Add to collection(s) Add to saved
  1. Business
  2. Economics

FIRO - University College Cork

advertisement 
An “Inside” View of PRISM
Justin McCarthy,
Governance, Risk and Compliance Centre
jmccarthy@ucc.ie
http://ie.linkedin.com/in/justincmccarthy/
A PRISM Primer for Others
Credit Union Summer School
May 23rd 2013
1
Agenda
A Primer on PRMIA
- What is PRISM?
- Impact and Probability Risk are different…
- Impact and how to understand it…
- Probability Risk… how will it affect you?
- Risk Mitigation and Engagement Tasks
- Final Thought…
- Questions and Answers
An important disclaimer
“When I joined the Central Bank, I signed a confidentiality
agreement... they very kindly gave me a copy of this when I left... and
a gentle reminder of the consequences of breaking it. Everything in
this presentation can be found in the Central Bank of Ireland's
excellent PRISM Explained document. To prove this I have included
quotes from the document where needed...all quotes are in italics and
can be found in PRISM Explained...”
2
Justin McCarthy
Justin McCarthy is based at University College Cork, Ireland. His work here is to
help establish a publically funded centre for Governance, Risk and Compliance
in the Financial Services industry. This work allows him to learn of many new risk
initiatives, meet risk practitioners & thought leaders and to interact with staff and
members from other Governance, Risk and Compliance bodies.
Justin McCarthy,
Governance, Risk and
Compliance Centre @ UCC,
Ireland.
jmccarthy@ucc.ie
http://ie.linkedin.com/in/justin
cmccarthy/
Justin has worked in risk roles in many firms, including Bank of America Merrill
Lynch, PricewaterhouseCoopers and with the Irish Financial Regulator. This work
has allowed him to see the changes in risk management since through and beyond
the recent global financial crisis. His work on the PRISM risk based supervision
framework with the Irish Regulator included exposure to banking, funds and
insurance risk practices as well as the quantitative work done on the related impact
models.
Recently he organised and chaired the 2012 GRC Summit Ireland which included
speakers such as Bob Mark, Colin Lawrence from the FSA / BoE and William Mason,
formerly of the Central Bank of Ireland. See videos at:
http://www.youtube.com/channel/UCxauT65bYylpGWNFybX8N9g
http://grcjustin.blogspot.com
http://www.prmia.org
He is the co-Regional Director of the Irish PRMIA Chapter and is the co-chair of
the EMEA Regional Directors committee. He serves on several PRMIA working
groups and sits on the PRMIA Education Committee and is the chair of the new CSuite Committee.
He was on the planning committee of the PRMIA Global Event in New York in 2012
and helped facilitate the PRMIA case study at the recent FSA Risk Symposium in
Cambridge, England. Justin has a BSc from University College Cork and an MBA
from the Michael Smurfit Graduate School of Business at University College Dublin.3
What is PRISM?
To quote “PRISM Explained”, PRISM makes it "easier for our supervisors to challenge the financial firms
they regulate, judge the risks therein and take action to mitigate those risks".
In more detail:
• 4 impact categories based on the size of the firm and the harm it would cause should it fail
• The level of supervisory engagement is based on a firm’s impact category
• Supervisors make judgements on probability risk categories, based on information gathered
through their engagement with the firm
• Supervisors are supplied with Risk Guidance Material that aids in deciding the probability risk
category of a firm – e.g. Open Questions
• Other material includes Key Risk Indicators, Memo Scores, Peer Group Reports and Central
Risk Scores
• Risk Mitigation Programmes (RMPs) will be agreed for any probability risk category rated MH- or
greater
The PRISM system is a platform that assists supervisors in implementing this new risk based supervision
approach…
The important thing here is "judgement" - quantitative or "black box systems were understood by few
(and bitter experience indicates that even those few had limited understanding) and thus were not subject
to adequate challenge".
4
Impact and Probability Risk are different…
•
•
•
•
•
•
Impact is increasing from Low (Left) through to
High (Right);
Impact is calculated using information received by
the Central Bank in items such as regulatory
returns.
These are "combined to calculate an impact score
for each firm so that, for each sector, we have a list
of all the firms in that sector ordered by impact.
These lists were used to divide all regulated firms
into four categories: high impact, medium-high
impact, medium-low impact and low impact."
Probability Risk is decided by the supervisors in the Central Bank
They have to make a judgement on the risk of a firm. "Supervisors
will form judgments on the risk probability posed by the firm in
relation to each category. PRISM is a judgement- based system in
that supervisors of higher impact firms will be required to make a
conscious choice as to the riskiness of a firm at each level in each
category.“
Important note "our low impact firms, we aim to regulate to avoid
sector-wide issues - such as widespread mis-selling by
intermediaries - but there are circa ten thousand low impact firms
and we will not seek to prevent individual failure. Rather, we will
supervise these firms reactively - ensuring that an administrator or
liquidator is appointed when they fail and that there is an orderly
revocation of authorisation and winding-up in accordance with
insolvency legislation"
5
Impact and how to understand it…
•
•
•
•
•
•
Impact metrics are covered in appendix C of
PRISM Explained
Let's keep this simple… a simple model is that
balance sheet size drives the impact of firms in a
sector...
The bigger your balance sheet, the higher your
impact and thus the further to the right on the
diagram your firm will fall.
Driven by regulatory returns… the only convenient way to change the impact category of a
firm is to do something like reducing the balance sheet size.
You can influence Probability Risk... See next slide
The Central Bank did do a consultation on this impact approach - see CP49... if you didn't
comment then, then it may be too late...
6
Probability Risk… how will it affect you?
•
•
•
•
•
Supervisor in the Central Bank has to make a judgement on the probability risk of a
firm. "Supervisors will form judgments on the risk probability posed by the firm in relation to each
category. PRISM is a judgement- based system in that supervisors of higher impact firms will be
required to make a conscious choice as to the riskiness of a firm at each level in each category."
"Overall Risk Rating" is the overall Probability Risk for a firm.
Driven by the categories below… the supervisor will review the firm for Credit Risk, Market Risk etc.
For each category there are sub categories, so for Credit Risk, the supervisor will record their
judgement on items such as the "Concentration of Credit Risk" for a firm.
Can be guided by Key Risk Indicators or KRIs - supervisor might look at the data for how
concentrated a firm is in it's lending to a certain set of customers or customer segment.
7
Impact and Probability Risk… A Review…
•
•
•
•
•
•
•
Impact measures the cost or damage the failure of a firm would have to the economy. It is calculated
from regulatory returns.
In the above firm A's failure would have more of an impact on the economy than firm B. In a simple
model based on just balance sheet size, we would expect Firm A to have a larger balance sheet in
Euro than firm B.
The only way to move a firm between impact categories is to reduce the impact score. For Firm
X to move to the same impact category as firm Y, it would have to do something like reduce it's
balance sheet size.
Probability Risk is based on the judgement of the supervisor as to the probability that a firm will fail.
In the above firm C has been judged to have a higher probability risk than firm B. This is based on
the judgement of the supervisor and not just data such as KRIs.
A firm can move between probability risk ratings by mitigating their risks and showing the supervisor
the results of this... they will then change their judgement of the probability risk of the firm and it will
move to a lower overall probability risk rating.
Thus firm X could move to a overall risk rating of firm Y by showing risk mitigation.
8
Engagement Tasks and Risk Mitigation
•
•
•
A firm is supervised based on their impact category – compare
a large firm with a multi-billion Euro balance sheet to one with a
million Euro balance sheet.
"Firms in each impact category will be supervised through the
completion of engagement tasks. We will engage with all firms
at a level that corresponds to their impact category; the higher
the impact category, the higher the level of engagement.“
Examples of these in Appendix A of PRISM Explained:
•
•
What happens if you are judged to have a
higher probability risk in one of the risk
categories or sub categories
"Any risk category which is probability rated
as medium-high or high must be
mitigated. If a supervisor rates a firm
medium-high or high probability in any risk
category, he or she will be prompted by the
PRISM application to open a Risk
Mitigation Programme (RMP) issue,
explaining the nature of the risk. Having
opened the issue, the supervisor will
construct one or more outcome-focused
actions to reduce the risk to an acceptable
level by a given deadline."
9
Engagement Tasks and Risk Mitigation
Re-assess Firm
Risk
Mitigation
Plan
Impact
Category
Engagement
Level
Assess
Probability
Risk
Internal
Quality
Control
10
Closing Thought…
To quote Deputy Governor Elderfield at the launch speech for PRISM
http://www.centralbank.ie/press-area/speeches/Pages/AddressbyDeputyGovernorMatthewElderfield.aspx in
December 2011:
"A further quality control mechanism built into the PRISM framework is giving firms a chance to comment
on draft Risk Mitigation Programmes. Once Risk Mitigation Programmes are written using the PRISM
application, we plan to share them with firms in draft form, giving each firm ten working days to highlight
factual inaccuracies, and, if it wishes, to propose alternative actions to mitigate unacceptable risks.
Our plans to share drafts and listen to alternative risk mitigation suggestions are conditional on industry
interacting appropriately. We do not plan to soften our risk mitigation in response to feedback from firms
that they are too demanding or too difficult. We are introducing the sharing of draft Risk Mitigation
Programmes on the basis that firms will react to them in an intelligent fashion, letting us know promptly when
an issue is inaccurate but not seeking to deflect us from our desired outcome. The final judgement on what
must be done to mitigate unacceptable risks to financial stability and the consumer will remain with Central
Bank supervisors.
I believe in constructive dialogue and I believe in giving firms the chance to say how the outcomes we seek
can be delivered in a better or more efficient way. I also don’t believe that we are ever going to get every
issue and every action right first time – hence my desire to trial this interaction with firms to help us quality
assure our risk mitigation programmes. I’d urge all firms to use this opportunity wisely."
11
An “Inside” View of PRISM
A PRISM Primer for Others
Credit Union Summer School
Questions and Answers?
12
Related documents
Grade 6 Answer Key - Geometry and Measurement
Grade 6 Answer Key - Geometry and Measurement
Volume: Prisms and Cylinders
Volume: Prisms and Cylinders
Print Version
Print Version
Drugs that may Cause or Worsen Symptoms of Myasthenia Gravis
Drugs that may Cause or Worsen Symptoms of Myasthenia Gravis
Enlarging Rectangular Prisms
Enlarging Rectangular Prisms
2nd_Assignment,_IB_Distance_Learning_-_Copy
2nd_Assignment,_IB_Distance_Learning_-_Copy
Maximizing Volume
Maximizing Volume
Investigation 1 Problem 1
Investigation 1 Problem 1
Download
advertisement