This document discusses the need for banks to transform their risk management functions in response to increased regulation and scrutiny. It recommends a three step process for risk transformation: 1) Assess the current state of risk management capabilities, 2) Rationalize and prioritize risk capability objectives, and 3) Transform operations to optimize and deliver the target state. The document emphasizes the importance of collaboration between risk, finance, compliance and the business to establish clear ownership and integrated control frameworks. It also discusses how the Chief Risk Officer can take a leadership role in driving strategic risk management changes.
How does Operational Risk Management fit into an organization's Strategic Planning? This presentation attempts to provide a functional and implementable response.
This document summarizes a presentation given by Christopher Mandel of Sedgwick on leveraging ISO 31000 for enterprise risk management success. The presentation discusses how ISO 31000 aligns with ERM priorities such as addressing all risks and breaking down silos. It presents models for risk management capability evolution and the consistency that standards provide. Strategic risk management is discussed as a core competency for high performing ERM. Components of best-in-class risk management include strategic decision making, risk knowledge, governance, and accountability. Overall the presentation argues that ISO 31000 can facilitate ERM success by providing a standardized framework that can be customized to organizational needs and embedded into decision making and culture.
This document provides guidance for banks on measuring compliance with BCBS 239, a regulation aimed at improving risk data aggregation and reporting. It outlines three key challenges banks face in implementing BCBS 239: lack of quality data and infrastructure; increasing reporting demands; and measuring compliance with principles-based regulations. It then discusses Deloitte's proposed approach to identifying metrics and thresholds to measure compliance. Specifically, it provides examples of potential metrics for Principles 1 (data architecture and IT infrastructure) and 2 (data accuracy and integrity).
The document outlines an enterprise risk management (ERM) implementation approach for an organization. It includes an agenda for ERM training that covers foundational concepts, moving from a risk-by-risk approach to a portfolio view of risk, and an overview of the ERM implementation process. It also provides sample risk appetite statements, diagrams of the ERM framework and integration with strategic planning, and discusses the value of taking an ERM approach.
Integrating The Output From Risk Workshops Into The Business Planning ProcessEneni Oduwole
This document discusses integrating risk management outputs into the business planning process. It outlines how a bank can use its risk register and risk assessments to help guide strategic planning and focus on key risk areas. By considering risks, a bank can develop better customer service policies, identify new business opportunities and risks, and ensure strategic decisions are robust. Failure to incorporate risk management can lead to unrealistic growth projections and an inability to create sustainable competitive advantages. The document advocates for risk management to become a core part of a company's strategic planning and decision making.
The document provides an overview of regulatory requirements and the Supervisory Review and Evaluation Process (SREP). It discusses key elements that supervisors will assess including business models, internal governance, risks to capital and liquidity, and institutions' Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP). The SREP involves scoring institutions on a scale of 1 to 4 based on these elements. ICAAP and ILAAP are important inputs to the assessment of risks to capital and liquidity. The document outlines expectations for ICAAP and ILAAP including governance, design, integration with business strategy, risks considered, and stress testing.
160513 Study Sourcing in risk and compliance functionsDr. Marc D. Grüter
This document summarizes insights from a benchmark study on sourcing risk and compliance functions in international financial institutions. Key findings include:
1) Sourcing risk and compliance functions can improve effectiveness and efficiency while reducing costs by up to 30%. It allows banks to focus on differentiators and quickly adapt to regulatory changes.
2) Most banks implement a nearshoring model, with hubs in locations like India and Eastern Europe. Examples of successfully sourced functions include risk modeling and standardized transaction decisions.
3) Success requires a strong business case, transparency on current functions, and ensuring additional risks are managed within risk appetite. Detailed planning is also important to realize benefits while mitigating execution risks.
This document discusses how organizations can better integrate strategy and risk management. It argues that while risk management has received increased focus due to regulation, strategic risk remains the primary cause of shareholder value destruction. Strategic risk is often not properly addressed because the risk agenda is driven by regulators rather than business needs. The document suggests that risk management should be integrated into all stages of strategic planning and management, and that separate risk and strategy functions are needed to balance risk mitigation with maximizing opportunity. Effective strategic risk management can help organizations anticipate threats to strategy implementation and turn some risks into strategic opportunities.
How does Operational Risk Management fit into an organization's Strategic Planning? This presentation attempts to provide a functional and implementable response.
This document summarizes a presentation given by Christopher Mandel of Sedgwick on leveraging ISO 31000 for enterprise risk management success. The presentation discusses how ISO 31000 aligns with ERM priorities such as addressing all risks and breaking down silos. It presents models for risk management capability evolution and the consistency that standards provide. Strategic risk management is discussed as a core competency for high performing ERM. Components of best-in-class risk management include strategic decision making, risk knowledge, governance, and accountability. Overall the presentation argues that ISO 31000 can facilitate ERM success by providing a standardized framework that can be customized to organizational needs and embedded into decision making and culture.
This document provides guidance for banks on measuring compliance with BCBS 239, a regulation aimed at improving risk data aggregation and reporting. It outlines three key challenges banks face in implementing BCBS 239: lack of quality data and infrastructure; increasing reporting demands; and measuring compliance with principles-based regulations. It then discusses Deloitte's proposed approach to identifying metrics and thresholds to measure compliance. Specifically, it provides examples of potential metrics for Principles 1 (data architecture and IT infrastructure) and 2 (data accuracy and integrity).
The document outlines an enterprise risk management (ERM) implementation approach for an organization. It includes an agenda for ERM training that covers foundational concepts, moving from a risk-by-risk approach to a portfolio view of risk, and an overview of the ERM implementation process. It also provides sample risk appetite statements, diagrams of the ERM framework and integration with strategic planning, and discusses the value of taking an ERM approach.
Integrating The Output From Risk Workshops Into The Business Planning ProcessEneni Oduwole
This document discusses integrating risk management outputs into the business planning process. It outlines how a bank can use its risk register and risk assessments to help guide strategic planning and focus on key risk areas. By considering risks, a bank can develop better customer service policies, identify new business opportunities and risks, and ensure strategic decisions are robust. Failure to incorporate risk management can lead to unrealistic growth projections and an inability to create sustainable competitive advantages. The document advocates for risk management to become a core part of a company's strategic planning and decision making.
The document provides an overview of regulatory requirements and the Supervisory Review and Evaluation Process (SREP). It discusses key elements that supervisors will assess including business models, internal governance, risks to capital and liquidity, and institutions' Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP). The SREP involves scoring institutions on a scale of 1 to 4 based on these elements. ICAAP and ILAAP are important inputs to the assessment of risks to capital and liquidity. The document outlines expectations for ICAAP and ILAAP including governance, design, integration with business strategy, risks considered, and stress testing.
