The OCEG Open Risk Classification using XBRL

Similar documents
WHITE PAPER. Solvency II Compliance and beyond: Title The essential steps for insurance firms

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

Pillar 2 for Insurer s:

Delivering Clarity to Credit Unions Through Expertise and Experience

ERM and ORSA Assuring a Necessary Level of Risk Control

ERM and the new world of insurance regulation. Where insurers should focus now to find business value

Sections of the ORSA Report

Own Risk Solvency Assessment (ORSA) Linking Risk Management, Capital Management and Strategic Planning

GOV : Enterprise Risk Management Policy

IAIS: Enterprise Risk Management for Capital Adequacy & Solvency Purposes. George Brady. IAIS Deputy Secretary General

NAIC OWN RISK AND SOLVENCY ASSESSMENT (ORSA) GUIDANCE MANUAL

FIRMA Nashville Tennessee April 21, 2015

Preparing for the New ERM and Solvency Regulatory Requirements

Solvency II Insights for North American Insurers. CAS Centennial Meeting Damon Paisley Bill VonSeggern November 10, 2014

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Re: Comments on ORSA Guidance in the Financial Analysis and Financial Condition Examiners Handbooks

Preparing for SII and IDD what is the best approach for local stakeholders to consider?

Cover title 26/29 Risk appetite gains momentum 45 light white in a changing world

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Energize Your Enterprise Risk Management

Rolling Up Operational Risk

EIOPA, Solvency II and the Loss Adjusting profession

Solvency II. Insurance and Pensions Unit, European Commission

Aon Risk Solutions Global Risk Consulting. Solvency II An Overview of the Challenges for Captives. Risk. Reinsurance. Human Resources.

ORSA is a central part of Solvency II and

Draft Application Paper on Group Corporate Governance

Insurance Regulation Reimagined

Solvency II is a huge step forward for policyholder protection and the implementation of a true single market for insurers and reinsurers in the EU.

Business Continuity Management and ERM

How Internal Audit Can Help Promote Effective ERM

2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group

Driving corporate sustainability through risk management

Thirty-Second Board Meeting Risk Management Policy

Actuaries and the Regulatory Environment. Role of the Actuary in the Solvency II framework

SOLVENCY AND FINANCIAL CONDITION REPORT EUROLIFE LTD

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Keeping Pace With Solvency II

RISK MANAGEMENT POLICY AND STRATEGY

Actuarial Roles under the Solvency II Framework Dr. Huijuan Liu

A (personal) view. Philip Whittingham, European Chief Enterprise Risk Officer. 22 March 2010

Perpetual s Risk Management Framework

Own Risk and Solvency Assessment (ORSA)

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

360 Degrees of Enterprise Risk Management

Session 5: Evolution of ORSA in the US. Moderator: Michael Anthony McComis Jr. MAAA,FCAS

OECD GUIDELINES ON INSURER GOVERNANCE

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

THE ROLE OF THE ACTUARY. June 2013

ERM Implementation and the Own Risk and Solvency Assessment (ORSA)

From cradle to grave - EIOPA s dynamic approach to restoring consumer confidence in the sale of general insurance products.

Does the ORSA add value? Challenges and initial achievements. Lukas Ziewer Risk Management Perspectives, 18/11/2014

ORSA An International Development

Journey of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction

Enterprise Risk Management

Solvency II The Reporting Challenge

Risk Appetite. What is risk appetite?

Risk Management at Central Bank of Nepal

PRA Solvency II regulatory reporting update IFoA

Cover Note Authorisation and supervision of branches of thirdcountry insurance undertakings by the Central Bank of Ireland

OUTLINE BACKGROUND: REGULATORY ENVIRONMENT SII/ERM IMPLEMENTATION: BUSINESS MANAGEMENT INTEGRATION IS KEY SII AND CAPITAL REQUIREMENTS

Introduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.

KEYNOTE SPEECH BUILDING A COMMON SUPERVISORY CULTURE. 2 nd IVASS CONFERENCE SOLVENCY II AND SMALL AND MEDIUM-SIZED INSURERS

SOLVENCY & FINANCIAL CONDITION REPORT. SureStone Insurance dac

Risk Management Policy

Understanding Enterprise Risk Management: An Overview

The Proactive Quality Guide to. Embracing Risk

2014 EY US life insuranceannuity

Supervisory Statement SS5/17 Dealing with a market turning event in the general insurance sector. July 2017

Corporate Governance and risk reporting. How Can Environmental Issues Affect Company Ratings and Future Environmental Reporting Requirements

Enterprise Risk Management (ERM) & Compliance

Leveraging an organization s current risk management to create a sustainable ERM program. Thursday, January 15, 2015

Increased Corporate Governance Requirements for Insurers

Solvency II European Lessons

Solvency & Financial Condition Report. Surestone Insurance dac March

CERA Module 1 Exam 2015

AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model

GENERAL RISK CONTROL AND MANAGEMENT POLICY

Guide to an ERM Risk Map and Working in Practice

EIOPA: recent developments in insurance and pensions. EVCA Investors' Forum Geneva, 14 March 2012

The Review of Solvency II. 01/02/2018 Hans De Cuyper, President of Assuralia

CAPTIVE BEST PRACTICE GUIDELINES

XBRL week in London. EIOPA Update. Pierre-Jean Vouette XBRL Europe Day, 18 June 2013

NAIC OWN RISK AND SOLVENCY ASSESSMENT (ORSA) GUIDANCE MANUAL

A COMMON SUPERVISORY CULTURE

Solvency II: Implementation Challenges & Experiences Learned

DRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

An Overview of the Enterprise Risk Management Process

Bournemouth Primary MAT Risk Management Policy

U.S. Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on Financial Institutions and Consumer Protection

ERM/ORSA Training Thai General Insurance Association (TGIA)

EIOPA Proposal for Guidelines on the preparation for Solvency II. October Milliman Solvency II Update

SOLVENCY II INSIGHTS FOR NORTH AMERICAN INSURERS. CAS Centennial Meeting Melissa Salton November 10, 2014

Accenture 2014 High Performance Finance Study. Insurance Report GROWTH INTEGRATION

Risk Management: Assessing and Controlling Risk

WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

Version: th November 2010 RISK MANAGEMENT POLICY

Regulation and risk The strategic response to insurance regulatory developments Alex Thomson, May 2013

Transcription:

The OCEG Open Risk Classification using XBRL Yuji Furusho Fujitsu Research Institute

Agenda Overview Governance Risk and Compliance Brief Introduction Standards Initiatives Business Standards, XBRL and GRC-XML XBRL and XBRL GL, esupervision, ERM, Solvency II GRC-XML Taxonomy, Open Risk Universe Summary

Overview Data is - Everywhere, structured, unstructured, complex, - In many forms and from multiple source Data Classification - Vocabularies, Taxonomies, Ontologies using open standards Data Processing, Automation - Search, Infer, Aggregate, Analyze, Manage

Overview (Cont d) Cloud Computing - IT Evolution and 21st Century Enterprise Architecture? Big Data - The real challenges and the opportunity From Data to Knowledge

Enterprises today: The Problem

A Transformational Opportunity For All Stakeholders SOURCE: OCEG Illustrated Series Current State Fragmented silos Mostly reactionary Individual projects Separate from mainstream processes and decision-making Spreadsheets, spreadsheets, spreadsheets Limited and fragmented use of technology SOURCE: OCEG Illustrated Series Future State Integrated management & performance Proactive planning & execution Integrated capability Embedded within mainstream processes and decision-making Coordinated transactions & shared data Architected solutions

Why do we need Standards? Use of available technical expertise, enhanced trade Common metrics for service level expectations Essential to the cloud supply chain Open global markets Required by legal and accounting professions Increased automation

Foundations for Information and Knowledge Interchange GRC-XML XBRL XML Electronic Data

Foundations for Information Interchange GRC-XML: What is it? Standard language for Risks and Controls definition/exchange One language for many areas: Security risk IT risk Financial risk Operational risk, etc. Visibility across silos Eliminate redundancy and duplication Facilitate effective continuous monitoring and audit of controls Extensible: Companies can add their own Activities Risks Control Objectives Control Activities, etc.

GRC-XML Information Model

Enterprise Risk management Process Phase 0: Corporate Strategy 1.Risk Management Organization 2.Risk Management Charter Phase 1: Phase 2: Phase 3: Risk Strategy report Risk Assessment report Risk Mitigation report 1.Risk Identification 2.Risk Tolerance (Risk Appetite) definition 1.Risk Evaluation 2.Risk Integration (Heat Mapping) 1.Mitigation Planning 2.Mitigation Installation

Enterprise Risk management Process using XBRL Phase What you will do XBRL 1-1 Risk Identification Identify risks related to the organization, and select significant risks 1-2 Risk Tolerance (Risk Appetite) definition Define risk level (impact/likelihood) and tolerance level to the significant risks 2-1 Risk Evaluation Evaluate the significant risks and identify existing controls 2-2 Risk Integration (Heat Mapping 3-1 Mitigation Planning 3-2 Mitigation Installation Map the result of evaluation into Heat Map Plan for mitigation where a risk level exceed the risk tolerance level Execute the mitigation plan Risk Universe - Extend to define significant risks Risk Taxonomy - Risk Event Risk Appetite - Risk Level - Risk Tolerance Risk Taxonomy - Risk Score Risk Taxonomy - Heat Map Risk Taxonomy - Mitigation Plan

External Internal OCEG Open Risk Universe Nature Natural disaster Weather Pandemic Society Social requests Demographic Regulations Cross-border Cross-sector Decision Making Governance Management Oversight Strategy Vision/Mission Competence assessment Capability/Capacity assessment Alliance Merger & acquisition Planning Macro Environment Politics Change of administration Legislation Public policy Economics Business condition Price of goods Price of materials Technology Energy technology innovation Production Innovation IT innovation Environment technology innovation Market condition (currency, interest rate, etc.) Process Micro Environment Competition Customers/Consumers Investors/Lenders Trading partners Affiliates Government Reputation Brand Image Stakeholder relationship Culture People/Organization Technology Corporate culture Ethical behavior Effectiveness of the board Effectiveness/Efficiency Quality/Customer satisfaction Business disruption Product development Production capacity Product/service deficiency Operation error Financial Liquidity Credit Labor capability Labor sincerity Authority/Limit Intellectual property Effectiveness Efficiency Confidentiality Integrity Compliance Law violation Privacy protection Information control Social Imperative Reporting Financial reporting Tax reporting Environment conservation Regulator reporting Availability Compliance Reliability

Open Risk Universe Why you need Open Risk Universe Starting point to identify significant risks to the company Support to uncover risks that are prone to be missed Free use for OCEG members

External Micro Environment Risk Universe An Example of Risk Definition (1/2) Trading Partners Procurement Risk Risk Event The inability to procure required components or raw materials in a stable conditions. Risk Event Risk Senario1 Something could hinder the ability of suppliers to provide the Group with a stable supply of required Related Organization PROCUREMENT UNIT Risk Owner PROCUREMENT UNIT PRESIDENT Risk Score Heat Map Mitigation Plan components or raw materials. Risk Taxonomy Impact LEVEL4 Likelihood LEVEL3 Risk Senario2 Residual Risk LEVEL4-3 -> RED Existing Control Get a production plan and make a procurement plan in view of the production plan for a stable procurement. Alternative Control Keep an alternative supplier for emergencies Action plan Seek an alternative supplier

An Example of Risk Definition (2/2) Risk Appetite Risk Level Impact Risk Tolerance Red : need to mitigate quickly Orange : plan and mitigate in regular cycle Yellow : monitor carefully Green : Safe, no special action Tolerance Level Level 1 Level 2 Level 3 Level 4 Level 5 < $500,000 impact on profitability. $500,000 to $2.5 million impact on profitability. $2.5 to $10 million impact on profitability. $10 to $25 million impact on profitability. > $25 million impact on profitability. 1-1 1-2 1-3 1-4 1-5 2-1 2-2 2-3 2-4 2-5 3-1 3-2 3-3 3-4 3-5 4-1 4-2 4-3 4-4 4-5 5-1 5-2 5-3 5-4 5-5 Likelihood Level 1 Level 2 Level 3 Level 4 Level 5 Risk Level Less than 1 in ten years Less than 1 in a year Great r than 1 in a year, but less than 10 in a year Greater than 10 in a year, but less than 100 in a year Greater than 100 in a year Risk Appetite

Example of Insurance ERM Target Risks [Quantitative Risks] Market Risk (Interest rate, Stock price, R.E., Products, etc.) Credit Risk (Debtor, Reinsurer, Security issuer, etc.) Insurance Risk Underwriting Risk Loss Reserve Risk, etc. Operational Risk [Qualitative Risks] Strategy Risk Reputational Risk Compliance Risk Liquidity Risk How to integrate Risk Management Process as well as Risk Reporting

BMM - Regulation Model Influencer acts as External Influencer Environment Technology Regulation Supplier Customer Competitor Partner More detailed model to plug in here Internal Influencer Corporate Value Stated Infrastructure Issue Assumption Resource Quality Habit Unstated Management Prerogative plus associations with other parts of the BMM

Simplified Model shapes shapes Business Process is for Organization Responsibility governs delivers is for Directive Internal Control Desired Result supports Business Rule realizes Business Policy Objective is step towards Goal Is basis of Is basis of Regulation is judged in Assessment

Solvency II An integrated risk reporting framework Solvency II (Sol2) is the biggest ever exercise designed to bring insurers and reinsurers under one regulatory regime Solvency II Introduces two major areas of concern or problems

Solvency II Requirements Requires each entity to establish MCR using either a standard formula or an internal model Requires each entity to manage the risks to which they are exposed and to determine (and report) their own capital needs (ORSA) Requires each entity to disclose publicly, key information that is relevant to market participants

The three pillars of Solvency II The current XBRL taxonomies for Solvency II reporting are: 1. largely addressing the Pillar I requirements. 2. Generating a lot more data that most national insurance supervision have been collecting

The three pillars of Solvency II Under Pillar 2: 1. Each entity must assess and report its Own Risk and Solvency (ORSA) 2. National supervisors must assess the entities ORSA, and the groups ORSA if required.

GRC XML and Solvency II The Solvency II GRC Extension Taxonomy Addresses Problem # 2, Resulting in a Multi-purpose Electronic Risk Framework (MERF)

Strategic objectives The Multi-purpose Electronic Risk Framework (MERF) is a comprehensive model that aims to: Provide a universal end-to-end solution enabling both risk generators (enterprises) and risk supervisors (regulators) to electronically communicate information about financial sector risks in quality and timely manner Enable incorporation of multiple financial and risk reporting, standards and frameworks Integration of disparate systems and technologies used by enterprises and regulators Facilitate new analysis and supervision models improving the overall systemic risk and integrated supervision of financial markets Efficiently combine and address multi-tier information requirements including financial reporting to market and supervisors and reporting of internal risk management, mitigation and control models

Technical objectives Technical objectives of the Multi-purpose Electronic Risk Framework (MERF) include: Consistent, explicit, unique and comprehensive coverage of data models of financial, statistical and risk control and management information Linking mechanism between data points from respective data models Enable electronic generation, transmission, collection, validation, storage, analysis and publication of relevant information through adoption of XBRL and GRC-XML standards Integration with multiple existing XBRL taxonomies

Target users of MERF Financial sector entities including: - banks - credit unions - insurance and reinsurance bodies - pension funds - investment funds - credit rating agencies - others Financial sector supervisors including: - central banks - financial services authorities - banking, insurance and pension funds supervisory commissions - government agencies

Additional Potential Beneficiaries Capital market entities: - Investors and analysts - Listed companies - Data aggregators and publishers Academic and research communities International standard-setting organizations International financial organizations Software vendors and developers

Summary Federated environments: visibility across silos Eliminate or reduce redundancies Standardization: XBRL, XBRL GL, GRC-XML, Ontologies Integration of different areas: - Security risk, IT risk, Financial risk, Operational risk, and others: Many areas, one language Continuous monitoring and audit Consistency of Regulatory Supervision Towards intelligent, predictive, context-aware data management

Enabling transparency and traceability

Thank You! Questions?

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback