Beyond ERM - The Roles, Responsibilities and Costs of Risk Management March 28, 2012

Size: px

Start display at page:

Download "Beyond ERM - The Roles, Responsibilities and Costs of Risk Management March 28, 2012"

Dustin Fletcher
6 years ago
Views:

1 Beyond ERM - The Roles, Responsibilities and Costs of Risk Management March 28, 2012 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

2 Agenda Risk Appetite What s happening now? Risk Management Case Study Governance Regulatory Insight 2

3 Language Myth 3

4 Team Myth 4

5 The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning. Charles Tremper (author and risk management expert) 5

6 Risk Appetite Risk appetite is the amount of risk on a broad level an entity is willing to accept in pursuit of value. This allows the institution to differentiate good risks from bad risks Risk appetite is a measure of inherent risk 6

7 The level of thinking necessary to address today s problems must be greater then that which got us here. Albert Einstein 7

8 What s happening now? 8

9 Why is Risk Management Becoming More Important? The current financial environment has significant focus on credit risk management Operational risk management weaknesses have developed (e.g. vendor over-reliance) Risk Management governance is becoming a key factor for strategic success Dodd-Frank is ushering in a new rules over delivery of financial services The game has changed consolidation The new DNA of community banking 9

10 Drivers of Consolidation Drivers of Consolidation: The Game Has Changed U.S. Banking Companies by Assets 1 Excess capacity Total Cumulative All Banks 7, % 100% Regulatory Oversight (Dodd-Frank) & Escalating Costs < $100M 2, % 35.6% Lack of access to capital and net margin decreases $100M - $500M 3, % 82.4% Slow / low growth economic environment $500M - $1B % 91.3% Management / Board fatigue $1B - $10B % 98.6% $10B - $100B % 99.7% Operational Costs $100B - $1T % 99.9% Source: SNL Financial, FDIC; European Central Bank; OSFI; World Bank (1) Source: SNL Financial, Top tier regulatory consolidated (Q data) > $1T 4 0.1% 100.0% 10

11 How We Got Here 11

12 NJ Banking Companies by Assets Total Cumulative All Banks % 100% < $100M 9 7.8% 7.8% $100M - $500M % 60.7% $500M - $1B % 79.1% $1B - $10B % 96.5% $10B - $100B $100B - $1T % 100.0% > $1T 0 12

13 Efficiency Ratio Non- interest expenses as a proportion of operating revenue. Expenses Salaries Technology Buildings Supplies Administrative Expenses Revenue Net interest income interest revenue expense Fee income A cost ratio of 50% or below is admired 13

14 14

15 Key to Successful ERM Implementation Alignment Strategy Cost & Impact Reporting & Monitoring 15

16 Key Success Factors for an ERM Program 1. Define an assessment methodology with consistent measures that everyone performs 2. Build the program from the bottom up to ensure all Threats and Risks are considered. A Top Down approach considers Entity Level risks and is complimentary. 3. Keep it simple! ERM should be explainable to the Board and down to the most junior associates within your institution 4. Integrate the risk management tools into daily activities and operations 16

17 Risk Management Case Study 17

18 ERM Case Study Management s Objectives: What type of management program could we develop to provide meaningful reporting and meet regulatory requirements? What should we measure (beyond credit and liquidity), and why should we? Can we empower line management to drive better day-today decision making? 18

19 Case Study Opposing Forces CEO sees no potential value of ERM to the franchise Board not asking for more information; already overwhelmed with new reporting requirements Regulators expecting an ERM program but no explicit requirement or specific guidance on how to implement 19

20 ERM Case Study 20

21 The Cost of Risk Management 21

22 The Cost of Risk Management 22

23 What Did Senior Management Do? One senior manager opted in as CRO Centralized day-to-day oversight of risk assessment activities with the CRO CRO given authority to override line managers 23

24 Initial Results Risk assessment forced a discussion on how we do business We learned so many things about the institution we did not like Areas where P&P were inadequate or did not exist Areas for potential operating losses Senior management believed better outcomes from the risk management discussions would result IT, VR, CO, OR threats Proactive decision making vs. reactive fire drills 24

25 Ongoing Results CRO reports to the CEO (implied authority) CRO maintains ongoing authority to override line management s assessment of risk Risk management is not a democracy Board can govern better with the knowledge it now has What else don t we know? Final Conclusion: If there are no red categories there are no profits. 25

