8/3/2019 Neil Brown June 13 2006
1/23
Neil Brown
Managing DirectorNoteWell Associates [email protected]
Asset Managers have been subjected to significant changes in the way that they arerequired to manage risk within their business. Some of these relate to Basel 2, but there isa responsibility to implement and evidence an enterprise wide risk framework thatsupports ICAAP. This can be complicated by the evolving approach to regulation ofcomplex groups resulting in changing regulatory relationships for asset managers. This
talk will address the issues involved in achieving this wider risk framework.
8/3/2019 Neil Brown June 13 2006
2/23
Slide 1
Mitigating Risk by Evidencing Risk Control
..we will scrutinise proposals for new UCITS III funds and
conversions of existing funds and will engage in a thematicreview of the risk management of firms that are proposing tooperate or are operating UCITS III funds.
Hector Sants, 19th September 2005
8/3/2019 Neil Brown June 13 2006
3/23
Slide 2
.financial services regulators around the world are rightly concerned
that the business and affairs of financial services firms are responsibly
and effectively organised and controlled at senior management level and
that firms senior management take responsibility for this
a firm is required to establish, implement and maintain adequate risk
management policies and procedures which identify and set the tolerable
level of risk relating to its activities and effectively manage those risks.
A firm also has to have a separate risk control function, where this is
proportionate depending on the nature, scale and complexity of its
business. This function will be responsible for assessing the risks that
the firm faces and for advising the firm's governing body and senior
managers on these risks.
Mitigating Risk by Evidencing Risk Control
Christine Sinclair 15th May 2006
8/3/2019 Neil Brown June 13 2006
4/23
Slide 3
Generic Risk Process
Define Risks the firm is prepared to take (Risk Appetite) Identify risks the firm owns (to capital, reputation, earnings, brand.)
Categorise and identify the drivers of these risks (investment performance, market,credit, operational, event.)
Agree measurement techniques (attribution, VaR, stress testing, scenarios, other)
Agree limitations of these techniques (Correlations, Fat Tails, model validity understress)
Design / Build / Implement systems and processes to capture this information
Set and operate appropriate controls (limits, delegated authorities, escalationprocesses
Apportion responsibility for managing these risks
Business management to own them
Risk management to provide oversight
8/3/2019 Neil Brown June 13 2006
5/23
Slide 4
Objective of the ICAAP
with respect to capital adequacy.
How much and what composition of internal capital the firm
considers it should hold as compared with the capital
resource requirement(CRR) pillar 1 calculation , and
the adequacy of the firms risk management processes
8/3/2019 Neil Brown June 13 2006
6/23
Slide 5
Risk Framework
What are the risks?
Strategy
Earnings
Reputation (Brand?)
Investment Performance
Failure to deliver mandated product
Includes TCF, Advertising
Operational Risks
Legal & Compliance Risks
8/3/2019 Neil Brown June 13 2006
7/23
Slide 6
What Risks Should Be Considered for ICAAP?
8/3/2019 Neil Brown June 13 2006
8/23
Slide 7
Other issues?
Group Structuresstrengths and weaknesses.
Outsourcing (and insourcing!)
Where applicable, details of any other business-unit-specific orbusiness plan stress tests selected
Differentiation between ICAAP requirements and good businessmanagement.
8/3/2019 Neil Brown June 13 2006
9/23
Slide 8
ICAAP
Annual?
Risk types considered to justify exclusion?
Capital required to mitigate worst case occurrence
Not a process to manage the business.
8/3/2019 Neil Brown June 13 2006
10/23
Slide 9
An Appropriate Risk Management Infrastructure
Who owns this and why will it happen?
Senior Management
CEO/SEO / Apportionment Officer
SIAPs
If you dont understand it, you shouldnt be responsible!
Others
Line Management
All staff
8/3/2019 Neil Brown June 13 2006
11/23
Slide 10
What Is Involved?
TABLE OF CONTENTS
Overview
Governance
Roles and responsibilities
Definition of risks and risk appetite
Risk Management Framework
Risk and Control Assessment processes
Incident Management processes
Reporting and Monitoring
Company Risk Framework
8/3/2019 Neil Brown June 13 2006
12/23
Slide 11
Example: Roles and Responsibilities
Senior Management are responsible for implementing
An effective and appropriate operating structure that has transparent
and formal responsibilities including:
implementing risk management frameworks within their part of
business.
developing and implementing processes and procedures for
measuring and managing risk in all of the material products,
activities, processes and systems of their part of the business.
understanding and evaluating the risk profile and ensuring
appropriate risk mitigation within their part of the business.producing reporting to demonstrate the effectiveness of the risk
mitigation they have applied
8/3/2019 Neil Brown June 13 2006
13/23
Slide 12
What Does This Mean?
Much of this will exist, some is documented.
Document from the top down, pull all existing frameworks
together
Quality not Quantity (substance not form)
Ensure that Management Information produced by all areas can
support the risk framework (evidences management control)
8/3/2019 Neil Brown June 13 2006
14/23
Slide 13
Reporting Structure
Risk Management
Monthly / Quarterly reporting
Business area Heads / Senior Management
Monthly / Quarterly Reporting
Chief Executive
Officer
Business Activity
Daily/ Weekly/Monthly /Quarterly Reporting
Line Management
Monthly / Quarterly Reporting
Board of Directors
Management / Board / Risk Committee
8/3/2019 Neil Brown June 13 2006
15/23
Slide 14
Example - New Product Process Risks?
Strategy
Earnings
Reputation
Investment Performance
Failure to deliver mandated product
Includes mis-selling,TCF, advertising
Operational Risks
Legal & Compliance Risks
8/3/2019 Neil Brown June 13 2006
16/23
Slide 15
Example - New Product Process
Initial idea - (Marketing?)
product, marketplace, competition, asset target, costs, profitability....
Management support
Front Office design (Portfolio Management?)
Middle/Back Office ability to support proposal
Legal/Compliance/Risk review
Is the proposal legal and are we allowed to build/distribute?
Do all areas of the business understand what is required of them?
8/3/2019 Neil Brown June 13 2006
17/23
Slide 16
Product Marketing Responsibilities
Clearly defined product characteristics
objectives,
sources of alpha / absolute return
risk controls & characteristics
fees and commissions
Clearly defined target marketplace
Clearly defined target sales and
timescales
Clearly defined product review process
Compliant marketing materials
Brochures / Applications
IFA materials
Advertising
TCF considerations
Place in market
Place in portfolio
Family/friends..
Internal External
8/3/2019 Neil Brown June 13 2006
18/23
Slide 17
Product Investment Management Responsibilities
Through what clearly defined investment process and risk controls &characteristics will they capture the alpha / absolute return to deliver
the clearly defined fund objectives ..........
Credibility of how they will deliver consistent product/performance.
Ability to explain/demonstrate sources of absolute and relativeperformance (Attribution)
Ability to explain demonstrate current portfolio positioning/bets (risk
analysis)
8/3/2019 Neil Brown June 13 2006
19/23
Slide 18
Middle/Back Office Responsibilities
What new systems or people are required?
On what platform / how will you
price
account
risk measure
report
What processes change as a result of this?
What manual processes are introduced?
What processes are special/different for this product?
Ensure continuity and disaster recovery
8/3/2019 Neil Brown June 13 2006
20/23
Slide 19
Risk Management Process
Investment Risk
Review proposed product characteristics versus proposed objectives /
market / clients for goodness of fit
Ongoing review of the performance, attribution and risk analysis of product
using appropriately designed statistics and techniquesstill true to label?
Operational Risk
Ensure
specific accountability, policies & controls, reporting at launch & ongoing
segregation of duties at launch & ongoing
Key Risks, Key Controls, Control Enhancements identified and addressed
Integrate into ongoing OpRisk reporting enhance where necessary
8/3/2019 Neil Brown June 13 2006
21/23
Slide 20
Additional/Enhanced Processes.?
Instrument / portfolio pricing
Instrument / portfolio risk analysis
Risk Management oversight
Management oversight
Board reporting
8/3/2019 Neil Brown June 13 2006
22/23
Slide 21
Who Owns What?
Product design
Investment delivery
Product support
Product launch
Oversight
Ongoing product life
Marketing / Distribution (/ Investment Management)
Investment Management
Middle/Back Office
CEO
Senior Management/CEO
Legal/Compliance/Risk Management
All of above
but ultimately, CEO..
8/3/2019 Neil Brown June 13 2006
23/23
Slide 22
Conclusions
Senior Management resolve is key
Dont build the Bugatti Veryon *
Model Bugatti Veyron 16.4Engine type 7993cc, 16 cylinders in a WPower/Torque 1001bhp @ 6000rpm / 922 lb ft @ 2200rpmPerformance 0-62mph: 2.5sec / Top speed: 253mph
Price 810,345Verdict Blows away all the other supercars
Set senior responsibilities and deliverables to drive framework down throughthe business
Ensure reporting is appropriate and evidenced
Having created this framework, be ready for internal/external review
* Source: Times Online