Institute of Operational Risk

Robert GalwayHead of Operational Risk

Friday 1st November 2013

1

2

Contents

- About Worldpay

- Enterprise Risk Framework;

- High Level Strategy and Approach;

- Governance Model;

- Risk Themes Across the Industry;

- My first 90 days – key challenges and achievements.

Agenda

(UK) Limited © 2012130521-JNB-Telephony and Field Operating Model update 21 May vFINALLON

• Streamline is #1 player in UK and Europe across large corporates and SMEs

• Led UK Chip & Pin implementation

• First contactless transaction in UK

• Process 1 of every 2 face-to-face transactions in UK

Streamline• Online point of sale gateway

and processing solution• Global presence with vertical

expertise• Process in 120 currencies;

settle in 14 currencies

• Widest range of alternative payment methods

eCommerce • Top 10 acquirer in the US

and fastest growing

• Focused on SME and Mid- Market

• Largest off-premise ATM network

• First acquirer with end-to-end hardware encryption

US

WorldPay Overview

Leading independent global payment services businessTop 5 acquirer globally • 400k + merchants • 8bn transactions / £300bn

(UK) Limited © 2012130521-JNB-Telephony and Field Operating Model update 21 May vFINALLON

WorldPay Overview

Enterprise Risk Framework

Risk Universe

Risk Strategy & Appetite

Risk Policies

MI

Risk Assessment

Projects and Outsourcing

Issue Management

Cultur

e

Systems

GovernanceAssurance

Systems to support risk assessment and reporting against the risk exposures, incidents and KRIs and effectiveness of the framework.

Open culture whereby accountability is taken and rewarded for managing risks and incidents – “no blame” culture.

Risk based assurance model in place to ensure focus given is applied in the right areas of the business – both embedding the risk framework and exposures.

3LOD governance model operating effectively with clear roles and responsibilities defined. Risk Committee structure articulated and embedded.

What is Operational Risk?

6

Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, systems, human factors or external events. In practice this covers the following…

Strategy and Approach

7

2013 H1 - 2014 H2 2014 OnwardsUnderstanding the risks..

• Key Risks identified and assessed across the business;

• Control environment defined and assessed;

• Actions defined to reduce risk exposures in line with appetite;

• Issue Management process rolled out;

• Raise awareness of risk management across the business; and

• Risk Governance structure in place and basic Risk MI produced (functional and BU).

The risk framework will mature and embed over time given the right focus....

Embedding and reducing risk exposures….

• Risks and issues regularly discussed at Risk Committee and Functional team meetings;

• Actions progressing to improve control environment tracked to ensure risk managed down in line with appetite;

• Risk MI developing – improved KRIs and KCIs; and

• Risk based decision making.

Managing Risk is BAU….

• Maturing risk culture, part of day to day management and decision making;

• Actions progressing to improve control environment and reduce risk exposures; and

• Risk profile reflects the underlying reality and limits issues that materialise.

Risk Assessment

8

Business Unit(Ecom, Streamline, Technology, Central Functions)

Functional

Key Risks for WP are discussed regularly at the Exec and ShipMidco Risk Committees

Strategic risks for each Business Unit are discussed regularly at the relevant SLT meetings

Risk Registers for each functional area, discussed regularly at Management meetings.

Risks are identified , assessed and managed at three levels across the organisation to ensure that the right risks are managed at the right level…..

Governance Model

9

ShipMidco meets quarterly to ensure that risk framework is embedding appropriately and key risks are managed in line with appetite. This is supported by the Exec Risk Committee and Functional “Risk Committees”

“Board”Risk Committee

WP Exec Risk Committee

Streamline Exec meeting eCom CATS

Central Functions SLT

(Finance, Legal, Risk, HR)

10

The following risks are a key focus for the Industry

- Systems Stability;

- Data Security;

- Regulatory Change and Scheme Rules;

- Financial Crime;

- Credit Risk;

Key Risk Areas for the Industry

11

It’s early days……………….