Enterprise Risk Management

Similar documents
Taking ERM to a. 6 GRC Today / October 2015

Role of Board of Directors in Risk Management. CPA Erick Audi Thursday, 15 th November 2018

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

CGEIT Certification Job Practice

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Agile Master Data Management

Introduction to ERM (Enterprise Risk Management)

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

A Practical Approach to Enterprise Risk Management

Treasury s Leading Role in Enterprise Risk Management

APM Risk SiG Conference 26 th October 2006 Reporting risks to the board

DUBAL s ISO based ERM Program

Summary of the Remediation Plan in Response to Issues Outlined in the Shareholder Report

Deloitte Governance Framework and Maturity Model

Strengthening Your Enterprise Risk Management Process

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

OPPORTUNITY PROFILE. Corporate Secretary and CRO

Control Environment Toolkit: Internal Audit Function

Portfolio Management Professional (PfMP ) Certification preparatory workshop Course Outline

IBM Software Rational. Five tips for improving the ROI of your software investments

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

OPERATIONAL RISK EXAMINATION TECHNIQUES

Enterprise Risk Management

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Emerging Trends in Auditing ERM COSO ERM 2017

White Paper Describing the BI journey

IBM Cloud Services Balancing compute options: How IBM SmartCloud can be a catalyst for IT transformation

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

MANAGING RISK AT SUNCORP

Business Process Management Overview of BPM. Marek Zborowski PhD.

Miles CPA Review: BEC Q Updates for 2017 Edition

Generating value within the Risk Ecosystem Risk powers performance

Performance Risk Management Jonathan Blackmore, May 2013

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director

Be a Hero in Boom Times Not Just in Bust Times

The Future of Internal Auditing:

Compliance Risk Management Powers Performance

risk management Regulatory Compliance in Community Bank: An Exercise in Risk Management By:

pwc.co.uk Enterprise Risk Management

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

Enterprise Risk Management at

An Executive s Guide to Driving ERP Efficiency in a Multiple Entity Environment

Managing reputation risk. Laura Toni, Deloitte Romania November 28, 2014

Welcome to the webinar We will begin shortly

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

JOIN. ENGAGE. LEAD. FOUR CORE CAPABILITIES FOR BUILDING STRONG RISK GOVERNANCE

Toyota Financial Services (South Africa) Limited: King III Principles

Evolving Risk Management: Risk-Enabled Performance Management. GHBER July 17, 2014

The keys to sustainable pricing execution include a comprehensive

Governance: Risk Committees

Risk appetite and internal audit

Heightened standards for compliance risk management. Lines of defense compliance s role

Board Director Evaluation

PMO QUICK TIP GUIDE FOR ESTABLISHING, SUSTAINING, AND ADVANCING YOUR PMO. Quick Tip Guide compliments of PMO Symposium San Diego, California, USA

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

RSA ARCHER IT & SECURITY RISK MANAGEMENT

GRM OVERSEAS LIMITED RISK MANAGEMENT POLICY

Certificate in Internal Audit 3

Core Element Assessment Tool

AFP. Risk. The ERM Guide from AFP WRITTEN BY James Lam

Enterprise Performance Management

Business Resilience: Proactive measures for forward-looking enterprises

EFFICIENT USE OF AUDIT COMMITTEES

Stress Testing & Capital Planning: Principles, Program Elements & Common Challenges

BC Assessment - Competencies

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

2012 CliftonLarsonAllen LLP. A Practical & Tactical Approach to. Management (ERM) Cooperatives (NSAC) Jennifer Leary, Partner National Risk Management

Financial Institutions Consulting. Quality service. Personal attention.

STRAGETIC RISK MANUAL

Risk management is changing. Act now.

PEOPLE POWER. How the workforce can elevate customer experiences and drive growth

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

Risk & Compliance. the way we do it. QualityData Advantage. for Basel Compliance

Senior Investment/Commercial Banking Professional Apprenticeship Standard

How it works: Questions from the OCAT 2.0

Risk Management. Embedding Good Practice. Aidan Horan Governance IPA

International Finance Corporation

CARNEGIE MELLON UNIVERSITY

Management Update: How to Build a Co-management Contract

Evolution of the Project Management Office. A Guide to Helping the PMO Thrive

Buy-Side Business Attribution:

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

Enterprise Risk Management Aligning Risk With Strategy and Performance

Road map for. March 19, Enterprise Risk Management USI Insurance Services National, Inc. All rights reserved.

Software Project & Risk Management Courses Offered by The Westfall Team

Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan?

Our Journey in Creating a Memorable Customer Experience. Vision Mission Values Culture

Building a Change Capable Organization: Breaking Ground (PART 2 OF 2) LAMARSH.COM

OBSI Strategic Plan

SEA Definitions. 5/14/13 SEA 2013 All Rights Reserved Definitions V22

Navigating Changing Dynamics of First Line Risk and Control Functions

Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Transcription:

1 Enterprise Risk Management Building an Effective Enterprise Risk Management Program in a Community Bank Jay Gallo Chief Risk Officer

Topics for Discussion 2 Defining Enterprise Risk Management Do Community Banks Need ERM? The Business Case for ERM Basic Elements of an ERM Program Risk Identification and Assessment One Model for Risk Management ERM Program Details Sample Best Practices Is Your Bank Ready for ERM?

Defining Enterprise Risk Management 3 Enterprise Risk Management is A process put into action by a bank s board of directors and management Applied in strategic framework and across the enterprise Designed to manage risks within a risk appetite provide reasonable assurance regarding the achievement of bank objectives identify potential events that may affect the bank

Do Community Banks Need ERM? 4 The point to risk management is not to try and operate the bank in a risk-free environment. Rather, it s to tip the scale to your advantage. It s to make risk management an offensive, strategic strength instead of a defensive tactic. - CEO of a Community Bank

Do Community Banks Need ERM? 5 Why an enterprise approach to risk management? Better information about risks Coordinated risk responses Consistency in approach Create a uniform way to view and measure risks Match actions to strategy

Do Community Banks Need ERM? 6 A successful ERM program at a Community Bank will accomplish three risk management objectives: It will ensure there is a written, risk appetite document that complements the bank s detailed strategic objectives. It will link that risk appetite charter to specific metrics that define risk tolerances and boundaries across the organization. And it will create a framework for cross-enterprise reporting and the active management of risks throughout the entire institution.

Do Community Banks Need ERM? 7 A successful ERM program at a Community Bank will accomplish three risk management objectives: It will ensure there is a written, risk appetite document that complements the bank s detailed strategic objectives. It will link that risk appetite charter to specific metrics that define risk tolerances and boundaries across the organization. And it will create a framework for cross-enterprise reporting and the active management of risks throughout the entire institution.

The Business Case for ERM 8 Identify strategic advantages and opportunities With comprehensive information management, true competitive advantages are easier to identify. Opportunities can be elevated to decision-makers for faster responses. Since not all strategies bear same level of risks, organizations can focus resources on the best riskadjusted investment opportunities.

The Business Case for ERM 9 A reduction in overall institutional risk for the same return-on-investment (or higher ROA/ROE for the same risk) Improved operating margins Better portfolio management and credit risk practices Reduced problem loan charge-offs and management costs Higher net interest income due to risk adjusted pricing An improved efficiency ratio, allowing the bank to grow with steady costs

The Business Case for ERM 10 Bottom Line Reduce volatility and surprises Improve risk adjusted returns Deploy people and capital to best opportunities Reduce organization redundancies Optimize efficiency ratio Improved organizational communication and decision-making

Basic Elements of an ERM Program 11 A Risk Committee and charter Who gets to make decisions Understand your Bank s Risk Philosophy and Risk Culture A risk appetite document that establishes boundaries and controls for a set of key metrics Linked to business strategy Qualitative and quantitative measures of risk A process for measuring risks and prioritizing the impact Dealing with limit violations Periodic reports on metrics and economic data Periodic stress and scenario testing Someone in charge of the process and results

Basic Elements of an ERM Program 12 Phases of implementation: Assess current risk management practices at your bank. Understand and document your actual risk culture. Define a risk appetite. Agree on metrics, boundaries and reports. Develop a process to feed information to decision-making team and facilitate action. Develop analytical capabilities to answer whatif questions. Work with executives to follow a consistent process of action.

One Model for Risk Management 13 Risk Appetite & Concentrations Market Conditions Metrics & Reporting Analytics Four Inputs Four Levers Risk / Service Standards Balance Sheet Management Decision Process Product / Service Pricing Human Resource Assignments

One Model for Risk Management 14 Four inputs and four levers to avoid, reduce, share, accept or exploit risk. Decision-making is coordinated in a leadership team where each member is responsible for acting on inputs and following through on output decisions. The ERM value proposition is achieved through the process of coordinating intelligence and action with the goal of improving the performance of the organization. Bottom line better returns with the same risk or same returns with less risk.

One Model for Risk Management 15 Risk Appetite & Concentrations Market Conditions Metrics & Reporting Analytics Four Inputs Four Levers Risk / Service Standards Balance Sheet Management Decision Process Product / Service Pricing Human Resource Assignments

One Model for Risk Management Four ERM Model Inputs 16 Risk Appetite and Concentrations How much risk are we willing to take? What risk do we currently have today? What boundaries exist? Can our capital support our risk taking decisions? Market Conditions What is the current market? Where is it going? Where are we in the cycle? How does a change in the market affect our risk profile?

One Model for Risk Management Four ERM Model Inputs 17 Metrics and Reporting What do you track? Are there goals? What is the trend? How must history do we show? Analytics How do we slice data to reveal more detailed information to support better decision making? How do we show the impact of changes in market conditions on future positions? What do we stress and how do we stress it?

One Model for Risk Management 18 Risk Appetite & Concentrations Market Conditions Metrics & Reporting Analytics Four Inputs Four Levers Risk / Service Standards Balance Sheet Management Decision Process Product / Service Pricing Human Resource Assignments

One Model for Risk Management Four ERM Model Levers 19 Balance Sheet Management Participations, loan sales, match funding Capital management, hedging Risk and Service Standards LTV and DSC ratios, loan balance limits Customer and employee service and satisfaction standards Technology investments to keep costs controlled Appropriate controls to improve risk awareness

One Model for Risk Management Four ERM Model Levers 20 Product and Service Pricing Risk adjusted and absolute yields Price points and minimum balances Human Resource Assignment Strengthen employee skills Add new skills to manage new risks Outsource as necessary

ERM Program Details 21 How does the organization define the playing field? How much authority is delegated and to whom? How does the organization elevate its skills? What tools are used to manage risk? What is the structure for risk decision-making?

ERM Program Details 22 How does the organization define the playing field? What are the boundaries around products, customers and geography? (Need to define risk in manageable terms.) Defined at the specific level and managed at the portfolio level. What will the organization not do? Is the risk appetite documented linked to charters of key committees and Bank policies?

ERM Program Details 23 How much authority is delegated and to whom? What committees should exist? What are individual authority levels? What limits should be articulated around terms, amounts, risk? Who is the traffic cop? Do you control loan level risk or portfolio level risk at the management level?

ERM Program Details 24 How does the organization elevate its skills? Is there a risk management philosophy that makes the institution unique? Is credit risk management a competitive advantage for the bank? How does the organization teach the way to new people? How does the organization refine the skills of staff and directors for changes in the markets or sharpen the competitive distinctions between itself and other institutions?

ERM Program Details 25 What tools are used to manage risk? What is the analytics and reporting package? Is it integrated into the core systems? How many people do stress testing and what if analytics? How are they tasked? To whom do they report? What reports exist? Are they showing history, goals and peer group? Do multiple peer groups exist based on the analysis being done?

ERM Program Details 26 What is the structure for risk decision-making? Is there a charter for the decision-making committee? Who is in the room? What inputs and documents are reviewed? What market inputs steer risk appetite? Is the risk appetite sandbox clearly defined? What are the primary levers of risk management used to adjust course?

Sample Best Practices 27 Loan review is not just loan review Data, Data, Data then Analytics, Analytics, Analytics Portfolio level reporting Risk Appetite document Chief Risk Officer ERM decision making model Risk adjusted pricing

Sample Best Practices Loan Review is Not Just Loan Review 28 First, confirm ratings and identify Watch Loans. Watches are assessed for stay or exit, then ameliorate or move to soft/hard exit. Second, look at profitability of loans/relationships. Which relationships should be deepened, reduced or modified due to margin or risk/pricing mismatch? Loan Review is integral to strategic planning, overall portfolio growth and risk management.

Sample Best Practices Analytics, Analytics, Analytics 29 Integrated data collection and analytics to core systems. Stress testing against multiple scenarios (defined by risk appetite document) and ALLL adequacy assessment based on planned growth. Skilled analysts and streamlined reporting. Data visualization software Does marketing flow from identification of target customers and products based on profitability analysis and modeling? Do we need a separate data warehouse for marketing or risk analytics?

Sample Best Practices Portfolio Level Reporting 30 Reports and (board level) conversations should be at the portfolio level. Reports need sufficient history, goals, peer group comparisons Concentrations should be viewed from multiple angles For example, assess the commercial portfolio by loan type, geography, risk rating, yield, profitability indexing, market cycle, etc.

Sample Best Practices Risk Appetite Document 31 Board developed and approved. Risk culture and risk appetite are cannot exist independent of each other. Interdependent with strategic plan and marketing plan. Directors have skills and capacity to drive risk tolerances. Reports provide right information to make adjustments. Clarity around control mechanisms and delegated authority.

Sample Best Practices Chief Risk Officer 32 Ensure that fundamental ownership of risk resides in the business not in the risk function. Needs to be senior enough to be influential. Need to clearly define the CRO s role in decision making. Finding the right person means identifying the optimal balance of technical versus business expertise. The role will evolve as the organization matures and grows. Reporting line should match the organization s governance structure.

Sample Best Practices ERM Decision Making Model 33 Define inputs and levers to avoid, reduce, share, accept or exploit risk. Decision-making is coordinated in a leadership team where each member is responsible for inputs and outputs. Goal better returns with the same risk or same returns with less risk.

Sample Best Practices Risk Adjusted Pricing 34 Define inputs at the loan level. Assess performance at portfolio level with focus on two tails. Ownership: lending, credit, finance, marketing? Drives profitability analysis of customers and products.

Is Your Bank Ready for ERM? 35 Here are three questions that a senior management team should be asking: Is our board willing to work with senior management to articulate a risk appetite strategy for our institution? Are we capable of measuring and tracking risk at the functional / department level? When faced with trustworthy and sufficient data, will management re-deploy capital and people to reduce risks or take advantage of opportunities in the marketplace?

Is Your Bank Ready for ERM? 36 In answering these three questions, executives need to gauge their organization s strengths and weaknesses and be honest in their assessment. If an organization is not capable of tackling ERM today, then management has a challenge to improve the skills and ability of the organization so that everyone is capable of talking about risk and making sound decisions based on facts.

Is Your Bank Ready for ERM? 37 The financial landscape is moving quickly and against Community Banks as large-scale competitors strive to take the best customers away from local institutions and supervisory organizations try to over-regulate risk taking. With increasing requirements to build and store capital, Community Banks need to act judiciously in deploying people and assets. A clear understanding of the risks an institution faces and a mechanism for interpreting those risks and deploying solutions is now an essential element of management s charter.

Contact Information 38 Jay Gallo Chief Risk Officer Sage Bank 978.322.7075 jgallo@sagebank.com www.sagebank.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback