This file contains info related to my presentation on ERM implementation in the context of financial & regulatory convergence - requirements from SOX, Basel 2, COSO, and IAS/IFRS
Operational risk management and measurementRahmat Mulyana
a short description in mixed English and Bahasa Indonesia on Operational Risk Management and Measurement, in particular value at risk calculation using Monte carlo Simulation. Another method using EVT (Extree Value Theory) will be delivered shortly. regards
Operational risk management and measurementRahmat Mulyana
a short description in mixed English and Bahasa Indonesia on Operational Risk Management and Measurement, in particular value at risk calculation using Monte carlo Simulation. Another method using EVT (Extree Value Theory) will be delivered shortly. regards
Operational Risk Management under BASEL eraTreat Risk
Operational risk have always ignored by Banks as they thought Credit and market risks can cause catastrophe. But history of misfortunes taught us different lessons. Controls and internal audit have long been construed as guard till BASEL II dictates forced banks to look with insight. Understand the dimension of ORM in this presentation.
Operational Risk Management - Understanding Your Risk LandscapeEneni Oduwole
This presentation provides insights on how the proper implementation of Operational Risk Management can lead to effective risk profiling, analysis and mitigation. It introduces operational risk as a bedrock for meaningful risk management irrespective of which industry an organization plays in.
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
In this introductory presentation on the subject, salient features that changed in approaches adopted for Operational Risk Management under Basel I and Basel I were highlighted.
Operational Risk : Take a look at the raw canvasTreat Risk
Operational risks by banks have never been recognised till BASEL II imposed on banks to look forward. Take a look at the broad canvas of Operational risks applicable for banks
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
The 2nd seminar of Friends4Growth in Ho Chi Minh city with Prof. Enoch Ch'ng from SMU - Singapore Management University.
Friends4Growth
Together We Grow
--------------------------------------------------
Friends4Growth is a group of young professionals, who share a common passion to learn and grow more in their career through formal and informal educational opportunities. The group was founded by Vietnamese national Le Tran, a Wharton MBA Class of 2009.
The Friends4Growth mission is as follows:
- Be a place for young professionals to exchange and enhance knowledge
- Bring educational opportunities to members by providing access to well-known professors, business leaders and industry experts
- Provide information of universities around the world to members with intention to study abroad
- Share experience in studying, job search, working and living outside Vietnam
To achieve its mission, the group organizes various activities on a monthly basis to its members, such as:
- Seminars on various industry topics, with a sponsorship of the Singapore Management University.
- Coffee chats with experienced professionals from more developed economies
- Q&A sessions covering overseas life and work from seasoned experts
Website: www.friends4growth.com
Join us at: http://facebook.com/friends4growth and http://vn.linkedin.com/in/friends4growth
If you have any inquiry, please contact us at info@friends4growth.com
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
Introduction to Operational Risk Management for Bank Junior Officers in Indiamlvenkat
This is an introductory, self-explanatory presentation on Operational Risk Management for Junior officers in Banks in India, illustrated with lots of interesting images to make the concepts easy to understand. Follow the link at the end of the slides to read interesting Op Risk stories compiled from day to day banking, which can be used for group exercise or better personal understanding. (Answers are not given! You have to generate them yourselves or from team members ! ).
(The story on Corporate Banking may appear similar to the recent Banking scam -Feb 2018- in India, but then, similar frauds have been repeatedly happening in one Bank or the other in the last 30 years in India. Neither Commercial Banks in India nor Reserve Bank of India have learnt the operational risk lessons).
You are free to use the slides and my stories for your work.
You can customise the stories to suit your banking environment and/or to add your own Bank stories to build up a library of Op Risk events.
I acknowledge and thank Internet and all original creators for providing cartoons, illustrations, photos, jokes and information which I have liberally used in the PPT.
How does Operational Risk Management fit into an organization's Strategic Planning? This presentation attempts to provide a functional and implementable response.
Operational Risk Management under BASEL eraTreat Risk
Operational risk have always ignored by Banks as they thought Credit and market risks can cause catastrophe. But history of misfortunes taught us different lessons. Controls and internal audit have long been construed as guard till BASEL II dictates forced banks to look with insight. Understand the dimension of ORM in this presentation.
Operational Risk Management - Understanding Your Risk LandscapeEneni Oduwole
This presentation provides insights on how the proper implementation of Operational Risk Management can lead to effective risk profiling, analysis and mitigation. It introduces operational risk as a bedrock for meaningful risk management irrespective of which industry an organization plays in.
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
In this introductory presentation on the subject, salient features that changed in approaches adopted for Operational Risk Management under Basel I and Basel I were highlighted.
Operational Risk : Take a look at the raw canvasTreat Risk
Operational risks by banks have never been recognised till BASEL II imposed on banks to look forward. Take a look at the broad canvas of Operational risks applicable for banks
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
The 2nd seminar of Friends4Growth in Ho Chi Minh city with Prof. Enoch Ch'ng from SMU - Singapore Management University.
Friends4Growth
Together We Grow
--------------------------------------------------
Friends4Growth is a group of young professionals, who share a common passion to learn and grow more in their career through formal and informal educational opportunities. The group was founded by Vietnamese national Le Tran, a Wharton MBA Class of 2009.
The Friends4Growth mission is as follows:
- Be a place for young professionals to exchange and enhance knowledge
- Bring educational opportunities to members by providing access to well-known professors, business leaders and industry experts
- Provide information of universities around the world to members with intention to study abroad
- Share experience in studying, job search, working and living outside Vietnam
To achieve its mission, the group organizes various activities on a monthly basis to its members, such as:
- Seminars on various industry topics, with a sponsorship of the Singapore Management University.
- Coffee chats with experienced professionals from more developed economies
- Q&A sessions covering overseas life and work from seasoned experts
Website: www.friends4growth.com
Join us at: http://facebook.com/friends4growth and http://vn.linkedin.com/in/friends4growth
If you have any inquiry, please contact us at info@friends4growth.com
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
Introduction to Operational Risk Management for Bank Junior Officers in Indiamlvenkat
This is an introductory, self-explanatory presentation on Operational Risk Management for Junior officers in Banks in India, illustrated with lots of interesting images to make the concepts easy to understand. Follow the link at the end of the slides to read interesting Op Risk stories compiled from day to day banking, which can be used for group exercise or better personal understanding. (Answers are not given! You have to generate them yourselves or from team members ! ).
(The story on Corporate Banking may appear similar to the recent Banking scam -Feb 2018- in India, but then, similar frauds have been repeatedly happening in one Bank or the other in the last 30 years in India. Neither Commercial Banks in India nor Reserve Bank of India have learnt the operational risk lessons).
You are free to use the slides and my stories for your work.
You can customise the stories to suit your banking environment and/or to add your own Bank stories to build up a library of Op Risk events.
I acknowledge and thank Internet and all original creators for providing cartoons, illustrations, photos, jokes and information which I have liberally used in the PPT.