26 Governance 26

27 Traditional Governance Structure Audit Committee Board of Directors Credit Committee Compensation Committee Nominating Committee Audit Internal Audit External CPAs Communication Asset Liability Committee Finance Committee Executive Management Investment Committee Tech & Ops Committee Compliance Committee 27

28 Internal Audit s Role in ERM Source: Position paper by IIA: The Role of Internal Audit in Enterprise-wide Risk Management - September

29 Core Internal Audit Roles Reviewing the management of key risks Evaluating the report of key risks Evaluating risk management processes Giving assurance on the risk management process 29

30 Internal Audit Roles with Safeguards Facilitating identification & evaluation of risks Coordinating ERM activities Maintaining & developing the ERM framework Developing risk management strategy for board approval 30

31 Non-Internal Audit Roles Setting the risk appetite Management assurance on risk Taking decisions on risk responses Implementing risk responses on management s behalf Accountability for risk management 31

32 Risk Based Governance Structure Audit Committee Board of Directors Credit Committee Compensation Committee Nominating Committee Audit Internal Audit External CPAs Enterprise Risk Committee (Joint Board and Exec. Mgmt.) Action Items Asset Liability Committee Executive Management Finance Investment Tech & Ops Committee Committee Committee Compliance Committee 32

33 ERM: What NOT to do ERM is used to upload risk (a.k.a the all work / no results strategy) Line managers jointly develop strategy Strategy then drives ERM (i.e. here it is, now go monitor it) All Risk is owned by ERM or the Risk Committee Risk appetite is static 33

34 ERM: What NOT to do (continued) View the ERM Program has a quick hit Management by checklists No discernible change in how decisions are made ERM is a compliance requirement (and nothing else) No interaction by the Executive Management Team & Board 34

35 Well-designed ERM Program Begins with risk assessment process Select optimal profile Gap / Results suggest a strategy Risk appetite drives the institution Shareholder value is pursued via integration of Risks Risks are owned by lines of business; separately monitored by ERM 35

36 Well designed ERM Program (continued) Communication among all stakeholders of risk appetite, backed by transparency ERM plan implementation is strategic in nature; process evolves over time A CRO or other executive wearing the CRO hat owns the ERM management function Communication and buy in from the Executive Management team & BOD Take action - Treat risks 36

37 Regulatory Insight 37

38 Regulatory Insight Why is risk management a key driver for efficiency and profitability? Interest Rate Risk continues to be a challenge Dodd-Frank /regulatory focus on risk management Bank earnings are in focus and will remain challenging Net Interest Margins remain under pressure and are heading lower Asset Yield on a downward trend Regulatory burden is a contributing factor but low interest rates drive weak earnings 38

39 Regulatory Insight Banks must figure out methods to be more efficient ERM is a vehicle to sustain in climate of weak earnings Effective RM practices affects efficiency, yield and protects capital Investment in technologies is critical to success Maximize net interest margins through smart lending and investment decisions Practical & effective risk management programs provide the framework 39

Looking forward Enterprise risk management programs will continue to emerge and develop over the next 3 years Operational risk management programs will require the same level of sophisticated

40 Looking forward Enterprise risk management programs will continue to emerge and develop over the next 3 years Operational risk management programs will require the same level of sophisticated management and Board oversight as credit risk programs do today Board Monitoring and Involvement Financial services supply chain practices will emerge, starting with tracking customer s private information 40

41 Thank you! Scott Baranowski Director Internal Audit Services Wolf & Company, P.C

42 Regulators ERM Resources More to follow Consumer Financial Protection Bureau Basel Committee on Bank Supervision Basel II - International Convergence of Capital Measurement and Capital Standards Principles for Sound Liquidity Risk Management & Supervision International Organization for Standardization (ISO) ISO 31000: Risk Management - Principles and Guidelines ISO Guide 73: Risk Management Vocabulary COSO Enterprise Risk Management Integrated Framework Institute of Internal Auditors 42

Energize Your Enterprise Risk Management

Energize Your Enterprise Risk Management Presented By Mark Caiazzo, CISA, CISM, CRISC Tammy Michaud, CPA May 15, 2017 Reviewed: Agenda Enterprise Risk Management Defined Benefits of ERM Key Components