enterprise risk management (erm) integrating strategy, capital and risk
DESCRIPTION
Enterprise Risk Management (ERM) Integrating Strategy, Capital and Risk. GARP 2008 Enterprise Risk Management Workshop Presented by: Joe Rizzi CapGen Capital. February 28, 2008. The views expressed are those of the author and do not necessarily reflect those of CapGen Capital. - PowerPoint PPT PresentationTRANSCRIPT
Enterprise Risk Management (ERM)Integrating Strategy, Capital and Risk
GARP 2008 Enterprise Risk Management Workshop
Presented by: Joe RizziCapGen Capital
February 28, 2008The views expressed are those of the author and do not necessarily reflect those of CapGen Capital
2CapGen Capital
Table of Contents
Enterprise Risk Management2
Current State of Risk Management1
Enterprise Risk Management at BU NA3
Integrating Strategy, Capital and Risk4
Conclusion5
3CapGen Capital
OverviewImportance of Risk Management is driven by four key forces
Risk Management
Complex and VolatileBusiness Environment
ShareholderExpectations
CompetitiveRivalry
RegulatoryEnvironment
Risk Management lies somewhere between astrology and alchemy
4CapGen Capital
Attitudes, Values and Objectives
Out with the old...
Line of Business
My job is: To grow earnings / do business
Risk is: A normal cost of doing business
Memory horizon: Short-term: What are the prevailing market conditions?
Stereotypical attitude: No risk, no return. Don’t handcuff me relative to the competition
Metrics: Volume in front-line positions; Profit for senior positions
Risk Management
My job is: To prevent losses/risky activity
Risk is: Volatility to be avoided
Memory horizon: Long-term: What’s the worst thing that has ever happened?
Stereotypical attitude: ‘The Cautious Librarian’: best way to keep books from being damaged is not to let anyone borrow them Metrics: Volume in front-line positions; Profit for senior positions
Business focuses on the center, while Risk Management focuses on the tails of the distribution
5CapGen Capital
Attitudes, Values and Objectives
...and in with the new.
Partnership
Our job is: To create shareholder value through earnings growth and appropriate returns to capital
Risk is: A potential source of competitive advantage as shareholders require us to manage risk prudently.
Memory horizon: Appropriately long to anticipate future cycles, informed by changes in the market over time
Metrics: RAROC; SVA
Line of Business
Manages the budget / P&L Acts as primary risk manager
Risk Management
Manages performance information Serves advisory and control function
Risk Management does not make you safer –just more efficient
6CapGen Capital
Risk Management Continuum
Silo-ed Approach
Aggregated Approach
Integrated Approach
ERM
According to recent RMA survey, most firms indicate that they have “closed in” on the integrated approach.
Moving beyond exposure accounting and control
7CapGen Capital
Table of Contents
Enterprise Risk Management2
Current State of Risk Management1
Enterprise Risk Management at BU NA3
Integrating Strategy, Capital and Risk4
Conclusion5
8CapGen Capital
Vision:
Manage all material risks and opportunities across the organization
Objective:
Improve decision making through portfolio management of interrelated risks
Result (Value Proposition):
Increase value by managing to objectives consistent with stakeholder expectations
Enterprise Risk Management (“ERM”)
Strategic not transaction focus
9
ERM is… ERM is NOT…
• Integrated view and awareness of risk across organizational disciplines
• Standardized risk-related information, metrics, and communication
• Common definitions
• Coordination of risk related projects
• Just Risk Management
• Just a centralized body for aggregation and translation of data
• Meant to discourage specialization
• Organizational restructuring
• ONLY for Control/Regulatory Compliance
Scope of ERM – Top level Risk view…
…as a strategic input, not an afterthought
10CapGen Capital
Analytical Solution: Economic Capital
Organizational Solution: Chief Risk Officer
Informational Solution: Dashboard
Management Solution: Governance actions
Cultural Solution: Communications
Enterprise Risk Management Big Ideas
It works in practice, but will never work in theory
11CapGen Capital
ERM – a work in progress
Source: Deloitte Global Risk Survey, 2006
35%
18%
32%
15%
Yes, program in place
No, but plan to create one
Yes, currently implementing one
No, and do not plan to create one
…need to tailor to your governance and operating philosophy
12CapGen Capital
Table of Contents
Enterprise Risk Management2
Current State of Risk Management1
Enterprise Risk Management at BU NA3
Integrating Strategy, Capital and Risk4
Conclusion5
13
The four pillars of BU NA’s ERM Program
Risk Foundation
Risk Philosophy
Value Creation
EnterpriseRisk Management
Program
Man
agem
ent
Info
rmat
ion
Ris
k O
vers
ight
an
d In
depe
nden
ce
Com
mun
icat
ions
and
Esc
alat
ion
I II III IV
Str
ateg
ic P
lann
ing
and
Alig
nmen
t
Value creation through RiskManagement not minimization
14
ERM Dashboard – make things as simple as possible
Com'l PFS GSTS Total
Business
Credit
Operational
Market
Interest
Liquidity
Strategic
Compliance
ALM - RWAALM - EC
Human Cap.
IT
Legal
SOX
Audit
Qu
anita
tive
Ris
kQ
ual
itativ
e R
isk
ALMAsset Mgmt. Services
GlobalMarkets
Global Clients
Transaction
Banking
Private Clients
Vision
Efficiency
Efficiency
Eff & Grow th
Grow th
Grow th
Grow th
Controls
Controls
People
People
Unacceptable Level Unknown - Need More Info Acceptable Level Un-Rated
Distribution of Risks by Probability and Impact
BE
F
G
H
IJK
L
M
0%
5%
10%
15%
20%
25%
30%
0 10 20 30 40 50 60
Average Expected Impact
Ave
rage
Pro
babi
lity
Client/Corporate Credit Default (6)
Legal Risk (4)
General Economy Decline (4)
Declining Employee Morale/Loss of Top Employees (5)
Failed Business Practices (4)
Real Estate Decline (6)
Data Loss/Vulnerability (11)
Supplier Failure (2)
Regulatory / Ethical Failure (7)Material Unpredicted External Event (6)
Model Risk / Failure (6)
System / IT (7)
Control Breakdown (13)
Fraud Loss (9)
LOW RISK
MEDIUM RISK
MEDIUM RISK
HIGH RISK
Unacceptable Level Unknown - Need More Info Acceptable Level Un-RatedUnacceptable Level Unknown - Need More Info Acceptable Level Un-Rated
Distribution of Risks by Probability and Impact
BE
F
G
H
IJK
L
M
0%
5%
10%
15%
20%
25%
30%
0 10 20 30 40 50 60
Average Expected Impact
Ave
rage
Pro
babi
lity
Client/Corporate Credit Default (6)
Legal Risk (4)
General Economy Decline (4)
Declining Employee Morale/Loss of Top Employees (5)
Failed Business Practices (4)
Real Estate Decline (6)
Data Loss/Vulnerability (11)
Supplier Failure (2)
Regulatory / Ethical Failure (7)Material Unpredicted External Event (6)
Model Risk / Failure (6)
System / IT (7)
Control Breakdown (13)
Fraud Loss (9)
LOW RISK
MEDIUM RISK
MEDIUM RISK
HIGH RISK
Key Risk Indicators 2007 BU NA Management Priorities
Key Performance IndicatorsTop 10 Risks – Heat Map
ComprehensiveRisk Assessment
Integrated Risk, Rewardand Strategy View
Forward looking, actionable, risk escalation tool
Executive sponsorship
…but no simpler
DRAFT
Under Re-evaluation
Overall BU NAFeb-07
YTD Target StatusEfficiency RatioRevenue Growth (YoY)Return on ARC
15
Governance Actions
ERM Governance Model defines three legs — Businesses that take and manage risk,
Risk Management to provide policy and analysis, and Audit to provide assurance.
Board of Directors
Business Areas ERM Committee
Risk identification
Risk assessmentsCRO & Risk Committees Internal Audit
Strategy & Action to address Risk
Within Policy
Policies, governance and
information flowValidation of controls
Provide assertions on risk
exposure for business / functionRisk assessment methods
Objective review of risk
management process
Ownership of risk and
responsibility for management and
mitigation
Measurement, aggregation
rules and tools Assurance to Senior
Executive management and
Board on assertions of risk
exposure
Monitor risk exposure
status and provide
reporting to Board
Governance allocates decision rights
16
ExternalConferences /
Communication
Develop Tactical
Communicationsplan
ERM Communications Strategy
Adopt theme: “Everyone is aRisk Manager”
Align withcompliance-
related policies and procedures
Standards of Conduct toinclude risk
issue escalation
Promote learningculture
Escalation
Clarification ofescalation
expectations
ERM Culture Development and Escalation
Culture as organizational DNA
17
Align Finance & Risk Strategic
Agendas
Performancecontract
process toembrace ERM
Agree ERM role and PfC
process
Enterprise Strategy
Risk Appetite
Strategic Risk Management
People do what you pay them to do, not what you tell them to do
18
Sponsorship
1. Successful Risk Management implementations require senior management and Board support.
Change Management
2. Significant effort will be required to overcome organizational inertia and change a mindset to a risk-reward culture
Sustainability
3. To sustain progress and momentum, maintain program team continuity.
Project Management
4. Do not underestimate launch complexities or cultural challenges.
5. Pilot programs prior to global roll outs.
66
Enterprise Risk Management
Program
Enterprise Risk Management
Program
Risk Management Framework
Lessons Learned
Risk as a senior management responsibilitynot a specialist function
19CapGen Capital
Table of Contents
Enterprise Risk Management2
Current State of Risk Management1
Enterprise Risk Management at BU NA3
Integrating Strategy, Capital and Risk4
Conclusion5
20CapGen Capital
ERM Value Creation Framework – if you can make money
InternalStakeholders
CEO
CFO CRO
ExternalStakeholders
Regulators
Shareholders Rating Agencies
Assets(Return)
CapitalRequired
(Risk)
CapitalAllocation
(Funding)
CapitalManagement
Value Creation
Portfolio ofEnterprise
Risks
Portfolio ofCapital
Resources
Capital Structure
Cost of Capital
Return onRisk
Risk Structure
Economic Capital
(Use)
Risk Appetite
…You can lose money
21CapGen Capital
Risk Appetite – Total risk exposure an organization is willing to accept and prepared to lose in the execution of its strategy.
Factors impacting Risk Appetite:
Financial Objectives
Competitive Situation
Market Conditions
Risk Appetite
Do you want to eat well...
...or sleep well?
22CapGen Capital
Risk types: Include hard to measure risks and interrelationships
Risk Appetite
Risk may be one word...
...but it is not one number
Risk Tolerance: Credit
Market
Liquidity
Operational
Reputation
Compliance
Strategic
23CapGen Capital
ERM involves moving Risk Management to an integrated Risk and Capital Strategy
Comprehensive
Earnings fluctuations from strategic or business factors can exceed those from financial risk exposures
Risk appetite for financial risk must reflect the current level of business risk
Business risks cannot be measured in the same manner as financial risk, and are largely ignored by economic capital
Interrelationships
Overcome silos: unintended consequences
Top down perspective: integrated one firm view
Enterprise Risk and Risk Appetite
Translate statistics into...
...shareholder value
24CapGen Capital
Enterprise-level Risk Appetite (RA)
Source: Deloitte Global Risk Survey, 2006
16%
6%
12%
29%
14%
23%No, we do not have a statement of ourRA
We are currently defining or seekingapproval for our RA
We have an informally defined or notapproved statement of RA
Yes, our RA is qualitatively definedand approved
Yes, our RA is quantitatively definedand approved
Yes, our RA is both quantitatively andqualitatively defined and approved
25CapGen Capital
Choose target debt rating based on financial distress considerations.
Maintain ability to access capital markets under most conditions
Requires high investment grade (A+/AA-) rating
Estimate asset risk based on investment decisions and risk appetite.
Estimate capital requirement to support asset risk and target rating.
Optimize capital and risk combinations to maximize shareholder value subject to target rating based on market considerations.
Reduce risk given fixed capital level
Hedging – direct cost
Underwriting selection - opportunity loss
Increase capital given fixed investment plan
Increased capital charge
ERM in Practice
Integrating strategy, capital and capital
Conservatism of risk principle – Risk never disappears
LG
D (
Se
veri
ty)
PD (Likelihood)
Cap
ital
Return
A
B
Out of Risk Appetite
Within Risk Appetite
26CapGen Capital
Value Implications of Risk Appetite Changes
Not all Risk is the sameE
xpec
ted
Pro
fita
bil
ity
Perceived Risks(Economic Capital)
A
C
B
Optimal Portfolios
A = Group’s actual portfolioB = Alternative portfolioC = Group’s Target portfolio
Efficient Frontierfor Group
Business Portfolio
Risk Management is not free
27CapGen Capital
Table of Contents
Enterprise Risk Management2
Current State of Risk Management1
Enterprise Risk Management at BU NA3
Integrating Strategy, Capital and Risk4
Conclusion5
28CapGen Capital
Conclusion – Things will improve
ERM:
Integrates risk, strategy and capital to create shareholder value
Risk Paradox:
Conservatism of risk principle - Risk never disappears
Risk Management does not make you safer – just more efficient
Risk Management is not free
Transaction Costs
Opportunity Costs
Direct Costs
Capital Costs
…despite our efforts to improve them