SlideShare a Scribd company logo

Risk management is changing_Final LR

R
Richard Powell, Business Transformation

This document discusses the need for banks to transform their risk management functions in response to increased regulation and scrutiny. It recommends a three step process for risk transformation: 1) Assess the current state of risk management capabilities, 2) Rationalize and prioritize risk capability objectives, and 3) Transform operations to optimize and deliver the target state. The document emphasizes the importance of collaboration between risk, finance, compliance and the business to establish clear ownership and integrated control frameworks. It also discusses how the Chief Risk Officer can take a leadership role in driving strategic risk management changes.

1 of 20
Download to read offline
Global Regulatory Reform Risk management is changing. Act now. Risk Transformation
01 The call to action 01 02 New world. New CRO. 02 03 The risk function must operate differently 04 04 The ART of risk management 06 05 Path to the new risk organization 07 06 Assess: establish risk ambitions 09 07 Rationalize: prioritize risk capability objectives 11 08 Transform: optimize approach to deliver target state 13 09 How EY can help 16 09 Contacts 16
The call to action 01 “It is time for transformational change and there are difficult choices to be made. Banks that dare will win.” Risk management cannot operate as it is. Radical changes are needed to ensure efficiency and reduce costs. The new environment will make it even more difficult for risk management Banks face a challenging environment characterized by: •• Increased pace of new regulations •• Increased scrutiny from regulators on risk management operations and practices •• Relentless cost pressure on risk infrastructure, risk functions and risk processing •• Higher expectations from the board, top management and the business to improve risk management effectiveness and demonstrate value add to the business Current bank operating models are not sustainable in this environment. It is time for transformational change and there are difficult choices to be made. Banks that dare will win. What is risk transformation? Risk transformation is the process of ensuring risk functions are able to manage risk more efficiently and effectively. These programs are aligned with the strategic objectives of the firm and other business functions to achieve standards above basic regulatory compliance. The case for change Banks have no choice but to react. Regulators are demanding a strategy and roadmap to ensure changes are delivered. Banks need to minimize the cost of compliance and significantly improve the operational effectiveness of their risk organizations. There are a number of gaps to bridge and transformational programs to trigger, in order to develop the right governance, risk capabilities and supporting infrastructure. The shape and delivery of change should cut across all lines of business as well as risk, compliance, finance and technology. First and foremost, banks need to identify a “risk owner” to drive transformational change, sponsor risk change and align efforts across risk, finance, treasury and the wider business. Risk management has not met expectations Banks have made considerable investments in risk management since the financial crisis. However, there is little evidence to suggest that material improvements have been achieved. Further efforts are required to ensure the effectiveness of risk management and decision-making processes across the banking industry. In order to demonstrate progress to regulators and engineer a positive outcome, banks need to address issues such as: •• Poor quality of risk information •• High-cost operations •• Inability to quickly predict crisis situations and large exposures •• Insufficient focus on operational risk-related issues •• Inability to measure and monitor the effectiveness of risk control environments •• Fragmented risk management capabilities across divisions and regions Risk management is changing. Act now. 1
Conclusion y New world. New CRO. 02 As the move beyond universal banking becomes inevitable, the most obvious owner of the risk transformation agenda is the chief risk officer (CRO). But implementing the new risk organization places fresh demands on the CRO’s role. CRO Pillars of Success Strategic Focus on direction setting and optimizing bank-wide risk profile. •• Establish the efficiency frontier (optimize risk vs. P&L profiles) and help direct business decisions on products, clients and markets •• Set risk appetite, thresholds and limits in line with strategic objectives •• Establish end-to-end risk management practices and standards to ensure alignment of risk exposures and strategy An authority on design Define end-to-end control standards across the risk management operating model. •• Set people, process, technology and data standards for the overall risk management operating and control model •• Promote and embed the right risk culture — with embedded controls and measures •• Align with industry practices and evolving regulatory landscape (stay ahead of the game and futureproof target state designs) •• Prioritize risk capabilities — direct investment into the right components of the “risk capability model” in line with strategic ambitions Challenger to process Assess the effectiveness of front-to- back control framework and core risk activities. •• Direct involvement in new business, products and counterparties •• Measure and monitor the effectiveness of the overall control environment against agreed standards •• Help resolve big risks and identified issues 2 Risk management is changing. Act now.
Cost conscious Develop risk utilities and change capabilities that reduce the spending on people, technology and data. •• Identify opportunities to contain or reduce costs •• Contribute to bank-wide operating cost goals •• Deliver more capability for less and demonstrate value to the business •• Benchmark the spend against peers Engaged with regulators Maintain positive interaction with regulators to promote understanding and collaboration. •• Align risk ambitions to regulatory imperatives •• Direct regulatory change agendas and priorities •• Engage the regulators throughout the journey to the new risk organization — influence outcomes Risk management is changing. Act now. 3
The risk function must operate differently Conclusion y 03 Better risk management means better collaboration. Collaboration between the “C-suite” is required to ensure better connectivity of information The CRO must collaborate more with the chief financial officer (CFO) and the wider business to establish clear ownership of risk management. Risk, finance and compliance control need to be better connected and integrated to deal with the vast array of regulatory change and develop a competitive advantage. The right information must be accessible by the right people at the right time to provide optimal access, provisioning and granularity. Risk culture must also be embedded into day-to-day business processes and controls. Upgrade skill sets from control to management •• Roles and accountabilities among the three lines of defense1 must be clearly defined by the CRO. •• The CRO determines standards and then assesses the gap between existing controls and agreed standards. •• Effective risk governance ensures that the risk function contributes to overall bank strategy and group-wide transformation. •• Day-to-day risk activities should migrate from data production and processing, to design and management oversight. IT and data infrastructure must be strengthened •• Standards and service level agreements between data owners and consumers must be formalized across critical platforms and processes. •• Technology strategy should support global risk needs and should be aligned with risk change priorities. •• Technology and data infrastructure should support the aggregation and reporting of risk data in both business-as- usual and stressed conditions. •• Risk utilities should facilitate cost efficiency and the optimization of IT and data infrastructure. •• A robust data governance framework across the data life-cycle should be developed alongside the chief data officer (CDO) function. Risk leadership must be innovative and adaptable •• Offensive — lead design and development of risk strategy and capability objectives to maximize return on scarce resources •• Defensive — challenge controls and activities across all lines of defense •• Compliant — understand the evolving regulatory environment and optimize the operating model and the spend CEO/COO/LOB* Business strategy CFO Optimization, cost, capital 4 1 2 3 CRO Risk management Key interactions •• Alignment with strategy, risk appetite, revenues and risk •• Standards and change priorities •• Planning •• Required capital from the risk position •• Liquidity buffers •• Standards and change priorities •• Risk culture •• Control and change priorities •• P&L and Balance Sheet management •• Financial planning *Lines of business 1 2 3 4 1 The Institute of Internal Auditors January 2013 paper: The Three Lines of Defense in Effective Risk Management and Control: Is Your Organization Positioned for Success? 4 Risk management is changing. Act now.
