ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR Presented by: Benson Kamunya Thursday 28 September 2016 Credibility . Professionalism . AccountAbility
Key risk management issues for 2016 Outline Key risk management issues for 2016 Structure of ERM in FS
Introduction to ERM What is ERM? COSO defines ERM as: “A process effected by an entities board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and help manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievements of entity objectives.”
The old ways of managing risk no longer work Introduction to ERM Why do FS firms implement Enterprise Risk Management? The old ways of managing risk no longer work Companies are recognizing the need to deal with the totality of risk in relation to how they manage their business, moving from reacting to risk to a more proactive approach
Key risk management issues for 2016 Outline Key risk management issues for 2016 Structure of ERM in FS
Key risk management issues for 2016 Risk issues and opportunities that should top chief risk officers’ agendas in 2016 include: Technology risk management The increase in technology risk has caused many IT organizations to establish within the risk function, an information technology risk management (ITRM) functions This ensures that CROs proactively manage technology risks rather than reacting to audits, new regulations, new business strategies, and other disruptions
Key risk management issues for 2016 Third-party risk management Organizations today have thousands, if not tens of thousands, of third‑party intermediaries. As the role of third parties in companies’ interaction with governments has grown and supply chains become more stretched, companies’ monitoring of their third parties has become critically important Companies are challenged to identify which of these numerous third parties are putting them at risk
Key risk management issues for 2016 Fraud and misconduct Companies should continue to monitor the activities of employees, vendors, and third parties to detect and, wherever possible, prevent financial fraud or employee misconduct, which can result in financial losses and damaged reputations CROs should be especially wary of fraud that indicates collusive behavior
Key risk management issues for 2016 Crisis management CROs should ensure that their companies place a strong emphasis on scenario planning—holding workshops and developing documented plans to prepare for and respond to potential crises such as cyber intrusions, regulatory scrutiny or investigations, compliance challenges, litigation, or workplace violence Since a crisis strikes without warning and requires a swift response, CROs need to take steps to ensure that on-call arrangements are in place
Key risk management issues for 2016 Data security Diminishing security perimeters have been discussed for some time, but it is now fully acknowledged that corporate security perimeters no longer exist Data and critical processes cross many organizational boundaries, including customer self-service, strategic sourcing, supply chain integration, business partnerships, and technology enhancement
Key risk management issues for 2016 Achieving compliance program effectiveness The growing number of regulations affect every facet of a company’s operations and are implemented and enforced by an array of agencies worldwide Companies should have a mechanism in place to capture an updated inventory of global regulations; employ a methodology to help prioritize regulatory obligations and manage regulatory change; evaluate compliance program effectiveness with regard to monitoring, testing, reporting; ensure that they have an enterprise-wide view of regulatory risk
Key risk management issues for 2016 Improving risk data aggregation and reporting As regulatory requirements become more stringent and the demand for risk data aggregation and improved data quality increases, it is essential that CROs concentrate on improving risk reporting, particularly within the financial services sector Such improvement involves enhanced report content and the automation of real-time information collection
Key risk management issues for 2016 Outline Key risk management issues for 2016 Structure of ERM in FS
Structure of ERM in FS
Structure of ERM in FS Risk Appetite & policies Governance structure Risk Management Framework Governance structure Risk Appetite & policies Risk Management Information Risk Management processes & IT systems Risk Management resource & skills Risk categorization & definitions
Risk Management System Structure of ERM in FS Risk Management System A comprehensive risk management strategy. Ensure proper allocation of responsibilities for dealing with risk across the business. Appropriate written policies that include a definition and categorization of foreseeable and relevant material risks. A clearly defined risk appetite approved by the board A written process defining the board approval required for any deviations from the risk management strategy or the risk appetite. Suitable processes and tools (including, where appropriate, models) for identifying, assessing, monitoring, managing, and reporting on risks. Regular reviews of the risk management system.
Risk Mitigation and Control Structure of ERM in FS Risk Mitigation and Control Controls to provide assurance over the accuracy and completeness of financial records. Controls for other key business processes. Appropriate segregation of duties. A system of clearly defined management responsibilities and accountabilities. A centralized written inventory of firm-wide key processes and policies. Periodic testing and assessments (carried out by objective parties such as an internal or external auditor).
Structure of ERM in FS Control Functions Risk Management Internal Audit Compliance Actuarial
Structure of ERM in FS The main requirements for control functions are: Independence Board oversight Properly structured responsibilities Have unrestricted access to information Additionally, the heads of the control functions are required to attend all meetings of the board committee responsible for that function
Structure of ERM in FS Well positioned Resourced The Risk Management Function Properly authorized Strategic risk management Assessment of compliance to pre -defined risk limits Assess changes in the organization’s risk profile Assess the organization’s risk exposures and mitigation measures in place
Structure of ERM in FS Ensure compliance to regulatory obligations Maintain corporate culture of compliance and integrity The Compliance Function Monitor material fines and other disciplinary actions Assess compliance violations by management and staff Assess performance with regards to compliance standards and goals Assess key compliance risks and mitigations in place
Structure of ERM in FS Independent assurance to the board with respect to the insurer’s governance, risk management and internal controls The Internal Audit Function The design and operational effectiveness of the organization’s controls The reliability, integrity and completeness of the accounting, financial reporting systems Management of the assets of both the organization and its clients Provide independent assurance to the Board
Structure of ERM in FS The Actuarial Function The prospective solvency position of insurers including a calculation of minimum capital The adequacy of the technical provisions and other liabilities Any circumstance that may have a material effect on the organization from an actuarial perspective
THANK YOU Benson Kamunya Credibility . Professionalism . AccountAbility