount Assumptions:- Financial Risk Management excludes potential increase in headcount requirement for monitoring and oversight of derivatives trading activities- Operational Risk Management excludes potential increase in headcount requirement for full maintenance of Dataran Maybank Secretariat for BCP and Crisis Management Support

22

END