OJK Workshop: Conduct Risk. Tuesday 9 September 2014

Transcription

1 OJK Workshop: Conduct Risk Tuesday 9 September 2014

2 Introductions Disclaimer: The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The views and opinions contained in the presentation / paper are those of the author and do not necessarily represent the views and opinions of KPMG, an Australian partnership, part of the KPMG International network. The author disclaims all liability to any person or entity in respect to any consequences of anything done, or omitted to be done. Ed Larkin Partner Risk Consulting KPMG Dan Ostermeyer Associate Director Financial Risk Management KPMG 1

3 Agenda for this morning s session What is Conduct Risk? Why is it important? How to manage Conduct Risk Conduct Risk framework Managing Conduct Risk throughout the lifecycle Roles and responsibilities Implementation challenges Risk culture and how it impacts on Conduct Risk Case Study: Mystery Shopping to identify Conduct Risks Questions and Open Forum 2

4 What is Conduct Risk?

5 What is Conduct Risk? How have organisations defined Conduct Risk? The risk of regulatory censure and/or a reduction in earnings/value, through financial or reputational loss, from inappropriate or poor customer treatment The risk of creating detriment to a client, counterparty, the Group or market arising from inappropriate conduct of business The risk that we treat our customers unfairly and deliver inappropriate customer outcomes Firm A: Large Retail Bank Firm B: Investment Bank Firm C: General Insurer The risk that detriment is caused to our customers, clients, counterparties or the Bank and its employees because of inappropriate judgement in the execution of our business activities Firm D: Large Retail Bank The risk that the conduct of the Group and its staff towards our customers or within the markets in which we operate might lead to damage arising from breaches of regulatory rules or law, or of our customers or regulators expectations of us Firm E: Large Retail Bank 4

6 What is Conduct Risk? Question 1 Which is the best definition of Conduct Risk? A B C D E The risk of regulatory censure and/or a reduction in earnings/value, through financial or reputational loss, from inappropriate or poor customer treatment The risk of creating detriment to a client, counterparty, the Group or market arising from inappropriate conduct of business The risk that we treat our customers unfairly and deliver inappropriate customer outcomes The risk that detriment is caused to our customers, clients, counterparties or the Bank and its employees because of inappropriate judgement in the execution of our business activities The risk that the conduct of the Group and its staff towards our customers or within the markets in which we operate might lead to damage arising from breaches of regulatory rules or law, or of our customers or regulators expectations of us Link to survey: ojk1.questionpro.com 5

7 What is Conduct Risk? How have regulators defined Conduct Risk? In most cases, regulators do not define conduct risk and it is up to each organisation to establish its own definition. The FCA have defined Conduct Risk as: the risk that firm behaviour will result in poor outcomes for customers 6

8 What is Conduct Risk? How does Conduct Risk differ from Operational Risk? In developing a Conduct Risk framework, firms need to be aware of how Conduct Risk interacts with other risks and needs to structure the framework so that Conduct Risk can operate neatly alongside other risks Conduct Risk is distinguished from operational risk through its focus on customer detriment There are many qualitative elements to Conduct Risk but some elements can be quantified Regulators expect Conduct Risk to be embedded in firms risk frameworks Quantitative reporting and escalation Business ownership Identification and management of risks Conduct should be considered alongside the other key risks Different models can prevail but should demonstrate clarity of scope, ownership and accountability for Conduct Risk Effective management information and KRIs Operational risk Conduct Risk Risk appetite statement Second line of defence assessment of controls Embedded in operating model and committee framework 7

9 Why is Conduct Risk important?

10 Why is Conduct Risk important? Costs of getting it wrong Conduct costs related to past misbehaviour have become the most pressing issue for the industry Mark Carney (Governor of the Bank of England): World Economic Forum in Davos 2014 Lloyds Banking Group fined GBP28M by FCA for serious sales incentive failings U.S. Dept of Justice, Federal and State Partners announced a $13Bn global settlement with J.P. Morgan for misleading investors about securities containing toxic mortgages Manulife Asset Management fined HKD24M by HK SFC for inadequate internal controls December 2013 November 2013 March

