Embedding Operational Risk

Similar documents
KEY. riskupdate PREDICTIONS FOR Risk Reward. Jan 2011

The Value of Consulting Assuring Audit Committee & other Key Stakeholders of IA s Quality

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Operational Resilience Measure and Report

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Increasing the Intensity and Effectiveness of Supervision

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

A Discussion About Internal Controls February 2016

The Agile Enterprise May 2012

Transformation confidence Helping you get closer to your transformation programme

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Rising to the challenge Delivering Internal Audit excellence

CORPORATE GOVERNANCE FRAMEWORK

Human Resources and Organisational Development: Outcomes

Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Enterprise risk management Protecting and enhancing value Advisory

What s the cost of control? Keeping control of your business when cash is king

Risk Management Strategy

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

Working Capital the cheapest source of cash 2017 Middle East Working Capital study

Group Chief Risk Officer

Unleashing the power of innovation

IoD Code of Practice for Directors

UK FSA Code of Practice. The relationship between supervisors and external auditors

Charity Governance Code. Checklist for small charities UNW LLP

Managing the payments landscape Standing still is not an option

A Strategic Approach to Bank Fraud

Generating value within the Risk Ecosystem Risk powers performance

Integrated Reporting Taking the first steps August 2013

pwc.com.au PwC Infrastructure Advisory (Brisbane) Darren Black November 2013

FSB Consultative Document - Guidance on Supervisory Interaction with Financial Institutions on Risk Culture

Bank of Ireland. Service Integration as a means to govern a multivendor. 11 th October 2013

Measuring and communicating success

healthalliance Purpose, Vision and Principles

Risk consulting. Conduct risk: Aligning product, customer and value. kpmg.ie

The anglo american Safety way. Safety Management System Standards

5. Effective controls and risk management

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

IT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013

Is your supplier risk management keeping pace with your strategic

Our Corporate Strategy Information & Intelligence

The Future of Internal Auditing:

HR s Role in Culture Change. FTI Consulting A Case Study

A Practical Approach to Enterprise Risk Management

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Global Transfer Pricing Conference

Mental Health & Wellbeing Strategy

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade

The Roles and Obligations of NEDs in the Governance Process

Analytics: The Widening Divide

Internal Audit Advisory

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

Cultivating a Risk Intelligent Culture A fresh perspective

Model risk management A practical approach for addressing common issues

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Policy Capability Framework. Development, insights and applications

Stand out for the right reasons Getting your approach to CASS right

Efficient risk management. Presentation to the Interdepartmental Accounting Group 2013 conference

More than 2000 organizations use our ERM solution

Taking ERM to a. 6 GRC Today / October 2015

Turning risk into opportunity Third Party Governance & Risk Management

Implementing Category Management for Common Goods and Services

Whitepaper September Middle East Perspective State of the Internal Audit Profession 2016

Third Party Risk Management ( TPRM ) Transformation

Enterprise risk management Protecting and enhancing value Advisory

Conduct risk: Aligning product, customer and value

Assessment of the effectiveness of the Audit Committee

Risk culture. Building great organisations and growing your foundation for success CAPABILITY STATEMENT 2016

How can you improve your ability to identify, respond and adapt to significant operational interruptions?

Global investor survey on corporate reporting

Advisory Services Governance, Risk & Compliance

Internal Audit and Technology Sustainable Analytics

BERMUDA MONETARY AUTHORITY

CGEIT Certification Job Practice

June PwC s Data and Analytics Survey 2016 Big Decisions

Fit for the Future: Innovative Global Talent Transformation

A Value Management Approach to Business Transformation

AVOIDING THE BLAME GAME. DRIVING COLLABORATION THROUGH EFFECTIVE SERVICE INTEGRATION AND MANAGEMENT

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

A Risk Practitioners Guide to ISO 31000: 2018

An intelligent approach to unlocking value in service delivery transformation Focus on risk from the start

IIA South and IIA East. Assurance Mapping. 2 nd February David Alexander

The compliance investment

Risk Management Strategy. Version: V3.0

CFO Perspectives CFO Speaks

Industry 4.0: Building the digital enterprise

Building an. Effective Board

Improving transparency and disclosure

UK Gender Pay Gap Report 2017

Enterprise Risk Management. Focus on the Future June 2017

International Finance Corporation

THE 6 KEYS TO UNLOCKING THE POTENTIAL IN YOUR PEOPLE

Modules for Accounting and Finance

Director Procurement & Value Delivery

Job Description. Background. Date: April No. of reports: Nil. Delegated Financial Authority: (If applicable)

Agile leadership for change initiatives

Internal Auditors and Enterprise Risk Management (ERM) ICPAK Presentation

INTERTEK GROUP PLC INTERTEK S MODERN SLAVERY STATEMENT 2017

Transcription:

