4 Core Capabilities for Building Strong Risk Governance
-
Upload
colleen-beck-domanico -
Category
Business
-
view
68 -
download
0
Transcript of 4 Core Capabilities for Building Strong Risk Governance
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
1
JOIN. ENGAGE. LEAD.
4 CORE CAPABILITIES FOR
BUILDING STRONG RISK
GOVERNANCEEffectively manage risk-taking activities
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
2
JOIN. ENGAGE. LEAD.
CORE CAPABILITIES FOR STRONG RISK
GOVERNANCE
Culture
Structure
Policies and procedures
Internal control environment
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
3
JOIN. ENGAGE. LEAD.
CULTURE
A strong risk management
culture accomplishes two
organizational objectives.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
4
JOIN. ENGAGE. LEAD.
CULTURE: ORGANIZATIONAL OBJECTIVES
1. It helps the company make well-informed decisions.
A company with a strong risk management culture promotes, encourages, and rewards
behaviors that avoid herd mentality, conformation bias, or groupthink.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
5
JOIN. ENGAGE. LEAD.
CULTURE: ORGANIZATIONAL
OBJECTIVES (CONT.)
2. It helps the company identifies rogue individuals and/or groups.
It is said that 99.9% of people show up to work every day intending to do the right thing.
But, sometimes individuals or groups are more interested in their own personal gains than in
doing what is right.
In such cases, a strong governance and risk management culture identifies those individuals
and purges them.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
6
JOIN. ENGAGE. LEAD.
CULTURE: ORGANIZATIONAL
OBJECTIVES (CONT.)
• Senior management comes to a consensus on what the company values are.
• And they live those values every day without exception.
Set company values
• Senior and executive management set the tone by what they say and do.Set the tone
• The board and senior management develop clearly articulated statements about risk appetite and tolerance that spell out, unequivocally, the company’s philosophy on risk acceptance.
Articulate
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
7
JOIN. ENGAGE. LEAD.
STRUCTURE
Although there are various models,
there is no right governance
structure.
Each institution must determine
which structure is best suited for
its organization, i.e., one that will
support information flow,
escalation, decision making, and
accountability.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
8
JOIN. ENGAGE. LEAD.
TYPICAL GOVERNANCE STRUCTURE
Board of directors
Board’s risk committees
Chief risk officer
Management committees
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
9
JOIN. ENGAGE. LEAD.
POLICES AND PROCEDURES
Policies communicate the
company’s risk appetite to
all stakeholders.
They describe what the
company is willing to do
and not willing to do.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
10
JOIN. ENGAGE. LEAD.
POLICIES AND PROCEDURES (CONT.)
The statement of risk appetite is
operationalized through policies
(“What should we do?”) and procedures
(“How should we do it?”).
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
11
JOIN. ENGAGE. LEAD.
POLICIES AND PROCEDURES (CONT.)
Policies should be brief (no more than two or three pages) and should express the following:
Policy
Overview
What is it intended to
accomplish?
Authority
Who is accountable
for implementing
policy?
Implementation
How will the policy be
implemented?
Exceptions
How should exceptions
be handled?
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
12
JOIN. ENGAGE. LEAD.
INTERNAL CONTROL ENVIRONMENT
Internal control is frequently
defined as the systems,
processes, and policies that
enable an organization to meet
its strategic goals.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
13
JOIN. ENGAGE. LEAD.
INTERNAL CONTROL ENVIRONMENT (CONT.)
An internal control framework
exists to align the amount of risk
assumed by the company with its
accepted risk appetite and risk
tolerance. However, it’s not as
simple as it sounds.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
14
JOIN. ENGAGE. LEAD.
INTERNAL CONTROL ENVIRONMENT (CONT.)
A good internal control
environment is critical to ensuring
sound operations and achieving
the risk management goal
of “no surprises.”
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
15
JOIN. ENGAGE. LEAD.
INTERNAL CONTROL ENVIRONMENT (CONT.)
A truly effective and efficient
internal control structure requires taking a
deliberate and fundamental approach to
the design, execution, and
monitoring of the controls,
rather than just creating them to
address perceived outcomes.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
16
JOIN. ENGAGE. LEAD.
8 BENEFITS OF STRONG RISK GOVERNANCE
1. The risk appetite is appropriate for your
institution’s business model, strategy, and execution.
2. The expected risks are commensurate with the
expected rewards.
3. Management has implemented a system to
manage, monitor, & mitigate risk, & which is appropriate for the company’s business
model and strategy.
4. The risk management system informs the board of
the major risks facing the company and how they are
being managed.
Strong governance helps to ensure that:
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
17
JOIN. ENGAGE. LEAD.
8 BENEFITS OF STRONG RISK
GOVERNANCE (CONT.)
5. An appropriate culture of risk awareness exists
throughout your organization.
6. There is recognition that management of risk is
essential to the successful execution of your
company’s strategy.
7. A well-developed capital plan is in place to support
the established risk appetite and strategic plan.
8. A stress-testing program is in place to help determine sufficient capital availability
based on your bank’s strategic plan and risk
appetite.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
18
JOIN. ENGAGE. LEAD.
RMA’s Governance and Policies Workbook further
examines the core capabilities required for a strong
risk governance culture, structure, policies and
procedures, and internal control environment.
The workbook provides detailed
examples of governance structures, risk
committee charters, and risk
dashboard in its appendix.
LEARN MORE
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
19
JOIN. ENGAGE. LEAD.
ENTERPRISE RISK MANAGEMENT
WORKBOOKS
To help you develop your ERM framework, RMA offers a series
of highly practical workbooks:
1. Risk Appetite Workbook, November 2010.
2. Scenario Analysis and Stress Testing for Community Banks,
February 2012.
3. Governance and Policies Workbook (includes “Response”),
November 2013.
4. Risk Measurement and Evaluation (in development).
5. Risk Data and Infrastructure (to be developed).
RMA members may download the workbooks for $0 (free!).
Not a member? Join today.
Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Compliance · Securities Lending
20
JOIN. ENGAGE. LEAD.
SHARE THIS PRESENTATION
Visit http://www.rmahq.org for information on risk management
Visit our blog at http://rmablog.rmahq.org/
RMA is a member-driven professional association whose sole purpose is to
advance sound risk principles in the financial services industry.
RMA helps its members use sound risk principles to improve institutional
performance and financial stability, and enhance the risk competency of
individuals through information, education, peer sharing, and networking.
Become a member today.