The Rochdale Group, - Utah's Credit Unions · 2013-10-22 · The Rochdale Group, Inc. 10/11/2013 6 Risk versus Return “Risk and return”is an inseparable concept Risk æ Adjusted

The�Rochdale�Group,�Inc. 10/11/2013

1

Jeff�Owen�

The�Rochdale�Group

2


2

Agenda

• ERM�Overview

• Why�Do�(or�Should)�I�Care?

• ERM�– Roles�&�Responsibilities

• Risk�Appetite

• Economic�Capital

• Getting�Started

My�Objective

1. Spur�action�on�your�part

2. Provide�some�tips�on�getting�started

3. Clear�up�some�potential�misconceptions�on�ERM

As�a�leader�of�a�financial�institution,�you�are�expected�to�be�aware�of�and�appropriately�

manage�organizational�risk�exposures6


3

Risk�Ownership

• Who�owns�organizational�risk?

• Who�is�the�ultimate�risk�manager?

• Who�does�much�of�the�‘stuff’�and�deals�with�risks�daily?

RiskǦresilience�is�only�really�possible�when�the�people�who�are�responsible�for�driving�business�results�are�

accountable�for�the�associated�risks

Enterprise�Risk�Management

• An�orchestrated�and�formalized�process�of�identifying,�assessing�and�managing�key�organizational�risks

• ERM�drives�improved�organizational�decision�making�through�unobstructed�knowledge,�yielding�better�organizational�performance


4

What�is�RISK?

What�is�Risk?

• “The�possibility�that�an�event�(internal�or�external)�will�occur�and�affect�the�achievement�of�objectives”

• “The�effect�of�uncertainty�on�objectives”

What�is�Risk?

• Known�knowns

• Known�unknowns�

• Unknown�unknowns


5

“One�organization’s�‘black�swan’�is�another’s�identified�emerging�risk.”

What�is�RISK?

$�Worth�Now $�Worth�Later

Intervention

Avoid Reduce Share Accept

Amount�of�Loss/Opportunity�$$$

Risk

Probability�of�a�specific�loss�of�worth�occurring

What�is�Risk�Management?

• Unlike�risk�elimination�(military�and�law�enforcement),�risk�management�includes�the�coordinated�activities�used�to�direct�and�control�an�organization�with�regard�to�risk

• Effective�risk�management�allows�for�multiple�risk�responses�to�scenarios


6

Risk�versus�Return“Risk�and�return” is�an�inseparable�concept

RiskǦAdjusted�Return

Risk�Level

Zone�1Insufficient�Risk�Taking

Zone�2Optimal�

Risk�Taking

Zone�3Excessive�Risk�

Taking

• Effectiveness

• New�Standard

ERM�is�Here�to�Stay

• Corporate�Credit�Unions• §704.21�Ǧ Enterprise�Risk�Management

• 2013�GAC�– “Hot�Exam�Issues”• Effective�risk�management• Balance�too�little�and�too�much• Involves�both�an�art�and�a�science• Balance�risk�and�capital�adequacy• Increasing�complexity�of�CUs



7

• Examination�2013:�What�to�Expect


My�soapbox…It’s�all�about�perspective

Enhanced�risk�management�processes…

• Increased�communication�and�transparency�and�assisted�in�the�breakdown�of�silos

• Defined�organizational�risk�profile�

• Drove�strategic�alignment

• Provided�more�proactive�focus�

• Allowed�for�a�riskǦweighted�view�of�capital�adequacy�

• Resulted�in�improved�organizational�prioritization


8

What�ERM�is�NOT!

Checklist

Audit

Compliance� /�policy�assessment

Isolated�technology�solution

OneǦtime�project

A�Conceptual�View�of�Risk�Management�

Credit

Market

FinancialRisk Management

Credit

Market

Operations

Business

Organizational

EnterpriseRisk Management

Credit

CreditRisk Management

Evolution�of�ERM


9

Introduction�to�COSOCOSO�– Committee�of�Sponsoring�Organizations�of�the�Treadway�Commission• American�Accounting�Association,�American�Institute�of�CPAs,�Financial�Executives�International,�Association�of�Accountants�and�Financial�Professionals,�and�Institute�of�Internal�Auditors• Standard�for�defining�ERM�for�all�types�of�companies�• Serves�as�a�model�of�how�to�implement�an�effective�ERM�process,�and�how�to�maintain�an�ERM�process�over�time

COSO�ǦDefinition�of�ERM

• A�process,�ongoing�and�flowing�across�an�entity�• Applied�in�strategy setting�• Applied�across�the�enterprise,�at�every�level�and�unit,�and�includes�an�entityǦlevel�view of�risk�

• Designed�to�identify�potential�events�that,�if�they�occur,�will�affect�the�entity�and�to�assist�in�managing�risk�within�an�agreed�upon�risk�appetite�

• Able�to�provide�reasonable�assurance regarding�the�achievement�of�objectives


10

Risk�Identification• Identify�the�material�events�that�can�transpire�within�

each�functional�area’s�responsibility:

• Consider�internal�and�external�factors:

• Develop�scenarios�to�demonstrate�each�risk

Primary�Risk�Categories

Credit

Reputation

Interest�Rate

Compliance

Strategic

Operational/�Transaction

Liquidity


11

Assessment�Factors¾Impact�– Potential�magnitude,�in�the�absence�of�responses,�measured�consistently�against�assets�and�capital

¾Likelihood�–The�frequency�with�which�an�event�may�occur�in�a�given�time�period,�again�in�the�absence�of�responses

¾Mitigation�–The�degree�to�which�the�organization’s�responses�manage�down�the�impact�or�likelihood

Other�ERM�Definitions

• Inherent�Risk• Before responses

• Residual�Risk• After responses

• The�difference�is�the�benefit�of�the�responses

• Allows�us�to�prioritize�risks�and�opportunities

ERM�Process�Overview• ERM�is�a�process

• Should�be�a�small�part�of�everyone’s�dayǦtoǦday�duties�and�thought�process:• “Culture�eats�strategy�for�lunch”

• Involves�a�variety�of�key�periodic�steps:�Risk�ID�and�assessment

Review�of�mitigating�responses

Risk�management�committee�meetings

Reporting

Integration�with�strategic�planning�and�other�risk�processes


12

34

• Total�of�$10.7+�billion�in�2012�penalties�for�U.S.�financial�institutions

• BOA�has�incurred�$29�billion�in�settlements�since�2009

• JPMorgan�Chase�and�BOA�lost�$110�and�$410�million�cases,�respectively,�on�debit�card�overdrafts�in�2012

• UBS�fined�$1.2�billion�for�manipulating�LIBOR

• HSBC,�ING�and�Standard�Chartered�penalized�$3.2�billion�for�money�laundering

• WesCorp and�U.S.�Central�Corporate�– no�longer�exist

Financial�Institutions�Have�Been�Hit�with�Large�Lawsuits�and�Regulatory�Intervention

35

Yeh,�but�only�the�big�ones�have�those�problems…right?

36


13

As�a�financial�institution…

Understanding�and�managing�risk�should�be�central�to�all�we�do!

37

• Poor�performance�in�CUSO�(CEO�vs.�Staff�perspective)• Call�center�and�branches�operating�on�separate�

procedures• Vendor�management�– tracking�contract�but�not�

performance�issues�• Perceived�pay�inequality�(lawsuit�potential)• Unreconciled accruals�• Compliance�inconsistencies�• Core�and�loan�system�inadequacies• Insurance�gaps• Communication�lapses

….AND�THESE�ARE�NOT�POORLY�RUN�CUs

Unfortunate�Findings

• Merger�opportunity

• Ability�to�reǦenter�indirect�lending

• Strengthen�management�alignment�around�strategic�objectives

• Engaged�management�team�about�operational�risk�in�order�to�make�product�/�service�decisions

• Better�prioritization�and�improved�utilization�of�resources

Opportunities


14

• “We�utilize�the�ERM�process within�every�strategic�decision.”• “It�is�critical�to�have�the�right�person�oversee�the�ERM�process.��

You�can’t�delegate�ERM�to�a�lowǦlevel�staff�member�and�expect�to�receive�the�strategic�benefit.”

• “The�ERM�process�has�made�a�significant�difference�in�how�we�discuss�and�make�decisions.��Our�organization�operates�and�views�things�differently�after�having�gone�through�the�ERM�implementation�process.”

• “We�benefitted�greatly�from�the�upǦfront�ERM�risk�identification�discussions.��I�learned�a�tremendous�amount�about�the�organization�that�I�otherwise�would�not�have�known.”

• “Performing�periodic�updates�forces�me�to�consider�the�major�risks�in�my�area,�including�what�my�thoughts�were�in�prior�periods�and�what�has�changed�to�reǦdirect�my�priorities�in�the�current�period.��This�often�gets�overlooked�in�the�busyness�of�day�to�day�‘survival’.”

What�We’ve�Heard

41

Fundamental�Shift�in�Thinking

Org�Level Balance�of�Focus Time�Horizon

Board

Senior�Management

Business�Units

Functional�Units

10�to�20�Years

5�to�10�Years

1�to�5�Years

0 to�1�Year

Uncertainty

Commitments


15

Key�FocusBoard Management Operations

What�could�threaten�our�survival?

What�could�undermine�our�

strategy?

What�could�derail�our�operations?

Strategic�Flexibility Strategy�Commitment

Target�Achievement

Risk�CentricScenario�Planning

StrategyAssessment

Tactical�and�Operational�

Execution�Plans

43

ERM�Organization�Structure

44

ERM�Function�–Coordinates�meetings,�reporting,�assignmentsand�training

Board/Board�Committee

Risk�Management�Committee

Functional�Area�1

ERM�Liaisons

Functional�Area�2 Functional�Area�X…

Senior�Management

� Set�risk�culture�and�tone

� Understand�and�balance�strategy�and�risk

� Validate�risk�appetite

Board’s�Role


16

• Understand�and�communicate�risk�culture�

• Ensure�process�diligence

• Define�risk�appetite

• Identify�and�manage�risks�proactively

• Ensure�process�transparency

Management’s�Role

Risk�Management�Committee�(RMCO)

• Oversee�ERM�process

• Identify�emerging�risks

• Provide�crossǦfunctional�perspective

• Take�actions�on�key�risks

• Ensure�major�risk�management�processes�are�appropriate

• Advise�executive�management

ERM�Function

• Execute�program

• Help�identify�and�analyze�risks

• Analyze�and�communicate�risk�issues

• Provide�guidance�and�coaching

• Develop�and�present�reports


17

• Communicate�risks�through�an�open�and�honest�framework

• Be�vigilant�for�emerging�risks

• Implement�responses�to�mitigate�risk,�where�appropriate

• Identify�opportunity�to�leverage�risk�for�enhanced�returns

Staff’s�Role

• Review�mitigating�responses

• Feed�key�risks�back�into�ERM�process

• Focus�audits�and�exams�based�on�key�risks

Auditors�and�Regulators

Risk�Function�Alignment�/�Integration

ERMBCP

Vendor�Mgt

ALCO

InsuranceCompliance

Fraud

Data�Security

Credit�Committee

Other�Risk�Functions

51


18

Internal�Lines�of�Defense

Line�of�BusinessLine�of�Business

ǦOwns�and�manages�risks

Ǧ Establishes�appropriate�risk�processes�and�programs

Ǧ Identifies�and�escalates�risk�issues

ǦOwns�and�manages�risks

Ǧ Establishes�appropriate�risk�processes�and�programs

Ǧ Identifies�and�escalates�risk�issues

1Risk�ManagementRisk�Management

Ǧ Sets�risk�limitsǦQuantifies�and�monitors�risksǦChallenges�risks�and�mitigating�actionsǦAggregates�risks�across�organizational�boundaries