Embedding Operational Risk Banking & Payments Federation Ireland Angela Calapa, Risk & Regulatory Director

Areas of Challenge for Embedding Operational Risk Most banks face a significant number of challenges in bringing Operational Risk (OR) to life. Muddled and unclear accountability for operational risk Inadequate resources Failure to demonstrate the value added to the business A focus on completing the process rather than truly managing the risk Failure to appropriately understand OR risk appetite Failure to manage forward-looking view of risk Operational Risk Management Framework (ORMF) not considered by the business or during business decision making Inability to leverage the ORMF for effective management of conduct related risks Difficulty in supporting risk management with strategic and centralised technology solutions 2

Embedding Operational Risk Firms should use OR to run the business. Examples of embedding OR include informing decisions on business plans and change initiatives, forward-looking risk monitoring, and defining an appropriate risk culture. Risk Appetite & Forwardlooking Monitoring Strategy & Business Planning Major Change & Cost-cutting Initiatives Cultural Measurement & Behavioural Reinforcers Embedding Operational Risk Personal Scorecard, Compensation & Incentives Capital Allocation 3

Embedding Operational Risk 1. Strategy & Business Planning 1. Strategy & Business Planning Key areas of focus Identify and assess key operational risks to business plan Articulate inherent risk exposure against appetite to inform strategic and operational decisions e.g. new business or products, acquisitions, technology investment Undertake scenario analysis & reverse stress testing against top inherent risks for unexpected losses Strategy & Business Planning Embedding Operational Risk 4

Articulating Operational Risk Management Objectives Examples of articulation of ORM objectives and desired outcomes. 1. Strategy & Business Planning The type of OR and the amount the Bank is willing to accept is clearly defined and understood. OR within and / or due to products, services and operations are recognised and identified. Risk are maintained within appetite on a riskreward basis. When appetite is breached, risks are economically brought within appetite. ORM Outcomes Nature & extent of OR faced by firm is understood. The more material the risk, the deeper the understanding. The firm surveys its products, services and operations for changes in risk profile, and risk exposure is monitored vigilantly. Operational risks are owned by 1st line of defence. There is clarity on responsibility and accountability for management of operational risks. 5

Operational Risk Appetite & Firm Strategy Explicitly consider OR appetite throughout the business life cycle particularly during strategic planning, new product approval and performance evaluation. Division A Group Division B BU1 BU2 BU3 BU4 Financial Planning 1. Operating Business Plan 2. Strategic Business Plan 3. Budget A Firm Strategy Division C BU5 Capital Planning BU6 1. VaR Forecast 2. Economic Capital Forecast 3. Stress Scenario Analysis Capital Earnings Top down allocation of approved limits A 1. Strategy & Business Planning The Front Office explicitly considers their respective BU s appetite for operational risk during the development of the operating business plan by addressing the following questions: 1. How does the proposed budget address the operational implications of the business strategy considering: Projected growth or contraction Changes in the operational, business and/or regulatory environment 2. How does the proposed budget include consideration of potential operational constraints: Major internal and external losses Staff changes Remediation plans committed to Other projects linked to enhancing/maintaining the operating and control environment 6

Embedding Operational Risk 2. Risk Appetite and Forward-looking Monitoring 2. Risk Appetite and Forward-looking Monitoring Key areas of focus Monitor forward-looking risk appetite e.g. set budgeted loss Thresholds in financial forecasting, and metrics to track performance Escalate breaches of these thresholds, showing consequences for future business performance and remedial actions Risk Appetite & Forwardlooking Monitoring Embedding Operational Risk 7

Operational Risk Appetite Framework 2. Risk Appetite and Forward-looking Monitoring A mature framework links qualitative and quantitative measures of appetite to specific risk indicators and includes robust governance, monitoring and reporting processes. Business Objectives Strategic objectives set by the Board Top Risks Based on RCSA results and Divisional priorities Mitigation informed by risk appetite OR Appetite The level of risk the Bank is willing to tolerate/accept in the course of doing business in order to achieve its strategic goals Qualitative Statements Quantitative Measures Indicators Objective measures to evaluate risk position with respect to risk appetite Reporting & Response Framework Aggregates the firm s risk profile and supports monitoring and decision making processes Provides a methodology to impose consequences on a consistent basis Qualitative tolerance statements articulate the level at which certain types of risks (including reputational and conduct considerations) will be tolerated or accepted with linkage to some form of indicators to enable monitoring of these levels within predetermined boundaries or limits. Quantitative measures are used to evaluate risk position on a historical basis per division/ function. These loss thresholds can be calibrated against historical data (e.g. past losses by Basel II loss categories over a period of years) as well as forward looking factors (e.g. capital model and scenario analysis). Indicators can evaluate the risk position on a forward looking basis per division/ function and act as early warning indicators to enable appropriate management action to prevent a loss. Breaches of loss thresholds and indicators will be reported and linked to a Response Framework. 8

Operational Risk Appetite Example 2. Risk Appetite and Forward-looking Monitoring OR appetite is expressed using a combination of qualitative statements and quantitative measures and linked to existing risk indicators to enable forward-looking monitoring. Set as the annual average of losses below the Individual Material Loss Threshold Qualitative Statement Cumulative Loss Tolerance Level Individual Material Loss Threshold Example Indicators The Bank endeavours to avoid OR events arising from the following: Violations of market integrity through improper market making, manipulative book building and the application of price fraud 5m 30m Number of Front to Back office FX, IR and Price breaks % of total desks fees generated per trader % of trades booked remotely Product profitability Set as approximately the 95 th percentile of the 5 year internal loss distribution Limits are defined for each metric, and these limits are used to calculate the metric s limit utilisation which is a percentage of the metric value vs. its limit 9

Embedding Operational Risk Appetite OR appetite is embedded across the Group: vertically through the organisational structure with all businesses required to implement and operate as per OR policy. 1. The Board will decide the type and amount of OR the Bank is willing take for the pursuit of its business goals. It is good practice for the Board to document its appetite in the Firm s appetite statements. 2. The firm s appetite statement is then cascaded to business entities usually in the form of do s and don ts found in the Bank-wide operational policy suite. 3. Legal entities implement the policies by cascading the do s and don ts to the business lines whose responsibility is to ensure the procedures in place comply with the policies. 4. Finally, at operational level, procedure and processes are assessed as part of the self-control assessment to ensure that they contain effective controls for managing the operational risks and its sources. 2. Risk Appetite and Forward-looking Monitoring 10

Embedding Operational Risk 3. Major Change & Cost-cutting Initiatives 3. Major Change & Cost-cutting Initiatives Key areas of focus Assess impact of change on OR profile of the business, e.g. whether cost cutting initiatives increase or reduce OR exposure Major Change & Cost-cutting Initiatives Monitor change implementation against impact on OR profile, using defined programme stage gates Embedding Operational Risk Include senior OR management in programme approval & decision forums 11

3. Major Change & Cost-cutting Initiatives Principles for an Effective Change Management Process 1 st Line Ownership & Alignment to Top of House Decision Making Process Change initiatives driven centrally across the firm, by a COO function for example, can help to ensure consistency in approach, minimum risk & control standards and alignment to firm-wide strategy and objectives. Clear Governance Paths & Authorities Functions supporting the change management process should be given appropriate authority to effectively drive the change programme and provide oversight and challenge. Clear Objectives Risk & Control assessments and Post Implementation reviews should be linked back to the original objectives. Firm-wide Understanding of Risk and Control Processes Training should be driven centrally to ensure consistent understanding of fundamentals across the 3 lines of defence. Use of Available Frameworks & Metrics Classification of Change Use of existing metrics, tools and common taxonomies (e.g. for articulating risks and controls) across the firm for all risk assessment processes can support risk profile aggregation, decision making and reporting. Change initiatives classified by a risk or impact matrix can help to define the correct level of stakeholder engagement and oversight for the change programme. 12

New Major Change Management Process Map 3. Major Change & Cost-cutting Initiatives New Major Change Risk and Control Design & Plan Implementation Initiative Assessment 1 2 3 4 5 Post Implementation Review 3 LOD 2 LOD 1 LOD Programme ExCo Mngmt Change Initiative Approval by Senior Management Committees Business Initiates Change Proposal Change Risk Management Process Owners Engaged and Informed of Change Initiative - Supervision and Monitoring of Progress against Agreed Objectives - Point of Escalation for Issues in Programme Delivery - Co-ordinate Risk & Control Assessment Phase - Report on Progress - Define Target State - Perform Risk & Control Assessment of Planned Change - Make Risk Appetite and Acceptance Decisions Functional Input 2 nd Line into Risk & Challenge and Control Oversight of Assessment Process - Co-Ordinate Process Design & Plans Across 1LOD and 2LOD - Report on Progress Business Process and Technical Design and Plan Formal Approval of Plan and Acceptance vs. Risk Appetite Functional Input into Design & Plan and Sign- Off 2nd Line Oversight add Challenge of Process - Co-ordinate Implementation Phase - Report on Progress - Project Close-out - Business Process Implementation - In-flight Assessment Against Plan Functional 2 nd Line Oversight Process and Challenge of Implementation Process / In-flight and Sign-Off Assessment Against Plan - Final Sign-Off - Understand Lessons Learnt which have Firm-Wide / Strategic Impact - Co-ordinate Implementation Phase - Report on Lessons Learnt from Change Management Process - Changes Accepted into BAU - Post-Implementation Review (PIR) - Understand Process-level Lessons Learnt Functional Acceptance & Post Implementation Review Internal Audit Review of Accepted/BAU Processes and Controls 13 2 nd Line Oversight and Challenge of PIR 13

Embedding Operational Risk 4. Capital Allocation 4. Capital Allocation Key areas of focus Distribute regulatory capital adequately and appropriately based on size and potential OR exposure Promote good business behaviours by incentivising the businesses through the use of a forward-looking OR profile Utilise operational risk loss data in a way which gives insights into the riskiness of businesses Capital Allocation Embedding Operational Risk 14

Implications of OR Capital Modelling Changes The objectives of the allocation approach include: Promote good business behaviours by incentivising the businesses through the use of a forwardlooking operational risk profile. Distribute regulatory capital adequately and appropriately based on size and potential operational risk exposure. Continue to utilise operational risk loss data in a way which gives insights into the riskiness of businesses. The operational capital could be allocated to the businesses via three criteria based on predetermined weightings. An example is shown below: Total OpRisk Capital 4. Capital Allocation One mechanism to incentivise businesses to proactively manage risk is through capital allocation. Forward-looking OpRisk Profile Size Indicator Historical OpRisk Losses 40% 30% 30% Typically this information is available on a monthly basis but it may be more appropriate to discuss capital allocation on a quarterly/bi-annual basis at senior management committees. 15

Embedding Operational Risk 5. Cultural Measurement & Behavioural Reinforcers 5. Cultural Measurement & Behavioural Reinforcers Key areas of focus Define a statement showing what the risk culture should be Include good risk management behaviour in the purpose, vision and values of the bank Use behavioural reinforcers to embed desired OR behaviours e.g. business leaders as OR champions, OR culture communicated throughout the firm Cultural Measurement & Behavioural Reinforcers Embedding Operational Risk 16

Measuring Proactive Culture Change 5. Cultural Measurement & Behavioural Reinforcers A proactive, client centric approach to conduct and culture helps rebuild trust in the industry rather than simply react to regulatory requirements. The programme is governed by 5 key principles: 1. Don t reinvent the wheel - align with global initiatives and leverage work already underway 2. Lead from the line - each workstream should have a business sponsor and SME workstream lead 3. Build from established foundation - leverage and build on elements of the strong positive culture that may already exist 4. Prioritise, don t do everything at once - start with the levers that engage and make the biggest impact fast 5. Play the long game - first focus on moving fast and completing quick wins before moving to the longer term formal elements of structure, policies, processes and other infrastructure HR enablers Strategy Values Organisation structure & governance Communication Measurement Infrastructure Processes & Policies 17

Key Benefits of Measuring Proactive Culture Change Track the Changes to Culture Reinforcers Behaviours Outcomes 5. Cultural Measurement & Behavioural Reinforcers Short term measures to determine if the programme is completing activities as planned, creating the right environment for culture Medium term measures to determine if people are displaying the desired behaviours required to meet the target culture Long term measures to determine if the target culture has been met The benefits of this approach are: Business leaders are engaged from the beginning and feel more ownership of the changes, helping to bring the rest of the business on the journey with them There is an initial focus on quick wins so that an impact is made quickly Measuring the changes on a bi-annual basis allows frequent tracking of the same measures so clear progress or issue areas can be identified Thereby the programme enhances the chances of success by gaining clear leadership buyin, engaging the business, working with and not duplicating other initiatives and tracking the progress of both the programme and culture journeys. 18

Embedding Operational Risk 6. Personal Scorecard, Compensation and Incentives 6. Personal Scorecard, Compensation & Incentives Key areas of focus Embed OR objectives into every employee s performance scorecard e.g. timely completion of OR training, demonstrating target behaviours Include performance against OR objectives as a key measure when setting remuneration and incentives Personal Scorecard, Compensation and Incentives Embedding Operational Risk 19

A Shortlist of Critical Things to Get Right 1 Having people with the right skills across the first and second line of defence 2 The right risk culture; defined, embedded into enablers and measured 3 4 5 Demonstrably linking operational risk management & measurement to decision making, allowing management of risk rather than issues Speaking the language of the business and avoiding operational risk jargon where possible (KRIs, BEICFs, KCIs, RCSAs.) Driving consistent use of operational risk tools by the first line in running the business 6 Supported by a high quality enterprise-wide risk management framework; underpinned by a common language and component linkage 20

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. 2016 PricewaterhouseCoopers LLP. All rights reserved. In this document, "" refers to the UK member firm, and may sometimes refer to the network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback