Documente Academic
Documente Profesional
Documente Cultură
3rd Febraban International Operational Risk Conference; 13th May 2010, Sao Paolo
Presented by: Mike e Co Constantinou sta t ou G Global oba Head ead o of G Group oup Ope Operational at o a Risk s Policy o cy a and d Development, HSBC Holdings PLC Walter Fernandes Jr. Head of Operational Risk, HSBC Bank Brasil SA S.A.
GroupRisk
Gunasteinn
Our customers
Our success
Our scale
Our employees
Our technology
300,000 staff
Share progress and challenges in rolling out our advanced Operational p Risk Framework
Explain how HSBC Brasil is managing Operational Risk and implementing the advanced framework
Managing Operational Risk is important for HSBC in order to achieve a variety of benefits for the Group
HSBC is in the process of developing an advanced Operational Risk and Control Framework
Reporting
Governance
Identify
Assess
Control
Report
The frameworks success rests on increasing g risk awareness, , supporting risk based decisions and demonstrating value and use
Tone from the top Business ownership Individual awareness Focussing on material risks & controls Training Quality assurance Top-of-the-house reporting Action-focused Adequate monitoring
8
Management support for the advanced framework is essential to ensuring its success
` `Tone from the top
The objective is to achieve a reduction over time in the level of avoidable operational ti ll losses, and dt to d develop l processes which hi h support t sustainable t i bl growth, th are value-added and a contributor to the bottom line and to capital efficiency. Michael Geoghegan, Geoghegan Executive Director & Group CEO CEO, February 2010
Support for enhanced framework Investment in enhanced Operational Risk processes Increased resourcing for Operational Risk
B i Business ownership hi
Awareness pack
I di id l awareness Individual
Mandatory e-learning course
SCORECARD
Metric 3.1 Operational Losses 3.2 Operational Losses 3.1 Operational Losses 3.1 Operational Losses 2 2 8 2 8 0 5
2009 ACTUAL $1,764.0m $1,052.2m $287.3m 196.3m $142.3m $42.9m $92.9m $1,127.0m $160.2m $946.5m $720.4m 2 0 $210.5m $507.9m $20.3m 2 2 1 8 $1,764.0m $1,764.0m $317.5m $189.1m
2010 TARGET $1,670.8m $960.9m $280.1m 197.8m $120.1m $42.9m $43.4m $1,100.0m
ACTUAL
Status R/A/G
A4 - CONT EUROPE3.1 Operational Losses A5 - MENA 3.1 Operational Losses (excl. SABB)
B1 - SFLOCKHART 3.1 Operational Losses PFS (Inc HSBC Finance), CMB & Insurance (am B2 - CMB B3 - PFS B3 - PFS B5 - HTS B7 - LATAM B9 - INSURANCE C1A - DFLINT C2 - RISK 3.1 Operational Losses 3.1 Operational Losses - Total 3.1 Operational Losses - PFS - excl. HSBC Finance 3.1 Operational Losses 3.1 Operational Losses 3.1 Operational Losses 3.1 Operational Losses 3.1 Operational Losses
$156.2m $924.0m $703.5m $205.3m $509.7m $19.8m $1,670.8m $1,670.8m $286.4m $150.0m
Key:
Performance against target YTD: greater than 5% adverse to target within 5% adverse to target at or favourable to target
10
A robust risk-based Risk and Control Assessment is being rolled out to ensure greater risk awareness in the business lines
Aim: Provide business areas with forward looking view of operational risks and help them proactively manage material risks within acceptable levels How does it work?
Identify Risks Extreme Risk Monitoring Metrics Identify & Assess Controls
Typical Risk
11
The Top Risk analysis provides a top of the house view of typical and extreme risks
T Risk Top Ri k Scenario S i template t l t
Business Area
Area ABC
Owner Description
ABC
Date
07/09/2009
Define scope
Name
External fraud and theft may include electronic/ online fraud, money laundering, armed robberies, forgery o frauds where no internal staff member is involved. An attack on the e-channel has been selected for the pu scenario.
Rolling 12 mth Net loss YTD loss Average monthly loss (current year) Average loss per case (current year) Standard deviation of current losses Average monthly cases (current year)
XX XX XX XX XX XXX
Total
Comments
Total online banking customers ~XX - Current controls will not stop payments below floor limit of XX (therefore very sophist transfer up to this amount) p upper pp limit of the loss = XX ( (if all accounts compromised) p ) - Implies
Conduct
0.00
g - Current controls will not stop payments below floor limit of XX (therefore very sophist transfer up to this amount) - Implies upper limit of the loss = XX (if all accounts compromised) - Assume an accidental uptake rate for malware of up to XX% (XXk) of the customers' a compromised and targeted in one attack - XXk * 1XX = XXMM
Comments
0.00
Suggested controls
What do we do next?
Key Control
Example 1
Monitoring KRI
Further Actions to
Action Owner
Target date
Example 2
Example 3
12
By reporting in a consistent and transparent manner manner, tangible actions can be identified at the top of the house
Top risks ` Risk type ` Description ` Typical ` 1 in 100 year ` Controls ` Actions ` Owner Risk indicators ` Risk type ` Description ` Threshold ` Value & trend ` Actions ` Progress Control issues ` Description ` Actions ` Progress ` Owner Internal Losses ` Internal loss statistics against target ` Large internal incidents External Losses ` Pertinent risks reported to inform senior management decision making
Illustrative
13
The governance structure at HSBC Brasil ensures effective implementation of the framework
1st line of defence RISK MANAGEMENT Primary responsibility for management of operational risk within Business Unit Business Unit Head (DCEO/CRO) Business Unit Line Managers Operational Risk Business Co-coordinators Business Unit Staff 2nd line of defence RISK OVERSIGHT Provides operational risk policy, minimum standards and guidance ALCO Risk Management Committee (RMC) OpRisk and Internal Control Committee (ORICC) Operational Risk Coordinator (WF) Group Operational Risk 3rd line of defence INDEPENDENT ASSURANCE Provides independent assurance over the robustness of the operational risk model Audit
Direct Report (sets objectives, monitors performance, etc) Indirect Report (Receives information, provides guidance and advice) Interface (Co-ordination of activity to ensure efficiency and effectiveness)
14
` TRA
Building on our Top Risk Reporting Focus on more robust quantification Training provided to our Operational Risk team Initial exercise is on lending g Fraud, , Rogue g Trading g and Information Risk
` RCA
Activity based across all business areas Prioritisation of high and medium risks and key controls Training provided in the new process Control certification
16
Resolving different home / host regulatory requirements and timelines Insert country-specific types of losses (e (e.g. g Economic Plans) into global loss models and scenario analysis External Loss Database: Local or Global? How we can work together to share knowledge
18
Questions?
19