Ǧ Sets�risk�limitsǦQuantifies�and�monitors�risksǦChallenges�risks�and�mitigating�actionsǦAggregates�risks�across�organizational�boundaries

2Internal�AuditInternal�Audit

ǦValidates�risk�programs

Ǧ Reports�on�risk�management�effectiveness

3

52

53

Risk�Appetite

Performan

ce

Time/Risk

Expected�Performance

Risk�Universe

Best�outcome�if�“good�things”�happen

Worst�outcome�if�“bad�things”�transpire

Risk�CapacityRisk�

Appetite

54


19

Risk�Appetite

• Quantitative�vs.�qualitative

• We�will and/or�will�not do

• Expectations�of�members

• Dialogue�– establish�over�time

• Establish�appetite�pertaining�to:

o Members,�processes,�financials,�regulatory�compliance,�people

55

56

Introduction�to�Economic�Capital• Estimate�of�the�equity�needed�to�survive�a�nearǦ

worstǦcase�loss�scenario

• Most�credit�unions�expect�to�have�fairly�large�losses�every�year�and�consider�the�expected�losses�in�pricing�loans�and�other�products

• It�is�the�deviation�of�actual�losses�from�expected�losses�that�subjects�the�credit�union’s�capital�to�risk

57


20

�$Ǧ

�$10

�$20

�$30

�$40

�$50

�$60

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Millions

Potential�Annual�Losses

Percentile

99+th percentile�losses

Une

xpec

ted�losses

Economic�capital

Expe

cted�lo

sses

50th percentile

59

• Start�somewhere

• Engage�management�/�board�

• Discuss�top�risks�(across�all�risk�categories)o Impact,�likelihood�and�responses�(quantitatively)o Agree�on�completeness�of�mitigation,�and�create�an�action�

plan�to�further�address�risk

• Identify�greatest�opportunities�within�credit�union

• Continue�to�roll�the�ERM�process�out�across�the�organization�over�time

• Use�ERM�in�strategic�planning

Where�do�we�start?

60


21

Strategic�Risks

• Loss�of�tax�exemption

• Loss�of�fee�income

• Basel�capital�requirements

• Lack�of�membership�growth

• Qualified�mortgages�risk

• Data�breaches

• NonǦtraditional�competition

• Natural�disasters

• Regulatory�compliance

• Lack�of�board/management�succession�plan

• Rising�interest�rates

• Loss�of�interchange�income

• Technology�advancements

• IT�terrorism�risk

• Restrictions�on�geographic�and�charter�expansions

• Inadequate�volunteer�training�and�financial�literacy

• Infrastructure�weaknesses

• Talent�management

• Operating�inefficiencies

• It’s�about�establishing�a�culture

• CEO�and�Board�engagement�is�critical

• ERM�leader�must�have�the�political�capital�to�make�things�happen

• Boards�and�CEOs�do�NOT�like�surprises

• Must�be�forwardǦlooking

• Don’t�shoot�the�messenger

• Open�and�honest�communication�is�crucial

Lessons�Learned

In�Summary…

• ERM�is�not�intended�to�replace�current�risk�management�practices;�rather,�it�should�be�a�means�through�which�you�can�integrate�each�of�the�existing�functions

• It�is�important�that�ERM�encompass�all�facets�of�the�organization�(vertically�and�horizontally)�

• Risk�information�must�be�incorporated�into�strategic�discussions�


22

64

Questions

Jeff�Owen

[email protected]

800Ǧ424Ǧ4951�x8011

The Rochdale Group, - Utah's Credit Unions · 2013-10-22 · The Rochdale Group, Inc. 10/11/2013 6 Risk versus Return “Risk and return”is an inseparable concept Risk æ Adjusted

Documents