Preparing for PRISM 2013
advertisement
W E LO O K AT TH I N G S D I F F E R E NTLY Preparing for a PRISM inspection November 2013 WE LOOK AT THINGS DIFFERENTLY Contents of presentation 1. 2. 3. 4. 5. 6. 7. What is PRISM? PRISM assessment / rating of credit unions What is required by CB for a PRISM inspection? 10 Risk Categories under PRISM Central bank approach How PRISM inspection is carried out What issues are coming up from inspections / Questions??? 8. Outcomes - Risk Mitigation Plans (RMP) 9. What next WE LOOK AT THINGS DIFFERENTLY 1 – What is PRISM? PRISM is the CB Risk based supervisory framework, initially rolled out in May 2012 Probability Risk and Impact SysteM All 11,000 financial institutions are assessed and given an impact rating . Impact ratings are determined by following metrics: (a) Asset Size (b) Regulatory Reserves (c) number of members) WE LOOK AT THINGS DIFFERENTLY 1 – What is PRISM? PRISM is designed to: • Adopt a consistent approach to risk • Allocate resources based on impact • Set level of engagement (e.g. with high impact firms) • Ensure action is taken early to mitigate risk • Analyse better management information about risk profiles of firms WE LOOK AT THINGS DIFFERENTLY 1 – What is PRISM? PRISM management information / database: • Centralised all credit union data • Including Prudential Returns, Annual Returns, Audited accounts + details of any reviews, assessments of credit unions • Any PRISM inspection of a CU will feed into the system • System sends alerts (e.g. when RRR < 10%) • Alerts for follow up visits, updates etc WE LOOK AT THINGS DIFFERENTLY 2 – PRISM assessment / rating of credit unions Firms are assessed as High Impact, Medium High Impact, Medium Low Impact and Low Impact Credit unions are ranked as follows High Impact None Medium High 20 credit unions Medium Low 248 credit unions Low 130 credit unions WE LOOK AT THINGS DIFFERENTLY 2 – PRISM assessment / rating of others PRISM Insurance Banking Ultra High 1 4 High 12 3 Med High 24 12 Med Low 82 18 Low 149 34 Total 268 71 WE LOOK AT THINGS DIFFERENTLY 2 – PRISM assessment / rating of credit unions • Supervisory contact is tailored for firms based on their impact category • Credit unions will get different levels of attention • High Impact and Medium High Impact firms proactive supervision • Low Impact - reactive supervision • Most credit unions are in Medium Low category so will have a mixture of both WE LOOK AT THINGS DIFFERENTLY 2 – PRISM assessment / rating of credit unions Medium High Impact credit unions Full PRISM inspection 3-5 days, 3-5 supervisors on-site Analysis of business model, governance, finances Full inspection every 3 years Regular meetings with CB Risk Governance Panel Occasional Board Meeting attendance Checks to include analysis of board minutes, effectiveness of board WE LOOK AT THINGS DIFFERENTLY 2 – PRISM assessment / rating of credit unions Medium Low Impact credit unions Full PRISM inspection , but less frequent given large number of credit unions . 2 days, 2 supervisors on-site Semi – automated Return analysis (alerts) Regular meetings with CB with key officers Board Meeting attendance much less likely More hands on approach for problem credit unions WE LOOK AT THINGS DIFFERENTLY 2 – PRISM assessment / rating of credit unions Low Impact credit unions On site PRISM inspection less likely. Only when required or for problem credit unions (e.g. low RRR) Semi – automated Return analysis (alerts) Reactive supervision but breaches of Regulatory requirements will be acted upon (e.g. low RRR) WE LOOK AT THINGS DIFFERENTLY 3 - What is required by CB for a PRISM inspection? • Board Packs (last 12 months) • Org chart • Pen picture of board and management (qualifications, experience) • Board minutes (last 3 years) • Supervisory Committee minutes (last 12 months) • Credit control, investment committee minutes (last 12 months) WE LOOK AT THINGS DIFFERENTLY 3 - What is required by CB for a PRISM inspection? Under policies • Credit and Credit control policy • Investment policy • Provisioning policy • Money Laundering policy • Liquidity Policy • Risk management policy • IT / IS policy (including information security, BCP, off site back up, management information policy) WE LOOK AT THINGS DIFFERENTLY 3 - What is required by CB for a PRISM inspection? Other information required • Copies of Loan Book Reviews, External Reviews • Investment statements • Rescheduled loan reports • Loan reports (loans by sector, loans by purpose, connected party loans • Arrears reports (last 12 months) • IT/IS reports (SLA with IT vendor, listing of personnel and vendors with special access) WE LOOK AT THINGS DIFFERENTLY 3 - What is required by CB for a PRISM inspection? Other information required • Copies of management accounts • Projections and financial plans • Strategic plan (3 year minimum) • Risk appetite statement Note there is substantial material available from the Monitoring Dept to assist with all of the above. All available on the ILCU website WE LOOK AT THINGS DIFFERENTLY 4 - 10 Risk Categories under PRISM Central Bank assess all firms under 10 risk categories. Some are more relevant for credit unions than others. Credit risk and capital risk are obvious areas of focus for credit unions with climbing arrears and reserves being depleted by loan losses Insurance risk would be a lower priority. WE LOOK AT THINGS DIFFERENTLY 4 - 10 Risk Categories under PRISM Risk Category Types of checks done 1- Credit Risk Review of loan arrears, provisions, stress tests 2 -Market Risk Analysis of investments by category, review of investment policy 3 – Capital Risk Review of capital, fixed assets 4 – Operational Risk Review of compliance with AML, review of BCP WE LOOK AT THINGS DIFFERENTLY 4 - 10 Risk Categories under PRISM Risk Category Types of checks done 5- Insurance Risk Review of compliance with S47 CU Act 6 – Liquidity Risk Analysis of adequacy of liquidity, review of liquidity policy 7 – Governance Risk Review of experience of CU personnel, review of risk management framework WE LOOK AT THINGS DIFFERENTLY 4 - 10 Risk Categories under PRISM Risk Category Types of checks done 8- Strategic Risk Review of strategic plan, analysis of projections 9 – Environmental Risk Review of macroeconomic trends to establish potential impact on credit union 10 – Conduct Risk Review of compliance with applicable consumer protection legislation WE LOOK AT THINGS DIFFERENTLY 5 - Central bank approach • CB has outlined they are taking a forward looking approach, being more proactive and expecting credit unions to be more proactive • Approach is to be constructive and challenging based on analysis of all data (challenging aspect has been a problem at times) • There should be open communication (has not always been the case) • Supervisors will make judgement calls based on analysis to build an overall risk profile of the firm WE LOOK AT THINGS DIFFERENTLY 5 - Central bank approach • Risk appetite of CB: CB has indicated that any risk probability rated as medium high/high must be mitigated • Focus on risks which, if left unmitigated, could threaten the financial future of the credit union (e.g low RRR) • Wilful non compliance with an RMP action will be taken seriously WE LOOK AT THINGS DIFFERENTLY 6 How PRISM inspection is carried out • Depending on category of credit union, 2-5 inspectors carry out PRISM inspection on site • The CB team will then meet individually with the following : • Chairman and Secretary - to discuss Governance, Risk and Compliance, high level view of credit union and the future of the credit union. This would include discussion of the strategic plan WE LOOK AT THINGS DIFFERENTLY 6 How PRISM inspection is carried out • Board and Manager - to discuss financial accounts of the credit union. This would cover financial ratios (PEARLS, RRR) returns on assets, strategic planning. Likely to go through the strategic plan and the future plans of the credit union in a lot of detail. • Supervisory committee / Board Oversight Committee – to discuss their work and findings. This would include a discussion of minutes and recommendations. WE LOOK AT THINGS DIFFERENTLY 6 How PRISM inspection is carried out • Overall meeting with the collective Board, Supervisors (Board Oversight Committee), Managers - to discuss overall situation and issued covered in other meetings. • The Risk Mitigation Plan (RMP) should be discussed at this point, which should highlight risk areas and set out work required to mitigate these risks. • A copy of this RMP should be sent to the credit union following the inspection and meetings. In some cases there has been substantial delays in the RMPs being sent to credit unions. WE LOOK AT THINGS DIFFERENTLY 7 - What issues are coming up from inspections Governance Risk • Limited rotation of Board, no succession plan • Lack of financial expertise on board • CU policies not being reviewed annually • CU policies not being signed off by the board • Review of policies by Supervisory committee highlighted issues and not acted upon • Gap in Board oversight in relation to risk management and BCP WE LOOK AT THINGS DIFFERENTLY 7 - What issues are coming up from inspections Strategic Risk • No formal strategic plan in place • No detailed financial projections completed • Strategic plan does not outline (a) clear objectives, (b) clear methods of achieving goals (c) a method for monitoring implementation of plan • Strategic plan does not set out the system of review of the plan WE LOOK AT THINGS DIFFERENTLY 7 - What issues are coming up from inspections Credit Risk • Lending policy does not set out in detail (a) repayment capacity assessment (b) situations where a board may approve loans to members in arrears. • Lending policy does not include detail of (a) authorisation levels, (b) definition of suitable debt/income ratio (c) details re top up lending (d) details re loans in arrears WE LOOK AT THINGS DIFFERENTLY 7 - What issues are coming up from inspections Credit Risk • CU does not have a documented provisioning policy. Policy must include details on (a) roles and responsibility, (b) application levels of provisions for loan impairment categories • CU does not review provisions quarterly. The outcome of this review must be documented and provided to the Board WE LOOK AT THINGS DIFFERENTLY 7 - Examples of questions ??? Q - Do you think there has been good lending? Provisions and write offs, has cost members €X million. Q – What if your lending continues to fall? Q – Where will the income come from? Q – Where is new lending going to come from? Q – This is a small town, where is the lending going to come from? Q - You hope to lend to young members. They did not borrow before now, what has changed? WE LOOK AT THINGS DIFFERENTLY 7 - Examples of questions ??? Q – What firms are operating in the town? Q – What firms have closed in recent years? Q – Where is BCP? Who maintains the BCP? Q - Where would you operate from if a fire occured in main building? Q – Describe your Board? What qualifications do they have? Q – How is your premises being valued? The current valuation in the accounts is overstated WE LOOK AT THINGS DIFFERENTLY 7 - Examples of questions ??? Q – Does your board understand their role and responsibilities? Q – Describe the skill set of board and management, are there any gaps? Q – What is the role of the board in the formulation of the financial projections? Q – How is board oversight exercised (e.g policy review) Q – How does board split time between operational and strategic implementation? WE LOOK AT THINGS DIFFERENTLY 7 - Examples of questions ??? Q – Describe the current business model Q – How does the credit union plan to improve it’s financial performance? Q – Are KPIs compared to Peer Credit Unions? Q – With what rate of Reserves would the credit union be satisfied? Q – What aspects of governance framework pose a risk? WE LOOK AT THINGS DIFFERENTLY 7 - Examples of questions ??? Q – What is the loan book breakeven point? Q – Did you consider reducing the loan rate for loans within shares? Q - Do you see any risk in Spanish Government Bonds? Q – Have you considered de-leveraging? Q – Have you ever consider reducing the LPLS or DBI costs? Q – Has the credit union being topping up loans to hide arrears? WE LOOK AT THINGS DIFFERENTLY 8 - Outcomes - Risk Mitigation Plans (RMP) • Risk Mitigation Plans will be devised following inspections, and issued to credit unions. • These plans will set out deadlines for remediation actions • The RMP will be tracked and will form the basis of follow up by the CB • Deadlines will change depending on nature of remediation actions required • The RMP should be discussed at meetings with credit union personnel WE LOOK AT THINGS DIFFERENTLY 8 - Outcomes - Risk Mitigation Plans (RMP) RMP examples – PRISM inspection Sept 2012, RMP received January 2013. Issue Lack of defined underwriting policy Lack of provisioning policy Counterparty exposure above 25% Strategic plan does not set out goals Deadline Mar 2013 Mar 2013 June 2013 Mar 2013 WE LOOK AT THINGS DIFFERENTLY 8 - Outcomes - Risk Mitigation Plans (RMP) RMP examples – PRISM inspection July 2012, RMP received August 2012 Issue No integrated strategic plan CU does not stress test capital Limited rotation of board (policy) Lending policy lacking detail Deadline TBC Dec 2012 Dec 2012 Dec 2012 WE LOOK AT THINGS DIFFERENTLY 9 – What next., how to survive PRISM How to survive Prepare a Risk Appetite Statement Prepare a Risk Managemen t system Assess and score Risks Create Risk Mitigants (e.g policies, procedures, training) Report to Board WE LOOK AT THINGS DIFFERENTLY 9 – What next., how to survive PRISM • Help available from the League • Risk Management system in place (Risk Appetite, Risk Scoring) • Explanatory notes issued • Training available from Monitoring • No need to “buy in” an IT based Risk Management system at extra cost to the CU • Draft policies under all various categories available on the League website WE LOOK AT THINGS DIFFERENTLY Thank you for your time www.creditunion.ie for more help Tom Kiely, tkiely@creditunion.ie Dave Hewson, dhewson@creditunion.ie