160513 Study Sourcing in risk and compliance functionsDr. Marc D. Grüter
This document summarizes insights from a benchmark study on sourcing risk and compliance functions in international financial institutions. Key findings include:
1) Sourcing risk and compliance functions can improve effectiveness and efficiency while reducing costs by up to 30%. It allows banks to focus on differentiators and quickly adapt to regulatory changes.
2) Most banks implement a nearshoring model, with hubs in locations like India and Eastern Europe. Examples of successfully sourced functions include risk modeling and standardized transaction decisions.
3) Success requires a strong business case, transparency on current functions, and ensuring additional risks are managed within risk appetite. Detailed planning is also important to realize benefits while mitigating execution risks.
This document discusses how organizations can better integrate strategy and risk management. It argues that while risk management has received increased focus due to regulation, strategic risk remains the primary cause of shareholder value destruction. Strategic risk is often not properly addressed because the risk agenda is driven by regulators rather than business needs. The document suggests that risk management should be integrated into all stages of strategic planning and management, and that separate risk and strategy functions are needed to balance risk mitigation with maximizing opportunity. Effective strategic risk management can help organizations anticipate threats to strategy implementation and turn some risks into strategic opportunities.
The document discusses leveraging enterprise risk management (ERM) and the Own Risk and Solvency Assessment (ORSA) process for strategic value. It notes that ERM can help reduce uncertainty, understand opportunities, and support integrated strategy and risk discipline. The maturity of an organization's ERM capabilities is presented as a journey, with more mature organizations better integrating ERM into strategic decision making. The ultimate value of ERM is linking it to capital planning, decision support, and transparency through the ORSA process.
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
Embedding RCSA into Strategic Planning and Business Strategy
This presentation was prepared for the New Generation Operational Risk: Risk Culture and Business Conduct Behaviour conference in Helsinki, Finland.
In this presentation, Ascendore CEO, Andrew Smart outlines how to integrate Risk & Control Self Assessment into the Strategic Planning and Business Strategy.
Based on the Risk-Based Performance Management approach, during this presentation an integrated approach to strategy and risk management is outlined, with risk appetite playing a central role.
Integrating Strategy and Risk ManagementAndrew Smart
"A Holistic Approach to Managing Risk amidst Global Uncertainty"
The RMA/Cass Business School
10–14 February 2013
Advanced Risk Management Programme
Organised by Andrew Smart & Nicholas Hawke
In today’s fast-moving, complex environment, risk executives must cultivate an understanding across all risks and businesses. Business problems are multifaceted, interrelated, and increasingly global. Executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective.
The RMA/Cass Advanced Risk Management Programme, led by the faculty at Cass, one of the UK’s top business schools, exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research, instilling knowledge and skills applicable to the real world of global business. In addition to its focus on the known and quantifiable risks of credit, market, and operational, the programme concentrates on the unknowable and difficult to measure risks, including business, strategic, and reputation. Cass has excellent links to the City of London firms and institutions and is able to complement Cass faculty with guest faculty and senior level business practitioners, considered by their peers to be industry thought leaders
Areas of focus for The RMA/Cass Advanced Risk Management Programme include:
• Risk management as a strategic competitive strength
• An integrated approach to risk management
• Fostering a culture and climate that openly communicates risk
• A framework for rapidly responding to known risks and unraveling the complexities of the unknown
• A focus on risk informed by global perspectives.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941Dr. Marc D. Grüter
The document discusses five practices that leading operational risk management programs at banks employ to more effectively manage operational risk. These include: 1) setting clear strategic objectives and priorities for operational risk that are aligned with business goals; 2) efficiently managing mature operational risks to free up resources for emerging risks; 3) having a strong function for identifying and tracking emerging risks; 4) clearly defining the roles and responsibilities of each line of defense; and 5) revising incentives to reinforce desired risk management behaviors. Banks that master these five practices are better equipped to anticipate and mitigate risks in a changing environment.
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right
Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value.
Speakers:
Bob Tizio, GRC Officer-Americas, SAP America Inc.
Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP
Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com
Track: Finance Technology | Session: 5
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Compliance Consultant
Conduct Risk is sweeping the financial services world and catching many risk manager out as there is still a lack of understanding.
Risk management need to determine the corporate risk philosophy and appetite. To assess or understand the risk philosophy, try to comprehend the organisation's culture, values and environment. The way business operations are conducted on a daily basis and the organisation’s strategy are typically good indicators where you can find the company risk philosophy. Assess whether business has an aggressive, innovative, typical or conservative attitude towards risks for achieving business goals.
Risk appetite is simply the amount of risk which the organisation is willing to take to undertake business activities and achieve the business objectives, where Conduct Risk is concerned this has to include good customer outcomes. A simple question to ask the board of members could be “What amount of reported mismanagement or public uproar would make you uncomfortable if it appeared in the business newspapers?”
Consolidate the various risk exposures from the risk department's identified risks and present them to the board. Finally, assess whether the company’s internal perception and rhetoric on risk philosophy and appetite are consistent with the board and other stakeholder's viewpoints. Realign the two where required to prepare the annual strategy.
The key proposition of Enterprise Risk Management is value creation and or enhancement which ultimately delivers sustainable comparative advantage exemplified by organizational excellence. This presentation highlights key components of both management concepts and points of congruence.
This document discusses enterprise risk management (ERM). It defines ERM as the process of planning, organizing, leading, and controlling organizational activities to minimize the effects of risk on capital and earnings. ERM includes financial, strategic, operational risks as well as accidental losses. The document outlines the importance of ERM, noting that it allows organizations to increase risk-taking capabilities to pursue opportunities while managing risks. It also discusses how ERM standardizes risk management procedures across projects. Finally, it provides an overview of the key steps in the ERM process, including establishing an ERM structure, assigning responsibilities, creating an enterprise risk map, decision-making through risk reporting, and shifting organizational culture to a more enterprise-wide view of
Managing Information Risk in Financial Services Andrew Smart
Managing Information Risk in Financial Services Webinar Feb 26th 2014
presented by Colin Lobley
http://manigent.com/uk.linkedin.com/pub/colin-lobley/2/7/563
Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management.
Having trouble with your enterprise risk management strategy? Map it.Andrew Smart
In 2016, it was estimated that 67% of well-formulated strategies failed due to poor execution and 1 in 3 business leaders rate their firm as poor or very poor at the implementation of strategy.
Like business strategy, the risk management strategy presents execution challenges for the CRO and Risk Management teams.
Paraphrasing the original article that introduced the Strategy Map, in the presentation, Ascendore CEO outlines how the Strategy Map can be used as part of an overall strategy management system to improve the execution of the risk management strategy. This presentation is based on an Ascendore customers use of the Strategy Map for Operational Risk Management.
This document provides a strategic risk management plan for Marriott Sprowston Manor Hotel. It identifies key risks facing the hotel, including financial risks from economic conditions, strategic risks from increased competition and reputation risks, and operational risks from technology issues and increasing costs. The plan develops an enterprise risk management framework using objectives, key concepts, and a process for implementation. It assigns roles and responsibilities and provides risk mitigation actions and a business continuity plan to manage risks and ensure the continuity of hotel operations.
The Strategy Network is an open network for strategy professionals that meets three times per year for knowledge sharing. More than 40 top South African companies have joined with no fees required. Attendance confirmation is sufficient. The document then provides details on strategic risk management processes including identifying risks to strategic objectives, assessing existing controls, determining risk ratings, and identifying treatments. It gives an example of linking a strategic objective to secure new business with potential related risks and controls.
CFO Risk Intelligence - Harvey ChristophersAzure Group
The document discusses the evolving role of the CFO from financial risk manager to strategic leader in enterprise-wide risk management. It outlines 6 key focus areas for CFOs to play a role in building a risk intelligent organization: 1) Prepare for expected and unexpected risks, 2) Recognize strategy is not fixed and engage in strategic risk conversations, 3) Distinguish vital few risks from trivial many, 4) Determine risk appetite, 5) Manage reputational risks, and 6) Conduct compliance stress tests for operating globally. The CFO's role is important for oversight, risk reporting, and ensuring risks are managed effectively across the organization.
One of our primary goals has been to improve risk management in the financial services sector through enterprise risk management (ERM) education and training. In order to advance this important goal, Global Risk Institute is launching a comprehensive ERM Roadmap program initiative to contribute to this important ERM practice area.
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB
This document discusses integrating quality, environmental, and occupational health and safety management systems using ISO 31000 risk management principles and a minimal documentation approach. It outlines the ISO 31000 risk management framework, including establishing the context, identifying risks, analyzing them, evaluating risks, treating risks, and monitoring and reviewing the framework. It provides examples of applying this framework to processes in quality, health and safety, and security. The presentation emphasizes creating a simple, integrated risk management system that is easy to implement, communicate, follow and improve on.
Radius is a global advisory firm that provides services across many industries and business sectors. They have a broad range of expertise developed from working with clients on critical issues. Their team of consultants can assemble project teams with deep knowledge of specific client industries. Radius aims to offer customized solutions and strategies tailored to each client's needs. They have experience in areas like management consulting, due diligence, risk management, IT services, strategic planning, and more. Radius works to deliver measurable benefits to clients by developing and implementing processes and programs to improve their operations.
Considerations for an Effective Internal Model Method Implementationaccenture
In this Accenture Finance & Risk presentation we discuss an approach banks can use to develop, manage, and monitor a robust and effective Internal Model Method program. Learn more about the Accenture Finance & Risk Practice: bit.ly/2j2JD6X
The document discusses leveraging enterprise risk management (ERM) and the Own Risk and Solvency Assessment (ORSA) process for strategic value. It notes that ERM can help reduce uncertainty, understand opportunities, and support integrated strategy and risk discipline. The maturity of an organization's ERM capabilities is presented as a journey, with more mature organizations better integrating ERM into strategic decision making. The ultimate value of ERM is linking it to capital planning, decision support, and transparency through the ORSA process.
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
Embedding RCSA into Strategic Planning and Business Strategy
This presentation was prepared for the New Generation Operational Risk: Risk Culture and Business Conduct Behaviour conference in Helsinki, Finland.
In this presentation, Ascendore CEO, Andrew Smart outlines how to integrate Risk & Control Self Assessment into the Strategic Planning and Business Strategy.
Based on the Risk-Based Performance Management approach, during this presentation an integrated approach to strategy and risk management is outlined, with risk appetite playing a central role.
Integrating Strategy and Risk ManagementAndrew Smart
"A Holistic Approach to Managing Risk amidst Global Uncertainty"
The RMA/Cass Business School
10–14 February 2013
Advanced Risk Management Programme
Organised by Andrew Smart & Nicholas Hawke
In today’s fast-moving, complex environment, risk executives must cultivate an understanding across all risks and businesses. Business problems are multifaceted, interrelated, and increasingly global. Executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective.
The RMA/Cass Advanced Risk Management Programme, led by the faculty at Cass, one of the UK’s top business schools, exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research, instilling knowledge and skills applicable to the real world of global business. In addition to its focus on the known and quantifiable risks of credit, market, and operational, the programme concentrates on the unknowable and difficult to measure risks, including business, strategic, and reputation. Cass has excellent links to the City of London firms and institutions and is able to complement Cass faculty with guest faculty and senior level business practitioners, considered by their peers to be industry thought leaders
Areas of focus for The RMA/Cass Advanced Risk Management Programme include:
• Risk management as a strategic competitive strength
• An integrated approach to risk management
• Fostering a culture and climate that openly communicates risk
• A framework for rapidly responding to known risks and unraveling the complexities of the unknown
• A focus on risk informed by global perspectives.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
BCG-Five-Practices-of-Operational-Risk-Leaders-Oct-2016_tcm80-214941Dr. Marc D. Grüter
The document discusses five practices that leading operational risk management programs at banks employ to more effectively manage operational risk. These include: 1) setting clear strategic objectives and priorities for operational risk that are aligned with business goals; 2) efficiently managing mature operational risks to free up resources for emerging risks; 3) having a strong function for identifying and tracking emerging risks; 4) clearly defining the roles and responsibilities of each line of defense; and 5) revising incentives to reinforce desired risk management behaviors. Banks that master these five practices are better equipped to anticipate and mitigate risks in a changing environment.
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right
Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value.
Speakers:
Bob Tizio, GRC Officer-Americas, SAP America Inc.
Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP
Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com
Track: Finance Technology | Session: 5
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Compliance Consultant
Conduct Risk is sweeping the financial services world and catching many risk manager out as there is still a lack of understanding.
Risk management need to determine the corporate risk philosophy and appetite. To assess or understand the risk philosophy, try to comprehend the organisation's culture, values and environment. The way business operations are conducted on a daily basis and the organisation’s strategy are typically good indicators where you can find the company risk philosophy. Assess whether business has an aggressive, innovative, typical or conservative attitude towards risks for achieving business goals.
Risk appetite is simply the amount of risk which the organisation is willing to take to undertake business activities and achieve the business objectives, where Conduct Risk is concerned this has to include good customer outcomes. A simple question to ask the board of members could be “What amount of reported mismanagement or public uproar would make you uncomfortable if it appeared in the business newspapers?”
Consolidate the various risk exposures from the risk department's identified risks and present them to the board. Finally, assess whether the company’s internal perception and rhetoric on risk philosophy and appetite are consistent with the board and other stakeholder's viewpoints. Realign the two where required to prepare the annual strategy.
The key proposition of Enterprise Risk Management is value creation and or enhancement which ultimately delivers sustainable comparative advantage exemplified by organizational excellence. This presentation highlights key components of both management concepts and points of congruence.
This document discusses enterprise risk management (ERM). It defines ERM as the process of planning, organizing, leading, and controlling organizational activities to minimize the effects of risk on capital and earnings. ERM includes financial, strategic, operational risks as well as accidental losses. The document outlines the importance of ERM, noting that it allows organizations to increase risk-taking capabilities to pursue opportunities while managing risks. It also discusses how ERM standardizes risk management procedures across projects. Finally, it provides an overview of the key steps in the ERM process, including establishing an ERM structure, assigning responsibilities, creating an enterprise risk map, decision-making through risk reporting, and shifting organizational culture to a more enterprise-wide view of
Managing Information Risk in Financial Services Andrew Smart
Managing Information Risk in Financial Services Webinar Feb 26th 2014
presented by Colin Lobley
http://manigent.com/uk.linkedin.com/pub/colin-lobley/2/7/563
Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management.
Having trouble with your enterprise risk management strategy? Map it.Andrew Smart
In 2016, it was estimated that 67% of well-formulated strategies failed due to poor execution and 1 in 3 business leaders rate their firm as poor or very poor at the implementation of strategy.
Like business strategy, the risk management strategy presents execution challenges for the CRO and Risk Management teams.
Paraphrasing the original article that introduced the Strategy Map, in the presentation, Ascendore CEO outlines how the Strategy Map can be used as part of an overall strategy management system to improve the execution of the risk management strategy. This presentation is based on an Ascendore customers use of the Strategy Map for Operational Risk Management.
This document provides a strategic risk management plan for Marriott Sprowston Manor Hotel. It identifies key risks facing the hotel, including financial risks from economic conditions, strategic risks from increased competition and reputation risks, and operational risks from technology issues and increasing costs. The plan develops an enterprise risk management framework using objectives, key concepts, and a process for implementation. It assigns roles and responsibilities and provides risk mitigation actions and a business continuity plan to manage risks and ensure the continuity of hotel operations.
The Strategy Network is an open network for strategy professionals that meets three times per year for knowledge sharing. More than 40 top South African companies have joined with no fees required. Attendance confirmation is sufficient. The document then provides details on strategic risk management processes including identifying risks to strategic objectives, assessing existing controls, determining risk ratings, and identifying treatments. It gives an example of linking a strategic objective to secure new business with potential related risks and controls.
CFO Risk Intelligence - Harvey ChristophersAzure Group
The document discusses the evolving role of the CFO from financial risk manager to strategic leader in enterprise-wide risk management. It outlines 6 key focus areas for CFOs to play a role in building a risk intelligent organization: 1) Prepare for expected and unexpected risks, 2) Recognize strategy is not fixed and engage in strategic risk conversations, 3) Distinguish vital few risks from trivial many, 4) Determine risk appetite, 5) Manage reputational risks, and 6) Conduct compliance stress tests for operating globally. The CFO's role is important for oversight, risk reporting, and ensuring risks are managed effectively across the organization.
One of our primary goals has been to improve risk management in the financial services sector through enterprise risk management (ERM) education and training. In order to advance this important goal, Global Risk Institute is launching a comprehensive ERM Roadmap program initiative to contribute to this important ERM practice area.
PECB Webinar: An Integrated QMS EMS OHSAS System Using ISO 31000PECB
This document discusses integrating quality, environmental, and occupational health and safety management systems using ISO 31000 risk management principles and a minimal documentation approach. It outlines the ISO 31000 risk management framework, including establishing the context, identifying risks, analyzing them, evaluating risks, treating risks, and monitoring and reviewing the framework. It provides examples of applying this framework to processes in quality, health and safety, and security. The presentation emphasizes creating a simple, integrated risk management system that is easy to implement, communicate, follow and improve on.
Radius is a global advisory firm that provides services across many industries and business sectors. They have a broad range of expertise developed from working with clients on critical issues. Their team of consultants can assemble project teams with deep knowledge of specific client industries. Radius aims to offer customized solutions and strategies tailored to each client's needs. They have experience in areas like management consulting, due diligence, risk management, IT services, strategic planning, and more. Radius works to deliver measurable benefits to clients by developing and implementing processes and programs to improve their operations.
Considerations for an Effective Internal Model Method Implementationaccenture
In this Accenture Finance & Risk presentation we discuss an approach banks can use to develop, manage, and monitor a robust and effective Internal Model Method program. Learn more about the Accenture Finance & Risk Practice: bit.ly/2j2JD6X
This document discusses Aerice Risk Management and the comprehensive risk framework they provide for businesses. It outlines typical issues financial institutions face with risk management like increased regulation and constraints. Aerice offers solutions across key risk areas like credit, market, and operational risk. Their approach follows best practices and reviews all aspects of a company's risk portfolio, people, processes, and systems.
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystemaccenture
Converging and rapidly evolving industry trends are creating a new wealth management environment demanding Wealth Managers redefine supervisory governance to best support the firm’s growth strategies while balancing strong risk management. In this new Accenture Finance & Risk presentation we explore the evolving wealth management trends and challenges and outline four key business supervision design questions to support sustainable, long-term growth.
Developing End State Vision
Advice and Planning Strategy
Driving a Business Architecture
Provisioning a Portfolio of Projects
eGRC Operation Control
Minimizing Financial Risk
Aggregating Financial Risk
Managing Mainframe Entitlements
Implementing Data Governance
Understanding Data Lineage
Defining Global Customer Strategy
The document proposes a 360 Degree Risk Management Model to help organizations holistically manage risks. The model comprises people, processes, tools, and governance to 1) identify risks early, 2) mitigate negative risks, and 3) leverage learnings from risks to enhance competencies. Key aspects of the model include a corporate risk database, risk analytics dashboards, and knowledge sharing programs. The document argues the model can help organizations gain competitive advantages and improve outcomes by taking a more holistic view of risks.
The document discusses the challenges financial institutions face in an uncertain economic environment, termed the "New Normal". It emphasizes the importance of embedding risk management in decision making, using a common platform for risk, finance, and regulatory reporting. It also stresses the need to identify and manage various risks, from liquidity and credit to operational and compliance. Finally, it proposes that financial institutions undergo an "analytical transformation" through investments in a unified data model, infrastructure, and applications to achieve a holistic view of risk across the organization.
ThinkGRC justifying the transition to an Enterprise Risk Management (ERM) modelThinkGRC
Justifying the transition to an Enterprise Risk Management (ERM) Model for Senior Management. This presentation will help Risk Managers present the concept, justification and benefits of moving to a consolidated ERM model and an organizational approach.
