Operational Risk Management Maggi Boutelle SVP Trust Securities Processing Union Bank FIRMA National Risk Management Training Conference April, 2009

What is your operational risk forecast? Sunny Skies? Natural Disaster?

Our Current Environment An “Economic” Tsunami? Definition: A series of waves created when a body of water , such as an ocean, is rapidly displaced.

The “Waves” Bear Stearns collapses Fannie Mae and Freddie Mac taken over by the government Lehman falls Merrill Lynch sold WAMU seized A.I.G saved Massive fraud uncovered

Resulting Conditions Banking and Securities Processing industry in turmoil Unprecedented market and operational environment Existing controls that failed A downpour of losses

Were we prepared? No! Why Not? The New York Times, “Risk Management” By Joe Nocera, January 4, 2009 “The whole intellectual edifice, however, collapsed in the summer of last year because the data input into the risk-management models generally covered only the past two decades, a period of euphoria.” A condition described as “Future-blindness. People tend not to be able to anticipate a future they have never personally experienced.”

Past Mistakes Failure to accurately identify potential risk Lack of dedicated resources to manage risk and compliance Pressure to do more with less Inaccurately written or outdated control language

How to Learn from our Mistakes Don’t go out without your umbrella!

Expect that the Worst Will Eventually Happen The natural disaster!

Extreme Conditions in Operations Pandemic, Earthquake, Firestorm, Flood, Civil Unrest Information Security Breach Employee Theft, Cover up Customer Fraud Counter Party Failure Market Collapse System Failure Vendor Break Down Severe Regulatory Requirements or Changes

Was it really a “miracle”?

The Eye of the Storm The importance of a dedicated Risk Management & Compliance staff: Is a strategic partnership With business acumen and focus Mutual understanding of the personalities

Pressure to do More with Less Ensuring staffing levels are appropriate while maintaining costs Track activity vs. FTE Facilitate constant communication with Sales, Administration Closely monitor market activity and trends

Preparing for the Storm Maintain an accurate and current assessment of risk and controls: Risk Management database Contingency Planning Published Policies Workflows Procedures (recovery) Training (where applicable)

How to Weather Proof Your Business Build a strong Risk Management Culture Proactive and Collaborative Risk Management Internal Testing and Active Follow-up Addressing the “Us versus Them” Mentality Employee Development (our biggest resource) “Buy In” upstream and downstream Ease of adaptability to regulatory and technological change

Proactive Risk Management IDENTIFY – Ongoing assessment with all staff MEASURE – Define impact, likelihood, direction and rationale for each risk MONITOR – Implement constant communication methods to ensure all emerging risks are properly addressed CONTROL – Documented action plan

“

Effectively Leverage Audits Auditor Control impact on productivity Keep a balanced perspective Facilitate open communication Auditee Get past denial Pay attention to audit results Participate Team Establish SMART Goals (specific, measureable, agreed upon, realistic and time-bound)

Address the “Us versus Them” Mentality Partnering with your Risk Management Group They are NOT the enemy! Promote interdependency, reliability, develop trust

Employee Development Identify needs Promote training Provide growth opportunities Reward creativity Encourage open and honest communication

Conclusion How to Keep Sunny Skies Learn from past mistakes. Plan for and expect the unimaginable. Build a proactive and comprehensive risk management program designed to identify, measure, monitor and control risk. Ensure thorough internal testing is on-going. Partner with your Risk Management staff. Develop your most valuable asset – your employees.

Thank you maggi.boutelle@uboc.com 619-230-3958