11 Why is Conduct Risk important? What do regulators expect? Product design Sales process Identify the target audience and design a product that meets their needs and to test the products to make sure they can deliver fair outcomes looking to see how the product would fare under different scenarios to see if it will do what it says on the tin A robust approval process in place before your products are on sale. Post sale handling Monitor the product to see who is buying it and how it is performing. Governance, culture and controls It s not just about selling it and moving on, but taking an interest in how it is actually working in practice 10

12 Why is Conduct Risk important? Conduct Risk hot topics for regulators FCA future areas of focus Technological developments Poor culture and controls Large backbooks Retirement income products The growth of consumer credit Rapid asset price growth Complex terms and conditions SEC future areas of focus ASIC future areas of focus Valuation of investments Remuneration arrangements Verification of existence of client assets The role of advice Rate manipulation Alignment of product design with customer needs 11

13 Why is Conduct Risk important? Question 2 Which of these risks do you consider the biggest area of concern in Asian markets? A B C D E Technological developments Poor culture and controls Growth of consumer credit and/or asset prices Complex terms and conditions and product valuations Remuneration arrangements Link to survey: ojk2.questionpro.com 12

14 How to manage Conduct Risk

15 How to manage Conduct Risk Conduct Risk framework Managing Conduct Risk throughout the lifecycle Roles and responsibilities Implementation challenges 14

16 Conduct Risk Framework

17 How to manage Conduct Risk Core pillars of a Conduct Risk framework Conduct Risk framework Culture Conduct Risk definition and risk appetite Risk assessment Governance, policies and controls MI and reporting An effective culture that supports the business model and business practices to focus on the fair treatment of customers and encourage behaviours that do not harm market integrity Conduct Risk is defined in a way that is meaningful for the firm. The risk appetite clearly articulates your values and the extent to which you are willing to accept Conduct Risk in the business The design of your strategy and business model and its execution demonstrates the importance of delivering fair customer outcomes Governance and controls focus on the outcomes delivered to customers rather than focus purely on commercial interests. Senior management have clarity on accountabilities across the firm MI is structured to give a current and forward-looking perspective on Conduct Risk exposures. Reporting includes an audit trail of actions taken to reduce Conduct Risk 16

18 How to manage Conduct Risk Core pillars of a Conduct Risk framework Culture An effective culture that supports the business model and business practices to focus on the fair treatment of customers and encourage behaviours that do not harm market integrity Firm has customer centric values and principles Right tone is set at the top, the leadership team demonstrates through firm wide communications that the customer is at the heart of the business Objectives, measures, training, reward and recognition arrangements reflect the focus on good outcomes for customers 17

19 How to manage Conduct Risk Core pillars of a Conduct Risk framework Conduct Risk definition and risk appetite Conduct Risk is defined in a way that is meaningful for the firm. The risk appetite clearly articulates your values and the extent to which you are willing to accept Conduct Risk in the business Board agreed definition of Conduct Risk The risk appetite statement as it relates to Conduct Risk sets out qualitative and quantitative articulations of the level of Conduct Risk that the business is willing to accept 18

20 How to manage Conduct Risk Core pillars of a Conduct Risk framework Risk Assessment The design of your strategy and business model and its execution demonstrates the importance of delivering fair customer outcomes Business model and strategy that reflects the needs of the customer and the importance of delivering good customer outcomes Business model and strategy is aligned to Conduct Risk appetite Business performs a range of analysis of its activities on an ongoing basis to identify, manage and mitigate Conduct Risk in the business model and strategy, in product design, sales activity and post-sales handling 19

21 How to manage Conduct Risk Core pillars of a Conduct Risk framework Governance, policies and controls Governance and controls focus on the outcomes delivered to customers rather than focus purely on commercial interests. Senior management have clarity on accountabilities across the firm Clearly defined roles and responsibilities for senior management including an accountable owner for Conduct Risk Clear reporting and escalation lines Governance committees and forums include Conduct Risk and/or customers as a standing agenda item A defined role for second and third lines of defence in monitoring Conduct Risk Conduct Risk policies which are reflected in business practices and procedures 20

22 How to manage Conduct Risk Core pillars of a Conduct Risk framework MI and reporting MI is structured to give a current and forward-looking perspective on Conduct Risk exposures. Reporting includes an audit trail of actions taken to reduce Conduct Risk MI is based on business requirements, not on what data is available MI is aligned to the Conduct Risk appetite MI is provided to an appropriate audience at an appropriate level of detail Conduct Risk MI ensures senior management are sufficiently informed about and focus on customer outcomes MI identifies emerging risks not just crystallised issues 21

23 How to manage Conduct Risk Core pillars of a Conduct Risk framework Conduct Risk framework Culture Conduct Risk definition & risk appetite Risk assessment Governance, policies & controls MI and reporting An effective culture that supports the business model and business practices to focus on the fair treatment of customers and encourage behaviours that do not harm market integrity Conduct Risk is defined in a way that is meaningful for the firm. The risk appetite clearly articulates your values and the extent to which you are willing to accept Conduct Risk in the business The design of your strategy and business model and its execution demonstrates the importance of delivering fair customer outcomes Governance and controls focus on the outcomes delivered to customers rather than focus purely on commercial interests. Senior management have clarity on accountabilities across the firm MI is structured to give a current and forward-looking perspective on Conduct Risk exposures. Reporting includes an audit trail of actions taken to reduce Conduct Risk Core design elements Firm has customer centric values and principles Right tone is set at the top, the leadership team demonstrates through firm wide communications that the customer is at the heart of the business Objectives, measures, training, reward and recognition arrangements reflect the focus on good outcomes for customers Board agreed definition of Conduct Risk The risk appetite statement as it relates to Conduct Risk sets out qualitative and quantitative articulations of the level of Conduct Risk that the business is willing to accept Business model and strategy that reflects the needs of the customer and the importance of delivering good customer outcomes Business model and strategy is aligned to Conduct Risk appetite Business performs a range of analysis of its activities on an ongoing basis to identify, manage and mitigate Conduct Risk in the business model and strategy, in product design, sales activity and post-sales handling Clearly defined roles and responsibilities for senior management including an accountable owner for Conduct Risk Clear reporting and escalation lines Governance committees and forums include Conduct Risk and/or customers as a standing agenda item A defined role for second and third lines of defence in monitoring Conduct Risk Conduct Risk policies which are reflected in business practices and procedures MI is based on business requirements, not on what data is available MI is aligned to the Conduct Risk appetite MI is provided to an appropriate audience at an appropriate level of detail Conduct Risk MI ensures senior management are sufficiently informed about and focus on customer outcomes MI identifies emerging risks not just crystallised issues 22

24 Managing Conduct Risk throughout the lifecycle

25 How to manage Conduct Risk Conduct Risk Assessment throughout the product lifecycle Sales process design Ongoing product assessment Effective Product Governance Governance and control 2 5 Customer communications Pricing and value for money Product design and development

26 How to manage Conduct Risk Conduct Risk Stress Testing The objectives of conduct stress testing are to, on a forward-looking basis: Understand whether products behave as designed and as customers would expect under a range of scenarios Understand whether there are circumstances under which certain product features or elements fail Conduct stress testing is: A forward-looking tool to assess and manage Conduct Risk An important element of the product design process to ensure known risks are mitigated prior to launch A collaborative process involving input from many stakeholders Wide in its scope, covering a range of severities and circumstances not just tail events and marketdriven scenarios Conduct stress testing is not: A panacea it will not solve everything! A tool to help firms mitigate risks to its own position, financial or otherwise it is to mitigate risks to the customer A tick-box exercise the outputs need to be used A solely quantitative exercise qualitative risk analysis is also important A one-off exercise it should be refreshed periodically X 25

27 How to manage Conduct Risk Value for Money Assessment Value for money assessment is an assessment of new and existing products or services in order to determine the extent to which they are expected to deliver/actually deliver value for money to the customer 1. Assess product characteristics 2. Apply context scalars 3. Calculate and assess VFM score Score for product characteristics which could make it difficult for the customer to assess value for money An example of behavioural economics in action Scale the product characteristic assessment score up or down based on the context of the target market, the market position, pricing and other mitigating factors Multiply the product characteristic assessment by the individual product context scalars to get a value for money score. This can be used to: Highlight value outliers relative to the product s group Compare scores against acceptable value for money thresholds/appetites Highlight changes in a product s value proposition over time 26

28 How to manage Conduct Risk Why Management Information (MI) is important Considerations Conduct Risk MI should demonstrate the link between risk assessment and management monitoring and controlling risks Key framework MI flow Board and senior management Vital component in ensuring the proper and effective reporting of key Conduct Risks and issues, with escalation to the appropriate board committee To provide a clear understanding of how well the organisation manages its Conduct Risks Accountable executives are equipped with the tools they need to manage the business proactively, putting the customer at the heart of the business and protecting all stakeholders Business units Business model and risk strategy Risk appetite Conduct Risk management Risk and compliance function Risk assurance Risk identification, measurement, monitoring information Risk MI 27

29 How to manage Conduct Risk Question 3 Which of these 3 aspects of the product lifecycle is most important to analyse? A B C Conduct Risk Stress Testing Value for Money Assessment Management Information Link to survey: ojk3.questionpro.com 28

30 Roles and responsibilities

31 How to manage Conduct Risk Roles and responsibilities The Board Set the organisation s appetite for Conduct Risk Provide direction and leadership by setting the tone from the top Line 1 Line 2 Line 3 Risk management Risk control Risk assurance Business units Conduct Risk ownership at the business unit level Analysis of risks and root causes Business unit processes and procedures Risk or Compliance Function Development and deployment of Conduct Risk policies, tools and training Conduct Risk monitoring across the Group Thematic reviews Compliance advisory services Audit Assurance of Conduct Risk management Assurance of broader GRC framework Consideration of the design and effectiveness of the control environment 30

32 Implementation Challenges

33 How to manage Conduct Risk Implementation challenges Culture Definition and risk appetite Risk assessment Governance, policies and controls MI and reporting Embedding Conduct Risk in the mindsets and behaviours of firms, and bring about genuine cultural change How to incorporate Conduct Risk factors into recruitment, remuneration and performance management processes Defining Conduct Risk for firms with diverse customers, products and business models Defining a risk appetite for a qualitative, behavioural risk such as Conduct Risk Setting risk appetite at the optimal level that ensures sustainable profits, being acceptable to the regulator and commercially viable Understanding where specific Conduct Risks arise within the business and encouraging stakeholders to proactively identify and address these Ensuring that Conduct Risk tools are used in the spirit with which they were developed and not treated as a tick-box exercise Creating clear ownership and accountability for Conduct Risk within the organisation Understanding the interactions of Conduct Risks with other risk types and ensuring that the risk management frameworks operate effectively alongside each other Understanding the prudential implications of the Conduct Risks to which the firm is exposed Designing forward-looking predictive MI indicators to identify Conduct Risks at an early stage before they crystallise Implementing necessary data feeds and information to produce accurate and complete Conduct Risk MI at required levels of granularity 32

34 How to manage Conduct Risk Question 4 Which of those implementation challenges is the toughest to overcome? A B C D E Culture Definition and risk appetite Risk assessment Governance, policies and controls MI and reporting Link to survey: ojk4.questionpro.com 33

35 Risk Culture and how it impacts on Conduct Risk

36 Risk Culture and how it impacts on Conduct Risk Managing Risk Culture Define framework Baseline / assess culture Change Ongoing measurement 35

37 Risk Culture and how it impacts on Conduct Risk Risk Culture Framework Define framework Baseline/ assess culture Change Ongoing measurement In order to understand risk culture, a framework is needed to provide reference points against which assessments can be made. Direction and Leadership Responsiveness and Improvement Escalation Risk appetite Role modelling Engagement RISK BEHAVIOURS Responsiveness Risk Outcomes Improvement RISK BEHAVIOURS RISK BEHAVIOURS Risk Attitudes Core beliefs that drive implicit and explicit prioritisations Role Clarity Capability Accountability Challenge Cooperation Information sharing RISK BEHAVIOURS Individual Commitment Joint Ownership 36

38 Risk Culture and how it impacts on Conduct Risk The different roles in culture Define framework Baseline/ assess culture Change Ongoing measurement Board CEO CRO Internal Audit 37

39 Risk Culture and how it impacts on Conduct Risk Assessing and understanding the Risk Culture Define framework Baseline/ assess culture Change Ongoing measurement A well-defined risk culture framework allows for effective observation and measurement of risk behaviours and outcomes. Why is assessment a challenge? How can the challenges be addressed? 1. Risk management practices must be assessed in terms of their appropriateness, adequacy and effectiveness. 2. Multiple lenses must be used to complete the assessment in order to generate a holistic view of risk culture. 38

40 Define framework Baseline/ assess culture Risk Culture and how it impacts on Conduct Risk The appropriateness, adequacy and effectiveness of risk management Change Ongoing measurement An organisation s risk culture can only fully be understood by evaluating the appropriateness, adequacy, and effectiveness of its risk management practices Appropriate Does the organisation have structures and processes in place to define the desired culture? Adequate Are those structures and processes of the right standard to create the desired culture? Effective Do structures and processes drive the right behaviours in practice? What this means in practice Example: We were appointed by regulators as independent experts to investigate reward systems in a financial services firm after a significant loss incident. Our approach: We tested the approach to reward through the different lenses, seeking to understand the connections between policy and practice: We looked at whether a reward policy existed, who was accountable for it and how it was built into existing governance processes. We compared the contents of the policy against regulatory and professional standards to evaluate the quality of the framework. We interviewed reward and HR professionals to understand how reward was allocated during the annual process. We interviewed managers and staff to determine if the policy guidelines were broadly understood. We reviewed actual reward data over two years to understand if reward decisions were implemented within policy. 39

41 Risk Culture and how it impacts on Conduct Risk What do we usually find? Define framework Baseline/ assess culture Change Ongoing measurement Some common pitfalls we ve noted across the industry Theme There are inconsistent behaviours and messages from leadership Staff and Management are not held to account for risk management consistently through performance management (PM) There is a fear of recrimination when individuals escalate issues. Issues are therefore covered up and rarely solved Risk and Compliance functions are incapable of challenging the other parts of the business What have we found? How do we fix this? Management often display behaviours contrary to what they expect from staff. Leadership creates a perception that risk management is inconsistently prioritised. Leadership workshops to develop a common language and set of behaviours around risk management for the business. Deliver behavioural skills training for Leadership and Managers The approach towards rewards and penalties, is not applied consistently. Risk management is only a small part of individual scorecards. Profit takes priority over risk metrics. Design PM approach ensuring KPIs for good risk management are reflected in all scorecards and are transparent and measurable. Define clear consequences and incentives through the PM process for managing risk. There is a fear of escalation. Similar risk incidents seem to be repeated across different parts of the business. There is no understanding of the root causes of risk issues. Senior level behavioural and technical coaching to ensure they understand the need for easy escalation. Risk incident assessment and feedback loop to ensure risk issues are understood and do not re-occur. Risk and Compliance functions do not possess the behavioural capabilities to challenge commercial functions. Design a detailed training strategy to develop behavioural capabilities in the second line of defence. 40

42 Risk Culture and how it impacts on Conduct Risk How can institutions change? Define framework Baseline/ assess culture Change Ongoing measurement Structured interventions build the foundation elements of a good risk culture. Transformational activities create a strong risk culture in accordance with the organisation s ambition Foundation Transformation Clear accountability with authority True ownership of risk in the first line Leadership and direction Capability development Enhanced role for the Risk and Compliance Function Communication and engagement Break the culture of fear Engage your people in the creating the change End to end view of risk 41

43 Risk Culture and how it impacts on Conduct Risk How can you change? Define framework Baseline/ assess culture Change Ongoing measurement The KPMG eight levers for change directly address the root causes of unwanted Risk behaviours and can be used to develop a strategic change plan Capability development Information and metrics Functional control and authority Roles and responsibilities Communication and engagement People processes and performance management Leadership and direction Strong processes and controls 42

44 Risk Culture and how it impacts on Conduct Risk Internal audit assessment Define framework Baseline/ assess culture Change Ongoing measurement Internal Audit assess functional risk management on a regular basis, but typically do not consider the holistic risk culture of their organisation. There are a number of challenges to overcome as well as different approaches to perform ongoing measurement. Challenges for Internal Audit Defining a measurement approach. Having a toolkit to perform the measurement. Skill set of internal audit staff. Presentation of findings to management. Lack of benchmarks. Lack of understanding of potential solutions. Defining roles across the three lines of defence. There are two broad options for how Internal Audit may measure risk culture: 1. Build risk culture assessments into the existing functional risk management schedule. 2. Conduct organisation wide, cross-functional risk culture assessment. Internal Audit Sales HR Finance Operations Example risk culture elements within scope: 1. Individual functional risk culture assessments Customer needs assessment audit Reward audit Tax audit Payment processing audit 2. Holistic view of risk culture Cutting across all policy and process audits Focus on holistic view of risk in each function s framework 43

45 Risk Culture and how it impacts on Conduct Risk Question 5 What is the most challenging aspect of Risk Culture? A B C D Defining it Assessing it Effecting change Ongoing measurement Link to survey: ojk5.questionpro.com 44

46 Risk Culture and how it impacts on Conduct Risk Question 6 How do you measure outcomes and identify areas for improvement? A B C D E Analysis of complaints Compliance monitoring program Mystery shopping Other No specific analysis Link to survey: ojk6.questionpro.com 45

47 Case Study: Mystery Shopping to identify Conduct Risks

48 Case Study The scenario What was the bank s concern? Why did they seek external advice? What questions were they seeking answers to? 47

49 Case Study The solution developed Mystery Shopping program Development of extensive question set and criteria Insights discovered 48

50 Case Study What did the bank handle well and where could the bank have improved? Communication to regulators and other key stakeholders Board recognised need for improvement and engaged external support as required to assist with investigation and remediation Board and the Three Lines of Defence committed to making improvements to the BAU environment X Failed to train staff effectively and consistently Processes able to be circumvented due to: Lack of controls Poor control effectiveness Line 1 had a poor risk culture and failed to take ownership of risks Monitoring and oversight performed by Line 2 (Risk and Compliance) was ineffective 49

51 Questions 50

52 Thank you Ed Larkin Partner T: M: E: edmundlarkin@kpmg.com.au Dan Ostermeyer Associate Director T: M: E: dostermeyer1@kpmg.com.au 51

53 Appendix

54 Curriculum vitae Name Position Edmund Larkin Partner, Risk Consulting Qualifications Member, Institute of Internal Auditors Fellow, Financial Services Institute of Australia Graduate Diploma, Australian Institute of Company Directors Bachelor of Commerce, University of NSW Contact details Phone: +61 (0) au Experience A chartered accountant by training, Ed joined KPMG as national leader of KPMG s Financial Services internal audit line of business after spending 20 years working with leading financial institutions in Australia and internationally, focussing on operational risk management and internal audit including leading a number of investigations and liaising with regulators following those incidents. Roles have included Head of Internal Audit at the Commonwealth Bank of Australia (CBA) and at DBS Bank in Singapore. As Head of Group Audit at CBA, Ed led a team of 110 professionals and was responsible for the development and execution of a dynamic internal audit strategy across the CBA Group. During this time he was directly involved in a number of special reviews of CBA s controls over its trading and wealth management businesses including a Lessons Learned review of CBA s processes following the Societe Generale incident in 2008 and a member of the bank s Executive Steering Committee for the remediation following the Storm Financial incident. At DBS Ed led a team of 120 staff across Asia, transforming the Group Audit function implementing leading practice disciplines and processes. He was an active participant in key governance forums including the Group Market Risk Committee, Group Operational Risk Committee, and the Conflicts and Business Control Committee. He directly led a review into the bank s governance processes in HK in response to regulatory requests by the Monetary Authority of Singapore and the Hong Kong Monetary Authority. Prior to this Ed spent over 11 years at JPMorgan completing assignments in New York, Singapore and Hong Kong in their Internal Audit, Operational Risk Management and Middle Office groups. Leadership roles included Global Head IA for JPMorgan s Global Equities business and Asia Pacific IA Head for the Markets business. During this time he led a global review of JPMorgan s structured products business involving operations in Hong Kong, London, Singapore and New York including liaising with the US Federal Reserve on issues arising from the investigation. Since joining KPMG, Ed s internal audit clients have included The Australian Securities and Investment Commission (ASIC), Wesfarmers Insurance, Graincorp, Macquarie Bank, Schroders Asset Management, Man Investments and First State Super as well as a number of foreign banking clients. He has conducted external quality assessments of the Australian Stock Exchange, HCF Insurance and National Australia Bank KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in Australia. KPMG and the KPMG logo are registered trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Leglislation. 53

55 Curriculum vitae Name Position Daniel Ostermeyer Associate Director, Financial Risk Management Qualifications Chartered Financial Analyst Level 1, 2 and 3 examinations Pass; Securities and Investment Institute Diploma (Regulation & Compliance - Credit; Interpretation of Financial Statements - Pass; and Private Clients Investment Advice and Management - Pass) BSc Business and Financial Economics, University of Leeds (First) Contact details Phone: +61 (0) dostermeyer1@kpmg.com.au Experience Dan has worked in KPMG s Risk Consulting practice since 2003, eight years of which were in the London office. He has extensive experience in advising clients on regulatory matters such as conduct risk, compliance, capital and liquidity as well as strong project management and report-writing capabilities: Conduct risk: conducting suitability reviews of investment management services. Dan has also managed a large number of engagements with banks and building societies across Europe to perform reviews and impact assessments against European regulatory requirements (MiFID). Regulator experience: a one-year secondment to the FSA supervising major retail banks and dealing with a wide variety of regulatory and capital issues. This gave Dan a strong understanding of the regulator s priorities and the international agenda during the GFC. Operational risk: advising on scenario analysis and facilitating workshops, providing SME input for mis-selling scenarios and performing risk management compliance reviews against APRA prudential standards. Compliance: managing engagements with banks and building societies to perform regulatory compliance reviews and impact assessment projects on compliance arrangements and front-to-back sales processes. Capital: advising on ICAAPs and risk management frameworks, including gap analysis against APRA s APS 110 requirements and peer better practice. Project management: managing a capital efficiency / organisation restructuring project for a large investment manager in response to regulatory change. Liquidity: reviewing compliance with APRA s APS 210 requirements to identify any shortcomings and key actions to address gaps. He also provided oversight for liquidity model implementation projects to meet APRA s requirements. Regulatory licence applications: reviewing business plans, management of capital (ICAAP), liquidity (ILAA) and risk management strategies. This covered a variety of prudential, governance and conduct of business issues and his clients included banks, investment firms and fund managers. Dan is experienced in project managing these engagements. AML: assessing the extent of AML compliance by a global hedge fund manager. Dan was a senior reviewer, and exercised judgment in taking decisions, gaining a grounding in global anti-money laundering standards KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in Australia. KPMG and the KPMG logo are registered trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Leglislation. 54

56 The information contained in this document is of a general nature and is not intended to address the objectives, financial situation or needs of any particular individual or entity. It is provided for information purposes only and does not constitute, nor should it be regarded in any manner whatsoever, as advice and is not intended to influence a person in making a decision, including, if applicable, in relation to any financial product or an interest in a financial product. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. To the extent permissible by law, KPMG and its associated entities shall not be liable for any errors, omissions, defects or misrepresentations in the information or for any loss or damage suffered by persons who use or rely on such information (including for reasons of negligence, negligent misstatement or otherwise). The views and opinions contained in the presentation / paper are those of the author and do not necessarily represent the views and opinions of KPMG, an Australian partnership, part of the KPMG International network. The author disclaims all liability to any person or entity in respect to any consequences of anything done, or omitted to be done KPMG Australia, an Australian entity and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International Cooperative (KPMG International)