[Project] FRAMEWORK FOR SUPPORTING “BUSINESS PROCESS REENGINEERING “-BASED BU...Biswadeep Ghosh Hazra
A short presentation on Business Process Re-engineering Based Models. It consists of Strategic, Project Management, Information Technology, Top Management and Cultural Factors. There are various models/frameworks and indicators like- Porters 5 Forces Model, 4 CSFs for BPR Implementation, From-to analysis, Financial Indicators.
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadAlexei Sidorenko, CRMP
Risk appetite refers to an individual or organization’s willingness to take on risks in pursuit of potential returns. It is an important consideration for businesses, as it can determine the types of investments and strategic decisions they make. A high risk appetite may lead to a focus on high-growth, speculative investments, while a low risk appetite may result in a preference for more conservative, steady returns. It is important for businesses to carefully assess and manage their risk appetite in order to make informed decisions and achieve their financial goals.
But before beginning the conversation about risk appetite, it is important to remember that most non financial organizations have already documented their appetites for different common decisions or business activities. Segregation of duties, financing and deal limits, vendor selection criteria, credit limits, treasury limits on banks, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organizations set risk appetite.
What is risk appetite:
10% of the time risk appetite is imposed by laws and regulations, not set – Often risk appetite is imposed by government, regulators, markets, not set by management. Examples include zero-tolerances or limits on safety, bribery and corruption, AML, pollution, sanctions, privacy.
10% of the time risk appetite is the gentlemen’s agreement between Board and management – Boards have an important oversight role and help them set the direction and boundaries for management decision making. Those management decision making boundaries is risk appetite. Examples include deal approvals only by Board above a certain limit, limits on holding percentage of cash in certain pre-approved banks, market risk limits, credit risk limits, insurance thresholds, rules on credit limits for certain types of customers, limits on investments in different countries, etc.
80% of the time risk appetite is the risk reward trade-off for a specific decision – The key is making uncertainty around decisions presented to the Board transparent to allow decision makers choose the alternative which offers the most appropriate risk reward balance according to their individual appetites.
Download the full guide to read about documenting risk appetite, reviewing risk appetite, case studies and examples and addition video resources: Guide to risk appetite 2023
Turnarounds in the NHS: Why it pays to think differentlyTTCLLP
Turnarounds in the NHS are difficult. Here are 5 practical ways to improve your chances of success from a turnaround practitioner that works in both the public and private sectors.
CH&Cie - Fundamental Review of the Trading BookC Louiza
The document discusses concerns that led to the Fundamental Review of the Trading Book (FRTB). It summarizes that pre-FRTB there was unclear classification between banking and trading books allowing regulatory capital arbitrage. Risk measures also failed to fully capture risks like procyclicality, model risk for complex products, and comprehensive risks. The FRTB aims to address these issues with changes like standardized approaches, constraints on modeling, and convergence of prudential and accounting rules. It signals a strategic shift towards limiting internal modeling and preventing methodology arbitrage.
The document summarizes an internal auditor's workshop on using audits as a risk management tool. It includes the following:
- An overview of the risk management process including identifying risks, assessing and measuring risks, responding to risks, designing and testing controls, and continuously improving risk management.
- The three lines of defense in risk management - operational management owns risk management as the first line, risk management and compliance functions provide oversight as the second line, and internal audit provides independent assurance as the third line.
- Key aspects of the risk management process including governance, people, processes, and technology as well as identifying risks, assessing risks, developing risk response strategies, and monitoring risks.
This document provides a summary of an executive's experience and qualifications. Over 15 years, the executive has held leadership roles such as Executive Director, COO, Vice President, and Program Manager for international companies. The executive has a proven track record of delivering strong profit growth and turning around underperforming business units. Specific achievements include implementing systems that increased revenue by over $3 million annually and negotiated outsourcing agreements resulting in $0.7 million in annual efficiencies.
A good risk appetite implementation process leverages existing practices, represents the aggregate view of risk across all lines of business and risk categories, and creates a dynamic structure that allows for internal and external changes in risk. Learn more about the 10 aspects of a robust and evolving risk appetite framework in this excerpt from the Credit Risk Management Audio Conference Series.
Accenture Capital Markets- serving many masters - Top 10 Challenges 2013Karl Meekings
Regulators in multiple jurisdictions have implemented varying regulations in response to the 2009 financial crisis, creating challenges for investment banks operating in multiple countries. The regulations differ between countries in areas like capital requirements, derivatives trading, and separating retail and investment banking. This complex global regulatory landscape, coupled with reshuffling of financial supervisors, requires investment banks to build new relationships and change structures. To effectively manage these regulatory changes, banks must take a holistic view of regulations globally, understand the cumulative impacts, integrate stress testing into decision making, appoint a high-level executive to lead compliance, and automate regulatory processes.
From Analytical Actuarial to Fintech by CF Yam at HKU on 10 March 2016CF Yam
The document discusses the transition from traditional analytical actuarial processes to modern dynamic risk management in the era of fintech. It notes that analytical approaches are no longer sufficient due to factors like increased volatility, complex products, and new regulations. Modern risk management requires more sophisticated modeling of risks like insurance, market, credit, liquidity and operational risks. The rise of fintech is disrupting financial services and creating new opportunities for risk management professionals to develop specialized skills and take on expanded roles. Actuaries are well-positioned to succeed in risk management with skills in data analytics, modeling, and understanding different risk types.
Similar to Risk management is changing_Final LR (20)
2. 01 The call to action 01
02 New world. New CRO. 02
03 The risk function must operate differently 04
04 The ART of risk management 06
05 Path to the new risk organization 07
06 Assess: establish risk ambitions 09
07 Rationalize: prioritize risk capability objectives 11
08 Transform: optimize approach to deliver target state 13
09 How EY can help 16
09 Contacts 16
3. The call to action
01
“It is time for transformational change and there
are difficult choices to be made. Banks that dare
will win.”
Risk management cannot operate as it is. Radical changes are needed to
ensure efficiency and reduce costs.
The new environment will
make it even more difficult for
risk management
Banks face a challenging environment
characterized by:
•• Increased pace of new regulations
•• Increased scrutiny from regulators
on risk management operations
and practices
•• Relentless cost pressure on risk
infrastructure, risk functions and
risk processing
•• Higher expectations from the board,
top management and the business
to improve risk management
effectiveness and demonstrate value
add to the business
Current bank operating models are not
sustainable in this environment. It is time
for transformational change and there are
difficult choices to be made. Banks that
dare will win.
What is risk transformation?
Risk transformation is the process
of ensuring risk functions are able
to manage risk more efficiently and
effectively. These programs are
aligned with the strategic objectives of
the firm and other business functions
to achieve standards above basic
regulatory compliance.
The case for change
Banks have no choice but to react.
Regulators are demanding a strategy and
roadmap to ensure changes are delivered.
Banks need to minimize the cost of
compliance and significantly improve
the operational effectiveness of their
risk organizations. There are a number
of gaps to bridge and transformational
programs to trigger, in order to develop
the right governance, risk capabilities
and supporting infrastructure. The
shape and delivery of change should cut
across all lines of business as well as risk,
compliance, finance and technology.
First and foremost, banks need to identify
a “risk owner” to drive transformational
change, sponsor risk change and align
efforts across risk, finance, treasury and
the wider business.
Risk management has not
met expectations
Banks have made considerable
investments in risk management since
the financial crisis. However, there is
little evidence to suggest that material
improvements have been achieved.
Further efforts are required to ensure the
effectiveness of risk management and
decision-making processes across the
banking industry.
In order to demonstrate progress to
regulators and engineer a positive
outcome, banks need to address issues
such as:
•• Poor quality of risk information
•• High-cost operations
•• Inability to quickly predict crisis
situations and large exposures
•• Insufficient focus on operational risk-related
issues
•• Inability to measure and
monitor the effectiveness of risk
control environments
•• Fragmented risk management
capabilities across divisions
and regions
Risk management is changing. Act now. 1
4. Conclusion
y
New world. New CRO.
02
As the move beyond universal banking becomes inevitable, the most obvious
owner of the risk transformation agenda is the chief risk officer (CRO).
But implementing the new risk organization places fresh demands on the
CRO’s role.
CRO Pillars of Success
Strategic
Focus on direction setting and
optimizing bank-wide risk profile.
•• Establish the efficiency frontier
(optimize risk vs. P&L profiles)
and help direct business decisions
on products, clients and markets
•• Set risk appetite, thresholds
and limits in line with
strategic objectives
•• Establish end-to-end risk
management practices and
standards to ensure alignment of
risk exposures and strategy
An authority on design
Define end-to-end control standards
across the risk management
operating model.
•• Set people, process, technology
and data standards for the overall
risk management operating and
control model
•• Promote and embed the right risk
culture — with embedded controls
and measures
•• Align with industry practices and
evolving regulatory landscape
(stay ahead of the game and
futureproof target state designs)
•• Prioritize risk capabilities —
direct investment into the
right components of the “risk
capability model” in line with
strategic ambitions
Challenger to process
Assess the effectiveness of front-to-
back control framework and core
risk activities.
•• Direct involvement in new
business, products and
counterparties
•• Measure and monitor the
effectiveness of the overall
control environment against
agreed standards
•• Help resolve big risks and
identified issues
2 Risk management is changing. Act now.
5. Cost conscious
Develop risk utilities and change
capabilities that reduce the spending
on people, technology and data.
•• Identify opportunities to contain
or reduce costs
•• Contribute to bank-wide operating
cost goals
•• Deliver more capability for
less and demonstrate value to
the business
•• Benchmark the spend
against peers
Engaged with regulators
Maintain positive interaction with
regulators to promote understanding
and collaboration.
•• Align risk ambitions to
regulatory imperatives
•• Direct regulatory change agendas
and priorities
•• Engage the regulators throughout
the journey to the new risk
organization — influence outcomes
Risk management is changing. Act now. 3
6. The risk function must operate differently
Conclusion
y
03
Better risk management means better collaboration.
Collaboration between the
“C-suite” is required to
ensure better connectivity
of information
The CRO must collaborate more with the
chief financial officer (CFO) and the wider
business to establish clear ownership of
risk management.
Risk, finance and compliance control
need to be better connected and
integrated to deal with the vast array
of regulatory change and develop a
competitive advantage.
The right information must be accessible
by the right people at the right time to
provide optimal access, provisioning
and granularity. Risk culture must also
be embedded into day-to-day business
processes and controls.
Upgrade skill sets from
control to management
•• Roles and accountabilities among the
three lines of defense1 must be clearly
defined by the CRO.
•• The CRO determines standards and
then assesses the gap between existing
controls and agreed standards.
•• Effective risk governance ensures
that the risk function contributes
to overall bank strategy and group-wide
transformation.
•• Day-to-day risk activities should
migrate from data production
and processing, to design and
management oversight.
IT and data infrastructure
must be strengthened
•• Standards and service level
agreements between data owners and
consumers must be formalized across
critical platforms and processes.
•• Technology strategy should support
global risk needs and should be
aligned with risk change priorities.
•• Technology and data infrastructure
should support the aggregation and
reporting of risk data in both business-as-
usual and stressed conditions.
•• Risk utilities should facilitate cost
efficiency and the optimization of IT
and data infrastructure.
•• A robust data governance framework
across the data life-cycle should be
developed alongside the chief data
officer (CDO) function.
Risk leadership must be
innovative and adaptable
•• Offensive — lead design and
development of risk strategy and
capability objectives to maximize
return on scarce resources
•• Defensive — challenge controls and
activities across all lines of defense
•• Compliant — understand the evolving
regulatory environment and optimize
the operating model and the spend
CEO/COO/LOB*
Business
strategy
CFO
Optimization,
cost, capital
4
1
2
3
CRO
Risk management
Key interactions
•• Alignment with strategy, risk
appetite, revenues and risk
•• Standards and change priorities
•• Planning
•• Required capital from the risk
position
•• Liquidity buffers
•• Standards and change priorities
•• Risk culture
•• Control and change priorities
•• P&L and Balance Sheet
management
•• Financial planning
*Lines of business
1
2
3
4
1 The Institute of Internal Auditors January 2013 paper: The Three Lines of Defense in Effective Risk Management and Control: Is Your Organization
Positioned for Success?
4 Risk management is changing. Act now.
8. The ART of risk management
Conclusion
y
04
There is an ART (assess, rationalize and transform) to risk management and
transformation.
Implementing risk transformation
programs will be an ongoing process
and will be technology intensive with a
significant commitment of resources
and senior management time. Without
consensus on target risk and compliance
capabilities and the right level of
coordinated sponsorship, such change will
not be delivered successfully.
Successfully managing
complex change
The stakes are high, but rewards can
be increased and risks mitigated by
combining top-down risk strategy from
the board, with robust governance of
change capabilities (bottom-up) across
the organization. Banks that set clear risk
maturity ambitions and risk capability
objectives can achieve compliance and
generate business benefits.
The ART to risk transformation provides
a structured approach that links strategy
to execution, and outlines clear delivery
road maps to deal with the complex
and fragmented technology and
data landscapes.
Assess Rationalize Transform
Assess the current state of your
risk operations against peers and
best practices
Define your target risk capabilities
Prioritize your core risk capabilities
Present the different operating model
options and articulate the trade-offs
Define target model
Change behavior and risk culture
Embed risk across the organization
Improve risk management process
effectiveness
outcomes outcomes outcomes
Capabilities and vision
Prioritized risk capabilities
Change management and
deployment
Operational effectiveness Optimal risk operations
Cost efficiency Roadmap and planning
Risk operations improvement
Embedding/enablement
6 Risk management is changing. Act now.
9. Path to the new risk organization
05
The magnitude of risk change required will demand a clear path to an agreed-upon
target state with a transparent release of benefits along the way.
Assess: establish risk ambitions
•• Determine baseline efficiency
and effectiveness across the risk
management framework
•• Benchmark against risk maturity
models to understand what
competitors are doing
•• Identify priorities and opportunities
across all components of the
operating model
•• Set strategic direction and guiding
principles — objectives, investment
appetite and design principles
•• Develop robust business cases for
change with clear ownership
•• Set out the strategic principles
for the transformation of the risk
function and ensure alignment
with organization-wide change
objectives
•• A risk assessment of core
capabilities and ambitions could
leverage EY’s risk management
framework based on six key
dimensions (see diagram).
EY risk management framework
2
Governance &
culture
6
Process &
controls
5
Risk
Risk appetite,
strategy & goals
transparency
4
3
People &
organization
Data systems &
infrastructure
1
Rationalize: prioritize risk capability objectives
•• Prioritize capabilities in line with
risk maturity ambitions
•• Chart a transformational path
to deliver against target risk-capability
objectives
(see below chart)
Option 3: Embedding risk
(business steering)
Risk capability
index
(RCI) = 40%
•• Enable measurable progress
against a risk maturity index
•• Build on compliance foundation
to realize strategic and
operational benefits
Option 2: Comprehensive
(operational effectiveness)
RCI = 60 %
RCI - 70%
RCI = 82%
100
75
50
25
0
RCI = 68%
RCI = 59%
Option 1: Developing
(achieving compliance)
Current Y + 1 Y + 2 Y + 5
Capability coverage %
Years
*Data based on EY analysis 2014
Risk management is changing. Act now. 7
10. Conclusion
y
Transform: optimize approach to deliver
target state
•• Architect change to maximize
efficiency and competitive advantage
•• Identify change owners and entrust
them with robust delivery, governance
and oversight
•• Adopt the optimal delivery approach
for each transformational component
•• Define and measure the success
of each transition phase through
clear metrics
•• Shape and direct IT and data
infrastructure investment to
ensure alignment with agreed
business outcomes
•• Align risk transformation with other
global initiatives and delivery partners
•• Ensure the risk function becomes
a central part of bank-wide
strategic change
Transformation outcomes
Regulatory
compliance
Efficiency Revenue &
market share 8 Risk management is changing. Act now.
11. Assess: establish risk ambitions
06
Banks must put first things first and assess where they really are. Adopting
a risk and compliance capability model enables a like-for-like assessment of
effectiveness and efficiency across all dimensions of the risk framework — all
risk and compliance domains, businesses and geographies.
Holistic approach to
architecting risk change
Banks of tomorrow need the right
information in the right place at the right
time. They need to improve decision-making
and develop more profitable
relationships with their clients while
dramatically reducing operating costs.
To meet these needs, a number of
dimensions across the risk framework
need to be assessed.
Risk strategy: are business impacts and
opportunities arising from the changing
environment understood?
Governance and culture: can
governance be streamlined and effective
lines of defense and accountabilities
be established?
People and organization: how can the
risk organization structure or headcount
be rationalized while retaining talent?
Data and systems: how can data and
systems be optimized to ensure timely,
accurate and flexible risk and regulatory
reporting or decision-making?
Risk transparency: can complete,
accurate and timely information be
delivered for decision-making?
Process and controls: can an effective
control framework be established that
includes clear accountabilities and metrics
to remove duplication and redundancy?
Risk management is changing. Act now. 9
12. Conclusion
y
Align assessments against
risk and compliance
capabilities
Improvement opportunities can
be identified by reviewing each
capability across the different
operating model dimensions, such as
credit risk data and systems. Steps to
assess include:
•• Review baseline cost and IT
infrastructure
•• Benchmark against peer groups
•• Provide industry examples of
rationalization/utility initiatives
•• Develop improvement initiatives –
align to market/regulatory design
principles (e.g., BCBS)
•• Review priority and importance of
opportunities identified
45%
Risk capabilities
Overview of risk capability index
60%
35%
55%
50%
35%
40%
30%
25%
60%
60% 60%
Investment banking
Retail banking
Output
Input Analytics
Risk disciplines
Liquidity
risk
ALM Op risk Insurance
risk
Business
lines
Reg.
risk
55%
55%
55%
55%
55%
55%
65%
45%
45%
70%
44%
32%
80%
65%
85%
30%
78%
75%
70%
55%
55%
43%
30%
55%
20%
30%
70%
80%
25%
75%
Risk and compliance functional model
Compliance Finance Treasury
Suspicious
activity
SOX,
Regulatory reporting
Risk capabilities
index
1. Risk strategy
All Credit
risk
Market
risk
2. Governance
and culture
3. People and
organization
4. Data and
systems
5. Risk
transparency
6. Process and
controls
Etc.,
55% 55%
25%
60%
75%
30%
35%
Credit risk Ccy risk Market risk OpRisk
Ccy risk
reporting
Collateral
reporting
Market risk
reporting
Income
attribution
OpRisk
reporting
Capital
reporting
Liquidity
reporting
ALCO
reporting
Liquidity
reporting
Ccy
stress testing
CVA engine
CCY risk
engine
Market
stress testing
VAR
Sensitivities
Limit management
Business
continuity
OpRisk
stress testing
AML
OpRisk capital
engines KYC
Fraud
detection
Capital/liquidity
Stress testing
RWA
Economic
capital
Balance sheet
stress testing
Liquidity ratio
ALM analytics
Credit risk
reporting
Credit
Stress testing
Credit risk
engine
Strategic
planning
P&L
reporting
Revenues/cost
stress testing
Revenues/
cost analytics
P&L explained
OpRisk
detection
Pricing/MTM Pricing/MTM Cash flow mgt/forecasting
Pricing/MTM
Collateral
engine
Customer data
Organizational data
Insurance
pricing
Loss data
Expert
judgment
KRIs
Customer
data
HR data
Balance sheet
Market data Market data
Credit data
Legal data
Collateral data
Control data
Transaction data
Cost data
Cash flow
Static/Securities data Static/Securities data
KRIs
KRIs
LOB
Business
reporting
COO
reporting
Client
segmentation
Risk engines
P&L
Customer
data
Market data
Cost data
10 Risk management is changing. Act now.
13. Rationalize: prioritize risk capability objectives
07
Banks need to think beyond incremental change by applying robust
transformational principles that will transform the business and advance
risk management. By mapping existing capabilities against agreed target
states, banks can identify key transformation components to meet their
risk ambitions.
Banks need to think big
Banks need to set high efficiency targets to survive in the new
environment. These targets will vary from bank to bank, with
some banks targeting up to 50% cost reduction. Banks can
achieve this through a combination of integrating capabilities,
centralizing services, eliminating redundancy, removing
duplication, outsourcing or offshoring non-core capabilities and
establishing a common set of fit-for-purpose tools and services.
A significant challenge to achieving this is adapting risk IT and
data infrastructure and selecting the right approach.
Armed with the right level of baseline end-to-end information
across the risk and compliance operating model, banks
can identify risk capability priorities (such as below) and
opportunities for improvement. Robust transformation programs
will ensure risk functions support businesses rather than simply
meeting basic regulatory compliance requirements.
Risk capabilities to prioritize:
•• Demonstrating compliance
•• Strategic forecasting
•• Real-time risk management
•• Optimal allocation of capital and liquidity
•• Collateral management
•• Risk utilities
•• Integrated operational risk and control framework
•• Risk-based pricing
•• Integrated risk and finance
•• Effective reporting and data management process
Key risk capabilities
Compliance
Core capabilities
needed to comply with
the new regulations
across all jurisdictions
and geographies
Operational effectiveness
Capabilities related
to cost efficiency and
effectiveness of the
risk management
organization, process,
governance and IT
Business steering
Capabilities focused on
ensuring that the risk
management process
is well embedded into
the business process of
the bank
Risk management is changing. Act now. 11
14. Conclusion
y
Methods for adopting an optimal approach
Build on existing capabilities
This is often the right choice, but it should
not be chosen solely on the basis of
lower delivery risk or fears of writing off
sunk investment.
Start from scratch
Big steps can deliver big rewards, but
such change needs to be delivered
with care.
Rationalize existing capabilities
Resource optimization and focusing on
prioritized IT and data components may
deliver a fit-for-purpose infrastructure,
but banks will need to demonstrate to the
regulator that they are doing more than
simply cutting corners.
Optimal approaches
Risk strategy
Governance &
culture
People &
organization
Risk
transparency
Data & systems
Process &
controls
Incremental
(build on existing)
Upgrade methods and
integrate committees
Greenfield
(start from scratch)
Common methods
and practices
Low cost
(rationalize existing)
Consolidate methods and
simplify governance
Integrated technology Common technology Streamlined and
consolidate technology
Shared data Integrated
business data Prioritized data sets
Cross-functional
collaboration
Centralized business
functions/teams
Optimal resource
allocation
Integrated risk
activities
Common methodologies
and processes Rationalize processes
Key drivers
To consider
•• Low BAU impact, clear path to
compliance
•• Less agility, integration
complexities, not cost optimized
•• Radical change with long life
expectancy, flexibility
•• Requires strong change
management, cost effective
•• Lowest immediate cost to
deliver initial target wins
•• Shorter life expectancy and
lower future capacity
Risk management framework
12 Risk management is changing. Act now.
15. Transform: optimize approach to deliver target state
08
Plans and commitments to deliver the new risk organization are no longer
theoretical or nice to have. They will represent a fixed contract between a
bank and its regulators.
Complex change can be delivered
successfully with clear risk ambitions,
cohesive enterprise-wide delivery and
committed governance oversight.
Path to success
The steer from the top should be aligned
with a holistic delivery and execution
approach. That way, banks can deliver
transformational change with confidence
and once again view their technology and
data as assets to leverage. Transformational
spend can be seen as an investment and not
as a cost to minimize. The following steps
can lead banks to success:
•• By defining and prioritizing
foundational enterprise capabilities,
banks can recognize what a good risk
organization looks like.
•• By aligning existing business,
operational and program objectives,
banks can categorize change
components and support ownership
and governance to expedite delivery.
•• By assessing delivery options, banks
can determine the suitability of “build
on existing,” “start from scratch” or
“rationalize existing” approaches.
•• By continuously measuring and
monitoring benefit release,
banks can chart a clear
transformation trajectory.
•• By understanding what the
competition are doing and assessing
where industry collaboration can
help them, banks can improve
their efficiency.
Illustrative trajectory for delivering transformation change
Planned projects
•• Data quality
improvements
•• Market risk utility
Planned projects
•• New collateral
system
•• Stress testing utility
Planned projects
•• Reference data cost
reduction
•• Centralized services
Risk capability index
(RCI) = 40%
Current
RCI = 60%
RCI = 70%
RCI = 82%
Y + 1Y + 2 Y + 5
Years
The change imperative — why now?
•• Reduce sunk cost on in-flight/planned programs not aligned to target state
•• Increase optionality (this reduces the later you leave ambition setting and
planning to compliance deadlines)
•• Promote regulatory relationships (keep ahead of the game)
•• Mitigate risk of additional capital charges due to delayed compliance/
non-compliance
•• Develop competitive advantage
Capability coverage %
100
75
50
25
0
Risk management is changing. Act now. 13
16. Conclusion
y
Benefits beyond compliance
There are business-wide benefits to
delivering an effective risk transformation
program beyond regulatory compliance
requirements. The potential
benefits include:
•• Real-time transaction or customer
account level risk-based pricing,
taking into account all material
sources of risks, funding, capital and
contingent exposures
•• Optimization of capital, liquidity and
leverage requirements by eliminating
conservative assumptions resulting
from missing or poor data quality
•• Reduced need for manual intervention
and ability to distill the universe of
data into the core risk data elements.
Use of end-user computing (EUCs)
to achieve significant reductions
in the cost of risk data and
technology infrastructure
•• Reduction in potential losses as a
result of effective risk mitigation
and increased management
responsiveness to deal with
crisis scenarios via timely and
accurate risk reporting
14 Risk management is changing. Act now.
18. Conclusion
y
How EY can help
09
EY has extensive experience in helping organizations navigate through
risk transformation challenges. Our network of former senior regulators is
supported by global enterprise intelligence and risk technology enablement
teams meaning EY brings a broad range of experience and skills to diagnose,
design and implement risk change successfully.
EY’s risk transformation offering helps banks ensure that risk management
complies with regulation, becomes operationally effective, and is embedded
into business steering. It provides a set of tools, techniques, methodologies
and approaches that enable and accelerate such change.
Pierre Pourquery
Partner
E: ppourquery@uk.ey.com
T: + 44 20 7951 6750
Dr. Nasir Ahmad
Partner
E: nahmad1@uk.ey.com
T: + 44 20 7951 6959
John Ramsey
Director
E: jramsey1@uk.ey.com
T: + 44 20 7951 0591
Richard Powell
Senior Manager
E: rpowell@uk.ey.com
T: + 44 20 7951 0817
Contacts
Risk management i 16 s changing. Act now.