How does Operational Risk Management fit into an organization's Strategic Planning? This presentation attempts to provide a functional and implementable response.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
Presented by Kevin King, Executive Vice President and Head of Risk Management, Hong Kong Exchanges and Clearing Limited at the Premier Business Leadership Series 2010. http:://www.sas.com/theserieshk
Through its ownership of the Hong Kong Stock Exchange, Hong Kong Futures Exchange and their associated clearing houses, Hong Kong Exchanges and Clearing Ltd. brings together the market organisations that have transformed Hong Kong's financial services industry from a domestically focused market to a central marketplace in Asia. King is in charge of implementing an enterprise risk management framework to protect investment funds from all over the world. He will discuss the comforts and hidden dangers of corporate silos and the never-ending process of enhancing management decision making.
Panel Moderator: Diana McClure, IBHS Business Resiliency Program Manager
Panelists: Tim Lovell, Executive Director, Tulsa Partners;
Paul Ford, Director of Safety and Security, Tampa General Hospital, and Carol Fox, Director, Strategic and Enterprise Risk Practice, RIMS
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
Uncovering Fraud Dilemmas - cVidya in London May 2012cVidya Networks
Presentation on uncovering the recent dilemma that fraud departments face – today and tomorrow given by Jason Lane-Sellers, cVidya's Fraud Expert, at Arena International's Revenue Assurance, Fraud Reduction and Cost Management in Telecoms 2012 conference in London.
Ai and data analytics in operational risk management and investment managemen...Guan Khoo
Part 2 High-level with a few case studies only on how AI and data analytics can be applied to investment management, incl. on performance assessment on external managers during due diligence. Includes a discussion on monitoring fraud at the beginning. Thanks.
Ai and data analytics in operational risk management and investment managemen...Guan Khoo
First part of a high-level "qualitative" summary of my ppt presentation at the AI Financial Summit, APAC Conference, presented on 4 April, 2018 at the Sheraton Imperial Hotel, Kuala Lumpur. Part 1 here discusses more from an op risk perspective, esp. on data sourcing incl., qualitative or unstructured data and the augmented role of business process governance in op risk mgt.
IFRS 9 Implementation : Using the Z-score approach as a KRI to identify adverse credit deterioration for Stage Transition from 1 to stages 2/3 in IFRS 9 Modeling
Evidence-based Investing: Lessons for the CIOGuan Khoo
Historical empirical-based analyses are used to illustrate the benefits of diversification and long-term investing of liquid asset classes to dampen volatility and achieve positive returns, albeit at a lower yield. However, the persistence of the positive skew is also demonstrated suggesting that it's very challenging for active managers to outperform such a fundamental, but basic strategy. Best, Khoo
Our 20th Century Robo-advisory and analytical platform for the investment and wealth management business, featuring a holistic CRM (data-mining on both the supply- (financial streaming data) and demand-side (investors)) to match the financial instruments to the risk profile and investment horizon of the investors.
Details of our old "Fintech" startup's Solution to Finding the Right Product via Real-time Intelligent Web Search Services
& BI Tools on Streaming Prices covering:
• Algorithmic “Google” on streaming-data
• Searching for the most appropriate investment & trading
opportunities from a risk-return perspective
• Multi-strategy back- & forward-testing
Algorithmic Google on Streaming Prices _Technical&FundamentalAnalyses + Portf...Guan Khoo
Pre-Big Data Analytics (Algorithmic Google on Streaming Prices):
Analytical tools which perform real-time analysis for trading/investment decisions, catered to different types of investors, incl. day-trading, swing-trading & system trading. Think of it as a convenience store ("7-Eleven") of real-time trading ideas
Poonawalla Fincorp and IndusInd Bank Introduce New Co-Branded Credit Cardnickysharmasucks
The unveiling of the IndusInd Bank Poonawalla Fincorp eLITE RuPay Platinum Credit Card marks a notable milestone in the Indian financial landscape, showcasing a successful partnership between two leading institutions, Poonawalla Fincorp and IndusInd Bank. This co-branded credit card not only offers users a plethora of benefits but also reflects a commitment to innovation and adaptation. With a focus on providing value-driven and customer-centric solutions, this launch represents more than just a new product—it signifies a step towards redefining the banking experience for millions. Promising convenience, rewards, and a touch of luxury in everyday financial transactions, this collaboration aims to cater to the evolving needs of customers and set new standards in the industry.
Financial Assets: Debit vs Equity Securities.pptxWrito-Finance
financial assets represent claim for future benefit or cash. Financial assets are formed by establishing contracts between participants. These financial assets are used for collection of huge amounts of money for business purposes.
Two major Types: Debt Securities and Equity Securities.
Debt Securities are Also known as fixed-income securities or instruments. The type of assets is formed by establishing contracts between investor and issuer of the asset.
• The first type of Debit securities is BONDS. Bonds are issued by corporations and government (both local and national government).
• The second important type of Debit security is NOTES. Apart from similarities associated with notes and bonds, notes have shorter term maturity.
• The 3rd important type of Debit security is TRESURY BILLS. These securities have short-term ranging from three months, six months, and one year. Issuer of such securities are governments.
• Above discussed debit securities are mostly issued by governments and corporations. CERTIFICATE OF DEPOSITS CDs are issued by Banks and Financial Institutions. Risk factor associated with CDs gets reduced when issued by reputable institutions or Banks.
Following are the risk attached with debt securities: Credit risk, interest rate risk and currency risk
There are no fixed maturity dates in such securities, and asset’s value is determined by company’s performance. There are two major types of equity securities: common stock and preferred stock.
Common Stock: These are simple equity securities and bear no complexities which the preferred stock bears. Holders of such securities or instrument have the voting rights when it comes to select the company’s board of director or the business decisions to be made.
Preferred Stock: Preferred stocks are sometime referred to as hybrid securities, because it contains elements of both debit security and equity security. Preferred stock confers ownership rights to security holder that is why it is equity instrument
<a href="https://www.writofinance.com/equity-securities-features-types-risk/" >Equity securities </a> as a whole is used for capital funding for companies. Companies have multiple expenses to cover. Potential growth of company is required in competitive market. So, these securities are used for capital generation, and then uses it for company’s growth.
Concluding remarks
Both are employed in business. Businesses are often established through debit securities, then what is the need for equity securities. Companies have to cover multiple expenses and expansion of business. They can also use equity instruments for repayment of debits. So, there are multiple uses for securities. As an investor, you need tools for analysis. Investment decisions are made by carefully analyzing the market. For better analysis of the stock market, investors often employ financial analysis of companies.
where can I find a legit pi merchant onlineDOT TECH
Yes. This is very easy what you need is a recommendation from someone who has successfully traded pi coins before with a merchant.
Who is a pi merchant?
A pi merchant is someone who buys pi network coins and resell them to Investors looking forward to hold thousands of pi coins before the open mainnet.
I will leave the telegram contact of my personal pi merchant to trade with
@Pi_vendor_247
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...Vighnesh Shashtri
In India, financial inclusion remains a critical challenge, with a significant portion of the population still unbanked. Non-Banking Financial Companies (NBFCs) have emerged as key players in bridging this gap by providing financial services to those often overlooked by traditional banking institutions. This article delves into how NBFCs are fostering financial inclusion and empowering the unbanked.
when will pi network coin be available on crypto exchange.DOT TECH
There is no set date for when Pi coins will enter the market.
However, the developers are working hard to get them released as soon as possible.
Once they are available, users will be able to exchange other cryptocurrencies for Pi coins on designated exchanges.
But for now the only way to sell your pi coins is through verified pi vendor.
Here is the telegram contact of my personal pi vendor
@Pi_vendor_247
how to swap pi coins to foreign currency withdrawable.DOT TECH
As of my last update, Pi is still in the testing phase and is not tradable on any exchanges.
However, Pi Network has announced plans to launch its Testnet and Mainnet in the future, which may include listing Pi on exchanges.
The current method for selling pi coins involves exchanging them with a pi vendor who purchases pi coins for investment reasons.
If you want to sell your pi coins, reach out to a pi vendor and sell them to anyone looking to sell pi coins from any country around the globe.
Below is the contact information for my personal pi vendor.
Telegram: @Pi_vendor_247
What website can I sell pi coins securely.DOT TECH
Currently there are no website or exchange that allow buying or selling of pi coins..
But you can still easily sell pi coins, by reselling it to exchanges/crypto whales interested in holding thousands of pi coins before the mainnet launch.
Who is a pi merchant?
A pi merchant is someone who buys pi coins from miners and resell to these crypto whales and holders of pi..
This is because pi network is not doing any pre-sale. The only way exchanges can get pi is by buying from miners and pi merchants stands in between the miners and the exchanges.
How can I sell my pi coins?
Selling pi coins is really easy, but first you need to migrate to mainnet wallet before you can do that. I will leave the telegram contact of my personal pi merchant to trade with.
Tele-gram.
@Pi_vendor_247
USDA Loans in California: A Comprehensive Overview.pptxmarketing367770
USDA Loans in California: A Comprehensive Overview
If you're dreaming of owning a home in California's rural or suburban areas, a USDA loan might be the perfect solution. The U.S. Department of Agriculture (USDA) offers these loans to help low-to-moderate-income individuals and families achieve homeownership.
Key Features of USDA Loans:
Zero Down Payment: USDA loans require no down payment, making homeownership more accessible.
Competitive Interest Rates: These loans often come with lower interest rates compared to conventional loans.
Flexible Credit Requirements: USDA loans have more lenient credit score requirements, helping those with less-than-perfect credit.
Guaranteed Loan Program: The USDA guarantees a portion of the loan, reducing risk for lenders and expanding borrowing options.
Eligibility Criteria:
Location: The property must be located in a USDA-designated rural or suburban area. Many areas in California qualify.
Income Limits: Applicants must meet income guidelines, which vary by region and household size.
Primary Residence: The home must be used as the borrower's primary residence.
Application Process:
Find a USDA-Approved Lender: Not all lenders offer USDA loans, so it's essential to choose one approved by the USDA.
Pre-Qualification: Determine your eligibility and the amount you can borrow.
Property Search: Look for properties in eligible rural or suburban areas.
Loan Application: Submit your application, including financial and personal information.
Processing and Approval: The lender and USDA will review your application. If approved, you can proceed to closing.
USDA loans are an excellent option for those looking to buy a home in California's rural and suburban areas. With no down payment and flexible requirements, these loans make homeownership more attainable for many families. Explore your eligibility today and take the first step toward owning your dream home.
how to sell pi coins effectively (from 50 - 100k pi)DOT TECH
Anywhere in the world, including Africa, America, and Europe, you can sell Pi Network Coins online and receive cash through online payment options.
Pi has not yet been launched on any exchange because we are currently using the confined Mainnet. The planned launch date for Pi is June 28, 2026.
Reselling to investors who want to hold until the mainnet launch in 2026 is currently the sole way to sell.
Consequently, right now. All you need to do is select the right pi network provider.
Who is a pi merchant?
An individual who buys coins from miners on the pi network and resells them to investors hoping to hang onto them until the mainnet is launched is known as a pi merchant.
debuts.
I'll provide you the Telegram username
@Pi_vendor_247
what is the future of Pi Network currency.DOT TECH
The future of the Pi cryptocurrency is uncertain, and its success will depend on several factors. Pi is a relatively new cryptocurrency that aims to be user-friendly and accessible to a wide audience. Here are a few key considerations for its future:
Message: @Pi_vendor_247 on telegram if u want to sell PI COINS.
1. Mainnet Launch: As of my last knowledge update in January 2022, Pi was still in the testnet phase. Its success will depend on a successful transition to a mainnet, where actual transactions can take place.
2. User Adoption: Pi's success will be closely tied to user adoption. The more users who join the network and actively participate, the stronger the ecosystem can become.
3. Utility and Use Cases: For a cryptocurrency to thrive, it must offer utility and practical use cases. The Pi team has talked about various applications, including peer-to-peer transactions, smart contracts, and more. The development and implementation of these features will be essential.
4. Regulatory Environment: The regulatory environment for cryptocurrencies is evolving globally. How Pi navigates and complies with regulations in various jurisdictions will significantly impact its future.
5. Technology Development: The Pi network must continue to develop and improve its technology, security, and scalability to compete with established cryptocurrencies.
6. Community Engagement: The Pi community plays a critical role in its future. Engaged users can help build trust and grow the network.
7. Monetization and Sustainability: The Pi team's monetization strategy, such as fees, partnerships, or other revenue sources, will affect its long-term sustainability.
It's essential to approach Pi or any new cryptocurrency with caution and conduct due diligence. Cryptocurrency investments involve risks, and potential rewards can be uncertain. The success and future of Pi will depend on the collective efforts of its team, community, and the broader cryptocurrency market dynamics. It's advisable to stay updated on Pi's development and follow any updates from the official Pi Network website or announcements from the team.
If you are looking for a pi coin investor. Then look no further because I have the right one he is a pi vendor (he buy and resell to whales in China). I met him on a crypto conference and ever since I and my friends have sold more than 10k pi coins to him And he bought all and still want more. I will drop his telegram handle below just send him a message.
@Pi_vendor_247
1. Structuring ERM for Your Organization in an Era of
Regulatory Convergence (Basel II, SOX, COSO, IAS):
ERM from a Risk-Return Perspective
Guan Seng Khoo, PhD
Head, Group Risk (Models Validation)
Standard Chartered Bank
Khoo.Guan-Seng@standardchartered.com
gskhoo@gmail.com
2. Agenda
• Introductory Remarks
ERM from a Risk-Return Perspective
• Identifying the top risks of your organization
• How to develop an appropriate ERM framework:
Speaking the Same Language
Integration-centric approach
Implementing a common risk language that’s “aggregatable” &
flexible
• The Structure to Governing Risk (Proposed)
• Developing the KPIs to measure the result of your ERM framework
• How to achieve balance on cost of compliance
• Concluding remarks
4. Liquidity & Enterprise Risk Management
Organization
4. Identify options 1. Identify principal
for mitigation business risks
Division 1 Division 2
Insurance Facility 1 Facility 2
Envisioning meeting
Loss control / mitigation
Risk financing alternatives Unit 1
Criteria for Risk
Unit Operations
Response Plan
Frequency of Loss
Response Loss Event Actions
Priority Major Mod. Minor
Criteria
Management
Assets People
Systems
Expected Loss
Facility 1
Annualized
Frequencies for
Facility 2
Risk
Division 2
Facility 3
2. Develop
3. Prioritize Risk Major Mod. Minor
Facility 4
Enterprise-wide
Loss Loss Loss
Management Plans Risk Contribution for
Risk Profiles
Division 2
High Risk Loss Exposure for Division 2
Who decides acceptability Data from past losses
Priority Division Facility Unit Loss Event Risk Certainty
of risks? Data from prior studies
How quickly to resolve? Risk mapping
Who implements solutions?
