risk management framework in banks - sbp.org.pk · pwc risk management framework – the concept it...
TRANSCRIPT
Risk ManagementFramework in Banks
March 2014
Agenda
Risk Management Framework – TheConcept
Regulatory Evolution Of Risk ManagementIn Pakistan
Risk Management Framework – SAARCOverview
Modern Day Risk Management
EIRM
EIRM – Beyond Regulatory Compliance
Risk Management – Future Perspective
PwC
Concept
3
PwC
Risk Management Framework – The Concept
It enhances an organization’s ability to effectively manage uncertainty
What it aims for?
“A comprehensive document that systematically
and practically defines an implementation
approach helping organisations, regardless of
size; of mission, to identify events and measure,
prioritize and respond to the risks challenging its
most critical objectives and related projects,
initiatives and day-to-day operating practices”
4
PwC
Regulatory Evolution of Risk Management -Pakistan
5
PwC
Regulatory Evolution of Risk Management inPakistan
6
- Revision of MCRFramework under BaselII
- Revised timeline formandatory ICFRReporting
- Enhanced CDDmeasures
- Risk ManagementGuidelines for IslamicBanks
- Guidelines on ICFRReporting
- Stringent requirementsfor Tier 1 Capital
- Guidelines on ICAAP
- Guidelines onCountry Risk
- Guidelines onInternal Controls/ICFR
20
04
- Guidelines onRisk Management
20
03
- Enhanced financialstatements disclosurerequirement for RiskManagement Frameworkand Statement of InternalControls
- Decision for adoption ofBasel II - Roadmap
- Guidelines on
Stress Testing
20
05
- Enhanced Guidelineson Internal Controls
- SBP Basel IIFramework
20
06
- Enhanced PrudentialRegulations
- Guidelines onInternal Control overFinancial Reporting(ICFR)
- Eligibility criteria foruse of external ratingsin Basel II
- Guidelines on InternalCredit Risk RatingSystems
- MCR Disclosurerequirements
20
07
20
08
20
09
20
10
20
11
20
12
- AML/ CFTRegulations
- Enhanced ICAAPGuidelines
- Enhanced Guidelineson Stress Testing
20
13
- Guidelines on BaselIII - Capital
- EnhancedGuidelines onInternal Credit RiskRating Systems
20
14
- EnhancedAML/CFTGuidelines
PwC
Strengthening Risk Management – Basel and CapitalManagement
2005
Release ofcomplete SBPBasel IIFrameworkencompassingall pillars, basicand advancedapproaches,theirimplementationconsiderationsand timelinesincludingparallel run, etc.
200820072006
Detailedguidelines ondevelopment ofAdvancedInternal CreditRisk RatingSystems
Decision forimplementationof Basel II andprovision ofinitial roadmapwhereprescribedtimelines forimplementationof Standardizedand transition toAdvancedapproaches wereprovided
Stringentrequirement forTier-1 Capital byrequiringintangible assetsto be deductedfrom Tier-1CapitalCalculation
2009Roadmap forannual increasein Minimumpaid up Capitalrequirementwhere by thebanks wererequired to reacha level ofminimum Rs. 10billion by 2013
2010Eligibilitycriteria for use ofexternal ratingsin Basel II
2013Internal CreditRisk RatingSystem for retailportfolio
Guidelines onBasel III – moreStringent Capitalrequirementsand immediatereporting forMCR returnsbased on BaselIII
7
PwC
Strengthening Risk Management – ICAAP and Stress Testing
8
Stress Testing ICAAP ICAAP Stress Testing
Encompassing techniquesfor Stress Testing,framework for regularStress Testing, scope ofStress Testing,methodology andcalibration of shocks forinterest rate risk, exchangerate risk, credit risk, equityprice risk and liquidity risk.
Reporting format for theabove mentioned was alsoprescribed
First guidelines on ICAAPencompassing the followingareas:
Board and SeniorManagement oversight
Sound capitalassessment
Comprehensiveassessment of Pillar 1and 2 risks
Monitoring andReporting requirements
Internal control review Risk aggregation
Revised and much moredetailed Reporting Templatefor ICAAP releasedcontaining all details of:
Structure and Operations Governance Risk assessment and
capital adequacy Stress testing Capital planning Design, approval and
review of ICAAP process Risk appetite statement
calculation andmethodology
Advanced and scenariobased Stress Testingencouraged together withfurther advanced conceptsfor Reverse Stress Testing
2005 2008 2012 2012
PwC
Strengthening Risk Management – Internal Controls
2006 2008 2009 2010
Statutory auditorsrequired to giveopinion and reporton BoD’sendorsementregardingefficiency of ICFR
Banks required to developa roadmap for completionof ICFR till December 31,2009.
