View
692
Download
2
Category
Preview:
Citation preview
10th September 2015
Sune Warberg Clausen, Head of Risk in Personal Banking
Operational Risk function in 1st line
2
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
3
Overview: Danske Bank has a strong Nordic franchise
Northern
Ireland Denmark
Norway
Sweden
Finland
Estonia
Latvia
Lithuania 20% 26%
5%
5%
10%
8%
3%
6%
Danske Bank market share**
1. Excluding agricultural centres in Denmark. 2. Market share by lending
Business units
Personal Banking
Business Banking
Corporates & Institutions
Danica Pension
Danske Capital
For divestment
Non–core (Ireland & Conduits)
Personal banking activities in the
Baltics
Facts
3.6 million customers
313 branches1
15 countries
18,874 full–time employees
4
Personal Banking
[Finland]
[Norway]
[Sweden]
[Denmark]
[Luxembourg]
[UK)
[Northern Ireland]
Key facts
3,256 (millions) customers
1,886 (millions) active
e-banking customers
6,796 employees
5
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
6
The mandate of Risk in PB is to define and execute
on the described risk framework and bring issues
to PB Risk Committee
The mandate for Risk is to define the risk framework for the management of non-
financial risks in all market areas and have it approved in Personal Banking’s Risk
Committee. The risk framework in this context includes risk policies, governance,
identification, monitoring, controlling, reporting and event handling. Each market area
can to the extent necessary add on additional risk management activities where they
see fit.
PB Risk Committee
Risk Function
BD Denmark BD Sweden BD Norway BD Finland Risk function in Luxembourg
Risk function in UK
7
Governance in a Group perspective – Risk follows the
guidelines defined by Group Operational Risk and ORCO
ORCO
PB Risk Committee
31AW Risk Group Compliance
Group Operational Risk
Group Security PB Denmark
PB Sweden
PB Norway
PB Finland
PB UK
Private Banking DK
Private Banking Int.
2nd line risk function
2nd line risk function
2nd line risk function
2nd line risk function
2nd line risk function
8
Our Foundation: Three lines of defence
As a business unit risk function we are somewhere between 1. and 2. line. We report to
business unit management but maintain a dotted line to the Group Risk Management
function
First line: Business
units dealing with
customers
Second line: Control
units
Third line: Internal audit
9
The role of the risk function
“We identify the weaknesses in the operation, streamline our control environment and
follow up on key areas”
Be part of projects
with risk content
Be part of product
and process
design
Influence the
culture through
reporting and
communication
Build and drive risk management
framework for PB in all countries
Look across all non–financial risks
Report to management and ensure
informed decisions on risk areas
10
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
11
We want to put numbers on the risk — AWACS–principle
12
It’s not easy to put numbers on risk
Starting point
Data on
losses
Today
Data on losses
Management
controls
Verification
AML Monitoring
Quality OpRisk
controlling
CDD errors on new
customers
Errors in handovers
to back office
Open audit
recommendation
How did we get to the point, where we could get
the “AWAC to take off”
13
We chose the bottom up approach
Example
Management
controls
“AWAC”
Risk Dashboard and reporting
Risk Controlling set–up
Risk officer set–up
Management control set–up
We can now say that we have a “AWAC” on
management controls
Creating an automatic risk dashboard
Measuring on all levels (bottom to top)
Monthly reporting on all levels
Set–up for controlling of the quality of the risk work in
the branches
Measurable — correctness percent
Risk officers who are working with the branches
Training and best practice
Full overview and transparency
Measurable
14
What was the value of the work
Strong control set-up Good overview
Only relevant controls Saved time
Measurable
Easy to know when you
have done what there
is expected
Better risk culture Fewer errors
(lower costs)
Risk Business
15
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
16
“The ability of the organisation to integrate risk considerations in the
decision making and daily business operation”
Definition of Risk Culture
17
Driving the Risk Culture — Input factors
Risk culture
Risk framework
Control infrastructure
Risk infrastructure
Integration of risk
metrics
Tone at the top Number
of FTE
Competencies in Risk
Number of distortions
Core values
18
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
19
Improving risk culture through 1:1 risk attention
Branch visit
Training
Give best practice
OpRisk Controlling
Get feed back
Focus on solutions
Visit by a local risk officer • Visit every branch 1 or 2 times
every year Branch visit
• Important topics
• Specific training after the branches needs
Training
• Take best practice from the best branches to the branches with needs
Give best practice
• Testing of quality of the risk work
• Objective score (correctness percent)
OpRisk Controlling
• Feed back from the branches
• Ensure better processes Get feed back
• Looking forward — how can we ensure a better risk picture in the future
Focus on solutions
20
Branch meetings
Change Controlling process
Recommend
changed controls
& processes
Risk control
Local
presence
Business
support
Business
knowledge
Simple tools
and methods
Testing the
operational quality &
process adherence
Giving feedback on
suitability of processes
and controls
Branches
Most
important
bearers of the
risk culture
Users of the
customer
facing
processes
Executes key
controls
21
Has it worked? — Quality
in our testing/controlling
Each line is a region in Denmark — The graph shows the development in correctness score in our OpRisk Controlling
60
65
70
75
80
85
90
95
100
Nov Oct Sep Aug Jul Jun May Apr Mar Fe
b
Jan Dec Nov Oct Sep Aug Jul Jun May Apr Mar Fe
b
Jan Dec
Total Target
Red Area 6
Area 5
Area 4
Area 3
Area 2
Area 1
22
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
23
Risk reporting universe in Personal Banking
Risk tolerance
Management board level
(market areas)
Measurement of not accepted
deviations
E.g. OpRisk losses or
Customer complaints
Market Area performance
Branch Manager level (each
branch)
Measurement of correctness
percent
E.g. Management controls or
Controlling
Staff performance
Local risk owner level
(managers in staff functions)
Measurement of better
processor or risk acceptance
E.g. RIA issues or Audit
recommendations
License to operate
Employee and manager level
Measurement of areas that
require that all employees
have completed all relevant
targets
E.g. AML education or
identification of customers
Early warning
indicators
24
Has it worked? — Quality
in our testing/controlling
Each line is a region in Denmark — The graph shows the development in correctness score in our OpRisk Controlling
35
40
45
50
55
60
65
70
75
80
85
90
95
100
Nov Oct Sep Aug Jul Jun May Apr Mar Fe
b
Jan Dec
Target
Red
Total
Area 5
Area 4
Area 3
Area 2
Area 1
25
Agenda
Danske Bank — Version and strategy
The Risk function in Personal Banking
Building an Oprisk framework
How do you influence the risk culture
Improving risk culture through 1:1 risk attention
Improving risk culture through measurement
Improving risk culture — Empowerment & consequences
26
Empowerment vs. consequences — A natural link
Empowerment requires a strong risk culture throughout the organisation AND clear
consequences if basic rules are broken
Simplification Empowerment Consequences
27
Licence to Operate — An example of working with culture
To ensure that we all know the basics of banking so we can
Meet external legal and regulatory requirements
Build financial confidence and earn trust
Meet our customers’ expectations
Ensure strong fundamental skills
WHY do we need License to Operate?
28
Has it worked? — License to Operate
Data from the LTO tool — 2. January 2015
Green Amber Red
% there is
done
Not done
courses
Not corrected
CDD errors
Personal Banking 6.307 5 0 99,92 0 0
Personal Banking Staff 1 188 0 0 100,00 0 0
Personal Banking Staff 2 40 0 0 100,00 0 0
Personal Banking Marked area 1 2.962 0 0 100,00 0 0
Personal Banking Staff 3 30 0 0 100,00 0 0
Personal Banking Marked area 2 934 0 0 100,00 0 0
Personal Banking Staff 4 16 0 0 100,00 0 0
Personal Banking Staff 5 18 0 0 100,00 0 0
Personal Banking Marked area 3 303 5 0 98,38 0 0
Personal Banking Marked area 4 367 0 0 100,00 0 0
Personal Banking Marked area 5 862 0 0 100,00 0 0
Private Banking Marked area 6 332 0 0 100,00 0 0
Private Banking Marked area 7 255 0 0 100,00 0 0
29
Recommended