key risk indicators - changing the reference points
TRANSCRIPT
Key Risk Indicators:Changing the Reference Points
KRIs & Navigating the Regulatory Landscape
1. Behaviour-based Metrics
2. Multi-jurisdictional Horizon Scanning
3. Measuring Compliance Maturity
Behaviour-based Metrics
“Behaviour-regulation” is politically fashionable
• Loosely defined (“it’s what I say it is”) – easy to prosecute
• More significantly…
Populist Low-cost Lucrative
Expert Assumptions v. Behavioural Findings
Is it true that…• More detailed risk data reports will improve our decision-making?• Balanced scorecards and KPIs improve risk culture?• “Crackdowns” create improvements in conduct?• “Tone at the top” determines risk culture and compliance?• Staff ’s first loyalty is to their employer brand?
Source: Dr Roger Miles
Econometric v Behavioural view
What we’d like risks to be:• Items we can define, quantify, model• Manageable by us, via routine operating tasks• A good fit with our models / assumptions
What they may really be:• Qualitative, slippery - can’t quantify• Demanding a strategic management view• External factors, new influences, breaking assumptions
So… reconceive Compliance as scalar, not binary• ‘Yes / No’ (false clarity) answers not possible• Instead scale: progress, commitment & responsiveness
Why Behaviour is Hard to Calibrate
Dynamic• changing in individuals• changing in social groups
More qualitative than quantitative• opinions, judgments, perceptions• …… maturity continuum
Needs external calibration• not just what we do…• what do customers expect, tolerate – today?• what does Risk Culture mean for us?
What Actually Happens?
• Observation is Key!• be “relentlessly empirical”• start with real peoples’ everyday interactions (not “the system”)
• jargon-free reporting style (“Friends and Family” test)
Example: Employee Overconfidence Detector• Reveals: levels of certainty gaps between actual and claimed expertise
- low knowledge with high self-belief - high knowledge with low self-belief
• Removes culture of ‘casual non-compliance’ / ‘local rules’
knowledgelevel
certaintylevel
New Metrics for “good behaviour”
• Responsiveness– How able (propensity) to learn, react, adapt?
• Empathy– How able (receptivity) to appreciate…
• the regulator’s view?• the customer’s view? • other employees’ view (above / below)?
Multi-jurisdictional Horizon Scanning
Changing Regulatory Landscape
800M
300M
The “Regulatory Enterprise” Accelerates
Since 2009 54,000 regulatory documents have been published from 130 regulatory
bodies in the G20 countries alone.
2009 to 2015
Forecast to 2020
Chemistry in the 1850’s
Periodic Table of Elements
Dmitri Mendeleev
Modern Day Periodic Table of Elements
B
T
#
S
!
Breach type
Transaction Volume
Frequency
Severity
Risk Exposure
C Scope of change
FS Regulatory Periodic Table
MiFID II – Projected Risk Exposure
Dissemination
Client Asset/ Cash
Mis-selling & suitability96
144
54
Protection Against Regulatory Blind Spots
Measuring Compliance Maturity
Intelligent Knowledge Generation
Data / Information
Sources
Big-Data Information &
Knowledge Base
12
3
Internal ClientData Sources Manual Capture
ExternalConsulting & Audit
Big-Data Analysis & Knowledge Generation
Smart RatingService
Benchmark Service
Analysis / Sensitivity
Service
Market Intelligence
Service
Intelligent Data
Selection Service
Business Value
Services
Compliance Monitoring
Conduct Risk
Monitoring
Cyber Risk Monitoring
Insurance Monitoring
Service / Process
Monitoring
Strategy Monitoring
Supply Chain
Monitoring
BenchmarkData
Analysis Result Data
Market Data
IndustryData
Data & InformationWeb-Crawling
Dydon International
Excellence in Insurance Benchmarks
Firm and Market Risk Information
Relevance of InformationRelevant Not Relevant
Definition Key Focus Areas
IdentifiedWeak-Points
Relevance Filter
Mathematical Systems Scoring Fuzzy LogicRule Based
Aggregation Neural Nets
Dydon International
Aggr.Level n
Aggr.Level 3
Aggr.Level 2
Indicator Level 1
InputBase
Values
Track Causal Links and Maturity
Qualityof GRC
Framework
Num. News Reports on
Corp. Culture
Corp. Training
Level CoC
Corp.Training
Level GRC
Int. Whistleblower Mgt
AuditEmployee
Culture
Neg. NewsReports on
Culture
CoCProgram
TrainingLevel CoC
GRC / Culture/CoC Initiatives
ReputationRisk
Qualityof CoC
Program
Whistle-blower
Ratio Neg.News
Reports
EmployeeCulture
ComplianceRating
1 2 3 4 5 6
GRCFramework
TrainingLevel GRC
Audit RatingEmpl. Culture
CorporateTraining
Level
CorporateCulture
Aggr.Level n
Aggr.Level 3
Aggr.Level 2
Indicator Level 1
InputBase
Values
Identify Weak Points, Benchmark
BaseValue 2
BaseValue 3
BaseValue 4
BaseValue 5
BaseValue 6
BaseValue ..
BaseValue n
BaseValue 1
1 2 3 4 5 6
1 2 3 4 5 6
1 2 3 4 5 6
1 …. n 1 …. n 1 …. n 1 …. n 1 …. n
1 2 3 4 5 6
Aggregation of Indicators via:- math. Formula- Rule Aggregation- Fuzzy Logic
Aggregation of Indicators via:- math. Formula- Rule Aggregation- Fuzzy Logic
Full Comprehensibility of Aggregation Result
Full Comprehensibility of Aggregation Result
Find current weak points
Aggregation Result
Benchmark2.8
Benchmark to Peer Group or Industry
Aggr.Level n
Aggr.Level 3
Aggr.Level 2
Indicator Level 1
InputBase
Values
Monitor Improvements
BaseValue 2
BaseValue 3
BaseValue 4
BaseValue 5
BaseValue 6
BaseValue ..
BaseValue n
BaseValue 1
1 2 3 4 5 6
1 2 3 4 5 6
1 2 3 4 5 6
1 …. n 1 …. n 1 …. n 1 …. n 1 …. n
1 2 3 4 5 6
Aggregation of Indicators via:- math. Formula- Rule Aggregation- Fuzzy Logic
Aggregation of Indicators via:- math. Formula- Rule Aggregation- Fuzzy Logic
Aggregation Result
Transparent sensitivity of impact
Variation of Input ValuesVariation of Input Sensitivity Analysis 1
Transparent sensitivity of impactSensitivity Impact Understanding
Benchmark2.8
Aggr.Level n
Aggr.Level 3
Aggr.Level 2
Indicator Level 1
InputBase
Values
25
Compare Improvement Sensitivities
BaseValue 2
BaseValue 3
BaseValue 4
BaseValue 5
BaseValue 6
BaseValue ..
BaseValue n
BaseValue 1
1 2 3 4 5 6
1 2 3 4 5 6
1 2 3 4 5 6
1 …. n 1 …. n 1 …. n 1 …. n 1 …. n
1 2 3 4 5 6
Improvement via sensitivity 1
Variation of Input Sensitivity Analysis 2
Improvement via Sensitivity 1
Improvement via sensitivity 1Improvement via sensitivity 1Improvement via Sensitivity 2
Benchmark2.8
Original RatingResult without Improvements
Proactively Managing Personal Risk
Answers questions such as:
What is my personal risk?Is our compliance effort adequate?Where are our weak points?Which improvement would have best impact?How’s our compliance v. our peer
benchmarks?What do we get for our spend on compliance
(ROC)?How efficient and effective are our efforts?
Transparent Cause & Affect
Identify Weaknesses
Link to Market Information
Informed & Focused Investments
Reduce Personal Liability
In Conclusion …..
Assemble Dynamic Key Risk Indicators
SENSE• Scanning processes
• Observation
• Sense-making
SEIZE• Revise policies/actions• Reshape business/risk models• Review decision making
SHIFT• Governance/structure• Beyond best practices• Strategy & Risk alignment
Tony Moroney | Managing DirectorBerkeley Research Group, LLC6 New Street Square, 15th Floor | London, EC4A 3BFD +44 (0) 20 3597 5167 | M +353 87 2556947 [email protected] | thinkbrg.com
The views and opinions expressed are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees, affiliates and clients. All graphs are illustrative only and should not be relied on.
29
Thank You