Risk management is changing. Act now. 5
The ART of risk management Conclusion y 04 There is an ART (assess, rationalize and transform) to risk management and transformation. Implementing risk transformation programs will be an ongoing process and will be technology intensive with a significant commitment of resources and senior management time. Without consensus on target risk and compliance capabilities and the right level of coordinated sponsorship, such change will not be delivered successfully. Successfully managing complex change The stakes are high, but rewards can be increased and risks mitigated by combining top-down risk strategy from the board, with robust governance of change capabilities (bottom-up) across the organization. Banks that set clear risk maturity ambitions and risk capability objectives can achieve compliance and generate business benefits. The ART to risk transformation provides a structured approach that links strategy to execution, and outlines clear delivery road maps to deal with the complex and fragmented technology and data landscapes. Assess Rationalize Transform Assess the current state of your risk operations against peers and best practices Define your target risk capabilities Prioritize your core risk capabilities Present the different operating model options and articulate the trade-offs Define target model Change behavior and risk culture Embed risk across the organization Improve risk management process effectiveness outcomes outcomes outcomes Capabilities and vision Prioritized risk capabilities Change management and deployment Operational effectiveness Optimal risk operations Cost efficiency Roadmap and planning Risk operations improvement Embedding/enablement 6 Risk management is changing. Act now.
Path to the new risk organization 05 The magnitude of risk change required will demand a clear path to an agreed-upon target state with a transparent release of benefits along the way. Assess: establish risk ambitions •• Determine baseline efficiency and effectiveness across the risk management framework •• Benchmark against risk maturity models to understand what competitors are doing •• Identify priorities and opportunities across all components of the operating model •• Set strategic direction and guiding principles — objectives, investment appetite and design principles •• Develop robust business cases for change with clear ownership •• Set out the strategic principles for the transformation of the risk function and ensure alignment with organization-wide change objectives •• A risk assessment of core capabilities and ambitions could leverage EY’s risk management framework based on six key dimensions (see diagram). EY risk management framework 2 Governance & culture 6 Process & controls 5 Risk Risk appetite, strategy & goals transparency 4 3 People & organization Data systems & infrastructure 1 Rationalize: prioritize risk capability objectives •• Prioritize capabilities in line with risk maturity ambitions •• Chart a transformational path to deliver against target risk-capability objectives (see below chart) Option 3: Embedding risk (business steering) Risk capability index (RCI) = 40% •• Enable measurable progress against a risk maturity index •• Build on compliance foundation to realize strategic and operational benefits Option 2: Comprehensive (operational effectiveness) RCI = 60 % RCI - 70% RCI = 82% 100 75 50 25 0 RCI = 68% RCI = 59% Option 1: Developing (achieving compliance) Current Y + 1 Y + 2 Y + 5 Capability coverage % Years *Data based on EY analysis 2014 Risk management is changing. Act now. 7
Conclusion y Transform: optimize approach to deliver target state •• Architect change to maximize efficiency and competitive advantage •• Identify change owners and entrust them with robust delivery, governance and oversight •• Adopt the optimal delivery approach for each transformational component •• Define and measure the success of each transition phase through clear metrics •• Shape and direct IT and data infrastructure investment to ensure alignment with agreed business outcomes •• Align risk transformation with other global initiatives and delivery partners •• Ensure the risk function becomes a central part of bank-wide strategic change Transformation outcomes Regulatory compliance Efficiency Revenue & market share 8 Risk management is changing. Act now.
Assess: establish risk ambitions 06 Banks must put first things first and assess where they really are. Adopting a risk and compliance capability model enables a like-for-like assessment of effectiveness and efficiency across all dimensions of the risk framework — all risk and compliance domains, businesses and geographies. Holistic approach to architecting risk change Banks of tomorrow need the right information in the right place at the right time. They need to improve decision-making and develop more profitable relationships with their clients while dramatically reducing operating costs. To meet these needs, a number of dimensions across the risk framework need to be assessed. Risk strategy: are business impacts and opportunities arising from the changing environment understood? Governance and culture: can governance be streamlined and effective lines of defense and accountabilities be established? People and organization: how can the risk organization structure or headcount be rationalized while retaining talent? Data and systems: how can data and systems be optimized to ensure timely, accurate and flexible risk and regulatory reporting or decision-making? Risk transparency: can complete, accurate and timely information be delivered for decision-making? Process and controls: can an effective control framework be established that includes clear accountabilities and metrics to remove duplication and redundancy? Risk management is changing. Act now. 9
Conclusion y Align assessments against risk and compliance capabilities Improvement opportunities can be identified by reviewing each capability across the different operating model dimensions, such as credit risk data and systems. Steps to assess include: •• Review baseline cost and IT infrastructure •• Benchmark against peer groups •• Provide industry examples of rationalization/utility initiatives •• Develop improvement initiatives – align to market/regulatory design principles (e.g., BCBS) •• Review priority and importance of opportunities identified 45% Risk capabilities Overview of risk capability index 60% 35% 55% 50% 35% 40% 30% 25% 60% 60% 60% Investment banking Retail banking Output Input Analytics Risk disciplines Liquidity risk ALM Op risk Insurance risk Business lines Reg. risk 55% 55% 55% 55% 55% 55% 65% 45% 45% 70% 44% 32% 80% 65% 85% 30% 78% 75% 70% 55% 55% 43% 30% 55% 20% 30% 70% 80% 25% 75% Risk and compliance functional model Compliance Finance Treasury Suspicious activity SOX, Regulatory reporting Risk capabilities index 1. Risk strategy All Credit risk Market risk 2. Governance and culture 3. People and organization 4. Data and systems 5. Risk transparency 6. Process and controls Etc., 55% 55% 25% 60% 75% 30% 35% Credit risk Ccy risk Market risk OpRisk Ccy risk reporting Collateral reporting Market risk reporting Income attribution OpRisk reporting Capital reporting Liquidity reporting ALCO reporting Liquidity reporting Ccy stress testing CVA engine CCY risk engine Market stress testing VAR Sensitivities Limit management Business continuity OpRisk stress testing AML OpRisk capital engines KYC Fraud detection Capital/liquidity Stress testing RWA Economic capital Balance sheet stress testing Liquidity ratio ALM analytics Credit risk reporting Credit Stress testing Credit risk engine Strategic planning P&L reporting Revenues/cost stress testing Revenues/ cost analytics P&L explained OpRisk detection Pricing/MTM Pricing/MTM Cash flow mgt/forecasting Pricing/MTM Collateral engine Customer data Organizational data Insurance pricing Loss data Expert judgment KRIs Customer data HR data Balance sheet Market data Market data Credit data Legal data Collateral data Control data Transaction data Cost data Cash flow Static/Securities data Static/Securities data KRIs KRIs LOB Business reporting COO reporting Client segmentation Risk engines P&L Customer data Market data Cost data 10 Risk management is changing. Act now.
