Journey of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction

Similar documents
Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Applying COSO s Enterprise Risk Management Integrated Framework

American Academy of Actuaries Webinar: The Practice of ERM in the Insurance Industry. Enterprise Risk Management Committee November 19, 2013

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

The Components of a Sound Emerging Risk Management Framework

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Certified Enterprise Risk Professional (CERP) Test Content Outline

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Energize Your Enterprise Risk Management

CATEGORY 8 PLANNING CONTINUOUS IMPROVEMENT

Sections of the ORSA Report

Perpetual s Risk Management Framework

What Is Enterprise Risk Management?

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

Rolling Up Operational Risk

Construction projects: manage risk to achieve success

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

GOV : Enterprise Risk Management Policy

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Enterprise Risk Management (ERM) & Compliance

Risk Management Policy and Framework

Enterprise Risk Management Integrated Framework

ENTERPRISE RISK MANAGEMENT Framework

University Risk Management Policy

Delivering Clarity to Credit Unions Through Expertise and Experience

ERM Implementation and the Own Risk and Solvency Assessment (ORSA)

Pillar 3 As at 31st March 2011

D7 Risk Management Policy

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

Business Continuity Management and ERM

Integrating Environmental, Social, and Governance Risks into Enterprise Risk Management. 7 May 2018

Enterprise Risk Management Program

The OCEG Open Risk Classification using XBRL

Practical aspects of determining and applying a risk appetite for SMEs

Summary of Risk Management Policy PT Bank CIMB Niaga Tbk

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

Exploring the New Era of ORSA Enterprise Risk Management (ERM)/ Own Risk and Solvency Assessment (ORSA) Committee

2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group

Pillar 3 Disclosure ICAP Europe Limited

SOL PLAATJE MUNICIPALITY

ERM and ORSA Assuring a Necessary Level of Risk Control

(3) The purpose of this memorandum is to document the Risk Management Policy of the Company. (1) The objectives of the Risk Management Policy are:

The Rating Agency View of Capital Modelling. Simon Harris Team Managing Director European Insurance

The ORSA opportunity:

1st Capacity Building Seminar on Enterprise Risk Management

Global Tax Strategy November 2017

Fraud Risk Management

RISK MANAGEMENT POLICY

DRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly

Pillar 2 for Insurer s:

What is Risk Management? Phil Barnes Assistant Director Office of Policy Analysis, Research, & Innovation (PARI)

Southeastern Actuaries Conference 2012 Annual Meeting. Jeffrey S. Schlinsog, CFA, FSA, MAAA

360 Degrees of Enterprise Risk Management

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

ENTERPRISE RISK MANAGEMENT (ERM) POLICY

Enterprise Risk Management Economic Capital Modleing and the Financial Crisis

Risk Management Policy

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Excellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015

RISK MANAGEMENT POLICY

Risk Management. Webinar - July 2017

RISK MANAGEMENT FRAMEWORK

TD BANK INTERNATIONAL S.A.

MAS consults on Enterprise Risk Management ( ERM )

Understanding Enterprise Risk Management: An Overview

Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008

Draft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017

Enterprise Risk Management Focusing on the Right Risks

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY

BEST PRACTICES FOR RESPONSIBLE INVESTING

Procedures for Management of Risk

Global Enterprise Risk Management in Insurance

INTERNAL AUDIT PLAN OF ACTIVITIES

Enhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking

Enterprise Risk Management Balancing Risks & Identifying Opportunities WEBINAR

Office of the Superintendent of Financial Institutions (OSFI) - Enterprise-wide Risk Management (ERM)

OF RISK AND CAPITAL FOR BANKS USING ADVANCED SYSTEMS

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

WHITE PAPER. Solvency II Compliance and beyond: Title The essential steps for insurance firms

AIA Group Limited. Terms of Reference for the Board Risk Committee

Supervisor of Banks: Proper Conduct of Banking Business (12/12) Operational Risk Management Page Operational Risk Management

Enterprise Risk Management: A Practical Approach

Own Risk Solvency Assessment (ORSA) Linking Risk Management, Capital Management and Strategic Planning

GUIDELINES FOR THE INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS FOR LICENSEES

There are many definitions of risk and risk management.

Enterprise Risk Management Perspectives

Reputational Risk Management in Financial Institutions

Fiduciary Risk Range of Practice - April 2012

How Internal Audit Can Help Promote Effective ERM

PRINCIPLES FOR RISK MANAGEMENT IN NORGES BANK INVESTMENT MANAGEMENT LAID DOWN BY THE EXECUTIVE BOARD 10 JUNE 2009, LAST AMENDED 21 NOVEMBER 2018

Insurance Regulation Reimagined

The Role of Finance and Accounting as Critical Players in ERM and ORSA

PS 152 Corporate Risk Management Policy

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Transcription:

Journey of a Compliance Officer in ERM Implementation SCCE Regional Conference September 8, 2017 1 Introduction Is there a formal ERM program within your institution? Is their alignment/coordination between ERM and Compliance? Are roles and responsibilities between ERM, Legal and Compliance clear? 2 1

Scene 1 ERM Project Kick-Off Meeting 3 What is ERM? Strategic all about the strategy and better decision making An integrated process of identifying major risks of all types to achieving the specific goals and objectives of the organization in a changing environment Framework for establishing consistency and common approach An Everyone s a Risk Manager culture ERM forces leaders to talk and discuss risk becomes a natural part of doing business facilitates strategic decision making 4 2

