jeff owen, the rochdale group september 2012 - utah's credit … cu... · 2012-09-04 · 1...
TRANSCRIPT
1
Jeff Owen, The Rochdale Group
September 2012
Delivering Clarity to Credit Unions Through Expertise and Experience
Enterprise Risk Management
Lending Execution and Risk Management
Merger Strategy and Realization
Credit Union Capital Markets
Compliance
Strategic Planning and Execution
Regulatory Response Activity
2
• Introduction to ERM
• Roles and Responsibilities
• Risk Appetite
• Economic Capital
• Risk Centric Strategic Planning
• Implementing an ERM Program
AGENDA
Introduction to
ERM
3
What is ERM?
5
“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Source: COSO Enterprise Risk Management – Integrated Framework. 2004. COSO.
What is RISK?
6
4
Risk versus Return
Risk and return is an inseparable concept
7
Risk‐Adjusted Return
Risk Level
Zone 1Insufficient Risk Taking
Zone 2Optimal
Risk Taking
Zone 3Excessive Risk Taking
Traditional Risk Management
• Credit unions are in the business of risk taking
• Generally has been a silo’d approach:• Loan underwriting• Asset liability management • Business continuity• Branch security• Vendor management
• All reviewed independently by line management, internal auditors, external auditors and regulators
8
5
It is no longer, what did I know…
It is all about what SHOULD I have known!
What ERM is NOT!
• Risk checklist
• Compliance assessment
• Isolated technology solution
• One‐time project
6
Just to level‐set, ERM is…
• Strategic and bottom‐line oriented
• Much more than a compliance and regulatory activity
• Intended to provide access to better information in a more timely manner, allowing for enhanced decision making
Why ERM?
12
• Provides comprehensive view of organizational risk for enhanced decision making
• Creates value by improving the financial/risk relationship
• Reduces regulatory burden and improves the
relationship with auditors
• Minimizes organizational/personal liability
7
A Conceptual View of Risk Management
Evolution of ERM
• Business environment
• Regulatory pressure
• Member/consumer expectations
• Technology
• Competition
• Political environment
• World‐wide economic crisis
8
Science of ERM
Involves the methods and processes to identify, measure and manage risks and/or seize opportunities related to the achievement of the organization’s goals and objectives
Why it Makes Sense
• Opportunity for sustained success is only as good as the collective ability to make the right decisions
• Each improved decision positively impacts the brand and financial standing
• It is impossible to effectively manage what you don’t see and measure
9
What to Expect from ERM
• Improved transparency
• Understanding risk profile
• Elimination of silos
• Improved strategic alignment
• Proactive focus on risk identification and goal accomplishment
• Risk‐weighted view of capital adequacy
• Improved understanding of return on capital deployment
What it Takes
• Commitment of board and management
• Up‐front time commitment
• Establishment of risk management committee
• Implementation of risk repository and reporting system
10
ERM OpportunitiesStrategic• Improve strategy execution and performance• Understand capital adequacy• Set risk tolerance
Management• Enhance financial returns• Identify prospective emerging risks• Provide organizational awareness and cross‐functional transparency
Audit• Establish risk‐weighted focus• Support secondary review of controls/response mitigation
Regulatory• Vet risk management strategy• Strengthen communication• Justify processes in a practical, pragmatic manner
Implementation Project
Phase I – Set the Stage
Phase II – Identify and Assess Exposures
Phase III – Measure and Manage
Phase IV – Mature
11
12
13
Economic Capital
Failures of The Past
• Lack of transparency
• Minimal senior management engagement
• No Board commitment or involvement
• Reactive risk processes
• Immature and wavering risk tolerance and risk appetite
14
• Seize new opportunities (merger, indirect lending)
• Leverage the risks we are already taking
• Eliminate silos and brought management team together
• Provide the board with an enhanced understanding of strategic direction, risk profile of the organization and overall alignment of the organization
• Ensure appropriate deployment of resources (capital, human, etc.)
What Credit Unions Say…
• Is your organization consistently operating within an acceptable risk level?
• Can you confidently list major risks from all across the organization, address their impact on the organization and articulate the current responses to those risks?
• Do the other key decision makers in the organization agree on your assessment?
• Do you understand key risks in the current strategic direction and goals?
• Are you confident that you know all that you should know about your credit union?
Key Questions
15
It’s about improving financial returns on your efforts and maximizing the
deployment of resources by delivering proactive and measured data
In the End
Roles
&
Responsibilities
16
Fundamental Shift in Thinking
31
Key FocusBoard Management Operations
What could threaten our survival?
What could undermine our
strategy?
What could derail our project?
Strategic Flexibility Strategy Commitment
Target Achievement
Risk CentricScenario Planning
StrategyAssessment
Tactical and Operational
Execution Plans
32
17
The Board’s Role
• Responsible for setting strategy to maximize member value in a prudent and financially sound manner
33
• ERM provides the information needed to improve strategy and monitoring of results
• Comes down to setting and managing objectives in light of key risks within acceptable tolerances
• Set risk culture and tone
• Allocate necessary resources
• Ensure process diligence
• Validate risk appetite
• Understand and balance strategy and risk
34
How Should the Board Support ERM?
18
• Understand and communicate risk culture and tone
• Deploy necessary resources
• Ensure process diligence
• Define risk appetite
• Proactively identify and manage risks
• Ensure process transparency (vertically and horizontally)
Management’s Role
• Open and honest communication of key risks
• Awareness of emerging risks
• Implementation of responses to address unmitigated risks
Staff’s Role
19
• Review of responses to ensure they are performing as intended
• Feed key risks back into ERM process
Audit and Regulators
BREAK
20
Risk Appetite
Risk Appetite
• How much we are willing to lose in one event (setting of individual limits)
• How much we are willing to risk losing in total (general risk philosophy)
• What is our general appetite for risk in different risk categories
40
21
• Quantitative vs. qualitative
• We will and/or will not do
• Bands vs. hard stops
• Expectations of members
• Dialogue – establish over time
41
Risk Appetite
42
Risk Appetite
22
43
Risk Appetite
44
Risk Appetite
23
In summary…
• While there are a range of outcomes the credit union could experience, there are limits that help define the preferred risk appetite
• While we all desire and hope for the most positive outcome(s), in most cases that success is interconnected with increased opportunity for loss
• The process of thinking through and assessing the willingness to accept certain types of risk provides general direction to the credit union as it strives to achieve its objectives
45
Risk Appetite
Slightly favor existing over prospective members
Risk Appetite
24
Example Risk Statements:
• Credit Union will fully understand program risk before launch
• Credit Union has a very low risk tolerance to regulatory non‐compliance, but will not back down from challenging examiners when appropriate
• Credit Union seeks to exploit technology by rapidly deploying stable technologies
• Credit Union seeks to be innovative in process and conservative in practice
47
Risk Appetite
•Prepare risk appetite statements within each of the risk areas:
Strategic: Offer a reasonable range of services, at average prices, with a concentration on existing members.
•Provide examples of actions that match/conflict with the statements, trying to tie in some of the credit union’s actual exposures:
This might fit the appetite:
⁻Offer indirect lending rates within 0.25% of competitor rates
This doesn’t fit the appetite:
⁻Advertise loan specials that undercut competitor rates by 1% or more
Risk Appetite
25
49
• What are some example risk statements of “high willingness to accept risk” under each category, and examples of “low willingness to accept risk” under each category
• What are some examples of actions within each
Risk Appetite Exercise
• Risk categories
o Strategic
o Transaction
o Compliance
o Reputation
o Credit
o Liquidity
o Interest Rate
Economic
Capital
26
Introduction to Economic Capital
• Economic capital is an estimate of the equity needed to survive a near‐worst‐case loss scenario
• Financial institutions assess economic capital for several reasons
• Multiple approaches to economic capital
51
Economic Capital Ratio
• Recommend comparing a credit union’s actual capital to its economic capital:
• Economic Capital Ratio = Actual Capital / Economic Capital
• A credit union’s risk appetite helps determine the target level for each credit union
• You could use economic capital in conjunction with your risk appetite to set an overall risk limit for the credit union
52
27
Economic Capital Ratio
• Assume you have $16 million in capital, $200 million in assets and economic capital of $10 million (Ratio of actual to economic capital = 1.60)
• Next, assume your risk appetite is such that the lowest capital class you would accept even after a near‐worst‐case loss scenario is “undercapitalized”, or a minimum net worth ratio of 4%
53
Economic Capital Ratio
• Risk and capital calculations:
• Current capital $16 million
• Less: Economic capital 10 million
• Less: minimum capital level at 4% 8 million
• Excess (Deficit) capital ($2 million)
• This means that the credit union has insufficient capital given its risk level and risk appetite
54
28
ERM
and
Strategic Planning
Risk‐Centric Strategic Planning
• Uses long‐term orientation
• Identifies key risk scenarios that might affect the credit union’s business model, results or other operating parameters
• Identifies impact, likelihood and velocity of each scenario
• Considers ability of current strategic positioning to address each scenario
• Arrives at key focus issues to ensure long‐term success
29
• Take a few minutes to work individually
• Identify and write down 10 long‐term issues for credit unions
• Rate the potential impact of each issue:
• From 1 (low) to 10 (high)
• Assess the likelihood of each situation over the next 10 years:
• From 1 (unlikely) to 10 (certain)
• Estimate the velocity of occurrence:
• From 1 (the issue will occur slowly) to 10 (quickly)
• Afterward, we will discuss the various issues and severity (I x L x V) of each scenario
Risk‐Centric Strategic Planning
Follow‐up
• Compare the long‐term scenarios identified against the current environment at your credit union:
• Strategic objectives and implementation plans
• Existing risk responses at the credit union
• Assess the degree of alignment of the objectives and responses in addressing the key scenarios
• Make changes in the strategic objectives, implementation plans, and risk responses to better position the credit union to focus on and address the scenarios
30
Scenarios From Past Credit Union Conference
59
Scenario
Average
Impact
Average
Likelihood
Average
Velocity
Response
Count I x L x V
Access to market liquidity 9.00 10.00 8.00 1 720
Technology ‐ Security 8.55 7.36 6.64 11 418
Succession Planning BOD/Mgt. 7.83 8.56 6.00 18 402
Long‐term Rate Depression 6.83 8.33 6.67 6 380
Over‐Regulation 7.26 8.14 6.09 43 360
NCUSIF Losses 6.00 6.00 9.00 1 324
Inflationary / Rising Rates 7.27 6.95 6.36 22 322
Loss of Mortgage Agencies 9.00 5.50 6.50 2 322
Profitability Concerns 7.12 7.00 6.06 17 302
Technology ‐ Mobile 7.60 8.30 4.70 10 296
Terrorism 6.60 6.80 6.40 5 287
Increased BOD Requirements 6.00 8.25 5.75 4 285
Inability to maintain loan growth 7.61 5.78 6.39 18 281
Economic ‐ Recession 7.04 6.15 6.35 48 275
Charter consolidation (CU & Bank) 7.29 7.71 4.86 7 273
Environmental crisis 6.80 5.20 7.67 15 271
CU mergers 7.40 6.20 5.90 10 271
Technology ‐ Web 5.92 7.67 5.92 12 268
Membership ‐ Lose Boomers 6.92 6.75 5.58 12 261
Membership ‐ Attract Gen Y 5.75 8.67 5.17 12 257
Increased Non‐Traditional Competition 7.14 6.71 5.14 7 247
BREAK
31
Implementing an
ERM Program:
Taking it Back
Functional Area Risk Assessment• Identify significant operating/admin areas
• Conduct ERM session for each area, including a discussion of the risks that can influence the area’s or the credit union’s ability to meet its objectives
62
32
Risk Identification• Identify the material events, having negative
consequences, that can transpire within the functional area’s responsibility:• Exposures, uncertainties and missed opportunities
• Consider internal and external factors:• Natural disasters to employee fraud
• Develop scenarios to demonstrate each risk
Primary Risk Categories
64
Credit
Reputation
Interest Rate
Compliance
Strategic
Operational/ Transaction
LiquidityFailure of obligor to repay loan or investment
Changes in interest rates and rate relationships
Inability to meet obligations when they come due, without incurring material costs or unacceptable losses
Violations of, or nonconformance with, laws, rules, regulations, prescribed practices, internal policies and procedures, or ethical standards
Fraud or error that results in an inability to deliver products or services, maintain a competitive position, and manage information
Adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes
Negative public opinion or perception
Potential impacts on earnings or capital from:
33
Assessment Factors
Impact – Potential magnitude, in the absence of responses, measured consistently against assets and capital
Likelihood –The frequency with which an event may occur in a given time period, again in the absence of responses
Mitigation –The degree to which the organization’s responses manage down the impact or likelihood
65
66
34
Controls Over Responses
• Actual processing often differs from documented procedures
• Controls help ensure that responses to risks are carried out as intended
• Examples include policies and procedures, internal audit reviews, etc.
• During the sessions, you will likely discuss the controls that support the responses:
• However, the initial ERM implementation is not intended as an audit of the controls over risk responses
Inherent Versus Residual Risk
• Inherent Risk = Impact x Likelihood:
• This is the exposure before responses
• Residual Risk = Inherent Risk x Mitigation:
• Exposure after responses
• The difference is the benefit of the responses
• This approach supports cost‐benefit analysis of the credit union’s responses
68
35
Global Scenarios
• Some risks affect all areas of the organization:
• Business continuity events
• Significant changes in external factors that influence the credit union
• The ERM team should ask all areas to assess the potential impacts of and responses to such scenarios
• The result will be valuable information to support the BCP and ALM processes
• Forum to discuss risk issues
• Cross-functional composition to provide multi-dimensional view across credit union
• Monthly or quarterly meetings
• Generally reports to the Board or a Board committee
• Often combined with ALCO, business priorities, credit or other committee
Risk Management Committee
36
Periodic ERM Reporting
• Reporting usually involves two primary mechanisms:
• Risk Management Committee packets
• Board and senior management ERM reports
• RMCO packets:
• Agenda
• Minutes
• Risk Action Plan (list of key risks being monitored with updates)
37
Board and Senior Management Reports• Goal is to present the credit union’s overall risk profile
• Begin report with a brief narrative of the overall risk position, status of ERM process, and major increases and decreases in exposures
• Next, include several additional ERM reports:
• Strategic area heat map
• Largest Residual Risk Exposures by Risk Category report
• Emerging Risks report
• Residual Risk by Risk Unit report
• Qualitative Measures
• Risk Action Plan
38
39
40
• ERM Policy
• Department Procedures
• Training Materials
• ERM Reporting Templates
• ERM Committee Materials
Other Key Components
41
• It’s about improving financial returns on your efforts and maximizing the deployment of resources by delivering proactive and measured data
• Start somewhere – Begin small and allow the process to mature over time
• Get board, management and staff engaged
To Summarize:
Questions
Jeff Owen –The Rochdale Group
www.rochdalegroup.com
800‐424‐4951