5. 1. Introductory Remarks:
Always Bear in Mind to be Never
Complacent
• Even during good times, unexpected negative events
can occur – stressed environments!
Recall:
• space shuttle Columbia
• Tsunami Tidal Wave & Impact in SE & South Asia
• London 7/7, New York 11/9, etc.
• Mumbai flood July 2005 – no BCP
• Hurricane Katrina – impact on oil and lifestyle in Asia
• Sustained high oil prices
• Toxic mortgages/subprime contagion
6. Reminder
• Any EWRM framework must consider potential impact of
crises.
• Preparation & implementation should be based on the
old military saying, “the more you sweat in peace the
less you bleed in war”.
• That is, EWRM implementation should have a
comprehensive program to test portfolios, staff
readiness, systems, processes, etc. so as to be better
prepared when a unexpected negative event occurs.
• Initial assessment/test of the attributes of an institution’s
portfolio of infrastructure, human resource, systems and
processes, to withstand scenarios that are likely to occur
and calculating the losses should a crisis come to pass –
Test first to unearth the inefficiencies & loopholes
7. What You Hope to Achieve
• Every organization is different and has its own priorities with respect to the
risks and challenges it faces and the impact they will have
• However, the greatest challenge has always been the internal environment
and the “silo” mindset of the organization, with different groups having their
own agenda and priorities
• This presentation also proposes some strategies to help overcome the
challenges posed by this type of organizational culture, namely:
To obtain “buy-in” from senior mgt & BOD
Illustrate a possible outcome, which is aligned with regulatory reporting
requirement and also value-adds to the information management process of
the enterprise
In order to implement, must be aware of the demanding and constraining
environment of diverse regulatory and supervisory expectations, e.g. Basel
II, IAS and SOX
Implementation must take into account overlapping issues and aggregating
the risk measures in order to have a bird’s eye-view of the enterprise
Implementation should be straight-forward and simple in terms of outcome
and reporting
Strong guidance & leadership critical to a (reasonably) successful
implementation
8. ERM from a Risk-Return
Perspective: Value-for-Money
• Risk-Return considerations: 3-D
⇒ Pro-active risk mgt
Opportunity,
instead of being reactive
e.g., cut down on fraud,
enhance reputation and
market growth, etc.
Uncertainty,
e.g. impact of regulatory
changes, fraudulent activity
occurrence, etc.
Threat,
e.g., high oil prices,
terrorism, etc.
9. Risk in 3 Dimensions
• Every risk event can potentially lead to an
“upside” return, status quo or “downside” loss
• Hence, ERM isn’t just about negative risk
containment or avoidance,
• But, also about strategizing to leverage on the risk
awareness and activities to enhance returns,
• To ensure the corporation’s growth and business
continuity and to outperform the average
10. 2. Identifying the Top Risks of
Your Organization
• In order to identify and prioritize the top risks,
need to first measure or quantify them
• Use an ERM matrix based on global best
practices and accepted principles
• Look for guidance from experts (internal or
external)
• Categorize all possible risks & stakeholders
• Localize the risk concentrations and further
analyze these risks based on probability and
impact at different levels and hierarchy of the
organization
12. Next Steps: Understand your
risk, your goals, and your
priorities
• Based on the risk appetite & ERM matrix, concentrate on the core
risks that the organization must either accept, prevent from
occurring, must lessen the impact if they occur, or mitigate by
transferring the risk away from the key tasks.
• Each risk is then analyzed by assigning it weighting factors such as
those shown in the following matrix.
• This matrix weighs the probability of a risky event: The risk that it will
occur only once (Low, Medium, High) as well as the risk that it will
occur multiple times (Low Medium, High).
• The matrix also weighs the impact, should the event occur: The
impact on a single department or product (Noticeable, Moderate,
High) as well as the impact on the entire company or division
(Noticeable, Moderate, High).
• The total risk of an event is the product of the probability and impact.
This step gives us an objective approach to prioritizing risk and how
the risk can be managed.
13. Prioritizing in terms of e.g.:
- Exposure loss
- Cost of recovery
- Reputation
- etc.
14. 3. How to Develop an
Appropriate ERM framework:
The ABC of ERM Implementation
• Internal Environment Challenges
• Getting the buy-in
• Mindset change management:
- From Silo-based to Enterprise-wide Holistic View
- From Rules-based to Performance-based Environment
• How to overcome (some suggestions):
- SAP: show a possible outcome
- KISS, e.g., speak the same, simple language
- CLICK: provide creative leadership & strong guidance
with conviction & know-how
15. SAP – Show a Preview
• No matter how global or sophisticated your organization is, when you are
embarking on an ERM implementation, engagement is the key to gaining
the buy-in from all levels of the organizational hierarchy – easier said than
done though!
• One approach is to illustrate to the key personnel at all levels a prototype
model of what they are going to get and how they can benefit from it (the
preview). The prototype can first be developed in-house by a project team
that will eventually lead and drive the implementation program. Alternatively,
it could be based on an existing solution or system being used by other
organizations ahead of the implementation curve, which the project team
has access to. This initial effort in prototyping an interim system or model
that can be shown to senior management or directors in the form of an ERM
cockpit or dashboard (ala movie poster) brings a lot of benefits to the
subsequent deployment and implementation of the ERM system.
• Firstly, much of the effort to produce the prototype will help the project team
in establishing a foundation to support the creation of an ERM manual that
will serve as the reference point for the establishment of management
policies, procedures, and practices governing the initiation, definition,
design, development, deployment, operation, maintenance, enhancement,
and retirement of the ERM system.
16. SAP – Show a Preview 2
• Secondly, the preview of the ultimate ERM system provides
visibility and transparency to the whole exercise, enhancing the
confidence of the directors and senior management as it also
provides an opportunity for them to have a first “taste” (encounter) of
the final solution. More importantly, it also provides an avenue for
them to be a critic, so that they can provide constructive feedback
regarding the strengths and weaknesses of the interim system,
which ultimately will be used by them – indirectly, they also become
the stakeholders of the ERM implementation project based on their
feedback and inputs.
• Thirdly, the preview allows for the identification and validation of
an opportunity to improve business accomplishments of the
organization or a deficiency related to the ERM project specification,
identification of significant assumptions and constraints on solutions
to that need, and recommendation for the exploration of alternative
concepts and methods to satisfy the need.
17. Corporate Performance
Cockpit
The actual value of “Asset Turnover Ratio” is
39 and pointed out by black needle. The
The value 10 and 20 are two
actual value is calculated on average of all
threshold value of Interest
subsidiary in year 2004.
expense ratio.
18. Example: ABC Bank
KRIs & KPIs
Risk Risk
Near Misses Losses
Performing
Indicators Assessment
Indicators
Op Expense Debt to Asset - Lack of products - Internal Fraud - Focus on
- Lack of expertise - Market Share business process
- Slow response - Share price of improvements
time parent - Enhance internal
- No targeted - etc.
NPL & controls (checks &
Rate of ROE market
LLP balances)
- Lack of risk- - etc.
based pricing
Asset RAROC
turnover
19. KISS – Keep It Simple, Stupid
• Another key consideration is simplicity. The final ERM system should be easy to use
and:
• emphasize user friendliness over ease of technical design and application software
development
• stick to prescribed terminologies understood by all, e.g., establishing ERM Risk
Categories that have already been defined by the Regulatory Agencies, in order to
reduce ambiguity among the stakeholders and users of the ERM
• provide easier, secure, reliable access to data
• tailor management information reports to customer needs
• provide automated tools to facilitate end user access to and use of data
• provide readily available help within the application software and provide for computer
based training modules
• reduce the reliance on paper
• provide easier, secure access and management to electronic records, e.g., digital
access rights mgt.
• While the ERM system could be quite granular in terms of the depth of information to
be retrieved and displayed, the project team should always bear in mind that at the
senior management and directors’ level, the big picture is more critical. Hence, the
ERM should allow for customization and access along the different levels of usage
across the organizational hierarchy so that line managers, auditors and directors can
access the same repository of information but view the information differently
according to their needs and functional roles – different access rights can be put in
place.
20. ERM Implementation in the
Context of a
Diverse Regulatory
Environment
(Basel II, IAS, SOX, etc.)
“Speaking the Same Language”
Principle: SSL
21. Why Comply?
“...Simply complying with the rules is not
enough. … if companies view the new laws as
opportunities - opportunities to improve
internal controls, improve the performance of
the board, and improve their public reporting—
they will ultimately be better run, more
transparent, and therefore more attractive to
investors.”
William Donaldson, SEC Chairman, 4 November, 2004
22. Integration of Risk & Finance
Synergy Examples
Basel II IAS
• Advanced IRB Approach • Fair Value Accounting
for Credit Risk
• Impairment value
Loan
• AMA for Operational Impairment
• Hedge effectiveness
Risk
• Income recognition
• Pillar 2 & 3
Risk
Integration-Centric Approach
Mitigation
IPSB
Organizational
SOX
• High level standards Structure
• Internal controls
• Liquidity risk
effectiveness testing
• PRMR
• Internal controls
• PRCR Controls disclosure
Testing
• PROR
• Whether it is SOX, Basel II, International Accounting Standards (IAS), etc., integrating information in
support of compliance is not a one-off proposition.
• Compliance requires ongoing and constant enforcement.
• It’s never a matter of simply checking a box and then moving to another project.
• Compliance-driven requirements are usually phased in, evolve constantly, and invariably become more
complex and stringent over time.
• An integration-centric approach enhances the flexibility, and thus the value, of such an architecture
because you can design the data integration capabilities necessary to meet whatever happens
regulation wise.
• You have a supple, adaptable and (over time) familiar framework for integrating new data and types of
data in new ways.
• In contrast, a non-integration-centric approach means having to recollect data for each new
compliance mandate that comes along.
• An integration-centric approach allows institutions to standardize their risk language in terms of the
underlying Basel II risk-compliance categories or items and the overlapping risk parameters in the
context of associated regulations (SOX, IAS, etc.)
24. Basel II-compliant Integrated Approach to Risk Management
- Risk Models & Measurements
Key:
Calculation engines act on Ratings,
Basel 2 Calculators Reporting Reports
Basel 2
Loss Distribution to yield the PD Data
IAS
IAS
(PE), LGD (LE), EAD, VaR as well
Shared
as EC (CaR) Regulatory
Shared Regulatory
Basel II
Severity Basel II
Severity Calculation
Calculation
Regulatory Reporting Data Mart
Regulatory Reporting Data Mart
Disclosure
Disclosure
Engines
Engines
Monte-Carlo
economic capital (EC) by Internal
Internal
simulation
scenario type
Frequency Market &
Market &
External
External
De-pegging of USD/RMB CaR1
Asian Financial crisis/Pandemic flu CaR2
Terrorist threat & rise in NPL CaR3
Succession & general election CaR4
IAS Calculation
IAS Calculation
Sectoral distress, e.g., dotcom bust CaR5
Engines
Engines Financial and
Financial and
Fall in FDI (threat from China/India) CaR6 Management
Management
GL
GL
Bank merger & loss of market share CaR7 Accounting
Accounting
_____
Average Economic Capital
Adjust severity & frequency
distribution
25. Risk Event Type Event level 2
Category Level 1
Illustration: Implementing a Common Risk
Language that is Flexible & “Aggregatable”
People Internal Acts Unauthorized
Risk Activity,
Theft & Fraud Internal Audit Risk
Etc.
SOX Risk Firm enters into a
Employment Etc. business relationship
Misstatement
IAS Risk
Practices & with inappropriate parties
of Client Fees
Workplace
or does not accurately
Overstatement
Safety
profile the client
of Hedge
Effectiveness,
Process Execution, Transaction
Fair Value
Delivery & Capture,
Measurement
Process Mgt Execution,
Monitoring & Common Risk
Reporting
Basel II – Clients,
Etc.
Products & Business
Practices
Client, Disclosure,
Products & Fiduciary,
Business Improper
Practices Business
Compliance Risk
Practices
Operational Risk
Etc.
Firm opens accts with
Failure to follow firm’s
persons intending to
Systems Business Hacking, policies & procedures
Disruptions & Phishing launder money and does
system not detect, report or record
Etc.
Failures
suspicious activities by its
customers
External External Etc.
Events Fraud
26. ERM matrix provides:
- single enterprise-wide
view & encompasses
regulatory definition of risk
categories
- ratings across whole
hierarchy of organization
- comparative analysis
- segmented information for
IA as well
- simplicity & ease of use
27. CLICK – Creative Leadership with
Insight, Commitment & Know-how
• No matter how good the planning, budgeting and resource provisioning are, if the ERM implementation is
performed by the “blind leading the blind”, e.g., buying off-the-shelf system and models, and with a lack of
conviction and commitment, the final outcome would yield a white elephant.
• Risk management must be applied to all phases throughout the life cycle of the implementation. Risk, as used in
project management, is associated with a lack of resources, information, and/or control. Risk management is
distinguished from quot;problem managementquot; in that risk management is concerned with situations that may or may
not occur, whereas problem management is concerned with known difficulties that are a result of a risk having
occurred. An analysis of risk and any strategy adopted to control risk should at least consider the effect of one or
more of three factors: lack of resources (such as personnel or funding); lack of information (for example,
completeness and confidence); or lack of control over the decision-making process (such as external project
decisions affecting the project plans and assumptions).
• Applying risk management to the ERM production or infrastructure system stage includes considering backup and
recovery in service level agreements and plans. Management responsibility for a risk must be assigned to
individuals and units that can affect the risk's root causes. The Project Manager shall be responsible for managing
project risks over which the Project Manager can exert direct control.
• Risks that affect the project, but are not under project control, shall be explicitly assigned to either the Program
Sponsor or the CRO, as appropriate. Situations external to the project that could be sources of risk to the project
shall be coordinated through the Project Manager. Risk shall be a consideration in a Review Board and
management decisions. Project risk situations, plans, and progress against risks must be considered at all project
reviews.
• Strong guidance must come from the Program Sponsor, Project Manager and Team so that the ERM
implementation is carried out with a clear view of the objective and an insightful understanding of what it hopes to
achieve. Coupled with the commitment of the team and management with the backing of the whole enterprise,
and the strong political will of the stewards and stakeholders of the ERM project, the likelihood of a successful
implementation will be enhanced.
28. Establishing ERM: The 7 Elements of the Risk Management Process
Aka “The 7 Habits of Highly Effective Risk Managers”
An active board of directors reviews strategic alternatives and develops
Board Involvement corporate objectives and then formally approves policies. Also, evaluates
whether business is being properly managed
Provides broad guidance within which senior management operates and
Risk Management Policies
executes the firm’s objectives
Senior management then develops strategies consistent with corporate
Senior Mgt. Involvement
objectives and policies, and ensures that their execution is supported by
an effective decision process
Decision-Making Process The decision process is backed by adequate analytical support and
information management infrastructure
The analytical support utilizes efficient models which analyze both qualitative and
Analytics
quantitative data.
Reporting / Monitoring The analytical process in turn generates ongoing reports for performance
monitoring, benchmarking and further consequent actions
All of the above take place within a strong and practical internal control regime
Internal Controls
29. Incorporating the 6 Principles
of Shareholder Value
aka “6 Sigma”
Planning
Paying for
Measuring
Performance
Performance
Enhanced
Shareholder
Value
Pricing Prioritising
Products resources
Providing
for risk
30. WHAT (do you have)
In terms of “Hard” & “Soft” Infrastructure:
• Corporate Culture
• People
• Process
• Technology: Systems & IT
31. ERM Infrastructure
Enterprise
Component View
Methodologies
Quantitative
Reporting Consolidation &
Linear/Non-Linear (AI)
Document Management
Board Involvement
Extreme Value Theory
Reporting / Monitoring
etc.
Se
n io
MarketIntelligence Engines
Risk Management Policies
Qualitative
rM
Policy ClientMS Engines
Expert Judgment
gt .
In
Technology & Simulation Engines
Structured Scenarios
vo
Know-How
lve
Surveillance Engines
Decision-Making Process
me
Scoring/Rating Engines
Foundation
nt
RISK DECISION
ics
Scenario Analyzer
Warehouse SUPPORT SYSTEM
lyt
a
Search Engines
An
DataMart
Portfolio Mgmt Engines
DataScrub&Cleanse
DataSorter
INFRASTRUCTURE MINDWARE
DataArchival
DataFeedManager
DataStream
Internal Controls
32. Balanced ERM Implementation
Approach
Strategy Mind Innovation
Reporting
Training
Flexibility
Managing
Data
Expectations
Soft Hard
Model Calculator
Human
IT
Resources
Physical
“SOFT”WARE, “MIND”WARE, “HARD”WARE
“HEART”WARE
33. 4. The Structure to Governing Risk
EWRM Infrastructure Fundamentals
Corporate
Culture
3 in 1 Basic Pillars
Process Technology
People
34. The 4 Pillars & EWRM Success
Greatest challenge is not having the
human resource expertise in terms of
depth & breadth
*e.g. BI implementation in ERM
People
Hence, advisory
services & training
should be part & parcel
Pillar 1 of good ERM project
management
Managing governance
expectations
*e.g., Transfer of expertise,
Mindset change management
35. HR/People Responsibility
Governance Framework in EWRM
• HR Implementation Program
• Board responsibilities
– Providing support for networks,
– Strategic oversight; alignment
systems (ref. ISO17799)
• CEO responsibilities – Periodic assessment of risk
– Assign resp./accountability/ – Policies/procedures to address
authority; oversee compliance security risks and implementation
obstacles; full lifecycle
• Executives responsibilities
– Operational awareness training
– Project implementation
– Periodic testing; remedial action
commensurate with risk; processes
integrate with operations
– Incident response procedures
• Senior Managers responsibilities – Business continuity plans
– Risk assessment, implement • Reporting
policies, oversee implementation – Adequacy, effectiveness,
operations acceptable residual risk reported
to executives
• All employees responsibilities
– Independent evaluation reported
– Awareness; compliance;
to the board
reporting
36. Business Process
Governance
Workflow checklist of critical business
processes in project implementation
Design a process
Process
data-warehouse**
ERM managers/supervisors check that
parameters and conditions used to
Pillar 2 evaluate key risk measures are sound and
rigorous – How?
Business Process Management:
Assessment of Process Workflow,
Scenario Analysis complemented by
documentation & policy manuals
37. Process Performance = Indicators + Processes
Enterprise Performance
“WHAT“ “HOW“ “WHY“
Results History Causes
Performance Indicators + Process Chain
Business Performance
Order is
for SETS
Business Process Intelligence
Finance & balance + Large Caps
selected MidCaps
Business Intelligence
static indicators Enter Customer
SETS
order Trading
can be done
automatically
Order
entered
Time Match
SETS
order
Liquidity / Cashflow Data transfered
to OMAR
Cost
Return on Investment Check Customer
OMAR
order Trading
completely filled
RAROC Quality Order
checked
Complete Customer
OMAR
ROA order Trading
Price
Risk Order
completed
Business Process
38. Technology Infrastructure
Readiness
The third pillar seeks to leverage the
ability of technology to provide discipline
and consistency to help the ERM
personnel and staff to optimize the
business processes via the appropriate
enabling tools & systems
Technology
Hence, ERM team performs stress tests
to ensure ERM implementation adequacy
in times of shocks or unforeseen
obstacles
Pillar 3
Enhance transparency & reputation
of project management delivery
39. Scenario Analysis
Causes Scenario Evaluation
(Potential Event)
Severity of potential loss
Range of severity
Failure of
relevant key risk Typical severity
factors
Frequency of potential loss
Range of frequency
KPIs/KRFs
Typical frequency
40. ERM Project Management Governance
• Project Governance • Financial Management
To evaluate the adequacy of the control in place To evaluate the adequacy of the control in place for
for the following risks: the following risks:
1. Lack of procedures leads to inconsistencies of 1. Costs associated with the project are unknown or
approach, and potentially project failures or
inconsistent.
inefficiencies.
2. Costs are not being recorded properly leading to
2. Not sponsored by the business or out of scope.
inaccurate financial reporting.
3. etc.
3. etc.
• Quality Management
• Monitoring & Reporting
To evaluate the adequacy of the control in place
To evaluate the adequacy of the control in place for
for the following risks:
the following risks:
1. Quality is not an integral part of the project.
1. Progress against plan and budget is not monitored
2. Poor quality procedures may lead to poor
deliverables and customer dissatisfaction leading to possible loss of management control.
3. etc. • Project Close-Down
• Project Planning To evaluate the adequacy of the control in place for
To evaluate the adequacy of the control in place the following risks:
for the following risks: 1. The project has delivered acceptable products
1. Plans are unreadable and difficult to manage. within time and cost.
2. Poor plans lead to increased costs and delays. 2. Poor security or controls can lead to loss of
3. etc. confidentiality, integrity or availability of information
• Risk & Issue Management services.
To evaluate the adequacy of the control in place 3. etc.
for the following risks:
1. Risks and issues are identified and managed
2. etc.
41. In +1 Pillar
Corporate Culture
• Strengthening Corporate
Governance from Viewpoints of:
Boards of Directors
Management
Internal Control Functions
Overcoming Silos
42. Achieving a usable & relevant
ERM system?
• No One Answer (depends on scale of implementation, location, global or localized,
etc.)
• Ability to standardize & measure project implementation risk-based indicators based
on some key criteria:
- risk-return considerations, e.g., risk appetite, growth vs. pricing (adaptability)
- cost-effectiveness, e.g., shared services, integrated data-warehouse, manual vs.
automation, via ABC (Activity-based costing), etc.
- adaptability and transferability, e.g., tackle issues of obsolescence, cross-geographic
applications, etc.
- Alignment with corporate governance objectives
- Based on identification of the top risks (known & unknown problems) faced by your
organization
- Prioritizing Risk based on Impact & Probability
- Seek benefits beyond “downside” risk management & cost issues to transform overall
corporate performance, competitiveness, and shareholder value from ordinary to
exceptional
- Aim to minimize operational surprises and losses: What’s the likelihood of risks
“falling through” silo gaps?
43. Enterprise Risk Management (ERM) Framework
An Overview
At a practical level the Group risk framework needs to meet the
expectations of different parties
Shareholders
r
rs he
wi tio de ot
• Effective allocation and efficient use of capital
ol nd
• A risk adjusted basis to performance measurement
in ent eh a
lo pita reg risk eti rols k id ak rs
• A cost effective risk management framework
st lato
th n
• Risk management aligned to value creation
a
u
lin ific
eg
R
e
Financial Institution
pp nt is
ct e c rin ide a co e r
l
ro
pe at ito pw isk st tiv
nt
ex qu on ou e r bu ec
co
ss l im a te
Business Line
Group
un Ade m Gr th Ro Eff
es to e nd
•
• Applicability of policy
• Ensure compliance with policy
r
ve
• Transparency of capital
co
• Capital measurement/
•
calculation
allocation
ed a g
• Meet performance measures
• Enhance shareholder value
set
•
• Reduce earnings volatility • Avoid losses as far as
• Lessons learnt form outside practical
the firm • Lessons learnt within the firm
•
• Aggregated reporting • Business line reporting
• Loss transfer mechanisms • Central and efficiency
• Methodology implementation
• Methodology design
… effective risk management combines providing protection
and enabling business opportunities
44. 5. Developing the KPIs to
measure the result of your ERM
framework
Developing Key Risk and Control
Indicators and establishing an
early warning system
All About KRIs, KCIs, KPIs & KTIs
45. Fundamentals of
Enterprise Risk Management
ERM is a process, effected by an entity’s
board of directors, management, and other
personnel, applied in strategy setting and
across the enterprise, designed to identify
potential events that may affect the entity,
manage risks to be within its risk appetite,
to provide reasonable assurance regarding
the achievement of entity objectives.
- Proposed by COSO (2003)
46. WHY ERM
Are we taking the Are we taking the right Do we have the right processes
right risks? amount of risk? to manage the risk?
• How are the risks we take • Are we getting a return that • Are our risk management processes
related to our strategies & is consistent with our overall aligned with our strategic decision-making
objectives? level of risk? process & existing performance
• Do we know the • Does our organizational measures?
significant risks we are culture promote or • Are our risk management processes
taking? discourage the right level of coordinated & consistent across the entire
• Do the risks we take give risk taking activities? enterprise?
us a competitive • Do we have a well-defined • Does everyone use the same definition of
advantage? organizational risk appetite? risk?
• How are the risks we take • Has our risk appetite been • Do we have gaps and/or overlaps in our
related to activities that risk coverage?
quantified in aggregate and
create value? • Is our risk management process cost-
per occurrence?
• Do we recognize that effective?
• Is our actual risk level
business is about taking consistent with our risk
risks & do we make appetite?
KRIs
conscious choices
Inherently linked to
concerning these risks?
KPIs
organization’s risk
appetite & tolerance
KCIs
47. Enterprise Risk Management Framework
Comprehensive Foundation for Sustainable Delivery
Identifying Analyzing Causes Risk Risk Control Capital
Qualitative Events of Events Mapping Management
Management
Layer
Analyzing Causes Comparative Prevention Capital
Identifying
of Occurring Analysis by Measures for Allocation etc.
Past Events
Events Benchmarking Occurring Events
Quantitative
Identifying Analyzing Causes of Detection Risk
Management
Potential Occurring or Measures for Mitigation or
Layer Events Expanding Losses Occurring Losses Transfer
Risk Measurement
Market Data –
(Group, Business Line & Risk Types)
IR, FX, Liquidity,
etc.
Risk Management
VaR Engine
Scenario Analysis &
Potential Risk Stress-Test Engine
Scenario
Audit and
Inspection Review of Audit & Inspection
Layer
48. Linking the Business Values & ERM
Strategies – Ultimate keys to portfolio
“success”
KEY -- Linking
Compliance
Business
Value
Information
Life-Cycle & ERM
Management
Management
ERM
CAPITAL
PLANNING
HR & BP Best Practice
Governance Operations
Architecture
& Standards
CUSTOMER
SERVICE
49. Other Considerations
• Regulatory changes: Convergence &
Overlap of Global Guidelines &
Regulations, e.g., Basel 2, IAS39/FAS133,
SOX, etc.
• Infrastructure (Resource, Process,
Technology) Readiness
• Corporate Culture: Mindset Change
Management
50. ERM Internal Control Framework
e.g. Utilizing COSO’s model
• Focus on the processes between each
stage of ERM
• Suggested 8 components: Internal
Environment, Objective Setting, Event
Identification, Project Risk Assessment,
Risk Response, Control Activities,
Information & Communication, Monitoring
51. The COSO Framework
Can view in context of 4
categories
Considers
activities at all
levels of
enterprise
8 components
to ERM
52. Applying The COSO Framework
• Risk Response
• Internal Environment
– Evaluate threshold to mitigate
– Code of conduct/ethics
– Discontinuation, realignment of process
– Ethics hotline
– New policies & procedures
– Hiring and promotion
– Risk Response Options:
– Audit committee oversight
• Accept = Do nothing. Willing to take on
– Investigative process risk
– Remediation • Avoid = Back-out strategy. Disengage
from process leading to risk
• Objective Setting • Share = Shift some of risk to external
parties (e.g., insurance, outsource,
– Policy to reduce loss event incidences
joint venture)
– Incentivization
• Mitigate = Design processes to reduce
– Development of database of known loss risk exposures
event activities
• Control Activities
• Event Identification
– Linking controls to identified risk activities
– Monitoring of parameters, KRIs, KPIs
– Map type of loss events to business
– Comparison and evaluation of certain process
attributes and trends against previously
– Specify how possible future loss events is
measured patterns and known signs of risk
to be minimized or contained
events
– Outlier and exception analysis
• Information/Communication
– Information systems & technology
• Risk Assessment
– Knowledge management
– Systematic process
– Training/Inculcating Talent
– Level within organization
– Likelihood and significance
• Monitoring
– Via Risk Probability & Impact Analysis
– Ongoing monitoring by management
– Separate “after the fact” evaluations by
internal audit
– Etc.
53. KPI & EWS Examples
Benchmarking Governance:
• Benchmarking for Financial Subsidiaries
e.g. RAROC, EVA, CAR, etc.
• Benchmarking for Non-finance subsidiaries
e.g. Key Risk-based Performance Measures (KRPM), ROA,
ROE, Liquidity, etc.
KRPM can be evaluated quantitatively or qualitatively (using a
rating matrix)
Forward-Looking Strategic & Managerial Flexibility
• e.g., Real Options-based Scenario Modeling
54. Example of Key Risk-based
Performance Measure (KRPM)
Criteria
(can be applied to both finance* & non-finance
subsidiaries)
• *Till Aggregated Economic Capital (market, credit, operational)
for banking institutions can be evaluated
• Other Risk measures (Expected Loss, Economic Capital):?
- Liquidity
- Operational
- Reputational
- etc.
55. Low High
Balance Sheet Stress Test Stress Stress
2 1 or less
Liquidity
– Current ratio
Related Risk & 30% 60% or more
Solvency
Financial – Debt to Asset ratio
Analysis Profitability
Negative
– Net Operating Income
5% 1% or less
- Rate of return on assets
10% 5% or less
Example - Rate of return on equity
135% 110% or less
Repayment Capacity
- Debt coverage ratio
60% 80% or more
Efficiency
- Operating expense ratio
10% 20% or more
- Interest expense ratio
40% 20% or less
- Asset turnover ratio
56. Using risk indicators - escalation limits and
targets for monitoring liquidity & reconciliation
at one ATM/branch location
Escalation Limits and Targets
250
Historical
Idle cash
balance
200
ATM Cash Float
Escalation
Limit
e
150 st warning
–1
Base Limit
/Goal
100
50
8
Ja 8
Ja 9
Ju 0
Ja 0
1
Ju 9
M8
M8
M9
M0
M1
M9
M0
M1
N8
N9
N0
Se 8
Se 9
Se 0
1
-9
-9
-9
-0
-0
-0
-9
9
-9
9
0
0
-9
-0
-0
9
9
0
l-9
l-9
l-0
l-0
n-
n-
n-
n-
p-
p-
p-
ay
ov
ay
ay
ay
ov
ov
ar
ar
ar
ar
Ju
Ju
Ja
Date
59. Forward-Looking Scenario Modeling
e.g. Capital-at-Risk/Economic Capital
• Time-horizon usually 1 year
• Confidence level consistent with rating target
– Usually 99.95% or higher
• Whole balance sheet
In stressed
environments,
typically greater loss
Value
Probability of outcome
Expected in value, hence
leading to credit
Current
Value
downgrade
CaR
Worst Case Level consistent with AA-rating
0 1 year
60. 6. How to Achieve Balance on
Cost of Compliance
• Back to how risk is perceived with regards to threat, uncertainty and
opportunity
• Compliance/Regulatory risk represents an uncertainty that can be
managed via:
• connectivity and integration of ERM’s main risk management
components,
• the coverage of the risk management process and the contexts
under which it is considered
• The critical incorporation of corporate governance into the risk
universe, including the audit and compliance assurance to be
provided, and the critical success factors of the appropriate risk-and-
return balance in providing superior client service and innovative
products and solutions are encapsulated in the EWRM framework
• Benchmarking to Key Risk-based Performance Measures &
Forward-looking Scenario Analysis
61. Post- Implementation: ERM Cycle
Develop Ongoing
Supervision RM Evaluation Risk-Focused
Internal Supervision Examination
That Includes: •Identify Functional Activities
•Frequency of Audit •Identify/Assess Inherent Risk
•Scope of Audit •Identify & Evaluate Controls
•Meetings with BL, Risk •Determine Residual Risk
Management •Establish Procedures and
•Follow-Up on Conduct Evaluation
Recommendations • Eval Report/Mgmt Letter
•Financial Analysis
Monitoring
FI PROFILE
Priority System Financial Analysis
Priority System Based on
Ratios and Analysis to
Financial Analysis includes:
Measure: •Risk Assessment Results
•Capital Adequacy •Financial Analysis Handbook
•Asset Quality Process
•Reinsurance •Ratio Analysis (IRIS, FAST,
Internal/External Changes Internal Ratios)
•Reserves
•Actuarial Analysis
•Management Consider Changes to:
•Earnings •Agency Ratings
•Ownership/Management/
•Liquidity
Corporate Structure
•Sensitivity to Market
•Business Strategy/Plan
•CPA Report or Auditor
•Legal or Regulatory Status
62. ERM Value Value
Creation
Framework
Return Capital
On Risk Costs
Maximize value
Value
by using economic
Management
capital to relate
a firm’s decisions on Portfolio of Portfolio of
Capital Adequacy
Enterprise Capital
the risks it takes to
Risks Resources
the decisions on the
Risk and Capital
capital it uses to
Management
finance its business Risk
Capital
How much What type
Structure
Costs
Capital do I of capital do
need ? I need ?
Economic
Capital
63. 7. Concluding Remarks
EWRM Defined
While the final outcome is a working ERM system, ERM by itself is
always a work in progress.
In a dynamic and changing business environment, ERM should be
viewed as an evolutionary development and provide for an
incremental delivery of products, services and tools that can help
an organization manage its risks going forward.
It has to take into account the demands and needs of diverse
regulatory drivers like Basel 2, IAS and SOX and yet, be able to
aggregate and present the risk-based information in a uniform and
simple language, understood by all and to be acted upon for the
benefit of the organization.
64. Implications of a Good EWRM
Implementation
• Enhancing Business Continuity/Endurance
• Enhancing Shareholder Value
• Enhancing Profit & Performance
• Ensuring Enforcement for Regulatory Compliance
• Exploiting Opportunities via Managerial Flexibility
with Strategic Planning
65. Liquidity & Enterprise Risk Management
Organization
4. Identify options 1. Identify principal
for mitigation business risks
Division 1 Division 2
Insurance Facility 1 Facility 2
Envisioning meeting
Loss control / mitigation
Risk financing alternatives Unit 1
Criteria for Risk
Unit Operations
Response Plan
Frequency of Loss
Response Loss Event Actions
Priority Major Mod. Minor
Criteria
Management
Assets People
Systems
Expected Loss
Facility 1
Annualized
Frequencies for
Facility 2
Risk
Division 2
Facility 3
2. Develop
3. Prioritize Risk Major Mod. Minor
Facility 4
Enterprise-wide
Loss Loss Loss
Management Plans Risk Contribution for
Risk Profiles
Division 2
High Risk Loss Exposure for Division 2
Who decides acceptability Data from past losses
Priority Division Facility Unit Loss Event Risk Certainty
of risks? Data from prior studies
How quickly to resolve? Risk mapping
Who implements solutions?
66. “CLICK”
Thank You
GS Khoo, PhD
Head, Global Risk (Models Validation)
Standard Chartered Bank
Office: +65 6427 5283
S’pore cell: +65 9825 2148
Email: Khoo.Guan-Seng@standardchartered.com
Or wtehistory@yahoo.com