Rationalize: prioritize risk capability objectives 07 Banks need to think beyond incremental change by applying robust transformational principles that will transform the business and advance risk management. By mapping existing capabilities against agreed target states, banks can identify key transformation components to meet their risk ambitions. Banks need to think big Banks need to set high efficiency targets to survive in the new environment. These targets will vary from bank to bank, with some banks targeting up to 50% cost reduction. Banks can achieve this through a combination of integrating capabilities, centralizing services, eliminating redundancy, removing duplication, outsourcing or offshoring non-core capabilities and establishing a common set of fit-for-purpose tools and services. A significant challenge to achieving this is adapting risk IT and data infrastructure and selecting the right approach. Armed with the right level of baseline end-to-end information across the risk and compliance operating model, banks can identify risk capability priorities (such as below) and opportunities for improvement. Robust transformation programs will ensure risk functions support businesses rather than simply meeting basic regulatory compliance requirements. Risk capabilities to prioritize: •• Demonstrating compliance •• Strategic forecasting •• Real-time risk management •• Optimal allocation of capital and liquidity •• Collateral management •• Risk utilities •• Integrated operational risk and control framework •• Risk-based pricing •• Integrated risk and finance •• Effective reporting and data management process Key risk capabilities Compliance Core capabilities needed to comply with the new regulations across all jurisdictions and geographies Operational effectiveness Capabilities related to cost efficiency and effectiveness of the risk management organization, process, governance and IT Business steering Capabilities focused on ensuring that the risk management process is well embedded into the business process of the bank Risk management is changing. Act now. 11
Conclusion y Methods for adopting an optimal approach Build on existing capabilities This is often the right choice, but it should not be chosen solely on the basis of lower delivery risk or fears of writing off sunk investment. Start from scratch Big steps can deliver big rewards, but such change needs to be delivered with care. Rationalize existing capabilities Resource optimization and focusing on prioritized IT and data components may deliver a fit-for-purpose infrastructure, but banks will need to demonstrate to the regulator that they are doing more than simply cutting corners. Optimal approaches Risk strategy Governance & culture People & organization Risk transparency Data & systems Process & controls Incremental (build on existing) Upgrade methods and integrate committees Greenfield (start from scratch) Common methods and practices Low cost (rationalize existing) Consolidate methods and simplify governance Integrated technology Common technology Streamlined and consolidate technology Shared data Integrated business data Prioritized data sets Cross-functional collaboration Centralized business functions/teams Optimal resource allocation Integrated risk activities Common methodologies and processes Rationalize processes Key drivers To consider •• Low BAU impact, clear path to compliance •• Less agility, integration complexities, not cost optimized •• Radical change with long life expectancy, flexibility •• Requires strong change management, cost effective •• Lowest immediate cost to deliver initial target wins •• Shorter life expectancy and lower future capacity Risk management framework 12 Risk management is changing. Act now.
Transform: optimize approach to deliver target state 08 Plans and commitments to deliver the new risk organization are no longer theoretical or nice to have. They will represent a fixed contract between a bank and its regulators. Complex change can be delivered successfully with clear risk ambitions, cohesive enterprise-wide delivery and committed governance oversight. Path to success The steer from the top should be aligned with a holistic delivery and execution approach. That way, banks can deliver transformational change with confidence and once again view their technology and data as assets to leverage. Transformational spend can be seen as an investment and not as a cost to minimize. The following steps can lead banks to success: •• By defining and prioritizing foundational enterprise capabilities, banks can recognize what a good risk organization looks like. •• By aligning existing business, operational and program objectives, banks can categorize change components and support ownership and governance to expedite delivery. •• By assessing delivery options, banks can determine the suitability of “build on existing,” “start from scratch” or “rationalize existing” approaches. •• By continuously measuring and monitoring benefit release, banks can chart a clear transformation trajectory. •• By understanding what the competition are doing and assessing where industry collaboration can help them, banks can improve their efficiency. Illustrative trajectory for delivering transformation change Planned projects •• Data quality improvements •• Market risk utility Planned projects •• New collateral system •• Stress testing utility Planned projects •• Reference data cost reduction •• Centralized services Risk capability index (RCI) = 40% Current RCI = 60% RCI = 70% RCI = 82% Y + 1Y + 2 Y + 5 Years The change imperative — why now? •• Reduce sunk cost on in-flight/planned programs not aligned to target state •• Increase optionality (this reduces the later you leave ambition setting and planning to compliance deadlines) •• Promote regulatory relationships (keep ahead of the game) •• Mitigate risk of additional capital charges due to delayed compliance/ non-compliance •• Develop competitive advantage Capability coverage % 100 75 50 25 0 Risk management is changing. Act now. 13
Conclusion y Benefits beyond compliance There are business-wide benefits to delivering an effective risk transformation program beyond regulatory compliance requirements. The potential benefits include: •• Real-time transaction or customer account level risk-based pricing, taking into account all material sources of risks, funding, capital and contingent exposures •• Optimization of capital, liquidity and leverage requirements by eliminating conservative assumptions resulting from missing or poor data quality •• Reduced need for manual intervention and ability to distill the universe of data into the core risk data elements. Use of end-user computing (EUCs) to achieve significant reductions in the cost of risk data and technology infrastructure •• Reduction in potential losses as a result of effective risk mitigation and increased management responsiveness to deal with crisis scenarios via timely and accurate risk reporting 14 Risk management is changing. Act now.
Risk management is changing. Act now. 15
Conclusion y How EY can help 09 EY has extensive experience in helping organizations navigate through risk transformation challenges. Our network of former senior regulators is supported by global enterprise intelligence and risk technology enablement teams meaning EY brings a broad range of experience and skills to diagnose, design and implement risk change successfully. EY’s risk transformation offering helps banks ensure that risk management complies with regulation, becomes operationally effective, and is embedded into business steering. It provides a set of tools, techniques, methodologies and approaches that enable and accelerate such change. Pierre Pourquery Partner E: ppourquery@uk.ey.com T: + 44 20 7951 6750 Dr. Nasir Ahmad Partner E: nahmad1@uk.ey.com T: + 44 20 7951 6959 John Ramsey Director E: jramsey1@uk.ey.com T: + 44 20 7951 0591 Richard Powell Senior Manager E: rpowell@uk.ey.com T: + 44 20 7951 0817 Contacts Risk management i 16 s changing. Act now.
Risk management is changing. Act now. 17
EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. © 2014 EYGM Limited. All Rights Reserved. EYG No. EK0306 1485448.indd (UK) 08/14. Artwork by Creative Services Group Design. ED None In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com