Statutory auditorsrequired to submitopinion on ICFR
Banks required to submit,a review report on ICFR toSBP to assess the stagesof the roadmapcompleted,approved by BOD orBAC.
Statutory auditors tosubmit Long FormReport (LFR) foronward submission toSBP.
2004
Requirements on:
• Management’s statement onInternal Controls(Financial, operationaland compliance)
• Management’sevaluation of InternalControls
• BOD’s endorsement ofthe management’s statement
• Statutory auditors’attestation on Board’sendorsement regardingeffectiveness of ICFR
• Statement of Internalcontrols together withauditors’ attestation to bepublished in AnnualReports
9
PwC
Risk Management – SAARC Overview
10
PwC
Risk Management – SAARC Overview*
Afghanistan
- Capital Adequacy Regulations- AML
Nepal
- Risk Management- Basel II/III- Capital Adequacy Regulations- AML- Stress Testing
Bangladesh
- Risk Management Guidelines- Internal Controls- Basel II- Capital Adequacy Regulations- Stress Testing- AML
Bangladesh
- Risk Management Guidelines- Internal Controls- Basel II- Capital Adequacy Regulations- Stress Testing- AML
Sri Lanka
- Risk Management- Internal Controls- Basel II/III- Capital Adequacy Regulations- AML
Bhutan
- Internal Controls- Capital Adequacy Regulations- AML
India
- Risk Management- Internal Controls- Basel II/III- Capital Adequacy Regulations- AML- Stress Testing
Maldives
- Capital Adequacy Regulations
* The information presented above may vary with respect to degree to accuracy as it is based on publically available information.There may be certain works in pipeline and several other supervision and inspection tools to support implementation of bestpractice risk management frameworks. 11
Modern day RiskManagement
PwC
Modern day Risk Management
Credit, Operational andMarket Risks
People & ChangeManagement
Risk Models
Risk Automation &Process Efficiency
Capital Planning andManagement
Advanced Stress Testing
Advanced PortfolioManagement
Asset and LiabilityManagement
Compliance RiskAssessment
Business Risk Review/Credit Risk Review
Modern day RiskManagement
13
PwC
Target NPLsTarget Capital Adequacy RatioTarget RWATarget reduction in Operationallosses etc.
Business optimizationInternal controlsCredit disciplineCustomer serviceComplianceRetention of critical HRCorporate social responsibilityetc.
Value Addition
• Better target setting for business unitand effective operational roll-out
• Better monitoring platform for decisionmaking
• Rationalized portfolio quality• Effective MAPs for future capital
management concerns
Perspective
• Ownership, drive and accountability• Independent view on planned risk
exposures and markets• Integrated annualized targets help in
eventual achievement of long-term goals
StrategicPlanning
Strategic aspects
• Target markets, RAACs• Portfolio mix/ diversification• Capital planning and allocation• Pricing and collateralization strategies• Stressed projections and CAR• Operational strategies
Aim
• Engage Business Units• Integrate Risk Management in the
exercise• Seek economic research support• Integrate budgeting with strategic
planning
Modern day Risk Management – Entity wideintegration
14
PwC
Modern day Risk Management – Lines of Defense
Risk Area 1st Line of Defense 2nd Line of Defense 3rd Line of Defense
Credit Retail Commercial
Market IRR Liquidity Price Risk (Investments)
Operational Operations (Assets/ Liabilities) Technology Fraud Accounting/ Financial Controls HR Model
Compliance
Business/ Strategic
Reputational
Risk Management& Compliance
CIBGCRBG
Treasury
All Business &Support
Internal Audit
15
Enterprise-wideIntegrated RiskManagement
PwC
The next generation of risk management solutions calls for an EIRMapproach that encompasses all dimensions of entity and risks
Single View into Risk Management
Operational Risk,Liquidity Risk
Legal Risk, ReputationalRisk
IT Risk, Interest Rate Risk,Concentration Risk
Country Risk, 3rd PartyRisk
Credit, Market Risk
Business and StrategicRisk
Isla
mic
Ba
nk
ing
Re
tail
Ba
nk
ing
Co
rp
or
ate
Ba
nk
ing
Inv
es
tme
nt
Ba
nk
ing
Ag
ri
Fin
an
ce
Tr
ea
su
ry
ICAAP, Stress Testing
Basel II/III
COSO/ ICFR
Entities
Risks
• Governance• Strategy• Organisational
Structure• IT Systems• Policies & Processes• MIS• Risk Tools
InfrastructureRisk Management
Infrastructure
• Risk Identification• Risk Assessment• Risk Mitigation• Risk Monitoring• Risk Reporting
Risk Management Process
17
