DIFFERENCES BETWEEN ERM PRACTICES BETWEEN THE FINANCIAL AND CORPORATE SECTORS
DIFFÉRENCES DES PRATIQUES ERM ENTRE LES SECTEURS FINANCIERS ET CORPORATIFS
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
ERM: DIFFERENCES BETWEEN SECTORS
1. Enterprise Risk Management –
Similarities & Differences between
Corporates and Financial Institutions
Montreal - April 9, 2008
A Higher Standard for Risk Professionals
2. Legal Disclaimer
The information contained in this document is provided for information purposes only
and in no way constitutes an offer of services or a solicitation.
Past performance is not indicative of future performance.
We decline any responsibility with respect to direct or indirect damages or
consequences of the inaccuracy of the information reproduced in this document, nor
for any actions taken in reliance thereon.
No information or data contained herein may be reproduced by any process
whatsoever without written consent.
Certain Statements that we make in this presentation are forward-looking statements.
These forward-looking statements are based upon current assumptions and beliefs
in light of the information currently available, but involve known and unknown risks
and uncertainties. Our actual actions or results may differ materially from those
discussed in the forward-looking statements and we undertake no obligation to
publicly update any forward looking statement.
A Higher Standard for Risk Professionals
3. Your Panel
Penny Cagan
Managing Director
Operational Risk Division
Michel Rochette, MBA, FSA
Assistant Director ERM
Anne Duprat, CA, CFA, MBA
Senior Manager, Advisory Services
Risk Management and Operations Improvement
A Higher Standard for Risk Professionals
5. Five Operational Risk Classes
People The risk of a loss intentionally or unintentionally caused by
Risk an employee— i.e. employee error, employee misdeeds—
or involving employees, such as in the area of employment
disputes.
Process Risks related to the execution and maintenance of
Risk transactions, and the various aspects of running a
business, including products and services.
Relationship Losses arising from the relationship or contact that a firm
Risk has with its clients, shareholders, third parties, or
regulators.
Technology The risk of loss caused by a piracy, theft, failure,
Risk breakdown or other disruption in technology, data or
information; also includes technology that fails to meet
business needs.
External The risk of loss due to damage to physical property or
Risk assets from natural or non–natural causes. This category
also includes the risk presented by actions of external
parties, such as the perpetration of fraud from an outside
source.
A Higher Standard for Risk Professionals
6. Corporate Governance
Board
Board Interlinks
Independence
Conflicts of
Management Interest …. Compensation
Structure
Related Party
Self Dealing
Transactions
A Higher Standard for Risk Professionals
7. Countrywide: Business
Practices
• Countrywide came under criticism (NYT, 8/26/2007) for squeezing
every possible dollar from customers in fees (lending, servicing,
closing)
• Countrywide’s entire structure was predicated on earning higher
than industry average fees
• Sold subprime loans under alleged false pretenses: did not count
all income sources which may have allowed qualification for
standard loans
• Sales staff were paid higher commissions for loans with lengthier
than average prepayment terms and shorter presets
• Higher commissions paid for mortgages that were sold in tangent
with home equity loans
• No compensation and no money down loans issued; loans
extended to some with credit scores as low as 500
A Higher Standard for Risk Professionals
8. Countrywide: Business
Practices
Former sales exec: “The entire commission structure in both prime and subprime
was designed to reward salespeople for pushing whatever programs Countrywide
made the most money on in the secondary markets.”
• Countrywide advertized that it was dedicated to getting the best loan possible
• Countrywide’s reliance on securitization drove sales behavior
• Subprime mortgages earned more in secondary markets, were more in demand
from investors, and hence, sales execs were compensated to sell more of them
• Securitization influenced lender’s risk culture because it seemingly “outsourced”
credit risk; loans were be made with focus on volume rather than credit
worthiness
• However, with the outsourcing of credit risk, came increased operational,
reputational and liquidity risk
A class action suit has been filed by shareholders claiming that the lender “issued
false and misleading statements…”
A Higher Standard for Risk Professionals
9. Characteristics of Subprime
Events
•70 in Algo FIRST database (as of 3/24/2008)
•$70 billion in losses
•Largest loss: $18.4 billion
Event Triggers Control and Contributory
• Liquidity Risk • Market Risk Factors
• Credit Risk • High Pressure • Undertook Excessive Risks
Sales Tactics • Strategy Flaw
• Suitability • Accounting • Lack of Internal Controls
Fraud • Failure to Disclose
• Breach of • Concealing • Failure to Supervise
Fiduciary Losses/Problem • Inadequate Due Diligence
Duties Assets Efforts
A Higher Standard for Risk Professionals
11. Examining Linkages between
OpRisk & Corp. Gov.
• The largest accounting fraud events in the database (Enron,
Adelphia, Parmalat) display instances of related party
transactions
• The largest internal fraud events in the database include
breakdowns of board level accounting oversight
• The largest oprisk events in the FIRST database involve people
risk and some sort of fraud – primarily accounting fraud
• The majority of the largest losses in the database occur in the
corporate center of the organization (senior management, board
of directors)
• Predictable given the access senior management has to
decision making, information and policy
Data Set: 322 OpRisk Events in FIRST database
A Higher Standard for Risk Professionals
12. Operational Risk Events with
Corporate Governance Breaches
(337 events)
Source: FIRST database
A Higher Standard for Risk Professionals
13. Operational Risk Events –
broken down by people risk category
Source: FIRST database
A Higher Standard for Risk Professionals
14. Conclusions
• Conflict-of-interest at the executive and board level can serve as
indicators of an environment that is prone to experience
operational risk events.
• Conversely, operational risk events may indicate problems at the
senior management and board level.
• Decisions made at the top of the organization out of self interest
can have a detrimental effect on all stakeholders
• Related party transactions serve as red flags for the existence of
conflict-of-interest
• Senior management is responsible for establishing, maintaining
and distilling corporate values
A Higher Standard for Risk Professionals
16. Overall Similarities
• Most companies believe that ERM can increase better decision
making.
• Few have integrated into strategic planning/budgeting/risk-
adjusted performance, in the day-to-day activities.
• The majority of directors in both industries have a good
understanding of their company’s risks.
• In both industries, boards do understand the risk/return trade-offs
of strategic decisions when Boards are presented the proper
analysis.
• Most established ERM are less than 2 years old but majority wants
to implement within 2-3 years.
A Higher Standard for Risk Professionals
17. Support for ERM Objectives
• Little more than half of the businesses we surveyed said that the
objectives of ERM are understood and supported “entirely” or
“significantly” by the board of directors and senior management,
this decreases to only one in four in middle management and only
4% of employees as a whole.
A Higher Standard for Risk Professionals
18. Governance
Financial Institutions Corporates
• Risk Committee at the Board level • Audit committee is usually charged
work in close collaboration with with the risk/ERM function in addition
Audit Committee. More elaborated. to overseeing the audit function.
• Board more educated about risk. • More reliance on top management
to inform board.
• CRO is usually charged with the • CFO is responsible for the ERM
ERM function. program (50%) compared to the
• Risk Appetite statements are more CRO (10%).
often defined. • Risk Tolerance is usually the focus,
when done.
• More diverse frameworks:
Regulatory/value creation like • Risk Framework: COSO / ISO/ SOX
Aus/NZ Standards compared to more prevalent as drivers.
COSO. • Executive compensation not linked
to risk.
• Risk better integrated with executive
compensation.
A Higher Standard for Risk Professionals
19. Risk Identification
Financial Institutions Corporates
• Risk Inventory is broader. • Risk Inventory is narrower.
• Risk Importance:
• Regulatory/ Strategic(1st) • Risk Importance:
• Financial risk(2nd) • Strategic risk(1st)
• Operational(3rd) • Operational risk (2nd):
Supply chain risk/
pandemic/food safety/
P&C.
• Financial (3rd)
• Compliance(4th). SOX
has done the job!
A Higher Standard for Risk Professionals
20. Risk Quantification/
Assessment
Financial Institutions Corporates
• Based on internal models for some • More qualitative assessment
risks: focusing on ranking only.
- Traded portfolios: Var.
- Credit Risk: Intensity Based & • Risk scales are qualitative: high/low.
Credit migration models • Prioritization of risks is thus more
- Operational risk: LDA qualitative, more based on gap-type
- Based on market value impacts analysis.
for others:
- Strategic/reputation. • More emphasis on heat maps/
scorecards.
• Correlation: often performed(EC)
• Less analysis of unexpected events:
• Prioritization of risks is a by-product Company killers!
of the quantitative analysis.
• Metric chosen: EBIT.
• Analysis inform company of the
potential of all risks: expected vs.
unexpected.
• Metric chosen: Value Metric
A Higher Standard for Risk Professionals
21. Risk Management
Financial Institutions Corporates
• Still siloed but less than • Risk is still siloed and viewed to be
corporations. Attempt to manage the domain of traditional risk
direct/indirect impacts of risk: managers.
• Reputation impact • Board members still believe that
• Corporate social their companies don’t manage risks
responsibility. very well. More reactive than
• Social responsible proactive.
investments guidelines.
•Environmental guidelines.
• Still try to control risk.
• More portfolio views of ERM.
• Less emphasis on cost/benefit
analysis of implementing controls.
• More emphasis on business
continuity/crisis management.
A Higher Standard for Risk Professionals
22. Risk Disclosure
Financial Institutions Corporates
• Elaborate for financial risks: • Still focus solely on SEC
• Trading portfolios VARs. requirements for publicly held
• Credit limits/Credit Var. companies.
• ALM risks. • Communicate after the fact during a
crisis
• Still limited for:
• Operational risk.
• Reputation risk.
• Basel II, Pillar III will improve on
that.
A Higher Standard for Risk Professionals
23. Rating Agency Drivers:
Standards & Poors
• Proposal to include ERM as part of the Credit Analysis decision.
• Issued in the Fall of 07.
• Comments were submitted until March 08.
• Proposal to include ERM or not will be issued soon.
• Describes an analysis approach to ERM from S & P’s perspective:
components.
• Describes a high-level scoring approach to ERM: Scoring approach.
• Describes high level principles on how the ERM would be integrated
with the credit rating approach: Ratings impact.
A Higher Standard for Risk Professionals
24. S & P’s ERM for the
Corporate Sector
• Modeled after what is being done for the Financial Sector.
• S & P is of the view that ERM can help companies anticipate/better
manage risk on a forward looking approach:
• Help reduce volatility of earnings → overall probability of
default by the firm → overall credit rating.
• Credit rating approach has 3 main components:
• Business profile
• Financial profile
• Management profile: ERM would influence this component.
A Higher Standard for Risk Professionals
25. S & P’s ERM: Components
• Risk Governance and Culture:
• Roles/structure/accountability
• Communications: Internal/External
• Looks for transparency of the ERM process.
• Firm must look beyond just compliance.
• Business units daily adherence to risk tolerance: Use Test
of other regulatory criteria!
• Risk Controls:
• Identification/measuring/managing risks.
• Proper implementation of risk controls.
• Risk tolerance and risk limits consistency.
A Higher Standard for Risk Professionals
26. S & P’s ERM: Components
(continued)
• Emerging risks preparation:
• New and extremely rare events: Unexpected/Cat.
• Wants to see firms have in place processes to deal:
• Environmental scanning
• Trend analysis
• Stress testing
• Contingency planning
• Strategic risk management:
• Incorporate risk into strategic decision making.
• Must use a comprehensive measure of risk: enterprise
value.
• Will seek evidence of implementation in:
• Strategic asset allocation, new products, M & A,
compensation.
A Higher Standard for Risk Professionals
27. The evolution of risk and controls
From score-keeping to strategic partnering
April 2008
ADVISORY
43. Enterprise Risk Management –
Similarities & Differences between
Corporates and Financial Institutions
Montreal - April 9, 2008
A Higher Standard for Risk Professionals
44. PRMIA would like to thank
our sponsors
A Higher Standard for Risk Professionals
45. PRMIA would like to thank
our panelists
Penny Cagan (penny.cagan@algorithmics.com)
Managing Director
Operational Risk Division
Michel Rochette, MBA, FSA (Michel_Rochette@aon.com)
Assistant Director ERM
Global Risk Consulting
Anne Duprat, CA, CFA, MBA (aduprat@kpmg.ca)
Senior Manager, Advisory Services
Risk Management and Operations Improvement
A Higher Standard for Risk Professionals
46. Upcoming PRMIA and
Partner Events
• An Overview of Credit Modelling and
Management (IFM2) (More information can
be found at http://www.ifm2.uqam.ca).
April 10-11, 2008
• Buy Side Risk Managers' Roundtable
May 27, 2008
A Higher Standard for Risk Professionals