1

New Product Oversight and Strategic Initiative Oversight

Dolores Atallo

Firm Director, Deloitte

April , 2011

2

Today’s Discussion Introduction and Session Objectives

New Product Oversight New Product Regulatory Guidance and Industry Perspective Critical Success Factors for the New Product Approval Process Drivers of New Product Opportunities

Strategic Initiative Oversight Strategic Risk Oversight Considerations Tools for Strategic Risk Oversight

The Role of Enterprise Risk Management (ERM)L

Q&A

3

Introductions and Session Objectives

Financial Institutions are facing more pressure than ever before from new Financial Regulatory Reform and more stringent standards and limitations on certain business activities.

Part of that increased scrutiny focuses on the new product and strategic initiative oversight processes, including:

Consideration of regulatory compliance requirements Creating/enhancing a robust new product process Drivers of new product opportunities The role of risk management practices in strategic and new product initiatives

4

New Product Governance

5

Defining a “New Product”

New Product Quiz

A New Product is defined as a product or service…….

A: never before provided by the institution B: previously provided but with changes, enhancements and/or modifications C: previously provided but ramping up due to market opportunity D: currently/previously offered but now subject to a change in regulation or policy E: all of the above

6

•New products include products or services being offered to, or activities being conducted for the first time in, a new market or to a new category of customers or counterparties. For example, a product traditionally marketed to institutional customers that is being rolled out to retail customers generally should be reviewed as a new product.

•Significant modifications to products, services, and activities or their pricing warrant review as a new product.

•Small changes in the terms of products or the scope of services or activities can greatly alter their risk profiles and justify review as a new product.

•When in doubt about whether a product, service or activity warrants review as a new product, financial firms should err on the side of conservatism and route the proposal through the new-product approval process.

•Cutting short a new-product review because of a rush to deliver a new product to market, or because of performance pressures, increases the potential for risk .

Defining New Products

Remarks by Federal Reserve Board Governor Susan Schmidt Bies (2004)

Source: Remarks by Governor Susan Schmidt Bies, At the Bond Market Associations Legal and Compliance Conference, New York, NY February 2004

New Product Regulatory Guidance and Industry Perspective

7

•The NPA process should be clearly documented in the risk management policy handbook and should clearly articulate the steps required for approval.

•There should be a specified time period of no longer than six months after the transaction is initially approved for trading, after which its reviewed for consistency. All transactions that go through the NPA process should be documented and tracked through secure databases and electronic media.

•No proposed transaction should be expected to trade without a model validation and vetting by Risk Management and a clear understand of the risk profile of the transaction and its implications on the overall risk appetite of the firm and its reputation.

•The CRO must be a member of the NPA committee and should be granted the authority to sign off on all transactions. The NPA committee should include senior individuals from all the decision support areas, namely, Operations, Legal, Tax, Audit, Accounting, Risk Systems, Risk Analytics, Compliance, and Documentation, as well as the representatives of the business units.

IndustryPractices for New Product

Oversight/Approval

Standard & Poor’s Rating Criteria and Best Practices ERM For Financial Institutions

Source: Standard & Poors, Enterprise Risk Management for Financial Institutions, Ratings Criteria and Best Practices November 2005

New Product Regulatory Guidance and Industry Perspective

8

• A new product committee may condition approval for a complex product on specific limitations, such as limiting the sale of the product to customers meeting certain characteristics and sophistication thresholds; or restricting the right to market or sell the product to representatives who have completed certain product-specific training courses.

• Products approved on the basis of these restrictions, or based on critical market assumptions, should be subject to a formalized, ongoing review of the conditions of approval for up to one year. Customer complaints relating to the product should also be tracked and monitored.

• Some products may be approved by a new products committee subject to certain restrictions, such as: “No more than X percentage of a customer’s net worth may be invested in Y product, or any product similar to Y.”

• A new product committee should not approve a product based on such a condition unless it has determined, prior to approval. that the limitation is feasible from the perspective of training, supervision and operations

• Bright line Suitability Tests for Complex Products. • Certain “bright line” tests relating to the suitability of new products have emerged

through regulatory guidance,

Guidance For Complex Products

NASD and FINRA Complex Product Guidelines

Sources: 1 NASD Notice to Members 05-59, “Structured Products - NASD Provides Guidance Concerning the Sale of Structured Products,” September 2005 2 FINRA Regulatory Notice 10-09, “FINRA Reminds Firms of Their Sales Practice Obligations With Reverse Exchangeable Securities” February 2010

New Product Regulatory Guidance and Industry Perspective

9

• Federal banking agencies should promulgate regulations that require originators or sponsors to retain an economic interest in a material portion of the credit risk of securitized credit exposures.

• Regulators should promulgate additional regulations to align the compensation of market participants with longer term performance of the underlying loans.

• The Securities and Exchange Commission (SEC) should continue its efforts to increase the transparency and standardization of securitization markets and be given clear authority to require robust reporting by issuers of ABS.

• The SEC should continue its efforts to strengthen the regulation of credit rating agencies, including through measures to promote robust policies and procedures that manage and disclose conflicts of interest, differentiate between structured and other products, and otherwise strengthen the integrity of the ratings process.

• Regulators should reduce their use of credit ratings in regulations and supervisory practices, wherever possible.

CDOs and Financial

Regulation

US Treasury Department Report on Financial Regulatory Reform

Source: US Treasury Department Report on “Financial Regulatory Reform–A New Foundation: Rebuilding Financial Supervision and Regulation” in June 2009

New Product Regulatory Guidance and Industry Perspective

10

New Product Approval Policy: Setting the Tone

• Set new product definition for the institution– Define parameters and exceptions

• Define roles and responsibilities– Submission, approval and ratification

• Provide a common language and approach for new product assessment– Articulate new product risk appetite – Describe acceptable and prohibited products– Define the exception process– Define an escalation protocol

11

New Product Approval Policy (Illustrative)

Policy Objectives

Policy Objectives

Policy Exceptions

*

Policy Exceptions

*

Policy Admin.Policy Admin.

Appendices **

Appendices **

Scope/ Description

(Policy Statement & Scope)

Scope/ Description

(Policy Statement & Scope)

*Related

Polices

*Related

Polices Roles & Resp.Roles & Resp.

IllustrativeIllustrative

Board of Directors

Risk Committee

New Product Committee

Board of Directors

Risk Committee

New Product Committee

CROCRO

Approve/Ratify Approve/Ratify EstablishEstablishNew Product Approval Policy

New Product Approval Policy

Policy RequirementsPolicy Requirements

*New Product Approval Process *New Product Approval Process

Definitions*

Definitions*

Definition of a New Product NPA FormGlossary

Listing of Approved Products

12

The Role of the New Product Approval Committee (NPA)

The NPA Charter should reflect the objectives, scope of authority, duties and practices of the Committee and can include the following components:

• Committee Authority • Decision vs. Information• Duties

• Committee Protocols • Agenda• Minutes• Meeting frequency• Membership (Voting and Non-voting)

• Examples New Product Committee practices can include: • Review and perform an assessment of the New Product• Make Recommendations on New Products to Enterprise Risk Committee.• Oversee the New Product Approval Process, i.e. ensuring documentation is collected and analyzed prior to recommendation• Maintain and update the New Product Form, NPA Policy and NPA Process as frequently as significant changes occur• Monitor new product performance

.

13

New Product Committee (NPC) Protocols

NPC CharterNPC Charter

Board of Directors

Risk Committee

Board of Directors

Risk Committee

ERM Function/CRO

ERM Function/CRO

Approve/Ratify Approve/Ratify EstablishEstablish

IllustrativeIllustrative

AuthorityAuthority

Constitution, Membership and MeetingsConstitution, Membership and Meetings

Quorum/ Voting

Quorum/ Voting

Meetings

Meetings MinutesMinutes Member

sMember

s

Committee

Secretary

Committee

Secretary

Charter Administratio

n

Charter Administratio

nDutiesDuties

Comm Chair

Comm ChairAgendaAgenda

14

New Product Approval: Supporting the Business Case

• Define sponsorship process for submission– Who can submit a new product for approval?– What documentation is required?

• New product risk assessment– Consider impact to the institution’s risk profile– Leverage existing risk management practices

• Risk categories, Metrics/Key Risk Indicator

• Assess profitability– Key Metrics

• Cost to market, Capital impact, Projected P&L

• Approval authority– Role and responsibilities

• NPA Committee, Senior Management, Board of Directors

15

New Product Approval Form (Illustrative)

New Product/Initiative Approval Form

Instructions for completing the New Product/Initiative Approval Form:1.The Sponsoring Business Unit (“SBU”) should complete New Product/Initiative Summary Worksheet (pages 1 and 2) authorize it, and provide to the Head of ERM for review2.The SBU should complete the New Product/Initiative Detailed Worksheets in consultation with the appropriate Risk Owners (see Appendix A - List of Risk Owners )3.Risk Owners should sign off on their appropriate sections within the New Product/Initiative Detailed Worksheets4.The New Product/Initiative Approval Form must be approved by the Head of ERM and the Chief Risk Officer5.The New Product/Initiative Approval Form will be provided to the Enterprise Risk Committee for their review and approval

New Product/Initiative Summary WorksheetProduct/Initiative Information

Name of Product/Initiative:      SBU:       Planned Launch Date:       Target Approval Date:      Cost of Initiative ($):     

Product/Initiative DescriptionDescribe the product/initiative:Describe the Strategic Objectives of the product/initiative?What process changes are being impacted by this product/initiative?What people changes are being impacted by this product/initiative?What technology changes are being impacted by this product/initiative?

Risk Summary# Risk Category

New Material Risk?

Risk? Provide brief explanation below for both No and Yes:

1. Credit Risk No Yes 2. Market Risk No Yes 3. Liquidity Risk No Yes 4. Operational Risk No Yes 5. Compliance, Regulatory and Legal Risk No Yes 6. Strategic Risk No Yes 7. Reputational Risk No Yes

16

New Product Approval Form (cont’d-Illustrative)

New Product/Initiative Profitability Analysis New Product/Initiative Profitability Analysis

Estimated Volume:Please Provide assumptions related to the Product/Initiative Analysis (Term Capital allocation, Cost of funds, etc.):

  Yr. 1 Yr. 2+  Volume $ - $ -

Estimated Profitability: Yr. 1 Yr. 2  Pre-Tax Income $ - $ -   Net Income $ - $ -   ROA % %  ROCE % %  Net Margin $ - $ -   Risk Adj Margin $ - $ -   Non-Spread Revenue $ - $ -

Total Revenue $ - $ - Non-Spread % To Total Revenue % %

Credit Quality:Net Charge-Offs $ - $ - % to AFR % %Provision $ - $ -

Estimated Expenses  Expenses $ -  $ -   % to AMA % %  Efficiency Ratio % %

Sponsoring Business Unit ApprovalAuthorized by: Name:      Signature:Date:      

ApprovalHead of Risk Management: Name:      Signature:Date:      

Chief Risk Officer:Name:      Signature:Date:      

Product Cancelled/Deferred: Date of Cancellation/Deferral:      

17

New Product Approval Process

• Final Approval Upon the recommendation of the New Product Committee, approves new products and services to be offered

• Recommendations for Approval Oversees the New Product Approval Process/Policy Reviews New Product documentation to ensure full evaluation of risk is performed. Makes Recommendations on New Products to Enterprise Risk Committee. Risk leaders sign off after vetting of new product and New Product Committee meeting is complete.

• Completion of New Product Form Works with business line to solicit input on potential benefits and risks of new product. Should ensure that all necessary documentation is collected and researched to complete New Product Form.

Sponsoring Business Unit(Pitches New Product)

Sponsoring Business Unit(Pitches New Product)

SBU Introduces New Product

New Product Committee(Review and Approval)

New Product Recommended for Approval

Executive Management Committee(Approval)

Executive Management Committee(Approval)

BOD

FinalApprovalFor Some

New Products

18

Drivers/Triggers for the New Product Approval Committee

• New Regulation, i.e.:– Dodd-Frank Act

• The “Volcker” Rule

– Will cause banks to exit certain proprietary businesses/products

• Compensation and Governance

• Living Wills/Basel III

– Capital Impacts of products and services

• New Regulators, i.e.,– Dodd-Frank Act

• Systemic Oversight Council

• Consumer Financial Protection Bureau

• Migration of OTS oversight to OCC

• Changes in market conditions– Changes in market conditions can drive the need to for new products including hedging

strategies for risk mitigation purposes or new products to capitalize on shifting consumer market demand

.

19

Critical Success Factors for a Robust New Product Approval Process

• The definition of what is considered a New Product should be socialized across the company to ensure accountability and compliance.

• There should be clear delegations of authority for approval, review by constituents of business plan, and agreed materiality thresholds.

• The New Product Committee should have disciplinary authority in place to address non-compliance.

• The Board of Directors should ratify product changes and in cases of changes in strategy have approval authority.

Strategic Initiative Oversight

21

Strategic Risk Oversight Key Considerations• Recognize strategy, strategic planning and assessment as an on going cycle

– Build in touch points

• Integrate existing risk practices into the strategic planning and assessment process

– Consider risk by category– Establish metrics/limits for on going monitoring– Align strategic initiatives with committee oversight

• Determine protocols for assessment of risk to achieving strategic objectives:– Role of Board, Management and Risk/Chief Risk Officer– Articulate risk appetite and limits

• Timing and escalation protocols

22

Strategic Risk Management Considerations

Component

Risk management culture

High level of involvement throughout the organization

High-quality, well-structured risk management practices

Risk control

Extreme event management

Risk and economic capital models

Strategic risk management

Accuracy of risk identification and monitoring

Availability and effectiveness of programs for compliance and post loss remediation

Use of scenario analysis and stress testing which flow into an early warning system and a disaster and contingency plan

Ability to mitigate risk and keep an adequate amount of catastrophe reinsurance

Capacity to develop and use accurate risk and economic models

Capability to validate the data and results of these models

Processes to ensure proper alignment of retained risk profiles

Maintenance of metrics for strategic asset allocation and risk-adjusted return

Evaluation criteria

Risk management culture

Risk control proces

ses

Extreme event

management

Risk & econo

mic capital model

s

Strategic risk management

23

Risk Assessment of Strategic Business Objectives and Initiatives

Risk assessment and prioritization

StrategicPlanning

Risk identification

Key activities

Review 3-5 year business plan, business objectives, company goals and strategies

Gather research, documents, to identify potential strategic initiatives

Document and prioritize strategic initiatives

Based on information gathered, create customized and company-specific risk profile

Develop risk ranking criteria (impact, vulnerability, speed of onset)

Develop likely and worst case scenarios from key external risks

On going discussion to prioritize key strategic and emerging risks for scenarios

Develop monitoring roadmap for tracking strategic initiatives milestones and periodic status reporting

On going cycle of planning, assessment and prioritization

24

Tools For Assessing Strategic Risk

• Peer Benchmarking• Consider performing a benchmarking analysis against industry peers

• Executive Workshops • Identify risks against strategic objectives• Critically evaluate strengths and weakness and target weakness• Reassess regularly

• Top down risk assessment• Identify and prioritize top 10 risks to the organization to achieving objectives

• Scenario analysis• Stress test business plans for relevant threat scenarios (e.g., economic downturn, cat and large losses,

competitive pressures, etc.)• ERM’s should focus on preparation of risk mitigation strategies that are designed to support senior

management’s business plan• Work closely with the finance and investment and functions to demonstrate the sensitivity of business plans to

external factors, underlying assumptions and unanticipated variance in assumptions. • Provide research and analysis on external trends that would inform senior management decision making

regarding areas of growth or investment

• Risk Selection• Assess and react to short term and long term market conditions to choose which risks to take and which to

retain:• Consider using Risk Reward analysis or just combined ratio targets• Cycle Management (Credit, Interest Rate or Equity Market Cycles)

• Strategic trade-offs in Investment Selection• Assess risks based on risks embedded in products• Recognize long term view of risk adjusted returns of investment choices

25

Enterprise Risk Management can Facilitate Strategic Risk Oversight and the New Product Approval Process

• ERM provides a framework for assessing the benefits and risks of various strategic decisions:

– Identifying the potential risks inherent in a new strategy

– Determining the changes in control frameworks, governance, and reporting required to support a new strategy

– Measuring the impact of strategic decisions on company value on a risk-adjusted basis

• Management can use ERM to determine the most efficient allocation of capital across the organization:

– Using models to determine necessary levels of capital to support each business and its risk

• ERM processes can be used to assess how specific management actions move the company on the risk/reward frontier:

– Providing a cost benefit analysis of specific risk mitigation activities

– Determining the set of activities to be deployed in the event of an extreme risk event

• The insights gained through robust ERM practices allow management to communicate more effectively about risk:

– Designing clearer and more informative risk disclosures that go beyond the minimum requirements to better inform stakeholders

– Developing more robust risk reporting frameworks

Management actions

Communication

Strategy

Capital allocations

Risk/Reward frontier

Risk= same reward with lower risk= higher reward with same risk= higher reward with appropriately higher risk

Questions & Answers

27

Experience: Over 20 years experience assisting clients in building, enhancing and integrating their risk management practices.

Firm DirectorFinancial Services IndustryGovernance Risk & RegulatoryDeloitte & Touche LLPNew York, NY +1 212 436 5346  datallohazelgreen@deloitte.com

Dolores Atallo is a Firm Director and a tenured leader in the Governance Risk And Regulatory Strategy financial services practice focusing on Enterprise Risk Management (ERM), Corporate Governance, Enterprise, Credit and Operational Risk. Currently, she is the Co-Lead of the Deloitte Financial Reform Center of Excellence and the US Leader for Living Wills. She also serves as the National Relationship Leader for the Federal Home Loan Bank System. Dolores has extensive experience assisting clients in building, enhancing and integrating their risk management practices from the Board of Directors to the business process level. She advises the firm’s financial services clients on full life cycle risk management projects, by designing and enhancing ERM programs that assess risk as business impact and analyze opportunities to efficiently leverage risk, control and compliance initiatives. In this role, she advises board members and senior management in matters of governance practices, committee charters and structures, articulation of risk appetite, thresholds, metrics and risk program branding, linkage to strategy, cultural integration and program implementation, including training and facilitation.

Prior to joining Deloitte & Touche in 1996, Dolores was a charter member of Coopers & Lybrand’s In-Control Services Practice, an early adopter among the Big Four to focus on the linkage between governance, risk management, internal controls and regulatory compliance. She specialized in risk management and regulatory services for the financial services industry and also served as the global leader for COSO training. 

Dolores speaks and publishes extensively on topics related to enterprise risk management most recently for the Federal Financial Institutions Examination Council (FFIEC), Fiduciary Investment Risk Management Association (FIRMA), the Professional Risk Managers International Association (PRMIA) and International Financial Services Association (IFSA).

Education: Rutgers University B.A. Information Management, M.B.A.Finance

Presenter Biography

28Copyright ©2011 Deloitte Development LLC. All rights reserved.A member firm ofDeloitte Touche Tohmatsu

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte, its affiliates and related entities shall not be responsible for any loss sustained by any person who relies on this presentation.