Identifying Emerging Risks - A Protiviti presentation
description
Transcript of Identifying Emerging Risks - A Protiviti presentation
Emerging Risks: Identification, Assessment and Mitigation
© 2014 Protiv iti Inc. CONFIDENTIAL 2
Agenda
Defining Emerging Risks 3
Regulatory Guidance 4
Incorporating emerging risk into ERM framework 5
© 2014 Protiv iti Inc. CONFIDENTIAL 3
What are emerging risks?
Emerging risks may not be fully understood or identified and hence comprehensive risk management options to assess,
quantify, monitor and control such risks are difficult for organizations to create and implement.
Emerging risks are linked to other risks giving them a systemic nature. The risks can cut across geographies, industries
and economic systems and are generally outside the scope of any organization. The impact of an emerging risk that
has not been identified and mitigated by an institution can sometimes be destructive.
Emerging risks are difficult to define, assess and quantify in monetary terms to the necessary level of accuracy
leading to ineffective standard approaches to likelihood and impact projections.
Emerging risks are newly developing or changing risks which are perceived to be potentially significant but which may not be fully understood or allowed for in business and strategic planning.
Detailed definition
Systemic Nature
Impact Quantification
Emerging risks are new or unique risks. They differ from evolving risks which have been previously identified and are
merely shifting or changing from original conditions.
Emerging vs. Evolving
© 2014 Protiv iti Inc. CONFIDENTIAL 4
Regulatory guidance on emerging risks is evolving and
always starts with a solid ERM framework
• Active consideration of emerging risks and a process for assessing their impact
• Set up emerging risk committees to discuss potential threats and how they might be
mitigated or managed
• Identify appropriate indicators that provide early warning of an increased risk of future
losses
• Indicators are usually forward-looking and reflect potential sources of risk
Financial Services Authority1
• Use a variety of channels and windows to gain perspectives on emerging risks
• Increase focus on potential risks before concerns become real problems
• Perform stress testing on the trends in outcomes to understand how risk is
changing
• Take action based on quantification of risk
• Review and analyze prior failures to mitigate emerging risks to determine ways to better
quantify the build-up of risks
OCC2
• Maintain a healthy skepticism of the ability of regulatory capital requirements to
prevent risk concentrations
• Examination and analysis are important in identifying emerging risk concentrations
• The entity’s risk management function should be assessed by senior management and
the board of directors including how emerging and/or prospective risks are
identified, tracked, assessed and managed
NAIC3
1 Enhancing Frameworks in the Standardized Approach to Operational Risk, Financial Services Authority, January 2011 2 Act Now to Address Emerging Risks , Darrin Benhart - OCC, October 25, 2012 3 Implications of the Financial Crisis for Insurance Regulation, Terri Vaughan - NAIC, April 15, 2010
© 2014 Protiv iti Inc. CONFIDENTIAL 5
Incorporating emerging risk into your existing ERM framework
Develop Risk Management Strategies
Avoid – Reduce – Retain – Exploit – Transfer
Design / Implement Risk Management Process
Measure / Monitor Risk Management Performance
Continuously Improve Risk Management
Capabilities
Establish Risk Management Goals,
Objectives and Infrastructure
Information
for Decision Making
Assess Risk
• Identify • Categorize
• Assess • Calculate
Example Activities:
• Identify emerging risks through a variety
of channels: cross-functional teams,
external resources, analysis, etc.
• Incorporate emerging risks into the risk
inventory
Example Activities:
• Determine the most appropriate risk
response and action plans
• Allocate capital to manage downside
risks
Example Activities:
• Identify and allocate responsibility for emerging risk
management
• Design and implement procedures for emerging risk
management
Example Activities:
• Systematically monitor emerging
risks and resource adequacy
• Update stress testing, reverse stress
testing and scenario analysis with
emerging risk scenarios
• Escalate emerging risks and status of
risk mitigation efforts as part of
standard risk reporting
Example Activities:
• Ensure that the risk assessments
are refreshed, new and emerging
risks are identified, captured and
communicated
Example Activities:
• Determine if emerging risks present a
barrier to strategic objectives
• Consider emerging risks as part of
strategic planning
• Allocate dedicated resources to emerging
risk
• Establish emerging risks repository
© 2014 Protiv iti Inc. CONFIDENTIAL 6