2. 2
PÖYRY MANAGEMENT CONSULTING – ENERGY
Europe’s leading specialist energy
management consultancy
Offering expert advice from strategy to
implementation on policy, regulation,
business operations, financing and
valuation and sustainability
Providing in-depth market analysis and
strategic insight across Europe
Over 200 energy market experts
in 12 offices across Europe:
Düsseldorf
Helsinki
London
Milan
Moscow
Oslo
Oxford
Paris
Vienna
Villach
Zurich
Madrid
4. 4
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
You do not want last resort Auditors to take lead:
Enterprise Risk Management needs to be forward looking and proactive –
are you ready for the future?
5. 5
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
What’s up?
Expected cost:
EU regulations and the transition towards Internal Energy Market
(IEM).
Tougher regulation sanctions (unlimited?).
Change of market design and capacity markets
More mandatory reporting.
Expected revenue:
Current market prices are down
Future market prices are down
Will we ever see nominal 2008 levels again?
Expected P&L
Does expected P&L, return and dividend reflect changes in revenue
and cost?
Does asset valuation reflect market values?
Should stable dividend expectations be solved by increasing risk?
Enterprise Risk Management needs to be forward looking and proactive –
are you ready for the future?
Energy Act EU regulation
6. 6
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
Pöyry Enterprise Risk Management Audit is a
structured way to diagnose current status, identify
need for change, redesign and implement ERM
improvements.
Supplementary examples:
Enterprise Risk Management - Frameworks
Frameworks are nothing but frameworks they all need
tailormade implementation. Putting it all togheter depends on
KPI & KRI library quality and several other factors.
Enterprise Risk Management - Compliance
Point of no return is reached. Transition from Energy Act to
EU regulation will be a gamechanger. We are moving from
intention based frameworks to detailed regulations.
Enterprise Risk Management - Tailor made
implementation
Several issues to look at depending on company. Provided
examples are meant as ideas for scoping with clients.
Todays agenda:
7. 7
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
Enterprise Risk Management Goals & Process:
Enterprise Risk Management goals:
Understanding the shock resistance of the
enterprise to its key risks
Managing enterprise risk exposure to the level
desired by senior management.
Enterprise Risk Management process:
Coordinating Risk Management Objectives and
Components
Focusing on cooperation among departments to
manage the organization’s full range of risks as a
whole.
Creating a framework for effectively managing
uncertainty, responding to risk and harnessing
opportunities as they arise.
Embodying the notion that risk analysis cuts across
the entire organization.
RM Objectives
RiskComponents
8. 8
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
What is it, why do you need it and the alternative approach
What: Pöyry Enterprise Risk Management Audit is a structured way to diagnose current
status, identify need for change, redesign and implement ERM improvements:
Based on real world experience from trading & hedging environments combined with decades of
fundamental analysis and studies.
Voluntary, Confidential and Objective
Why: Enterprise Risk Management is vulnerable to implementation and often fail to deliver:
Consistency and coherency are crucial in all aspects of implementation. Lack of standardization,
communication, coordination, cooperation and understanding are devastating.
Need for tailor made implementation combined with strong dependency on individuals
Internal audits cannot be neutral and objective
Mandatory external audits are ex-post focused (based on accounting & tax legislations)
Solutions that are not soundly based could contribute to unforeseen consequences and increased risk
Alternative: External audits and an objective second opinion are a far more convenient
way of improving ERM quality than learning the hard way from own mistakes
Diagnostic Redesign Implementation
9. 9
PÖYRY ENTERPRISE RISK MANAGMENT AUDIT
Evaluating G’SOT:
Goal
Strategy
Objectives
Tactics
With focus on:
ERM Framework
Strategic RM
Compliance RM
Reputational RM
Financial RM
Operational RM
Using:
KPI, KRI and KCI
Evaluation:
Gap analysis
Improvement Proposal
Voluntary, Confidential and Objective audit with intention of improvement
1. KPI: Key Performance Indicators, KRI: Key Risk Indicators, KCI: Key Control Indicators
10. 10
PÖYRY ENTERPRISE RISK MANAGMENT AUDIT
Evaluating G’SOT:
Goal
Strategy
Objectives
Tactics
With focus on:
ERM Framework
Strategic RM
Compliance RM
Reputational RM
Financial RM
Operational RM
Using:
KPI, KRI and KCI
Evaluation:
Gap analysis
Improvement Proposal
Voluntary, Confidential and Objective audit with intention of improvement
1. KPI: Key Performance Indicators, KRI: Key Risk Indicators, KCI: Key Control Indicators
13. 13
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
Pöyry Enterprise Risk Management Audit is a
structured way to diagnose current status, identify
need for change, redesign and implement ERM
improvements.
Supplementary examples:
Enterprise Risk Management - Frameworks
Frameworks are nothing but frameworks they all need
tailormade implementation. Putting it all togheter depends on
KPI & KRI library quality and several other factors.
Enterprise Risk Management - Compliance
Point of no return is reached. Transition from Energy Act to
EU regulation will be a gamechanger. We are moving from
intention based frameworks to detailed regulations.
Enterprise Risk Management - Tailor made
implementation
Several issues to look at depending on company. Provided
examples are meant as ideas for scoping with clients.
Todays agenda:
14. 14
ENTERPRICE RISK MANAGEMENT FRAMEWORKS
ERM Qualitity is dependent on
implementation rather than the choice of
policy framework school.
ERM Policy based on:
• COSO ERM:
Committee of Sponsoring Organizations of the Treadway
Commission www.coso.org
• RM effect on objectives
• RM as a compliance based function
• ISO 31000:
International Organization for Standardization www.iso.org
• R/RM as an event or process
• RM as a strategic discipline for making risk-adjusted
decisions
• COSO/ISO Hybrid or other solutions
Enterprice Risk Management (ERM) Policy: Different methodologies, same
objective and challanges
15. 15
RISK MANAGEMENT FRAMEWORKS
• RM Quality is dependent on
implementation. No closed form
solution/equation
• RM Policy based on:
• @ Risk methodology:
• Value at Risk (VaR)
• Cash flow at Risk (CFaR)
• Profit at Risk (PaR)
• X at Risk (XaR)
• Other methods:
• Function of probability and
expected value
• All based on:
• Predefined distributions
• Empirical values
• Monte Carlo simulation
• Market values
• Mean reversion
• External boundaries
• Assumptions
Strategic, Compliance, Reputational, Financial, Operational RM Policy:
Different methodologies, same objective and challenges
16. 16
RISK MANAGEMENT CONSISTENCY AND COHERENCY
Missing link between RM components can be
devastating in reaching the objectives.
Consistent: the quality of behaving the same way
over time (input, methodology, output).
Coherent: the quality of being logically connected
(organization levels, business units..).
Consistency and coherency are of outmost importance in all aspects of
the business
17. 17
RISK MANAGEMENT CONSISTENCY AND COHERENCY
Expected EBITDA
Dividend Capacity
CAPEX budget
Financial RM Link Operational RM
Risk owners
Exposure limits
Stop loss rules
HedgingRehedging strategy
A common base for:
Input
Calculation methods
Output
18. 18
RISK MANAGEMENT CONSISTENCY AND COHERENCY
Specific: Explicit description of
what we are measuring
Measureable: Absolute or
relative benchmark values
Achievable: Far fetched goals
are discouraging
Relevant: Coherent with
objectives and Consistent
over time
Time-bound: time dimension
and granularity must be
explicit
Are the indicators SMART
19. 19
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
Pöyry Enterprise Risk Management Audit is a
structured way to diagnose current status, identify
need for change, redesign and implement ERM
improvements.
Supplementary examples:
Enterprise Risk Management - Frameworks
Frameworks are nothing but frameworks they all need
tailormade implementation. Putting it all togheter depends on
KPI & KRI library quality and several other factors.
Enterprise Risk Management - Compliance
Point of no return is reached. Transition from Energy Act to
EU regulation will be a gamechanger. We are moving from
intention based frameworks to detailed regulations.
Enterprise Risk Management - Tailor made
implementation
Several issues to look at depending on company. Provided
examples are meant as ideas for scoping with clients.
Todays agenda:
20. 20
RISK MANAGEMENT COMPLIANCE
Both external & internal compliance are important
• External:
• Regulations
– Increasing regulatory risk in a rapid
changing regulation regime.
– MAD & REMIT are at the top of regulators
agenda.
• Internal:
• Business Culture: Googles definition of Knaves
«Knaves "lie, cheat, steal, and take credit for
other people's work"»
ACER and NRA users of Nasdaq OMX
Smarts
21. 21
Regulations
• EU 713/2009 ACERs role
• EU 714/2009 X-Border (NC CACM, NC FCA...)
• EU 543/2013 Transparency
• EU 1227/2011 (REMIT) Commodity Market abuse &
Insider trading
• Directive 2004/39/EC (MiFID)
• EU 1287/2006 (MiFID IA)
• EU 648/2012 (EMIR) Central Clearing Party
• EU 596/2014 (MAD) Derivatives Market abuse &
Insider trading
Compliance Risk:
• Reputational
• Sanctions
• Worst case: unlimited based on harm
RISK MANAGEMENT COMPLIANCE
Regulations
22. 22
Derivative regulations
MiFID: Investor protection, MP
classification (fin, non fin +/-)
Contract definition and exemptions
EMIR: Central Counterparties (CCP)
Contract definition from MiFID
MAD: Market abuse & inside trading
Contract definition from MiFID
REMIT: Market abuse & inside trading
Own contract definition, Transparency data
= inside information (certain criteria)
Transparency regulation:
Mandatory disclosure of data.
Definition of data and data owner.
MAD and REMIT => Complimentary regulation with the same intention =>
Prohibition of market abuse and inside trading
Commodity regulations
Cross border: EC 714/2009
NC EB: Electricity Balancing
NC CACM: Capacity & Congestion
NC FCA: FWD Capacity
23. 23
Derivative regulations
MiFID: Investor protection, MP
classification (fin, non fin +/-)
Contract definition and exemptions
Commodity regulations
Exemption
- Must be physically settled
- Traded on OTF not RM
- Regulated by REMIT
Nordic design European design
European market design exemption from derivatives?
Nordic market design «cannot escape».
24. 24
Derivative regulations
MiFID: Investor protection, MP
classification (fin, non fin +/-)
Contract definition and exemptions
Commodity regulations
Bilateral leakage
- Must be physically settled
- Traded on OTF not RM
- Regulated by REMIT
Nordic design European design
• Increased cost under EMIR could possible increase bilateral trading.
• Nordic market design «cannot escape».
• Physical EFET FEMA with operational netting may be exempted
• If Transition to physical => Financial capital may pull out (inc. cost, complexity)
25. 25
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
Pöyry Enterprise Risk Management Audit is a
structured way to diagnose current status, identify
need for change, redesign and implement ERM
improvements.
Supplementary examples:
Enterprise Risk Management - Frameworks
Frameworks are nothing but frameworks they all need
tailormade implementation. Putting it all togheter depends on
KPI & KRI library quality and several other factors.
Enterprise Risk Management - Compliance
Point of no return is reached. Transition from Energy Act to
EU regulation will be a gamechanger. We are moving from
intention based frameworks to detailed regulations.
Enterprise Risk Management - Tailor made
implementation
Several issues to look at depending on company. Provided
examples are meant as ideas for scoping with clients.
Todays agenda:
26. 26
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
Risk Management : A process of continuous improvement.
Risk Management is not
a one shot exercise
Ajustment of objectives
Continuous Risk
Assesment
• Identify
• Analyse
• Evaluate
Risk treatment
• Create/adjust control
enviroment
• Control the activities
• Inform/Communicate
• Monitor
Start over....
27. 27
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
Risk management function positioning
Risk committee
Chief Risk Officer (CRO)
Both
Keys to success
CRO peer with business line leaders
CRO reporting line to the board (or Risk
Committee)
CRO has a broader risk focus than compliance
CRO position and interaction with senior
management clearly defined
Managing risk is everyone’s job
Management values RM as an equal discipline to
opportunities pursuit
28. 28
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
KPI & KRI: Assumptions, benchmarking and backtesting performance
Performance evaluation & Hurdle rates:
CAPM «nice tool» for companies quoted on an
exchange with relevant peers.
Most companies are not quoted on an exchange
What is your Market Cap, Beta or Small Cap premium?
Other evaluation methods based on risk adjusted
performance:
RORAC: Return On Risk Adjusted Capital
RAROC: Risk Adjusted Return On Capital
RARORAC: Risk Adjusted Return On Risk Adjusted
Capital
Sharp Ratio: Actual return – Risk free rate / Volatility
V2 Ratio – Actual return vs. Benchmark return
Bonus programs & performance based incentives
Relation to KPI & KRI
Size, Downside risk, Watermark
29. 29
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
Must be sound based in corporate G’SOT
Example:
KPI = max (Actual Price/DA Price)
Does not say anything about the potential or the
risk:
Bearish scenario:
No hedge: KPI = 1, highest risk, 100% lost potential
Hedge A: KPI = 1.8, lowest risk, 20% lost potential
Hedge B: KPI = 1.2, high risk, 80% lost potential
Bullish scenario
No hedge: KPI = 1, highest risk, 0% lost potential
Hedge A: KPI = 0.6, lowest risk, 80% lost potential
Hedge B: KPI = 0.9, high risk, 20% lost potential
Hedging close to delivery gives higher probability
of maximizing KPI at the price of a higher risk:
A good strategy for a lazy trader with P&L incentives
only?
Perhaps not that good for the company?
KPI & KRI selection
30. 30
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
Standardized process
Tailormade content
A non-summative drill down
exercise
Define risk apetite:
Reward risk mitigation on some
risks?
Reward risk adjusted P&L on
some risks?
KPI & KRI Selection and calibration based on G’SOT & Risk Assessment
𝑔𝑒𝑛𝑒𝑟𝑎𝑡𝑖𝑜𝑛 = 𝑓 𝑚𝑎𝑟𝑘𝑒𝑡𝑝𝑟𝑖𝑐𝑒, 𝑖𝑛𝑓𝑙𝑜𝑤, 𝑟𝑒𝑠𝑒𝑟𝑣𝑜𝑖𝑟 + +
𝑚𝑎𝑟𝑘𝑒𝑡𝑝𝑟𝑖𝑐𝑒 = 𝑓 ℎ𝑦𝑑𝑟𝑜 𝑤𝑎𝑡𝑒𝑟 𝑣𝑎𝑙𝑢𝑒𝑠, 𝑐𝑜𝑎𝑙 𝑠𝑟𝑚𝑐, 𝑒𝑚𝑖𝑠𝑠𝑖𝑜𝑛 𝑝𝑟𝑖𝑐𝑒 + +
𝑖𝑛𝑓𝑙𝑜𝑤 = 𝑓 𝑡𝑒𝑚𝑝𝑟𝑎𝑡𝑢𝑟𝑒, 𝑝𝑒𝑟𝑐𝑖𝑝𝑖𝑡𝑎𝑡𝑖𝑜𝑛, 𝑠𝑛𝑜𝑤 + +
31. 31
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
KPI & KRI: Risk owner & portfolio framework
Creating an efficient library
of KPI & KRI is highly
dependent on portfolio
structure
Separation of Preformance
& Risk related to key
elements crucial:
Forecast
Inflow
Constraints
Regulations
Basis
Profile
Bidding Zone
Market
Xtra
Static
Dynamic
32. 32
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
KPI & KRI: Risk owner & portfolio framework
Efficient portfolio structure
makes it easier to adjust risk
according to objectives
using KPI & KRI triggers
33. 33
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
KPI & KRI: Assumptions, benchmarking and backtesting market input
34. 34
Standardized & Cleared:
..or Bilateral OTC
Counterparty Credit Risk
Based on Basel II/III
– A-IRB
– IRB
– Standard
Internal models
RISK MANAGEMENT TAILOR MADE IMPLEMENTATION
Counterparty Credit Risk: Bilateral OTC vs. Central Counterparties
35. 35
PÖYRY ENTERPRISE RISK MANAGMENT AUDIT
ERM Quality is dependent on
implementation rather than the choice of
policy framework school.
RM Quality is dependent on
implementation. No closed form
solution/equation
Missing link between RM components
can be devastating in reaching the
objectives.
External Compliance Risk worst case:
unlimited based on harm
ERM is dependent on implementation.
There are no closed form solutions.
Mistakes can be devastating in reaching
the objectives. Consequences could
worst case be unlimited.
ERM Presentation red ink summary:
External mandatory audit is based on
accounting legislation – vague on risk
management.
Use Pöyry Enterprise Risk Management
Audit to fill the gap.
36. 36
PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT
…most black swans are white. Controlling your risks gives you
confidence within the confidence interval.