PwC
Enterprise-wide Integrated Risk Management
Critical Success Factors
Tone at theTop
Risk Authority&
Accountability
PerformanceMgt./Risk &
Rewards
People &Change
CapacityBuilding/Training
EffectiveProcesses
Technology Data & MIS
Board & BoardCommittee
Senior Management Committee
Management& monitoring
Corporate Retail Operations Finance ITHRTreasury
Risk Management & Compliance
Internal Audit
RiskIdentification
RiskResponse
Str
ate
gic
&O
pe
ra
tio
na
lO
bje
cti
ve
sC
om
plia
nc
e&
Re
po
rtin
gO
bje
ctiv
es
Overall Business Optimisation
18
PwC
Enterprise-wide Integrated Risk Management -Objectives & Goals
Implement acoordinated,integrated,
efficient andeffective
frameworkfor risk
managementacross theenterprise
Provide greater transparency and consistency to the riskand governance process across the organization
Move the organizational culture from a solely compliancefocused organization to an integrated ‘Risk Management’culture
Evangelize a philosophy of ownership and
accountability for risk and control to line management
Provide a cost effective infrastructure that integratesthe risk and governance framework of the organization
Improve risk management practices across theorganization
19
PwC
Framework Implementation
STRATEGIC
PR
OC
ES
S
TACTICAL
PE
OP
LE
Identify KeyStakeholders
Identify CoreObjectives
Evaluate AlternativeApproaches
DevelopVision for theFramework
DevelopFramework
Develop PhasedImplementationRoadmap
ImplementIndividualDomains basedon Businesspriorities
Implement anprogram for managingchallenges Enterprise -wide
ImplementconsistentMonitoring &Reporting
Enhance integration into theBusiness Process
CEO CFO CCOCRO CIO
Finance Risk ComplianceInternal
AuditOperations
Develop a collaborative relationship between all stakeholders Develop strong Board and Executive Management support for Best Practice Risk Management
Framework
COO
Executive Management
Departments
20
PwC
Risk Management – OrganisationalStructure
21
PwC
Risk Management StructureA dedicated Risk Management Function – An Illustration
22
PwC
Risk Management – Risk Areas
23
PwC
Credit Risk
24
Credit Risk
NPL Management
Monitoring
CreditDocumentation
PortfolioManagement
Risk Models
Credit RiskAssessment Process
Country RiskManagement
Data Managementand MIS
Credit Risk Review
Policies &Procedures
Stress Testing
PwC
Market Risk
MRMStrategy
DataManagement
& MIS
Policy andProcedure
MonitoringPortfolio
Management
RiskModels
LimitSetting
MarketRisk
MRMStructure
StressTesting
25
PwC
Operational Risk
26
Operational Risk
PwC
Asset Liability Management
27
ALM
PwC
Key Initiatives
Risk Governance and Independence
Credit Risk Model Upgradations
Risk Technology Investments
Data Enrichment
Concentration Management
Internal Control Programme
Operational Risk Advancements
Relatively Advanced Stress Testing
Independent Risk Review
ALCO’s role in ALM
28
PwCPwC
Systems and Automation
ITArchitecture
Enhancement Core Banking upgrades
Core Banking Enhancements
Business Intelligence
Risk Engines/ Systems
Sig
nific
an
tIn
itiativ
ein
Pip
elin
es
Sig
nif
ica
nt
He
ad
wa
ys
Ma
de
End to End CreditCycle Automation
Consumer Front End
Core Banking
MYSIS Equation
Temenos T-24
FIS Profile
SungardSymbols
Oracle i-Flexcube
Core BankingSolutions
IBMAlgorithmics -Credit Manager
Theta Origins
EmmaculateNucleus
Sungard Ambit
Credit Solutions
Vision +
SAS
Iflex Reveleus
Sungard Ambit
Theta Origins
EmmaculateNucleus
Triad
ConsumerSolutions
IBM Algorithmics
SAS
Moody’s
Iflex Reveleus
MISYS Almonde
Temenos T-risk
Sungard Ambit
Oracle Hyperion
Risk AutomationSolutions
Increasing Awareness - Structured and Systematic Approach for Automation
Data quality
Data controls
Data integration
Meaningful MIS
Efficiency
Da
taW
areh
ou
sing
Initia
tives
29
PwC
Key Challenges
WALL between Risk Management andBusiness
Resistance to Change Management
Entity-wide Risk ManagementAwareness
Compliance vs. Business Approach toImplementation
Risk Talent and Retention
Individual vs. Corporate Ownership andSuccession Planning
Risk Authority, Accountability,Performance Management and KPIs
Supporting Strategic and OperationalFrameworks
Data and MIS Structure as well as Quality
Risk and Supporting Core and AnalyticalApplications
Meaningful Industry Assessments andRAACs
Risk Model Predictability and BackTesting
Programme Breaches and Inefficiencies(reasons such as multiple projects,resource planning etc.)
Risk Integration into Strategic Planning
Model Integration with BusinessDecisions
ICAAP
30
PwC
Globally acknowledged need for change
12
10
7
12
13
11
8
22
19
21
21
22
19
16
27
27
25
26
24
22
17
32
35
35
28
27
31
33
Talent Strategies
Technology Investments
Organisation Structure/ Design
Use and Management of Data andData Analytics
R & D and Innovation Capacity
Approach to managing Risk
Corporate Governance
Recognise need tochange
Developing strategyto change
Plans to implementchange programme
Change programmeunderway orcompleted
Source: PwC Global 17th CEO Survey
%
31
EIRM - BeyondRegulatory Compliance
PwC
Initiatives strengthening EIRM
EIRM EIRM
Str
en
gth
en
ing
Str
en
gth
en
ing
Business Process Re-engineering/
Improvement
Automation/ System optimisation
Centralisation
Organisational Restructuring
Other focused Advanced EIRM Tools
FATCA
AML/ KYC
DomainEnhancement
33
PwC
EIRM - Moving beyond regulatory compliance
34
Advanced Risk Management and Monitoring
VaR based Market Models2
Econometric Behavioural Model for ALM3
Econometric Credit Models1
Behavioural Scorecards for Consumer4
Quantification of Risk Appetite/ Tolerance5
Risk Based/ Adjusted Capital6
Predictive mechanisms for Risk Management7
Risk Management –Future Perspective
PwC
Future of Risk Management
36
CROs need to play a pivotal role in organisational success for dealing with evolving regulatory,
business and operational challenges and global trends
Basel III
Sound Capital Planning Process
Risk Data Aggregation and Reporting
AML/ KYC Enhancements
Foreign Account Tax Compliance Act (FATCA)
OECD Common Reporting Standards
Local challenges Global trends
CRO
Portfolio Rationalisation
NPL Management
New Products and Markets
New Processes/ Process Improvements
New Projects
Capital Management aligned with Strategic
Outlook
Industry Assessments and Ratings
Model Integration into Decision Making
ALM and Balance Sheet Management
Evolving Regulatory Requirements (liquidity,
leverage and capital surcharges/ buffers)
PwCPwC
Risk Based Capital Management
Risk appetite Risk profileLimit
framework
Capitalstructure
optimisation
Capitalstrategy
Performancemeasurement
ReportingIncentives &
compensationDisclosurePerformance
evaluation
Infrastructure & capabilities
Capitalplanning
Strategy andbusinessplanning
Capitalplanning
Capitalallocation
Valuecreation
Capitalmanagement
Riskmeasurement
Stress testingRisk
integrationRisk
monitoringCapitalmodelling
Boardengagement
Senior mgtengagement
Crossfunctional
rolesCrisis rolesGovernance
Processes andorganization
Internalcontrols
Risk adjustedperformance
& pricingLimitsTOM
37
© 2012 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the United Statesmember firm, and may sometimes refer to the PwC network. Each member firm is a separatelegal entity. Please see www.pwc.com/structure for further details.
Risk Advisory ServicesDelivering Success
ClientsPeopleCommunity