ERM How it works Formal risk reporting includes the risk heat map and risk scorecards Reporting is ongoing to reflect risk changes in the risk profile that are provided to the Executive Team who holistically and routinely discuss results that are reflected on a risk heat map Board Committees have been assigned jurisdiction for oversight of each of the key risks, and discussions about Tier 1 risks are embedded within the meeting agendas, including the risk scorecards Including Risk Appetite Identify using multiple inputs Strategy/innovation discussions Internal Audit collaboration Compliance & IT risk assessments Questionnaires/surveys Environmental scans External sources like CEB, KPMG, Grant Thornton, industry networking groups Mitigation efforts are developed by risk owners that are supported by defined plans to reduce risk exposures and manage risks The Executive Team meets routinely to discuss changes in risk (either new emerging risks, or the escalation/recalibration of existing risks) and the mitigating activities Internal Audit includes the key business processes for mitigating enterprise risks in their annual audit plan Ongoing, the risks are monitored against the top risk areas as reported in the external environment as well as the not-for-profit sector which can influence the organization s risk posture Assessment criteria based on: Impact -If this risk event were to materialize, what would be the impact on the organization? Likelihood-What is the likelihood this risk event will occur? Velocity-If this risk event were to materialize, how rapidly would it impact the organization? Mitigation Effectiveness How well the risk is being managed; how much risk remains Via ongoing and formal annual survey Risk profile prioritized into Tier 1 and Tier 2 to provide focus 5 Compliance Officer Thoughts What does this mean for Compliance? 6 3

Compliance Perspective Value to Compliance of an ERM Program Greater visibility and attention to compliance risks Tools to facilitate business area involvement in compliance Integration of compliance activities with other risk management activities to increase efficiency and effectiveness Concerns ERM doesn t understand the details of compliance risk and therefore shouldn t be reporting on it ERM framework is built for operational risk and doesn t accommodate the low risk appetite for compliance risk Compliance will lose control if compliance risks are integrated into ERM procedures 7 CEO Thoughts What s the value to the organization? 8 4

CEO Perspective I m ultimately responsible my involvement is vital I need a holistic view of all risk types I need to integrate risk management with enterprise strategy I m accountable re: Governance/Board of Directors 9 Scene 2 Working out the Details Identifying Risk Roles and Responsibilities Risk Assessment & Scoring Risk Appetite 10 5

Roles and Responsibilities Roles between ERM, Compliance, and Legal are often unclear An effective ERM program must include all risks, including compliance Categories of risk are not mutually exclusive (e.g., a risk might have an operational risk cause and a compliance impact) ERM and Compliance must work together and develop common tools and methodology Change in perspective can facilitate cooperation ERM recognizes the low tolerance for compliance risk and works to integrate into program Compliance recognizes the need for the enterprise to have an integrated view of risk 11 Identifying/Assessing Risks AARP Risk identification happens in several ways (strategic planning, Internal Audit, Fraud and IT risk assessments, external scans) Compliance risk assessment is another way that becomes an input/subset to organization s overall risk environment Compliance Officer and legal team SME s identify and document a detailed inventory of legal and regulatory requirements Legal team assesses inventory of compliance risks based on ERM framework: likelihood and impact scoring criteria Top compliance risks are included in the enterprise-wide risk assessment For example, our private letter ruling with the IRS regarding our non-profit status is one of our top eight ERM risks 12 6

Sample format for a Compliance Risk Inventory 13 Identifying/Assessing Risks Banking Risks are identified and documented in a detailed inventory of legal and regulatory requirements Business assesses risks through a Risk and Control Self Assessment (RCSA) process or similar approach RCSA covers process level risks and controls Compliance risks are included in RCSA process Top enterprise risks are aggregated and reported through ERM Trend towards more quantitative process and less reliance on professional judgment Compliance typically conducts compliance focused risk-assessments and maintains inventory of legal and regulatory requirements Individual legal and regulatory requirements are evaluated. 14 7

Risk Appetite - AARP AARP s risk appetite journey Over nine month timeframe Created a risk working group consisting of board members and management Invited all board members to take annual risk assessment, separate but at the same time as the Executive Team CEB facilitated the results as well as a scenario workshop during a board meeting Risk appetite statement created and approved at next board meeting Risk appetite statement is more qualitative than quantitative Risk appetite keeps the board and management aligned around key strategic decisions 15 Risk Appetite/Risk Scoring Banking Enterprise-level risk appetite Typically qualitative such as low tolerance for compliance violations Risk appetite may be stated in terms of maintaining satisfactory examination ratings Best practices and regulatory pressure has lead to more specific and more quantitative risk appetites for sub-risks For example, maximum defect rating for compliance testing results Scoring of individual risks varies with trend towards more quantitative scoring methods Number of customers impacted Potential for regulatory/legal scrutiny Disruption to company 16 8

Scene 3 Presentation to Board on Successful Project ERM and Compliance are distinct yet complementary disciplines that when integrated and aligned provide a holistic view of risk types Risk management should be risk based at the end of day The maximum benefit is when the enterprise uses a standard and coordinated methodology At the end of the day, we all need to be managing risks to the organization 17 Contact Information Steven Pearlman Chief Risk Officer at Etrade Bank E*Trade Steven.pearlman@etrade.com Joe Pugh Director ERM at AARP jpugh@aarp.org 18 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback