Georgia Banking School

Similar documents
ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Superstorm Sandy: Lessons Learned and the Changing Landscape of the Homeowners and Commercial Insurance Markets

Risk Management Professional Tips on Managing Your Superstorm Sandy Claims

Presentation to the National Hurricane Conference

Pricing Climate Risk: An Insurance Perspective

Perspectives on Property Insurance in Connecticut

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Protecting Against the High Cost of Cyberfraud

Presented by: Lynne McChristian, Insurance Information Institute

IVANS 2008 XCHANGE CONFERENCE Key Communications Issues Facing the Property/Casualty Insurance Industry in 2008

PROPERTY & CASUALTY MARKET OUTLOOK

Insurance functions in the financial system

The financial implications of climate change: the North East and beyond. Focus on Climate Change, Pace Energy and Climate Center, June 27, 2012

The OSU Risk Institute Launch. James Lam President ph: ERM and Business Strategy.

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Disaster Recovery Planning: Preparation is Key to Survival

By David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz

A GUIDE TO CYBER RISKS COVER

Risks and uncertainties facing the business

Florida Hurricane Catastrophe Fund Financing Observations and Perspective Presented to Summer Insurance Symposium June 2, 2009 Destin, Florida

FLORIDA PROPERTY INSURANCE FACTS JANUARY 2008

Cyber Insurance I don t think it means what you think it means

Operational risk (OR) is everywhere in the business environment. It is the

Risk Evaluation, Treatment and Reporting

SURVIVE. Ready NOW! Business Continuity Planning

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

DEBUNKING MYTHS FOR CYBER INSURANCE

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

Introduction to risk, risk types and operational risk

Role of Disaster Insurance in Improving Resilience: An Expert Meeting The Resilient America Roundtable. Introduction to the Workshop

Fifth Third Bancorp Dodd-Frank Act Company-Run Stress Test Disclosures June 21, 2018

Strategic ERM Atlanta RIMS Educational Conference Donna Galer

EExtreme weather events are becoming more frequent and more costly.

Risk and Regulation for Extreme Events

Introduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.

A Practical Framework for Assessing Emerging Risks

Sailing Organization Insurance: Top-10 Questions. Gowrie Group February 2014

Senior Director, Fire Life Safety & Risk Management

Advisory Guidelines of the Financial Supervision Authority. Requirements to the internal capital adequacy assessment process

S L tr lo a y t d egy s Cyber -Attack

Kidsafe NSW Risk Management Plan. August 2014

Financial Risk. Operational Risk. Strategic Risk. Compliance Risk. Chapter 2 Risk management. What is risk?

5 Areas that Major U.S. Banks Should Leverage between CCAR and Basel III

Risk Committee Charter. Bank of Queensland

Comptroller of the Currency. Re: Market and Consumer Impact of the Treatment of Mortgage Servicing assets under Basel III

The P/C Insurance Industry: Top 5 Changes in 25 Years

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Managing risk appetite for operational and non-financial risks

ConSept: Policy Highlights: Other Coverage Features

Adaptation of Insurance: Pursuit of the Perfect Policy. Todd Piersol & Brian Pilarski

2016 Risk Practices Survey

The challeges of catastrophe loss management post-katrina. Climate change and extreme weather. Catastrophe and disaster modeling post-katrina

The Proactive Quality Guide to. Embracing Risk

Insurance Buyers News

An Overview of the Enterprise Risk Management Process

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Bob Bowman Director of Risk Management The Wendy s Company. Presentation Management sponsored by

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

New Products and Business Initiatives. 27th National Risk Management Training Conference

Basel II Pillar 3- Qualitative Disclosure

The Supervisory Capital Assessment Program: Motivation and Results of the Bank Stress Test

Prerequisites for EOP Creation: Hazard Identification and Assessment

A Firm Foundation The Insurance Industry & Its Contributions to Society

Risk Management at ANZ

SOCIETY OF ACTUARIES Enterprise Risk Management General Insurance Extension Exam ERM-GI

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

Insuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements?

Goldman Sachs U.S. Financial Services Conference 2017

Risk Management: Process and Culture in ESB

Enterprise Risk Management

Aligning Risk Management with CU Business Strategy

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

Modeling Extreme Event Risk

Operational Risk Management

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

REGULATORY DISCUSSION TOPICS

Cyber Risk & Insurance

Understanding Enterprise Risk Management: An Overview

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Enterprise Risk Management process at Dragon Oil

Directors & Officers Insurance 101

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

Practical challenges of managing operational risk in Annuities

Chubb Cyber Enterprise Risk Management

Risk Management And Insurance 12th Edition Rejda

Risk management procedures

Robert P. Hartwig, Ph.D., CPCU

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.

Business Continuity Plan. The 12 Steps Model. Business Continuity Plan. Emergency Contingency Crisis Castastrophe Disaster.

Risk Management in the Hospitality Industry:

Electronic Commerce and Cyber Risk

Risk Management Policy

National Association of Latino Elected and Appointed Officials

Your defence toolkit. How to combat the cyber threat

Cyber Risk Management

Goldman Sachs U.S. Financial Services Conference 2018

Hazard Vulnerability Assessment for Long Term Care Facilities

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Enterprise Risk Management Policy Adopted by the AMP Limited Board on 2 February 2017

Transcription:

GEORGIA BANKERS ASSOCIATION Georgia Banking School 2017 Georgia Banking School May 7-12, 2017 UGA Hotel & Conference Center Athens, Georgia

RISK MANAGEMENT FOR BANKING INSTITUTIONS John Houser Audit Committee Chairman State Bank and Trust Company

ACKNOWLEDGEMENTS Dr. Rob Hoyt, Chairman, Risk Management and Insurance Program at the University of Georgia, and State Bank and Trust Company 4/18/2017 3

Overview What is Risk? Increasing attention on Bank Risk Management Programs Brief History of Bank Risk Management How to Manage your Bank s Risk The Risk Management process at State Bank Current research and trends Important types of risk and insurance Directors and officers liability Property Risks 4

What is Risk? Risk can be broadly defined as the likelihood of a specified undesired event occurring within a specified period or in specified circumstances. 4/18/2017 5

Risk is essentially, the probability that an outcome may be damaging or result in a loss. With risk, the outcomes of an event are subject to uncertainty. 4/18/2017 6

Risk has been known to man ever since he first faced adversity. The cave man s/woman s main risk was an attack by a wild animal. This risk was mitigated (not eliminated) with the discovery of fire. Risk can rarely, if ever, be completely eliminated. Mitigation has now taken the form hedging interest rate changes in the future using forward contracts or options. 4/18/2017 7

What is Financial Risk Financial risk is the probability that the actual return on a business or investment will be less than the expected return. Financial risk can arise through loan and investment transactions. Financial risks can be categorized as systemic or unsystematic. 4/18/2017 8

Systematic risk is the risk inherent to the entire market or entire market segment. Interest rates, recession and wars all represent sources of systematic risk because they affect the entire market and cannot be avoided through diversification. 4/18/2017 9

Unsystematic risk refers to company or industry specific risk that is inherent in each investment. For example, a sudden drop in residential loan demand. Unsystematic risk can be mitigated through appropriate diversification. 4/18/2017 10

Specific examples of financial risks applicable to Banks include interest rate risk, credit risk, liquidity risk, prepayment risk, inflation risk, etc. 4/18/2017 11

Can You Match These Enterprise Risks? A. Hazard/Insurable Risks B. Financial Risks C. Operational Risks D. Strategic Risks 1. Supply chain, IT, key managers, product quality 2. Natural disasters, injuries, deaths, product liability 3. Market demand, R&D, competitive strategies, reputation, customer need 4. Tax and interest rate changes, credit default, FX 12

A World of Extremes (Attention on Risk) 13

Attention on Risk Management Google Search Risk Management 2006 & 2007: 3.2 million 2008 & 2009: 27.2 million 2011 & 2012: 81.4 million 2016 & 2017: 226.0 million Audit committee members rank risk management as top worry KPMG Survey of Corporate Directors 14

Risk Management #1 Focus of Public Company Boards What topics would they like to spend more time on? 55% of board members at public companies cite risk management more than any other area 61% believe their liability risk as a director has increased during the past few years Source: BDO Board Survey 15

Banks are increasingly exposed to non-traditional risks (cyber risks, regulatory risks and new forms of macro risks) Regulators are increasingly skeptical about banks internal and often complex and opaque risk modeling and measurement approaches 80% of participating banks believe they successfully integrate stress testing into strategic decision making Potential for improvement is especially significant in capital-allocation and talent-management processes Source: McKinsey 16

Impact of Risks on Firm Value 0% Hazard 6% Financial 31% Operational 58% Strategic Source: Mercer Management Consulting 17

Recent survey by RIMS (review of proxy statements of companies in the DJIA) 20% had a CRO (89% in banking sample) 64% mentioned ERM 27% describe Board s oversight of risk management, but expect 100% in 2013 Recent Deloitte survey 91% of executives plan to reorganize and reprioritize their approaches to risk management in some form in the coming three years. 18

Boards and Risk Management Boards are FULLY aware that risk management is a corporate governance issue Audit and Risk Committees continue to expand risk management awareness at Board level Board member participation in different companies spreads risk management awareness Boards more willing to replace senior management (evidence of more active role) 19

DISCUSSION: How has your Board s Interest In and Perspective on Risk Management Changed? 20

DISCUSSION: Does your Bank have a separate Risk Committee Why a separate Risk Committee makes sense. 21

A Brief History of Bank Risk First generation Insurance buyers Second generation Management Use multiple methods to manage hazard and financial risks Third generation Continuous assessment of all areas of risk and coordination with their Bank s strategy 22

Traditional View of Risk Management Silo management of risk Focus on risk transfer Limited integration with processes and Bank policies Scope limited to financial & hazard risks Unclear link to corporate objectives 23

DISCUSSION: How has is Risk Management Organized in your Bank? 24

How to Manage Your Bank s Risk Create a Risk Conscious Culture Add Risk Items to Board s Charter Modify banking operations Hire talent to manage risks Adjusting firm s capital structure Continuously monitor Bank s risk profile and report to Board at least quarterly 25

Categories of Risk Promulgated by Regulatory Authorities in Banking Credit risk Interest rate risk Market risk Liquidity risk Operational risk Compliance risk Reputation risk Strategic risk 26

Business interruption and supply chain Market developments (volatility, competition) Cybercrime, IT failures, data breaches Natural catastrophes Changes in legislation and regulation Macroeconomic developments (commodity price risk, inflation/deflation) Loss of reputation/brand loss 27

The Risk Management Process Identifying exposures to loss Measuring/evaluating exposures frequency severity Selecting a risk handling or treatment approach avoidance retention control transfer (e.g., insurance, hedging) Implementation and monitoring of the risk management program Risk appetite Risk charter 28

Risks Included in ERM Hazard risks Damage to property, liability to others, injuries to employees, etc. Financial risks Interest rate risk, credit risk, FX risk, commodity price, etc. Operational risks Supply chain, distribution system, how we do business, etc. Strategic risks What businesses we are in, where we do business, political risk, reputation risk (brand), who we do business with, etc. 29

Treasury & Risk Management Strategic risks still viewed as the most difficult to assess and manage Biggest challenges to fully implementing ERM conflicting priorities difficulty quantifying risks difficulty embedding risk in culture 30

Risk Characteristics as Determinants of the Tool Frequency Of Losses Severity Of Low High Low Retention Retention & Control Losses High Transfer Avoidance 31

Why ERM Adds Value to a Financial Firm Better understand the aggregate risk inherent in different business activities Avoid duplication of risk management expenditures by exploiting natural hedges Benefit from being able to select investments based on a more accurate risk-adjusted rate Enables firms to better inform outsiders of their risk profile (especially financially opaque firms) and also serves as a signal of their commitment to risk management Growing interest by rating agencies (S&P, etc.) 32

OVERVIEW - STATE BANK S RISK MANAGEMENT PROGRAM Created to monitor all bank policies for assessing and managing risks. Policies must be approved by Board at least annually. Created a risk matrix for Board and management review Quarterly review of benchmarks and matrix for major risk exposures by XO s and Board Review reports at all Board meetings on selected risk topics selected by Board. 33

Hired outside experts to review highest risk areas of Bank operations to asses risk levels, i.e. IT gap analysis. Insure all Bank policies and internal audit reviews include a risk assessment review and report. 34

Annual meeting of compensation committee with risk committee to review executive compensation to insure compliance with risk objectives. Developed and periodically review bank s risk appetite statement Review Bank s capital allocation and ALLL reports quarterly with risk committee Review concentration and credit risk profiles quarterly 35

Current Research: Changes in Risk Reporting

2008 Q1 2008 Q2 2008 Q3 2008 Q4 2009 Q1 2009 Q2 2009 Q3 2009 Q4 2010 Q1 2010 Q2 2010 Q3 2010 Q4 2011 Q1 2011 Q2 2011 Q3 2011 Q4 2012 Q1 2012 Q2 2012 Q3 2012 Q4 Georgia Banking School 60 50 40 BP 2008-2012 Quarterly Report Pages 100% increase in length No direct mention of oil spills or ocean drilling prior to 2012 Q2 30 Report Length 20 10 4/20/2010 Deepwater Horizon explodes and sinks 0 37

Banks and Risk Reporting Number of times the term risk management was used in firm s 10-K (2005 v. 2013) Financial Institution Times used in 2005 Times used in 2013 Percent increase Bank of America 85 171 101.2% BB&T 13 24 84.6% JP Morgan 92 167 81.5% PNC 83 133 60.2% SunTrust 51 74 45.1% Wells Fargo 34 137 302.9% 3 had CROs in 2005, all 6 had CROs in 2013 38

Important Types of Risk and Insurance Categories/Types of Risk and Insurance Physical property and business continuity risk Legal risk Management liability risk Human resources risk (including BOLI and COLI) Environmental risk Crime and Cyber risk Fleet risk 39

89 90 91 92 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 $7.5 $2.7 $4.7 $5.5 $22.9 $16.9 $8.3 $7.4 $2.6 $10.1 $8.3 $4.6 $26.5 $5.9 $12.9 $27.5 $9.2 $6.7 $10.6 $13.8 $12.9 $15.3 $16.1 $27.1 $35.9 $35.0 $61.9 Georgia Banking School U.S. Insured Catastrophe Losses $ Billions $70 Sandy $18.8B $60 $50 $40 $30 $20 $10 $0 Source: Property Claims Service/ISO; Insurance Information Institute 40

Most Costly Disasters in U.S. History (Insured Losses, 2012 Dollars, $ Billions) $60 $50 Hurricane Sandy became the 5 th costliest event in US insurance history $48.7 $40 $30 $20 $10 $4.4 Includes Tuscaloosa, AL, tornado $5.6 $5.6 $6.7 $7.1 Includes Joplin, MO, tornado $7.5 $7.8 $8.7 $9.2 $18.8 $13.4 $11.1 $23.9 $24.6 $25.6 $0 Irene (2011) Jeanne (2004) Frances (2004) Rita (2005) Tornadoes/ Tornadoes/ T-Storms T-Storms (2011) (2011) Hugo (1989) Ivan (2004) Charley (2004) Wilma (2005) Ike (2008) Sandy* (2012) Sources: PCS; Insurance Information Institute inflation adjustments to 2012 dollars using the CPI. Northridge 9/11 Attack (1994) (2001) Andrew (1992) Katrina (2005) 12 of the 16 Most Expensive Events in US History Have Occurred Over the Past 15 Years 41

Key Lessons and Issues from Recent Catastrophes Flood risk remains a big issue NFIP Business interruption is one of the biggest issues facing businesses and it is poorly assessed and addressed Increased concerns from inland risks (tornados, hail, winter storms) Data Centers, utilities, supply chains 42

Directors and Officers Legal Liability Exposure to loss basic functional duties fiduciary duties types of suits 94% of the U.S. M&A deals in 2013 over $100 million were challenged in shareholder lawsuits D&O insurance coverages (Side A, Side B and Side C) common policy features 43

The FDIC s Perspective on D&O Insurance Purchase of D&O insurance is a legitimate business activity Must be aware of exclusionary language The bank can t buy coverage that reimburses D&Os for civil money penalties The FDIC urges each board member and executive officer to understand this coverage 44

Most Frequently Cited D&O Issues 14.0% 12.0% 10.0% 8.0% 6.0% 4.0% 12.7% 10.9% 7.8% 2.0% 0.0% Wrongful Termination Inadequate / Inaccurate Disclosure Mergers and Acquisitions 45

Who Sues Officers and Directors? (2001-2010) 46

Cyber Liability Insurance Coverage (may include): reimburse immediate clean up costs (forensics, notification, setting up call centers, paying for credit monitoring) legal fees cost of hiring crisis management firm Estimated cost in 2013 of a data breach was $188 per compromised record (only upfront clean up costs) Maximum capacity in the insurance market estimated at $300 million (Target had $100 million) 47

Privacy / Cyber Security Liability Industry Developments Increased awareness of FI security/breach procedures following 2011 Citi breach Oct 2011 SEC guidance/disclosure obligations relating to cyber security risks and incidents Number of large FI s purchasing first-time privacy insurance increased substantially in the last 12 months FI Benchmark Privacy Limits Morgan Stanley $200MM Bank of America $120MM PNC $100MM Ally $100MM SunTrust $75MM Coverage Overview Privacy related liability/litigation from disclosure of client information Regulatory action defense, fines and penalties, consumer redress fund Loss mitigation expense (including notification/call center, credit monitoring, cost to reissue credit/debit cards, client identity restoration, discovery/data forensics, crisis management/pr firm) No distinction as to cause of breach (e.g. laptop, hacked systems, malicious insider) Coverage also includes breaches of bank s data from outsourced suppliers Fifth Third Goldman Sachs US Bank Keycorp Bank of NY Mellon Wells Fargo Average FI Limit $60MM $60MM $50MM $50MM $30MM $25MM $80MM 48

Key Operational Risk Areas of Focus Technology Risk Supplier Risk Regulatory/ Litigation Risk Given the complexity of today s banking markets and the sophistication of technology that underpins it, it is no surprise that the OCC deems operational risk to be high and increasing. Indeed, it is currently at the top of the list of safety and soundness issues for the institutions we supervise. - Thomas Curry, Comptroller of the Currency, Speech from May 16, 2012 49

Complacency is an Enemy of Risk Management It s never happened before. It can t happen here. We can handle it. Ignore it and it will go away. 50

DISCUSSION: What Other Questions Or Comments Do You Have Regarding Risk Management For Your Bank? 51

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback