Documente Academic
Documente Profesional
Documente Cultură
Summary
3
4
4
QUESTIONS TO PONDER
AT THE CORE
WHAT IS ERM?
Planning &
Management
9
Risk
The potential that events, expected or
unanticipated, may have an adverse impact on
capital or earnings.
Risk Management
The employment of systems and processes to
manage the critical tradeof between risk and
return in financial decision-making.
IN A NUTSHELL
13
13
14
15
Culture
Right expertise
Data and Measurement
Transparency/Reporting
17
and
Members as Stakeholders
understands and manages risk
Regulators/Rating Agencies
risk assessment processes
Activists
consciousness
Members as Customers
factors
Peers
environmental
Competitors
wide practice
19
Active Board
and Senior
Management
Oversight
Adequate
Policies,
Procedures,
and Limits
Adequate Risk
Measurement,
Monitoring,
and MIS
Comprehensiv
e Internal
Controls
From Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank
Holding Companies (SR95-51 (SUP))
20
21
http://www.bis.org/publ/bcbs129.pdf
23
Time &
Activities
Audit
Past
Do we do as
we say?
Compliance
Present
Are we in
compliance?
Risk
Future
What can go
wrong?
Risk Manager looks thru the cockpit window to identify and assess
current threats and future risks to the flight path and plane, and glances
at the gauges for reassurance
Auditor uses the cockpit gauges and controls to inform the pilot of how
the plane is operating relative to its predetermined flight path
25
IN SUMMARY
Boards of Directors/Supervisory Committees are responsible for
ensuring that their credit unions are managed in a safe and
sound manner. (This hasnt changed)
In todays environment (and increasingly in the future), safety an
soundness means that risks need to be well-managed given the
credit unions risk environment and business model.
You need to be able to answer Yes to this regulator question:
Do you have a program that appropriately identifies emerging
risks in a timely manner?
Therefore:
BENEFITS OF ERM
27
Protection of capital.
Enhancement of earnings.
Reduction of losses (Fraud, Credit, Operational).
Greater efficiency in process flows.
Better defined/more efficient internal audit programs.
Better understanding of efect of market movements.
30
Credit
Provision and reserve going forward
Growing the loan portfolio
Diversifying away from risk concentrations in the portfolio
Market Risk
The investments portfolio understanding the risks going forward
Interest rate risk management
31
32
Detective
controls and
processes
Compliance
and
Prevention
Preventative
Controls and
processes
Proactive
planning and
improvement
RM
E
c
gi
e
t
a
Str
Operating
Performance
Enhanced
Member Benefits
34
35
lots of risks,
overspending
sure or to
36
Maturity
Level
Hig
h
Lo
w
Risk
appetite
articulat
ed
Strategic Integration
Tim
e
37
Risk
Drivers
Risk
Metrics?
Risk
Drivers
Risk
Metrics?
Risk
Drivers
Risk
Metrics?
Risk
Drivers
Risk
Metrics?
Risk
Drivers
Increased
Loan Yield
(Rate &
Volume)
Noninterest
Income
Products
Reduce
Head Count
Increase
d
Revenue
s
Profitabil
ity
Expense
Savings
Other Cost
Savings
Measures
Vendor Mgmt.
38
39
40
Define plan owners, roles and responsibilities for execution, timelines, resource
alignment
Prioritize key tasks look for up-front, early wins
Utilize existing management structures
Think about existing organizational design/structure
Other: degree of alignment with finance, specific control tools, etc?
Start to build consensus among key internal and external parties (including
regulators*)
Preliminary risk assessment work on the completeness of the risks inventory
Look for risk concentrations
41
Understand managements current risk activities functions, controls, what is
tracked, who does it, etc.?
ERM POLICY
Policy Statement
Purpose/objectives
o
o
o
o
Responsibilities
o
o
o
o
o
o
o
o
Board of Directors
Supervisory Committee
Board Risk Committee
Management Risk Committee
CEO
CRO
Internal Auditor
Department Heads
Risk Categories
ERM Process
Policy Guidelines/Limits
43
ERM CHARTER
Purpose/Objectives Board/Committee delegation
to:
Identify and Manage risks
Adhere to policies
Meetings
Performance Evaluation
Committee Resources
44
CEO/COO
CRO (Larger)
-ERM Roadmap
-Policies/Limits/Appetite
-Risk Quantification
-Dashboards
-Business Risk
-Execution Risk
-Strategy/Mergers
CFO
-Internal Controls
-Economic Capital
-Performance
Measurement
45
How much of each risk type will you take on? Is your level of risk
appropriate given your return goals (risk appetite)? Do you have
sufficient capital and liquidity to support these risks?
46
47
Fed Risk
Categories
FHLB Risk
Categories
Credit Risk
Credit Risk
Credit Risk
Interest Rate
Risk
Market Risk
Market Risk
Liquidity Risk
Liquidity Risk
Operational
Risk
Operational
Risk
Legal risk
Business Risk
Liquidity Risk
Transaction
Risk
Compliance
Risk
Strategic Risk
Reputation Risk
Reputational
Risk
48
Credit Risk
Definition
Market Risk
Operational Risk
49
Market Risk
Commercial
Retail
Counterparty
Currency Risk
Liquidity Risk
Operational Risk
Compliance Risk
Int. and Ext. Fraud
Business Process Failure
HR
Litigation
Data Security
Technology/Systems
Natural Disaster
Etc.
51
51
B.
C.
Identify gaps in the process and start to analyze (but dont let
them slow you down!)
TIPS:
52
52
54
54
_________________________________________
_________________________________________
_________________________________________
_________________________________________
_________________________________________
55
55
Credit
Interest Rate
Liquidity
Product Ofering
Merger &
Acquisition
Competition
Revenue Growth
Profitability
Capital
Payment Default
Loan
Concentration
Loan Quality
Collateral
Valuation
Interest Rates
Yield Curve
Investment
Volatility
Foreign
Exchange
Funding Sources
On/of Balance
Sheet
Contingency
Reputation
Operational
Compliance
Consumer
Member
Business
Fiduciary
Money
Laundering
Legal
Employment Law
Contracts
Intellectual
Property
Litigation
58
ABC INSTITUTION
SIMPLE ENTERPRISE RISK ASSESSMENT
EXAMPLE (RISKS EXAMPLE #4).
59
Reactive
Lack of Board or senior
management emphasis
on risk
No common risk lingo
Stove-pipe risk
management
Ad hoc approach
Missing coverage of
Most companies
risk areas
Aware
Common language
and approach used
and understood
straddle
Real-time analysis of
risk portfolio (realtime KRIs)
Goal
*Report;
reassess
risks &
ratings
Identify risk
& controls
*Shows a
snapshot of
the pulse of
enterprise risk
management
at a-glance
Assess
exposures
and control
efectiveness
Board of
Directors
Risk
Assessm
ent
Determine
corrective
action(s)
Management
Certification
*Record testing
scope, conclusion
and
recommendation(s)
Test Controls
*Track
Project &
Task
priority,
status, due
dates, hours
61
Credi
t Risk
Interes
Interes
tt Rate
Rate
Risk
Risk
Liquidit
Liquidit
y
y Risk
Risk
Board
Board
Credit
Credit
Committ
Committ
ee
ee
Finance
Finance
Committee
Committee
Credit
Credit
Polity
Polity
Funds
Funds
Management
Management
Policy
Policy
Operati
onal
Risk
Informati
Informati
on
on
Technolog
Technolog
y
y Risk
Risk
Supervisory
Supervisory
Committee
Committee
Operati
Operati
onal
onal
Risk
Risk
Policy
Policy
IT
IT
Policies
Policies
Technolog
Technolog
y Steering
Steering
y
Committe
Committe
e
e
Chief
Chief
Informati
Informati
on
on Officer
Officer
Executiv
Executiv
e
e Loan
Loan
Committ
Committ
ee
ee
ALCO
ALCO
Security
Security &
&
Cont. Plan
Plan
Cont.
& Mgt.
Mgt.
&
Committe
Committe
es
es
Chief
Chief
Credit
Credit
Officer
Officer
Chief
Chief Financial
Financial
Officer
Officer
Senior
Senior
Operatio
Operatio
ns
ns
Officer
Officer
Huma
n
Capit
al
Ethics
Ethics
Committ
Committ
ee
ee
Human
Human
Capital
Capital
Risk
Risk
Policy
Policy
HR/
HR/
CompenCompensation
sation
Committe
Committe
e
e
SVP,
SVP,
Human
Human
Resourc
Resourc
es
es
Complianc
Complianc
e
e Risk
Risk
Legal
Risk
BSA/Compliance
BSA/Compliance
Committee
Committee
Complianc
Complianc
e Program
Program
e
Legal
Legal
Policy
Policy
Management
Management
Committee
Committee
Director
Director
of
of
Regulato
Regulato
ry
ry Risk
Risk
Mgt.
Mgt.
Legal
Legal
Direct
Direct
or
or
Strateg
Strateg
ic
ic Risk
Risk
Reputati
Reputati
on
on
Risk
Risk
Strategic
Strategic Planning
Planning
Committee
Committee
Strategi
Strategi
c
c Risk
Risk
Policy
Policy
Reputati
Reputati
on
on Risk
Risk
Policy
Policy
ERM
Supervisory
Supervisory
Committee
Committee
ERM
ERM
Policy
Policy
Internal
Internal
Audit
Audit
Charter
Charter
Management
Management
Committee
Committee
Enterprise
Enterprise Risk
Risk
Management
Management
Committee
Committee
Chief
Chief Risk
Risk Officer
Officer
Chief
Chief Risk
Risk Officer
Officer
63
Mitigate
d
Impact
(Severit
y)
Mitigation
Risk
Not
1
10
3
8
Marginal
Mitigatio
n
5
Sufficien
t/
Acceptab
le
Risk
1.
2.
3.
4.
5.
Event:
---------------------
Likelihood
(Probability of
Occurrence)
64
65
B.
C.
Enhance Reporting
What will reporting to executive management and the Board look like going
forward?
Ongoing monitoring of implementation progress with board-level accountability
66
Benchmark vs. industry leaders in this area as well as peers
Risk
Capacity
Risk
Tolerance
Desired
Level of
Risk
Determinati
on of Risk
Appetite
(the amount of
risk an entity is
willing to accept
in the pursuit of
value)
68
Qualitative
Zero Tolerance
Economic Trends
Liquidity/Capital Markets
Unemployment
forecasts
Consumer spending
trends
Trade and foreign
policy
Regulatory Changes
Anticipated changes in tax
policy
New
regulations/restrictions
Changes in key political
offices
71
Information Technology
Human Resources
Accounting/Finance
Turnover
Headcount
Corporate training:
policies, procedures,
ethics
Vacancies
Sick days
Disciplinary actions
Adjustments
Unsubstantiated balances
Missed deadlines
Write-ofs
Compliance
State of controls
Regulatory
inquiries/investigations
Litigation cases
Discovery requests
Audit
High-risk issues/material
weak.
Past-due audit issues
72
Loan Delinquencies
Portfolio Stress Tests
Interest Rate Thresholds
Profitability Goals
Regulatory Concerns
Operational Losses
Process Errors
Policy Exceptions
Audit Issues
Staf Turnover
73
74
IN SUMMARY
75
78
QUESTIONS?
Louise Hanson
425-303-3037
louise.hanson@mossadams.com
Shannon Haas
415-677-8314
shannon.haas@mossadams.com
80