Role of Actuaries in Enterprise Risk Management Sonjai_Rajiv(17 GCA) Final Copy
Metric (Issue 07) V3
1. Click here
Join Our
metric Group
CHASE COOPER
Anti-bribery cases on the
metric
FSA consults on remuneration
increase
Following the campaigns against bribery, guidelines
including bribery outside of their immediate The UK's Financial Services Authority has consulted financial institutions on the implementation
jurisdiction (see Metric 5), regulators have of its Remuneration Code (which came into force on 1 January 2011), This rules on compliance
brought in a number of high profile cases. Last with the remuneration requirements laid down in the EU Capital Requirements Directive
month we reported on the first Australian (CRD3). The January policy statement applies the rules with a rigour dependent on the size and
foreign bribery over a bank note printing activity of the firm under regulation. The top tier is banks (including building societies) with cap-
company, half owned by the Australian ital resources exceeding £1 Bn or, for investment firms, £750 M. The bottom tier is for smaller
central bank, bribing officials in Indonesia, limited activity investment firms.
Malaysia and Vietnam. Last month The new proposed guidance is in the form of a "Dear CEO" letter which
the UK reported settlement of sets out, for top tier firms, a detailed approach to monitoring their imple-
bribery charges against the insurance mentation of the Remuneration Code, including the need for firms to sub-
broker, Willis, and Macmillan mit a policy statement by a given date and provides a template for this.
Publishing. The Willis fine of £6.9M The version for firms in tiers 2, 3 and 4 is less onerous and it is planned
was not for any specific bribery that the implementation will be tailored taking account of business mod-
situation but for inadequate controls els and risk profiles.
over third parties who helped them
The consultation also includes proposals on IN THIS ISSUE OF metric
secure business in jurisdictions with
definitions of impacted staff, the format of ● Managing People Risk & ORM
perceived. Macmillan were charged
the required long-term incentive plans and, ● Escaping capital surcharges
by London's Serious Fraud Office
for firms that do not wish to remunerate in ● Dodd-Frank Act fine
(SFO) regarding illegal payments for contracts
part in shares, the definition of the alternative instruments. Re- ● Latest Regulatory News
in its education business in Africa and were
sponses to the above are due in by the 2nd of September m
fined £11.3M. In addition, Macmillan have
been banned from World Bank tenders for FERMA against greater risk appetite disclosure
the next three years. In its response to the EU corporate governance framework consultation (responses had to be in
by late July), the Federation of European Risk Management Associations (FERMA) has told the
In the US, global drinks company Diageo has
European Commission that it considers no more corporate governance rules
paid a fine of over $16M for charges of
are needed and that they should concentrate on the implementation and
corrupt practices in India, Thailand and South
robust enforcement of existing EU corporate governance rules on risk
Korea. Diageo was charges under the US
management rather than creating new ones. They say that there is an
Foreign Corrupt Practices Act by the US
overlap in the area of board duties on risk management and risk disclosure with the EU 8th
regulator, the SEC who say they are now Company Law Directive, itself not yet fully implemented. As a result, application of these
taking corrupt practices "seriously". Diageo, as existing rules may not be equally stringent across the EU.
also in the case of Willis and McMillan,
FERMA also opposes any requirement to publish additional information on
escaped higher penalties by cooperating with
7
ISSUE
their risk appetite to what is already required. They say "… it may harm
the regulators and committing to implement
companies' competitive position; will not improve their risk
strengthened systems and controls to prevent
management culture; and will not provide more assurance to
such incidents in the future. m stakeholders that risks are under control". m
2. Managing people risk is the essence of behaviours, their approach to risk and to the firm's appetite for risk
at all levels.
operational risk
The strategy and objectives form the basis for risk appetite, but
John Thirlwell, a past Director
also for the key controls involved with people risk management:
of the British Bankers’
selection, appraisal, training and personal development, and
Association, is an independent
remuneration. For instance, with selection, if the overall aim is to
adviser on risk management to
develop a firm with common values, then it makes sense to use,
boards in financial services,
especially at a senior level, a specialist cohort of interviewers, as
and is co-author, with Tony well as the relevant line manager. They will be looking for
Blunden of Chase Cooper, of candidates who embrace the firm's values and behaviours.
Mastering Operational Risk,
Strategy and objectives
published by Prentice Hall in 2010.
metric
inform the excellent Performance is not just
'Our people are our greatest asset', the Chairman or CEO writes in behaviours which form about meeting sales or
the annual report and accounts. That is undoubtedly true, but the the basis for profit targets. It should
corollary is also true, that our people are potentially our greatest performance also be about embracing
liability in a service industry. People failures, whether through measurement.
shared values and
incompetence, poor training or, importantly, poor behaviours, lie at Performance is not just
the heart of so many of the risks to which financial services behaviours…
about meeting sales or
companies are exposed and suffer. profit targets. It should
also be about embracing shared values and behaviours - what we
When the Financial Crisis Inquiry Commission, set up by the US
mean by excellence around here. If team-working is a core value of
Congress, delivered its report in January this year, it saw the
the firm, it should be in the performance measurement criteria for
fundamental causes of the crisis as 'dramatic failures of corporate
everybody from the Chairman down. After all, if the board isn't
governance and risk management' and a 'systemic breakdown in
working as a team, that very quickly becomes apparent both to
accountability and ethics'. All are failures of behaviour and
insiders and outsiders. Actions speak louder than policy statements.
therefore incidences of people risk, one of the four legs of the
common definition of operational risk. In fact, people risk, part of Excellent behaviours are also fundamental to customer relations, a
operational risk, is a major component of risks which we classify as key element of reputation risk and a source of competitive
credit or market. Yet how often is people risk management treated advantage. If we can articulate what we mean by excellent or
with the seriousness it deserves, either as part of operational risk acceptable behaviour when it comes to dealing with customers, we
management, or at all? can review and appraise accordingly. The benefits in performance,
risk mitigation and profit will be considerable.
People risk
metric
…you can talk about the management starts The same applies to training and personal development
tone at the top, but the key with governance and programmes and, perhaps most visibly of all, including to the
thing is to listen to the tune embedding the right public, to approaches to remuneration. Is the system
in the middle…
risk culture. Whilst we transparent? Does it reward good risk behaviour, which is in
often talk about the line with the firm's stated risk appetite and its objectives, or
2
'tone at the top', I does it encourage unacceptable risk-taking? If the firm's objectives
follow Professor Mervyn King, who chairs the King Committee on are clearly communicated and, from them, excellent behaviours are
corporate governance in South Africa. His view is that you can talk clearly identified, the rest should take care of itself.
about the tone at the top, but the key thing is to listen to the tune
But any consideration of managing people risk must include a word
in the middle, the sounds which tell you that a particular risk
about the HR function. If people are potentially a firm's biggest
culture is fully embedded throughout the firm. It doesn't matter
liability or risk, then HR should be a key risk oversight department.
where the risk culture lies on the spectrum from entrepreneurial to
Much risk is managed by good human relations, but how much is
conservative. The important thing is that risk controls will be in
managed by a good HR department? To what extent is the HR
place which accord with the risk culture and that the culture is
Director merely somebody engaged in 'transactional' HR -
communicated throughout the firm.
organising the appraisal system and training programmes or
But first, to embed a risk culture, a firm should articulate and then collating personnel data - rather than acting as a good risk
communicate its strategy and objectives. Too often the strategy manager?
and objectives are expressed in a three-yearly document presented
We put in place risk management frameworks, but do we ask the
by the CEO to the Board, which is as far as it goes. But those
HR Director to put in place a 'people risk management framework'?
objectives should be communicated to all staff and inform their
continued on page 3
3. We develop a risk register and assess the risks it catalogues, but do Free Risk & Compliance Briefings
we also pass those risks through the lens of people risk and assess Chase Cooper run two regular breakfast briefings for Risk and
them accordingly? People risk management is an essential part of Compliance in the City of London. The briefings are free to
operational risk management. Ignoring it will do serious harm to attend although due to space being limited they are open only
your profits. m to senior risk, business and compliance staff working in FSA
authorised firms.
Next month…
Registration for the September briefings is now open. Details as
The keynote article next month will be brought to
follows:
you by Nick Gibson, Chase Cooper’s Director of
Compliance. Nick will write on” the International Risk Breakfast Briefing
Monetary Fund report on the future of UK
Making the Most of your KRI Data
regulation - sense and sensibility”
This will be the third in a series of three
Insurers may escape capital surcharges Breakfasts focusing on using your data to
Unlike their banking colleagues, large significantly assist your business, the previous two being
important global insurers may escape the addition ‘Making the most of your RCA data’ held in May and ‘Making the
capital levies planned for their banking equivalents, most of your Event data’ held in June. The first two breakfasts
the G-SIBs (see last month's ASYMmetricAL). As attracted a considerable number of attendees from a wide variety
instructed by the G-20, The International of financial institutions.
Association of Insurance Supervisors (IAIS),
Yoshihiro Kawai
Many firms are collecting significant numbers of operational risk
together with the Financial Stability Board, is Secretary General indicators and yet are barely using them for the benefit of the
drawing up plans for capital requirements of the IAIS
business. This Risk Breakfast will look at the ways in which
designed to prevent the problems experienced during the past
indicators of key risks and key controls can be used in order to
crisis by AIG - who had to be rescued by the US government. A
benefit the firm to which the indicators belong. We will consider a
Reuters source has indicated that the IAIS is not convinced that a
variety of approaches and uses.
capital surcharge is needed in the case of insurers as these are not
required to pay out until some specific event has taken place - an As well as a participative discussion, we will use an anonymous
accident, death, or financial incident. Yoshihiro Kawai, Secretary voting tool to find out the state of use of KRIs by firms in the room.
General of the IAIS, told Reuters, said that no decision has yet been Both methods will give attendees useful knowledge which can be
made, but that the IAIS m immediately applied at their firms.
This Risk Breakfast briefing is being held at Chase Cooper’s offices in
CFTC fine firm for
Finsbury Square at 8.30 a.m. on Thursday 22nd September 2011.
infringing Dodd-Frank Act
The US's Commodity Futures Trading Risk Breakfast Briefings are provided by Tony Blunden, Director of
Commission (CFTC), the independent agency our Consultancy division. Tony has worked in the city for over 30
responsible for regulating, together with the years primarily within risk management and related areas in
National Futures Association, the US retail
spot forex market, has fined London-based
financial services organisations. He is also co-author of
Mastering Operational Risk.
3
Forex Capital Markets
Christopher Dodd, To register for this Risk Breakfast Briefing, please click here…
Ltd. (FXCM) for Previously US Senator
for Connecticut
infringing the Dodd- Strategic Compliance
Frank Act derived regulations by acting as a
Breakfast Briefing
retail forex dealer and conducting leveraged
The next Chase Cooper Strategic Compliance
foreign exchange transactions with US retail
Breakfast briefing for 2011 is to be held at
customers ("non-Eligible Contract
Chase Cooper’s offices in Finsbury Square at
Participants", i.e. other financial institutions,
8.45 a.m. on Wednesday 28th September
corporate, funds, etc) without having
Barney Frank 2011. Further details of this briefing will be published shortly.
Congressman of the Fourth previously registering with the CFTC.
Congressional District of
Massachusetts Strategic Compliance Breakfast briefings are provided by Nick
The fine of $14K was relatively light as
Gibson, Director of our Compliance Solutions division. Nick has 25
FXCM's violation was only for 11 days following the enactment of
years’ senior experience within regulation and compliance.
the CFTC rules in October 18th 2010 but emphasises the need for
non-US market traders to carry out due diligence on their To register for this Strategic Compliance Breakfast Briefing, please
customers following the increased requirements brought about by click here… m
Dodd-Frank. m
4. Regulatory ASYMmetricAL
The back page, sometimes critical view from the Editor
NEWS
US and Chinese regulators met in Beijing in A question I get asked is "what is the demarcation between operational risk and compliance".
July to thrash out principles for the cross- The answer of course is that there is a huge amount of overlap, with the need for effective
border audit of firms active in both countries. communications between the functions. But Compliance Risk is a major concern for any risk
management department and should not simply be left to the Compliance Officer.
In late July, the European Banking Authority
Compliance failures can have serious financial implications through regulatory fines,
(EBA) published two consultation papers (CP46
suspension of a business and restitutions following court cases, they impact the business
and CP47) on guidelines for data collection on
through banning certain activities and consequential loss of profits, and they have serious
bank remuneration practices. This is as part of
reputational impact. Compliance risk needs to be monitored and mitigated as for any
the greater disclosure of remuneration
operational risk, and compliance needs to be built into stress testing and the RCSA process.
information contained in CRD III and which
came into force on 1st January 2011. The role of the Compliance Officer typically is to ensure that there is an awareness of
regulations and that effective compliance procedures are in place. The role of the operational
Following the down-grading of US sovereign risk manager is to evaluate the degree of compliance, the risk of control failure and the
debt from triple-A, the US SEC has announced impact of any event. Risk must be balanced against reward, and, in theory, a firm could accept
that it will be investigating Standard & Poor's a compliance violation providing the reward was high enough.
(S&P) to ensure that correct procedures were Regulations are by definition external impacts and ones over which a firm has very little
followed. In a separate case, the SEC and the influence. These are hard enough to monitor when one is operating in a single jurisdiction;
US Justice Department are both investigating when both firms and regulations are operating globally it becomes a serious concern.
S&P to see if improperly issued mortgage
In June Metrics looked at the impacts of the UK Bribery Act and, as reported in this issue, many
securities credit ratings to its own benefit,
other countries have similar regulations concerning bribery by employees or agents in foreign
In August the Securities and Futures countries. In this way a head office can be prosecuted for activities by its overseas subsidiaries.
Commission of Hong Kong charged SC Woo More difficult to evaluate is where the regional power in a subsidiary region can prosecute
with intraday shortselling of shares that he did the firm, even though that firm lies outside its immediate jurisdiction. This has been
not own. This is the SFC's first case brought on happening with US regulations and compliance officers and operational risk managers need to
a charge of naked short selling. be aware of the impact of US regulations.
On August. 12th the SEC launched its new The first major case of this was with the Sarbanes-Oxley Act (SOX) in 2002 whereby an US
whistleblower program officially with a new exchange quoted firm was liable to onerous rules regarding its financial reporting. Many non-US
firms discovered secondary stock quotations on US exchanges (the best place in the 1990s to
webpage to enable people to report any
raise money) and were dragged into SOX compliance even if they were doing little or no US
violation of the Dodd-Frank Act securities
business. Now two new US acts threaten non-US companies - companies that do business in the
laws and to apply for a financial award for
USA or simply have US-based clients. These are, and I give them their full names, the Wall Street
doing so.
Reform and Consumer Protection Act (known as the Dodd-Frank Act after its promoters)
The China Banking Regulatory Commission and the Foreign Account Tax Compliance Account (simply known as FATCA). And, again
(CBRC) and the Monetary Authority of as reported in this issue, Dodd-Frank is already impacting London brokers. 4
Singapore (MAS) have signed a Supplemental Dodd-Frank is an umbrella act which tasks the US regulators with creating new rules
Agreement to their existing MoU to include and infrastructures to reduce the likelihood of a financial crisis and its impact of investors. It
cooperation on crisis management. focuses on limiting risk, protecting consumers and regulating those not currently regulated
such as the OTC derivatives market. Overseas banks and brokerages with subsidiaries or sales
The FSA has published a Consultation Paper
offices in the USA will have to adhere to Dodd-Frank. This is complicated as many regulations
and a Discussion Paper on proposals for the
are still unclear or have not even been formulated. Also intensive lobbying by US investment
Recovery and Resolution Plans (RRP, also
banks and by the Republican Party (who see it as interference in free enterprise) is diluting
known as "living wills") now required of
many of the intentions of the act.
financial institutions. The G20 has called for
FATCA is designed to prevent tax evasion in the US and focuses on high net-worth US taxpayers.
internationally consistent, firm-specific RRPs
It introduces a 30% withholding tax requirement on foreign financial institutions (FFIs) which will
and the FSB has set out a timetable for
be lifted if they comply with certain reporting requirements. FATCA will impact any FFI which
systemically important firms to be completed
has US clients or holds US assets in any form and violation of FATCA could result not only from
by the end of 2012. Under the Financial
US or EU operations but could result from interaction with any US person regardless of where
Services Act 2010 all UK deposit-takers are
resident.
required to have RRPs in place and this may be
Metric will be looking at the development of both Dodd- metric is published by
metric
extended to significantly important
Frank and FATCA in future editions and extracting its Chase Cooper.
investment firms. web: www.chasecooper.com
operational risk implications. m email: editor@chasecooper.com