Risk Management at the Deutsche Bundesbank March 2011

Similar documents
Practical aspects of determining and applying a risk appetite for SMEs

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Perpetual s Risk Management Framework

Business Auditing - Enterprise Risk Management. October, 2018

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Policy Number: 040 Risk Management August 2018

REGULATION. on Internal Governance Arrangements, the Management body and the Internal Capital Adequacy Assessment Process for Banks and Savings banks

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Risk Management Policy

Risk Management Framework

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

RISK MANAGEMENT FRAMEWORK

Subject SP9 Enterprise Risk Management Specialist Principles Syllabus

Nagement. Revenue Scotland. Risk Management Framework

RISK AND BUSINESS CONTINUITY MANAGEMENT

Enterprise Risk Management Program

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Procedure: Risk management

Risk Management at Central Bank of Nepal

RISK COMMITTEE TERMS OF REFERENCE. The Board has resolved to establish a Committee of the Board to be known as the Risk Committee.

GOV : Enterprise Risk Management Policy

Risk Management Strategy

Fraud Risk Management

Risk management policy

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

RISK MANAGEMENT FRAMEWORK

Certified Enterprise Risk Professional (CERP) Test Content Outline

Risk Evaluation, Treatment and Reporting

Risk Management. Webinar - July 2017

Romanian Court of Accounts RISK MANAGEMENT 24 April 2012 Warsaw, Poland

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

There are many definitions of risk and risk management.

Risk Management Policy

Market Operations Traineeship Programme (graduate level)

HSC Business Services Organisation Board

RISK REGISTER POLICY AND PROCEDURE

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Energize Your Enterprise Risk Management

28 July May October 2016

Approved by: Diocesan Council 17 December 2015

Risk Assessment Policy

Risk Management. Policy and Procedures

Kidsafe NSW Risk Management Plan. August 2014

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

An Overview of the Enterprise Risk Management Process

An Introductory Presentation for ECU Staff

Policy on Anti Money Laundering and Countering Terrorist Financing

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Risk Management Framework. Group Risk Management Version 2

AIA Group Limited. Terms of Reference for the Board Risk Committee

2.2 For Board Members to approve the five high risks the Trust is facing:

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risks and uncertainties facing the business

RISK MANAGEMENT GUIDELINES

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

Sections of the ORSA Report

Risk Management Process-02. Lecture 06 By: Kanchan Damithendra

Risk Management Policy

An introduction to Operational Risk

WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE

Guidelines for Financial Assurance Planning

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

Additional reporting and disclosures

Delivering Clarity to Credit Unions Through Expertise and Experience

Version: th November 2010 RISK MANAGEMENT POLICY

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

Business Conduct Possible Approach

Senior arrangements, Systems and Controls. Chapter 13. Operational risk: systems and controls for insurers

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Scouting Ireland Risk Management Framework

Annual Accounts of the ECB

RISK MANAGEMENT FRAMEWORK

Risk Management Strategy and Board Assurance Framework

Integrated Risk Management Framework Sept Page 1 of 17

RISK MANAGEMENT POLICY

Risk Management Policy and Procedures.

Risk Management Policy

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

PRINCIPLES FOR RISK MANAGEMENT IN NORGES BANK INVESTMENT MANAGEMENT LAID DOWN BY THE EXECUTIVE BOARD 10 JUNE 2009, LAST AMENDED 21 NOVEMBER 2018

Traineeship (Graduate level)

Contents INTRODUCTION...4 THE STEPS IN MANAGING RISKS ESTABLISH GOALS AND CONTEXT IDENTIFY THE RISKS...8

Report on Internal Control

Guidance Note Capital Requirements Directive Operational Risk

1. Define risk. Which are the various types of risk?

FIRMA Nashville Tennessee April 21, 2015

Subject ST9 Enterprise Risk Management Syllabus

Common Safety Methods CSM

Procedures for Management of Risk

Key risks and mitigations

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

DECISION ON RISK MANAGEMENT BY BANKS

Enterprise Risk Management in WFP

Pillar 3 Disclosures. Sterling ISA Managers Limited Year Ending 31 st December 2017

Bournemouth Primary MAT Risk Management Policy

Risk Management Plan PURPOSE: SCOPE:

The Risk of Economic Crime

An AIF shall be managed by a single AIFM responsible for ensuring compliance with the AIFM Law which shall either be:

Transcription:

Risk Management at the Deutsche Bundesbank March 2011 (C) Deutsche Bundesbank - Division Organisation 1

Agenda Definition of risk management [3] Factors of influence to review the RM set up [4] The Framework [5] Governance structure of the Bundesbank [6-19] Risk structure [20] Risk Management Process [21-32] (C) Deutsche Bundesbank - Division Organisation 2

Definition Risk management Risk management is a logical and systematic method of identifying, analysing, treating and monitoring risks. Risk management system Early identification of risks Handling of risks Monitoring of risks Identification of risks Evaluation of risks Communication of risks Controls Internal audit (C) Deutsche Bundesbank - Division Organisation 3

Factors of influence financial impact reputational impact by example to review the RM set up damage to persons crisis 2004 recommendations of internal & external auditors legal background (C) Deutsche Bundesbank - Division Organisation 4

The Framework Contents Aims and structure of the framework Legal background Definitions Aims and functions of risk management Risk culture Expertises and responsibilities Risk structure Risk management process Early identification of risks Identification of risks Risk evaluation Communication of risks Handling of risks Monitoring of risks Implementation after the approval by the board in March 2006 published to the staff via intranet (C) Deutsche Bundesbank - Division Organisation 5

Governance structure of the Bundesbank (C) Deutsche Bundesbank - Division Organisation 6

Governance structure of the Bundesbank (C) Deutsche Bundesbank - Division Organisation 7

Governance structure of the Bundesbank Responsibilities The Executive Board has the overall responsibility for the management of risks is basically responsible for decision making approves a risk tolerance policy and residual risks in specific risk zone receiver of aggregated risk reports (C) Deutsche Bundesbank - Division Organisation 8

Governance structure of the Bundesbank Business areas are responsible for the operational risk management according to their tasks overall the whole Bundesbank (decentralisation) The heads of departments are responsible for the identification, assessment and mitigation of their own risks. In some areas, such as the risk management of foreign reserves and other portfolios, IT- security and general security, related tasks are performed by central work units. (C) Deutsche Bundesbank - Division Organisation 9

Governance structure of the Bundesbank Office for Risk Control Department Financial Stability Area V Department Statistics This unit is dealing with market risks such as currency risks, interest rate risks, counterparty risks and liquidity risks. It is responsible for the risk management of foreign reserves and other portfolios. Office For Risk Control (C) Deutsche Bundesbank - Division Organisation 10

Governance structure of the Bundesbank IT- Security Management Department Information Technology Area VI IT- Security Management Department Markets Supports the board and the business areas in questions concerning IT-Security and is responsible for the design and maintenance of firewalls, evaluation of information from proxy server, the maintenance and enhancement of IT- security concepts. (C) Deutsche Bundesbank - Division Organisation 11

Governance structure of the Bundesbank IT Security relationship with ORM Operational risks emerging from this entity are subject to the ORM methodology Regulations/methodologies in the area of IT security are risk treatment measures Horizontal nature of IT risks have to be considered (C) Deutsche Bundesbank - Division Organisation 12

Governance structure of the Bundesbank Division Organisation Area III The Division Organisation is part of the Department Department Controlling, Accounting and Organisation Department Human Resources Department Administration & Premises Controlling, Accounting Division and Organisation. Organisation ERM Office Security and Crisis Management (C) Deutsche Bundesbank - Division Organisation 13

Governance structure of the Bundesbank Division Organisation ERM Office In context with risk management, the ERM Office is responsible for the maintenance and enhancement of the risk management framework, the methodology, documentation and coordination. In that context business areas are supported to ensure the ORM methodology is properly used, results of risk assessments are checked (plausibility check) and (C) Deutsche Bundesbank - Division Organisation 14

Governance structure of the Bundesbank Division Organisation ERM Office analyses conducted as well as reports of the business areas summarised and an annual report drawn up. Besides the ERM Office is involved in the development and rollout of an operational risk management methodology at ESCB/Eurosystem level and stays in close contact with other central banks worldwide to exchange experiences. (C) Deutsche Bundesbank - Division Organisation 15

Governance structure of the Bundesbank Division Organisation C 35: Security and Crisis Management Topic centre for questions concerning general security Design and maintenance of the security framework Business-Continuity-Planning, Crisis Management (C) Deutsche Bundesbank - Division Organisation 16

Governance structure of the Bundesbank Internal Audit Department Economics Area I Department Audit The Internal Audit is directly responsible to one of the board members of the Deutsche Bundesbank. It is as an independent entity not being involved in the working processes. (C) Deutsche Bundesbank - Division Organisation 17

Governance structure of the Bundesbank Internal audit relationship with ORM Assures the integrity of the RM system and compliance with regulations Makes proposals to enhance the RM system use of self assessment results to set up their audit plans (risk based approach) Interaction with/ consultation of ORM/ERM unit while auditing business areas Operational risks subject to the ORM methodology ORM/ERM office can be part of the internal audit [pending on internal set up and mission of the internal audit] (C) Deutsche Bundesbank - Division Organisation 18

Governance structure of the Bundesbank Internal audit IT Department ERM Office Office for Risk Control Office for Risk control (C) Deutsche Bundesbank - Division Organisation 19

Risk structure Reputational loss Financial loss Damage to persons Business Risks Operational Risks Currency Risks Interest Rate Risks Counterparty Risks Liquidity Risks Gold price Risks Employee Risks Human Failures Incorrect Conduct Misallocation Of Staff Inadequate Qualification Of Staff Technical Risks IT Risks Critical Infrastructure External Risks Primary Maintenance Risks Dependencies On Third Parties Negative Press Coverage Legal Risks Natural Risks General Security Risks (C) Deutsche Bundesbank - Division Organisation 20

Identification of risks Task of business areas Identification should be output oriented with regard to the underlying task Root causes have also to be identified and documented Helpful information could be gathered from: Audit reports (internal as well as external) Test reports (IT-systems) Incident data bases (C) Deutsche Bundesbank - Division Organisation 21

Risk assessment As a basic principle, a risk at the Deutsche Bundesbank can result in the following three categories of losses: Financial loss Damage to persons Reputational loss Each of these categories is evaluated for each risk partly in a qualitative and partly in a quantitative way Risk Event = Probability of loss occuring Event X Impact Event (C) Deutsche Bundesbank - Division Organisation 22

Risk assessment grading scales Risk likelihood grading scale Likelihood level Criteria 5 - Almost certain 4 - Likely 3 - Possible 2 - Unlikely 1 - Rare Frequency of loss events Every year or more Once every 1-2 years Once every 2-5 years Once every 5-10 years Less than once every 10 years If no observable events: Qualitative criteria (fraud and attacks oriented) Motivation Personal gain... Attracting attention ( making a point ) Skills & knowledge Basic skills sufficient, knowledge not necessary Collaboration Traceability Time and cost <1 day < EUR 100 1 year > EUR 100 000 (C) Deutsche Bundesbank - Division Organisation 23

Risk assessment grading scales Financial Impact Personal Injuries Level Definition Level Definition Very high 10.000.001-25.000.000 * high 1.000.001-10.000.000 medium 100.001-1.000.000 Very high high medium Numerous deaths Individual deaths Life-threatening injuries low 10.001-100.000 negligible 1-10.000 low negligible Major injuries Minor injuries (C) Deutsche Bundesbank - Division Organisation 24

Risk assessment grading scales Reputational Impact Level Very high high medium low negligible Definition The occurrence of an event can endanger the Bank's security for a lengthy period or cause critical damage to its interests. Examples: Criminal proceedings against individual members of the Bundesbank's governing bodies The occurrence of an event can endanger the Bank's security or cause major damage to its interests. Examples: The occurrence of an event can be of disadvantage to the Bank's interests. Examples: (C) Deutsche Bundesbank - Division Organisation 25

Risk tolerance policy Likelihood of loss occurring Almost certain rare unlikely possible likely Impact on overall loss negligible low medium high very high (C) Deutsche Bundesbank - Division Organisation 26

Risk treatment Policy of risk avoidance and risk limitation while implementing preventive measures Principles e.g. : Principle of hierarchy Editorial principle (to use a second set of eyes) Principle of separation of functions Principle that tasks, competences and responsibilities should be located within the same entity (C) Deutsche Bundesbank - Division Organisation 27

Risk treatment risk Risk and threat analysis Actual risk position Risk avoidance Concept of measures Insurances are only used in law driven issues Approval of the Executive Board Preventive measures Usually, there is no risk transfer Residual risk (C) Deutsche Bundesbank - Division Organisation 28

RMS at the Bundesbank Structure of the ORM template (C) Deutsche Bundesbank - Division Organisation 29

Communication of risks Risk reporting within the business areas Centralised risk reporting Report within business area (hierarchy) Periodical reports (e.g. daily report of market risks) Ad-hoc reporting if necessary Notification of loss Security relevant matters Compliance, money laundering, corruption Major projects... Centralised annual risk report (C) Deutsche Bundesbank - Division Organisation 30

Communication of risks Centralised annual risk report Annual risk report according to our risk management framework The business areas have to examine their risk assessment. The results were aggregated from the ERM Office. Report to the board and feedback to the business areas The board has to decide whether additional mitigation measures should be taken or not. (C) Deutsche Bundesbank - Division Organisation 31

Monitoring of risks Monitoring is part of the internal supervision by the head of each unit no formal KRI in place no centralised monitoring of KRI responsibility of business areas KRI are mainly qualitative indicators (C) Deutsche Bundesbank - Division Organisation 32

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback