Presentation Title
advertisement
Enterprise Risk Management: Beyond Regulatory and Governance Standards PRMIA Singapore July 23, 2004 James Lam President ph: 781.772.1961 jameslam@comcast.net Our president, James Lam, has spent 20 years in risk management Professional Industry Activities President, James Lam & Associates Founder and President, ERisk Partner, Oliver, Wyman & Company CRO, Fidelity Investments CRO, Capital Markets Services Inc., a GE Capital company PRMIA Blue Ribbon Panel Member GARP Inaugural Financial Risk Manager of the Year (1997) Published over 50 articles and book chapters Quoted in Wall Street Journal, Financial Times, Risk Magazine, and CFO Magazine Academic Consulting Projects Senior Research Fellow, Beijing University Adjunct Professor, Babson College Lectured at Harvard Business School as the subject of a HBS case study MBA, UCLA School of Business BBA, Baruch College Enterprise risk management Financial risk (market, credit) Operational risk Business/product strategies Economic capital analytics Risk policies and reporting “Rent-a-CRO” services 1 Our clients represent leading companies in a wide range of industries 2 While our experience is diverse, we are singularly focused on risk management Industries Engagements Commercial banks ERM vision and strategy Investment banks Risk policies & limits Insurance companies Risk assessment Asset management firms Analytics and reporting Non-financial corporations Value-based strategies Government entities M&A strategy/integration Product/service providers Education and training 3 As discussed in James’ recent book, we define ERM as a value added function Definition of ERM: “An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value.” 4 Discussion outline Key trends and requirements Best practices and practical applications ERM in the future 5 ERM is useful because the risks faced by companies are highly interdependent Enterprise-Wide Risks Financial Risks FX risk in a new foreign market Financial Risk Business Risk IT and business process outsourcing Operational Risk Derivatives documentation and counterparty risk Credit Risk Associated with Investments Market Risk Liquidity Risk Funding Liquidity Asset Liquidity Credit Risk Credit Risk Associated with Borrowers and Counterparties 6 Traditionally, risks were managed within organizational “silos” Credit Risk Who How Market Risk A/LM Risk Operational Risk • Chief Credit Officer • CFO • Treasurer • Internal Audit • Business Managers • Asset/Liability Manager • Corporate Actuarial • Exposure Limits • Investment Limits • Trading and A/LM Limits • Controls • Portfolio Measurement • Portfolio Return • Value at Risk Management • Securitization/ Derivatives • Growth Limits • Financial Derivatives • Audit Review • Insurance 7 ERM provides an integrated value-added approach Enterprise Risk Management Chief Risk Officer/Chief Financial Officer Credit Risk Market Risk Business Risk Operational Risk Business Managers Internal Audit Treasurer Chief Credit Officer Asset/ Liability Manager Corporate Actuaries Early Adopters Barclays GE Capital Citigroup JP Morgan Chase CIBC Fidelity Investments Goldman Sachs Merrill Lynch Deutsche Bank Bank of Montreal Benefits Broadens risk awareness Aligns risk profile and strategy Minimizes surprises and losses Rationalizes capital requirements Assures regulatory compliance Improves ROE and shareholder value 8 Early adopters of ERM have reported significant and tangible benefits Benefit Company Actual Results Market value improvement Top money center bank Outperformed S&P 500 banks by 58% Early warning of risks Large investment bank Global risk limits cut by 1/3 prior to Russian crisis Loss reduction Top asset management company Loss-to-revenue ratio declined by 30% Regulatory capital relief Large commercial bank $1 billion regulatory capital relief Insurance cost reduction Large manufacturing company 20-25% reduction in insurance premium 9 Annualized total shareholder returns (19982003) for differing degrees of risk model sophistication and risk tool usage Source: PA Consulting Survey of Global Banks 10 Companies must overcome barriers to success Inertia – absence of crisis; general resistance to change Lack of management sponsorship or line support Episodic initiatives with no long-term vision Ineffective and inconsistent risk metrics and reporting Insufficient human, systems, and data resources Failure to clearly demonstrate “early wins” and sustainable benefits Move too fast or too slow, without addressing change management issues 11 The growing acceptance of ERM is driven by four key forces • Banks • Asset Managers • Energy Firms • Corporations Best Practices Corporate Disasters • Enron • WorldCom • Adelphia • Mutual Funds Enterprise Risk Management Regulatory Actions • S.E.C. • Sarbanes-Oxley • Basel II • Treadway Report, US • Turnbull Report, UK • Dey Report, Canada Industry Initiatives 12 Companies are faced with an influx of new requirements Basel II • New accord consists of three pillars: – Minimum capital requirements – Supervisory review – Public disclosure • Explicit treatment of operational risk • More granular analyses of credit risk • Section 404: Management assessment of internal controls for financial reporting attestation by auditor Sarbanes-Oxley Act of 2002 Other Requirements • Section 302: CEO/CFO certification of financial statements • Establish criminal penalties for executives and independence requirements of auditors • SEC/NYSE/NASDAQ corporate governance rules • State attorney general probes • Patriot Act; anti-money laundering and bank secrecy act 13 A proactive approach to ERM is driven by best practices, not regulations Proactive Approach Reactive Approach Current state CEO ? ? ? SarbanesOxley ? ? • Benchmarking • Gap analysis • Recommendations Basel II Desired state (best practices or best-in-class practices) • Common themes • Unique standards Governance Requirements New industry standards SarbanesOxley Basel II Governance Requirements New industry standards 14 CFOs are not meeting the expectations of board chairmen and corporate executives for internal controls and ERM High stakeholder expectations… … but poor performance to date 55% 43% 34% 19% SOX “Tight internal financial controls” is one of the most important business success factors ERM The CFO – rather than the CRO, CEO or board – should take lead in ERM SOX CFO/finance doing good job of enforcing internal controls ERM CFO/finance doing a good job of managing risk Source: 2004 Economist Intelligence Unit survey of 182 executives at U.S. and foreign companies. Respondents included board chairmen, CEOs, corporate and line managers; about 2 percent were CFOs 15 Discussion outline Key trends and requirements Best practices and practical applications ERM in the future 16 Key takeaways from the 2004 Federal Reserve ERM Conference The Federal Reserve Board and all twelve district Banks are in the early stages of ERM development. Should have cascading impact on bank supervision. Governor Olson – In 1966 the First Bank System conducted its first external audit as a optional exercise, but now it is a requirement. Predicts the same for ERM. Governor Bies – ERM and internal controls (COSO) are not the same: – ERM is a management process focused on risk/return dynamics of customers, products, pricing, and costs. – Internal controls are part of a governance process focused on authorizations, documentation, and process integrity. 17 An ERM framework should encompass seven key building blocks 1. Corporate Governance Establish top-down risk management 2. Line Management Business strategy alignment 3. Portfolio Management Think and act like a “fund manager” 5. Risk Analytics Develop advanced analytical tools 4. Risk Transfer Transfer out concentrated or inefficient risks 6. Data and Technology Resources Integrate data and system capabilities 7. Stakeholders Management Improve risk transparency for key stakeholders 18 An ERM system should address all risk types, qualitative and quantitative data, and risk monitoring and management applications Basic ERM applications: • Executive reporting • Key risk indicators ERM Dashboard • Loss/incident tracking • Control self assessments • Early warning indicators • Risk mitigation projects tracking CREDIT RISK Data Mining MARKET RISK BUSINESS RISK RISK “PILLARS” OPERATIONAL RISK • ERM content management Advanced ERM applications: • Risk transfer • Economic capital • Scenario analysis • Shareholder value management Internal and External Data 19 Data warehouse based information value chain Query Reporting ERP CRM ETL SCM Extraction Transformation Loading Data warehouse Datamart Datamart OLAP Analytics Warehouse Management Transactional Applications Department Analytic Apps CRM Datamart Legacy Proprietary BI Technology Supply Chain Enterprise Analytic Apps BPM Data Mining Statistical Modeling Meta Data Reporsitory BI Tools Enormous Inventory Increasing Business Value Predictive / Strategic Intelligence Expensive Distribution Channel 20 An “executive dashboard” based technology approach Executives Presentation Consumable Metrics Model Network Presentation Model - Metrics, Information CXO Systems Business Information Network Risk Systems • Credit • Market • Operational Desktop Data Analytical Systems • Excel • Data Warehouse • Word Data Sources • BI 21 An ERM dashboard should provide the CRO and senior management with full risk transparency – Compliance with risk policies and regulations • Exposures vs. policy limits • Regulatory compliance – Earnings-at-risk • Major internal drivers • Key external variables – Risk/return performance tracking • Business units • Customer segments • Products – “Right time” risk reporting • One touch visibility • Drill down capabilities • 24x7 escalation • Early warning signals 22 Example: monthly risk report Gross Losses YTD YTD OperationalLosses Losses Operational Credit CreditLosses Losses Market MarketLosses Losses Other OtherLosses Losses Sub-Total: Sub-Total: Loss/Revenue Ratio: Loss/Revenue Ratio: Current Current Risk Incidents Incident Exposure Response 1. Management Assessment 1.____________________ ____________________ ____________________ _________ 2. 2. 3. 4. 3. Accounting for actual losses incurred Reporting of risk incidents, exposures, and near misses Management discussion of major 4. risk issues (“what keeps me up at night”) Losses 1992 1993 1994 1995 1996 Q1 97 23 Example: monthly risk report (cont’d) Core Risk Measures Key Risk Trends Real Estate Index Operational Performance Goal + MAP Region Period Credit Counterparty Exposure Other Trouble Indicators Notional Limit Period Period Interest Rate Exposure Improving Trends Limit Period Period 24 Given that risk is about the future, early warning indicators should be developed Risk Category Credit Risk Market risk Early warning indicators • Borrower/counter party stock price declines • Widening of credit spreads in the debt and credit derivatives markets • Increases in actual and implied price volatilities • Breakdowns in historical price relationships and patterns Business Operational Risk • Spikes in business growth, profitability, and complexity/change • High and undesirable turnover rates Enterprisewide Risk • Increases in any risk concentrations and/or organizational powers • Changes in intra- and inter-risk correlations 25 Companies should integrate ERM into business processes and value drivers Risk Management Impact Revenue Expenses ROE Losses Shareholder Value Equity New Business 1. Risk-based pricing 2. Target customer selection 3. Relationship management 4. Risk oversight costs 5. Insurance/hedging expense 6. Credit, market operational write-offs 7. Capital management 8. Risk transparency 9. New business development Growth M&A Risk Management by Silos (5, 6) Integrated risk management (4–7) 10. M&A/Diversification strategy Enterprise risk management (1-10) 26 Economic capital represents a common currency for risk Credit Risk Earnings volatility due to variation in credit losses Credit Risk Market Risk Operational Risk Market Risk Earnings volatility due to market price movements Enterprise-wide Risk Operational Risk Earnings volatility due to changes in operating economics (e.g. volume, margins or costs) or one-off events Probability Change in Value 27 Measuring profitability and pricing Calculate ROE Calculate Pricing Exposure $100 mm $100 mm Margin 2.50% 2.20% Revenue $2.5 mm $2.2 mm Risk Losses <0.5 mm> <0.5 mm> Expense <1.0 mm> <1.0 mm> $1.0 mm $0.7 mm <0.4 mm> <0.3 mm> Net Income $0.6 mm $0.4 mm Economic Capital $2.0 mm $2.0 mm RAROC 30% 20% Pre-Tax Net Income Tax 28 Rationalized risk transfer Different Structures Common Cost/Benefit Framework Return Derivatives Structured Finance Insurance Ceded RAROC = Economic Capital Return – Pay cashflows or insurance premium – Include transaction and ongoing management costs – Reduce Economic Capital ‘benefit’ Economic Capital – Reduce Economic Capital held for risk – Increase Economic Capital counterparty exposure – Increase operating risk Economic Capital 29 Applications of the Economic Capital Performance Measurement on an Apples-to-Apples Basis EVA: Enables Strategic Planning RAROC Compared to Peers by Line of Business Value Creation by Business Unit Legend Value Creation 1050 Value ($ Million) 90% 75% 50% 25% 10% hurdle Value Destruction 1000 950 900 850 800 750 Remuneration Target setting Drives risk-adjusted pricing Co rp or at e Tr ea su ry Mortgages M or tg ag es Credit Card Cr ed it Ca rd Small Business Sm al lB us in es s Middle Market M id dl e Corporate Lending M ar ke t 700 Grow businesses that create shareholder value Overhaul/divest businesses that destroy shareholder value What-if analysis 30 ERM requires balancing the hard and soft side of risk management Hard Side Soft Side Measures and reporting Risk awareness Risk oversight committees People Policies & procedures Skills Risk assessments Integrity Risk limits Incentives Audit processes Culture & values Systems Trust & communication 31 Case study: Background 2-Year ERM Program New capital markets business Established risk policies and systems Traders hired from foreign bank Instilled risk culture Aggressive business and growth targets Captured 25% market share with zero policy violations Survived “Kidder” disaster Recognized as best practice 32 Hallmarks of success in ERM Engaged senior management and board of directors Established policies, systems, and processes, supported by a strong risk culture Clearly defined risk appetite with respect to risk limits and business boundaries Robust risk analytics for intra- and inter-risk measurement, summarized in an “ERM dashboard” Risk-return management via integration of ERM into strategic planning, business processes, performance measurement, and incentive compensation 33 Discussion outline Key trends and requirements Best practices and practical applications ERM in the future 34 Ten predictions on the future of enterprise risk management 1. ERM will become the industry standard 2. CROs prevalent in risk-intensive companies 3. Audit committees will evolve into risk committees 4. Economic capital in; VaR out 5. Risk transfer executed at enterprise level 6. Advanced technologies key to advancement 7. A measurement standard will emerge for operational risk 8. Risk-based or economic reporting becomes standard 9. Risk becomes part of corporate and college programs 10. Salary gap among risk professionals continues to widen 35 What makes a good CRO? Organizational and leadership skills to effect change Communication skills – “to simplify without being simplistic” Technical skills in credit, market, and operational risk Judgment to balance business and risk requirements Courage to push back and “say no” High EQ (emotional quotient) in addition to high IQ Ultimate CRO test: ability to integrate risk management into strategic planning and day-to-day business processes 36 Thank you James Lam’s contact information Phone: 781-772-1961 Email: jameslam@comcast.net 37