Recommended

Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
Eneni Oduwole
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
Chris Mandel, RF, ARM-E
 
dt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lodt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lo
Mark Micallef
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
AstalapulosListestos
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning Process
Eneni Oduwole
 
dt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformationdt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformation
Mark Micallef
 
160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functions160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functions
Dr. Marc D. Grüter
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 

Recommended

Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
Eneni Oduwole
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
Chris Mandel, RF, ARM-E
 
dt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lodt_mt_SREP_Pub_BCBS239_200216lo
dt_mt_SREP_Pub_BCBS239_200216lo
Mark Micallef
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
AstalapulosListestos
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning Process
Eneni Oduwole
 
dt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformationdt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformation
Mark Micallef
 
160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functions160513 Study Sourcing in risk and compliance functions
160513 Study Sourcing in risk and compliance functions
Dr. Marc D. Grüter
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
Lou DiSerafino
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
 
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
Dr. Marc D. Grüter
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Andrew Smart
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Compliance Consultant
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational Excellence
Eneni Oduwole
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
Yashavanth Nayak
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services
Andrew Smart
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
Andrew Smart
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
rejoysirvel
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
GlobalStrategyTribe
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
Azure Group
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
Denise Robinson
 
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB
 
radius-profile[1]
radius-profile[1]radius-profile[1]
radius-profile[1]
Naji Alajmi
 
Considerations for an Effective Internal Model Method Implementation
Considerations for an Effective Internal Model Method ImplementationConsiderations for an Effective Internal Model Method Implementation
Considerations for an Effective Internal Model Method Implementation
accenture
 

More Related Content

What's hot

DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
Lou DiSerafino
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
 
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
Dr. Marc D. Grüter
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Andrew Smart
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Compliance Consultant
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational Excellence
Eneni Oduwole
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
Yashavanth Nayak
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services
Andrew Smart
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
Andrew Smart
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
rejoysirvel
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
GlobalStrategyTribe
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
Azure Group
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
Denise Robinson
 
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB
 

What's hot (20)

DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
 
Enterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational ExcellenceEnterprise Risk Management & Organizational Excellence
Enterprise Risk Management & Organizational Excellence
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
 
Managing Information Risk in Financial Services
Managing Information Risk in Financial Services Managing Information Risk in Financial Services
Managing Information Risk in Financial Services
 
Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Strategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processesStrategic Risk: Linking Risk Management & Strategy Management processes
Strategic Risk: Linking Risk Management & Strategy Management processes
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
GRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program OverviewGRI ERM Roadmap - Program Overview
GRI ERM Roadmap - Program Overview
 
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000
 

Similar to Risk management is changing_Final LR

radius-profile[1]
radius-profile[1]radius-profile[1]
radius-profile[1]
Naji Alajmi
 
Considerations for an Effective Internal Model Method Implementation
Considerations for an Effective Internal Model Method ImplementationConsiderations for an Effective Internal Model Method Implementation
Considerations for an Effective Internal Model Method Implementation
accenture
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
dgeoghegan
 
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
accenture
 
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
accenture
 
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management EcosystemDesigning Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
accenture
 
Axis Consulting Case Studies
Axis Consulting Case StudiesAxis Consulting Case Studies
Axis Consulting Case Studies
Axis Technology, LLC
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
Infosys
 
IBANK, EPM, BPM, OBIEE, HYPERION, OFSAA
IBANK, EPM, BPM, OBIEE, HYPERION, OFSAAIBANK, EPM, BPM, OBIEE, HYPERION, OFSAA
IBANK, EPM, BPM, OBIEE, HYPERION, OFSAA
ibankuk
 
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) model
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) modelThinkGRC justifying the transition to an Enterprise Risk Management (ERM) model
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) model
ThinkGRC
 
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
Biswadeep Ghosh Hazra
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
Alexei Sidorenko, CRMP
 
Turnarounds in the NHS: Why it pays to think differently
Turnarounds in the NHS: Why it pays to think differentlyTurnarounds in the NHS: Why it pays to think differently
Turnarounds in the NHS: Why it pays to think differently
TTCLLP
 
Project Management Overview
Project Management OverviewProject Management Overview
Project Management Overview
Rockon0017i5
 
CH&Cie - Fundamental Review of the Trading Book
CH&Cie - Fundamental Review of the Trading BookCH&Cie - Fundamental Review of the Trading Book
CH&Cie - Fundamental Review of the Trading Book
C Louiza
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
Duncan O. Ogutu; CPA, CFE
 
execsample1
execsample1execsample1
execsample1
David Penman
 
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process
Colleen Beck-Domanico
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Karl Meekings
 
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016
CF Yam
 

Similar to Risk management is changing_Final LR (20)

radius-profile[1]
radius-profile[1]radius-profile[1]
radius-profile[1]
 
Considerations for an Effective Internal Model Method Implementation
Considerations for an Effective Internal Model Method ImplementationConsiderations for an Effective Internal Model Method Implementation
Considerations for an Effective Internal Model Method Implementation
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
 
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
Top Ten Challenges for Investment Banks 2015: Regulation: Challenge 1
 
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management EcosystemDesigning Enhanced Supervision for the Evolving Wealth Management Ecosystem
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystem
 
Axis Consulting Case Studies
Axis Consulting Case StudiesAxis Consulting Case Studies
Axis Consulting Case Studies
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
IBANK, EPM, BPM, OBIEE, HYPERION, OFSAA
IBANK, EPM, BPM, OBIEE, HYPERION, OFSAAIBANK, EPM, BPM, OBIEE, HYPERION, OFSAA
IBANK, EPM, BPM, OBIEE, HYPERION, OFSAA
 
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) model
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) modelThinkGRC justifying the transition to an Enterprise Risk Management (ERM) model
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) model
 
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
 
Turnarounds in the NHS: Why it pays to think differently
Turnarounds in the NHS: Why it pays to think differentlyTurnarounds in the NHS: Why it pays to think differently
Turnarounds in the NHS: Why it pays to think differently
 
Project Management Overview
Project Management OverviewProject Management Overview
Project Management Overview
 
CH&Cie - Fundamental Review of the Trading Book
CH&Cie - Fundamental Review of the Trading BookCH&Cie - Fundamental Review of the Trading Book
CH&Cie - Fundamental Review of the Trading Book
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
execsample1
execsample1execsample1
execsample1
 
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process
 
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013
 
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016
 

Risk management is changing_Final LR

  • 1. Global Regulatory Reform Risk management is changing. Act now. Risk Transformation
  • 2. 01 The call to action 01 02 New world. New CRO. 02 03 The risk function must operate differently 04 04 The ART of risk management 06 05 Path to the new risk organization 07 06 Assess: establish risk ambitions 09 07 Rationalize: prioritize risk capability objectives 11 08 Transform: optimize approach to deliver target state 13 09 How EY can help 16 09 Contacts 16
  • 3. The call to action 01 “It is time for transformational change and there are difficult choices to be made. Banks that dare will win.” Risk management cannot operate as it is. Radical changes are needed to ensure efficiency and reduce costs. The new environment will make it even more difficult for risk management Banks face a challenging environment characterized by: •• Increased pace of new regulations •• Increased scrutiny from regulators on risk management operations and practices •• Relentless cost pressure on risk infrastructure, risk functions and risk processing •• Higher expectations from the board, top management and the business to improve risk management effectiveness and demonstrate value add to the business Current bank operating models are not sustainable in this environment. It is time for transformational change and there are difficult choices to be made. Banks that dare will win. What is risk transformation? Risk transformation is the process of ensuring risk functions are able to manage risk more efficiently and effectively. These programs are aligned with the strategic objectives of the firm and other business functions to achieve standards above basic regulatory compliance. The case for change Banks have no choice but to react. Regulators are demanding a strategy and roadmap to ensure changes are delivered. Banks need to minimize the cost of compliance and significantly improve the operational effectiveness of their risk organizations. There are a number of gaps to bridge and transformational programs to trigger, in order to develop the right governance, risk capabilities and supporting infrastructure. The shape and delivery of change should cut across all lines of business as well as risk, compliance, finance and technology. First and foremost, banks need to identify a “risk owner” to drive transformational change, sponsor risk change and align efforts across risk, finance, treasury and the wider business. Risk management has not met expectations Banks have made considerable investments in risk management since the financial crisis. However, there is little evidence to suggest that material improvements have been achieved. Further efforts are required to ensure the effectiveness of risk management and decision-making processes across the banking industry. In order to demonstrate progress to regulators and engineer a positive outcome, banks need to address issues such as: •• Poor quality of risk information •• High-cost operations •• Inability to quickly predict crisis situations and large exposures •• Insufficient focus on operational risk-related issues •• Inability to measure and monitor the effectiveness of risk control environments •• Fragmented risk management capabilities across divisions and regions Risk management is changing. Act now. 1
  • 4. Conclusion y New world. New CRO. 02 As the move beyond universal banking becomes inevitable, the most obvious owner of the risk transformation agenda is the chief risk officer (CRO). But implementing the new risk organization places fresh demands on the CRO’s role. CRO Pillars of Success Strategic Focus on direction setting and optimizing bank-wide risk profile. •• Establish the efficiency frontier (optimize risk vs. P&L profiles) and help direct business decisions on products, clients and markets •• Set risk appetite, thresholds and limits in line with strategic objectives •• Establish end-to-end risk management practices and standards to ensure alignment of risk exposures and strategy An authority on design Define end-to-end control standards across the risk management operating model. •• Set people, process, technology and data standards for the overall risk management operating and control model •• Promote and embed the right risk culture — with embedded controls and measures •• Align with industry practices and evolving regulatory landscape (stay ahead of the game and futureproof target state designs) •• Prioritize risk capabilities — direct investment into the right components of the “risk capability model” in line with strategic ambitions Challenger to process Assess the effectiveness of front-to- back control framework and core risk activities. •• Direct involvement in new business, products and counterparties •• Measure and monitor the effectiveness of the overall control environment against agreed standards •• Help resolve big risks and identified issues 2 Risk management is changing. Act now.
  • 5. Cost conscious Develop risk utilities and change capabilities that reduce the spending on people, technology and data. •• Identify opportunities to contain or reduce costs •• Contribute to bank-wide operating cost goals •• Deliver more capability for less and demonstrate value to the business •• Benchmark the spend against peers Engaged with regulators Maintain positive interaction with regulators to promote understanding and collaboration. •• Align risk ambitions to regulatory imperatives •• Direct regulatory change agendas and priorities •• Engage the regulators throughout the journey to the new risk organization — influence outcomes Risk management is changing. Act now. 3
  • 6. The risk function must operate differently Conclusion y 03 Better risk management means better collaboration. Collaboration between the “C-suite” is required to ensure better connectivity of information The CRO must collaborate more with the chief financial officer (CFO) and the wider business to establish clear ownership of risk management. Risk, finance and compliance control need to be better connected and integrated to deal with the vast array of regulatory change and develop a competitive advantage. The right information must be accessible by the right people at the right time to provide optimal access, provisioning and granularity. Risk culture must also be embedded into day-to-day business processes and controls. Upgrade skill sets from control to management •• Roles and accountabilities among the three lines of defense1 must be clearly defined by the CRO. •• The CRO determines standards and then assesses the gap between existing controls and agreed standards. •• Effective risk governance ensures that the risk function contributes to overall bank strategy and group-wide transformation. •• Day-to-day risk activities should migrate from data production and processing, to design and management oversight. IT and data infrastructure must be strengthened •• Standards and service level agreements between data owners and consumers must be formalized across critical platforms and processes. •• Technology strategy should support global risk needs and should be aligned with risk change priorities. •• Technology and data infrastructure should support the aggregation and reporting of risk data in both business-as- usual and stressed conditions. •• Risk utilities should facilitate cost efficiency and the optimization of IT and data infrastructure. •• A robust data governance framework across the data life-cycle should be developed alongside the chief data officer (CDO) function. Risk leadership must be innovative and adaptable •• Offensive — lead design and development of risk strategy and capability objectives to maximize return on scarce resources •• Defensive — challenge controls and activities across all lines of defense •• Compliant — understand the evolving regulatory environment and optimize the operating model and the spend CEO/COO/LOB* Business strategy CFO Optimization, cost, capital 4 1 2 3 CRO Risk management Key interactions •• Alignment with strategy, risk appetite, revenues and risk •• Standards and change priorities •• Planning •• Required capital from the risk position •• Liquidity buffers •• Standards and change priorities •• Risk culture •• Control and change priorities •• P&L and Balance Sheet management •• Financial planning *Lines of business 1 2 3 4 1 The Institute of Internal Auditors January 2013 paper: The Three Lines of Defense in Effective Risk Management and Control: Is Your Organization Positioned for Success? 4 Risk management is changing. Act now.
  • 7. Risk management is changing. Act now. 5
  • 8. The ART of risk management Conclusion y 04 There is an ART (assess, rationalize and transform) to risk management and transformation. Implementing risk transformation programs will be an ongoing process and will be technology intensive with a significant commitment of resources and senior management time. Without consensus on target risk and compliance capabilities and the right level of coordinated sponsorship, such change will not be delivered successfully. Successfully managing complex change The stakes are high, but rewards can be increased and risks mitigated by combining top-down risk strategy from the board, with robust governance of change capabilities (bottom-up) across the organization. Banks that set clear risk maturity ambitions and risk capability objectives can achieve compliance and generate business benefits. The ART to risk transformation provides a structured approach that links strategy to execution, and outlines clear delivery road maps to deal with the complex and fragmented technology and data landscapes. Assess Rationalize Transform Assess the current state of your risk operations against peers and best practices Define your target risk capabilities Prioritize your core risk capabilities Present the different operating model options and articulate the trade-offs Define target model Change behavior and risk culture Embed risk across the organization Improve risk management process effectiveness outcomes outcomes outcomes Capabilities and vision Prioritized risk capabilities Change management and deployment Operational effectiveness Optimal risk operations Cost efficiency Roadmap and planning Risk operations improvement Embedding/enablement 6 Risk management is changing. Act now.
  • 9. Path to the new risk organization 05 The magnitude of risk change required will demand a clear path to an agreed-upon target state with a transparent release of benefits along the way. Assess: establish risk ambitions •• Determine baseline efficiency and effectiveness across the risk management framework •• Benchmark against risk maturity models to understand what competitors are doing •• Identify priorities and opportunities across all components of the operating model •• Set strategic direction and guiding principles — objectives, investment appetite and design principles •• Develop robust business cases for change with clear ownership •• Set out the strategic principles for the transformation of the risk function and ensure alignment with organization-wide change objectives •• A risk assessment of core capabilities and ambitions could leverage EY’s risk management framework based on six key dimensions (see diagram). EY risk management framework 2 Governance & culture 6 Process & controls 5 Risk Risk appetite, strategy & goals transparency 4 3 People & organization Data systems & infrastructure 1 Rationalize: prioritize risk capability objectives •• Prioritize capabilities in line with risk maturity ambitions •• Chart a transformational path to deliver against target risk-capability objectives (see below chart) Option 3: Embedding risk (business steering) Risk capability index (RCI) = 40% •• Enable measurable progress against a risk maturity index •• Build on compliance foundation to realize strategic and operational benefits Option 2: Comprehensive (operational effectiveness) RCI = 60 % RCI - 70% RCI = 82% 100 75 50 25 0 RCI = 68% RCI = 59% Option 1: Developing (achieving compliance) Current Y + 1 Y + 2 Y + 5 Capability coverage % Years *Data based on EY analysis 2014 Risk management is changing. Act now. 7
  • 10. Conclusion y Transform: optimize approach to deliver target state •• Architect change to maximize efficiency and competitive advantage •• Identify change owners and entrust them with robust delivery, governance and oversight •• Adopt the optimal delivery approach for each transformational component •• Define and measure the success of each transition phase through clear metrics •• Shape and direct IT and data infrastructure investment to ensure alignment with agreed business outcomes •• Align risk transformation with other global initiatives and delivery partners •• Ensure the risk function becomes a central part of bank-wide strategic change Transformation outcomes Regulatory compliance Efficiency Revenue & market share 8 Risk management is changing. Act now.
  • 11. Assess: establish risk ambitions 06 Banks must put first things first and assess where they really are. Adopting a risk and compliance capability model enables a like-for-like assessment of effectiveness and efficiency across all dimensions of the risk framework — all risk and compliance domains, businesses and geographies. Holistic approach to architecting risk change Banks of tomorrow need the right information in the right place at the right time. They need to improve decision-making and develop more profitable relationships with their clients while dramatically reducing operating costs. To meet these needs, a number of dimensions across the risk framework need to be assessed. Risk strategy: are business impacts and opportunities arising from the changing environment understood? Governance and culture: can governance be streamlined and effective lines of defense and accountabilities be established? People and organization: how can the risk organization structure or headcount be rationalized while retaining talent? Data and systems: how can data and systems be optimized to ensure timely, accurate and flexible risk and regulatory reporting or decision-making? Risk transparency: can complete, accurate and timely information be delivered for decision-making? Process and controls: can an effective control framework be established that includes clear accountabilities and metrics to remove duplication and redundancy? Risk management is changing. Act now. 9
  • 12. Conclusion y Align assessments against risk and compliance capabilities Improvement opportunities can be identified by reviewing each capability across the different operating model dimensions, such as credit risk data and systems. Steps to assess include: •• Review baseline cost and IT infrastructure •• Benchmark against peer groups •• Provide industry examples of rationalization/utility initiatives •• Develop improvement initiatives – align to market/regulatory design principles (e.g., BCBS) •• Review priority and importance of opportunities identified 45% Risk capabilities Overview of risk capability index 60% 35% 55% 50% 35% 40% 30% 25% 60% 60% 60% Investment banking Retail banking Output Input Analytics Risk disciplines Liquidity risk ALM Op risk Insurance risk Business lines Reg. risk 55% 55% 55% 55% 55% 55% 65% 45% 45% 70% 44% 32% 80% 65% 85% 30% 78% 75% 70% 55% 55% 43% 30% 55% 20% 30% 70% 80% 25% 75% Risk and compliance functional model Compliance Finance Treasury Suspicious activity SOX, Regulatory reporting Risk capabilities index 1. Risk strategy All Credit risk Market risk 2. Governance and culture 3. People and organization 4. Data and systems 5. Risk transparency 6. Process and controls Etc., 55% 55% 25% 60% 75% 30% 35% Credit risk Ccy risk Market risk OpRisk Ccy risk reporting Collateral reporting Market risk reporting Income attribution OpRisk reporting Capital reporting Liquidity reporting ALCO reporting Liquidity reporting Ccy stress testing CVA engine CCY risk engine Market stress testing VAR Sensitivities Limit management Business continuity OpRisk stress testing AML OpRisk capital engines KYC Fraud detection Capital/liquidity Stress testing RWA Economic capital Balance sheet stress testing Liquidity ratio ALM analytics Credit risk reporting Credit Stress testing Credit risk engine Strategic planning P&L reporting Revenues/cost stress testing Revenues/ cost analytics P&L explained OpRisk detection Pricing/MTM Pricing/MTM Cash flow mgt/forecasting Pricing/MTM Collateral engine Customer data Organizational data Insurance pricing Loss data Expert judgment KRIs Customer data HR data Balance sheet Market data Market data Credit data Legal data Collateral data Control data Transaction data Cost data Cash flow Static/Securities data Static/Securities data KRIs KRIs LOB Business reporting COO reporting Client segmentation Risk engines P&L Customer data Market data Cost data 10 Risk management is changing. Act now.
  • 13. Rationalize: prioritize risk capability objectives 07 Banks need to think beyond incremental change by applying robust transformational principles that will transform the business and advance risk management. By mapping existing capabilities against agreed target states, banks can identify key transformation components to meet their risk ambitions. Banks need to think big Banks need to set high efficiency targets to survive in the new environment. These targets will vary from bank to bank, with some banks targeting up to 50% cost reduction. Banks can achieve this through a combination of integrating capabilities, centralizing services, eliminating redundancy, removing duplication, outsourcing or offshoring non-core capabilities and establishing a common set of fit-for-purpose tools and services. A significant challenge to achieving this is adapting risk IT and data infrastructure and selecting the right approach. Armed with the right level of baseline end-to-end information across the risk and compliance operating model, banks can identify risk capability priorities (such as below) and opportunities for improvement. Robust transformation programs will ensure risk functions support businesses rather than simply meeting basic regulatory compliance requirements. Risk capabilities to prioritize: •• Demonstrating compliance •• Strategic forecasting •• Real-time risk management •• Optimal allocation of capital and liquidity •• Collateral management •• Risk utilities •• Integrated operational risk and control framework •• Risk-based pricing •• Integrated risk and finance •• Effective reporting and data management process Key risk capabilities Compliance Core capabilities needed to comply with the new regulations across all jurisdictions and geographies Operational effectiveness Capabilities related to cost efficiency and effectiveness of the risk management organization, process, governance and IT Business steering Capabilities focused on ensuring that the risk management process is well embedded into the business process of the bank Risk management is changing. Act now. 11
  • 14. Conclusion y Methods for adopting an optimal approach Build on existing capabilities This is often the right choice, but it should not be chosen solely on the basis of lower delivery risk or fears of writing off sunk investment. Start from scratch Big steps can deliver big rewards, but such change needs to be delivered with care. Rationalize existing capabilities Resource optimization and focusing on prioritized IT and data components may deliver a fit-for-purpose infrastructure, but banks will need to demonstrate to the regulator that they are doing more than simply cutting corners. Optimal approaches Risk strategy Governance & culture People & organization Risk transparency Data & systems Process & controls Incremental (build on existing) Upgrade methods and integrate committees Greenfield (start from scratch) Common methods and practices Low cost (rationalize existing) Consolidate methods and simplify governance Integrated technology Common technology Streamlined and consolidate technology Shared data Integrated business data Prioritized data sets Cross-functional collaboration Centralized business functions/teams Optimal resource allocation Integrated risk activities Common methodologies and processes Rationalize processes Key drivers To consider •• Low BAU impact, clear path to compliance •• Less agility, integration complexities, not cost optimized •• Radical change with long life expectancy, flexibility •• Requires strong change management, cost effective •• Lowest immediate cost to deliver initial target wins •• Shorter life expectancy and lower future capacity Risk management framework 12 Risk management is changing. Act now.
  • 15. Transform: optimize approach to deliver target state 08 Plans and commitments to deliver the new risk organization are no longer theoretical or nice to have. They will represent a fixed contract between a bank and its regulators. Complex change can be delivered successfully with clear risk ambitions, cohesive enterprise-wide delivery and committed governance oversight. Path to success The steer from the top should be aligned with a holistic delivery and execution approach. That way, banks can deliver transformational change with confidence and once again view their technology and data as assets to leverage. Transformational spend can be seen as an investment and not as a cost to minimize. The following steps can lead banks to success: •• By defining and prioritizing foundational enterprise capabilities, banks can recognize what a good risk organization looks like. •• By aligning existing business, operational and program objectives, banks can categorize change components and support ownership and governance to expedite delivery. •• By assessing delivery options, banks can determine the suitability of “build on existing,” “start from scratch” or “rationalize existing” approaches. •• By continuously measuring and monitoring benefit release, banks can chart a clear transformation trajectory. •• By understanding what the competition are doing and assessing where industry collaboration can help them, banks can improve their efficiency. Illustrative trajectory for delivering transformation change Planned projects •• Data quality improvements •• Market risk utility Planned projects •• New collateral system •• Stress testing utility Planned projects •• Reference data cost reduction •• Centralized services Risk capability index (RCI) = 40% Current RCI = 60% RCI = 70% RCI = 82% Y + 1Y + 2 Y + 5 Years The change imperative — why now? •• Reduce sunk cost on in-flight/planned programs not aligned to target state •• Increase optionality (this reduces the later you leave ambition setting and planning to compliance deadlines) •• Promote regulatory relationships (keep ahead of the game) •• Mitigate risk of additional capital charges due to delayed compliance/ non-compliance •• Develop competitive advantage Capability coverage % 100 75 50 25 0 Risk management is changing. Act now. 13
  • 16. Conclusion y Benefits beyond compliance There are business-wide benefits to delivering an effective risk transformation program beyond regulatory compliance requirements. The potential benefits include: •• Real-time transaction or customer account level risk-based pricing, taking into account all material sources of risks, funding, capital and contingent exposures •• Optimization of capital, liquidity and leverage requirements by eliminating conservative assumptions resulting from missing or poor data quality •• Reduced need for manual intervention and ability to distill the universe of data into the core risk data elements. Use of end-user computing (EUCs) to achieve significant reductions in the cost of risk data and technology infrastructure •• Reduction in potential losses as a result of effective risk mitigation and increased management responsiveness to deal with crisis scenarios via timely and accurate risk reporting 14 Risk management is changing. Act now.
  • 17. Risk management is changing. Act now. 15
  • 18. Conclusion y How EY can help 09 EY has extensive experience in helping organizations navigate through risk transformation challenges. Our network of former senior regulators is supported by global enterprise intelligence and risk technology enablement teams meaning EY brings a broad range of experience and skills to diagnose, design and implement risk change successfully. EY’s risk transformation offering helps banks ensure that risk management complies with regulation, becomes operationally effective, and is embedded into business steering. It provides a set of tools, techniques, methodologies and approaches that enable and accelerate such change. Pierre Pourquery Partner E: ppourquery@uk.ey.com T: + 44 20 7951 6750 Dr. Nasir Ahmad Partner E: nahmad1@uk.ey.com T: + 44 20 7951 6959 John Ramsey Director E: jramsey1@uk.ey.com T: + 44 20 7951 0591 Richard Powell Senior Manager E: rpowell@uk.ey.com T: + 44 20 7951 0817 Contacts Risk management i 16 s changing. Act now.
  • 19. Risk management is changing. Act now. 17
  • 20. EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. © 2014 EYGM Limited. All Rights Reserved. EYG No. EK0306 1485448.indd (UK) 08/14. Artwork by Creative Services Group Design. ED None In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com