Creating value: Effective risk management in financial services* · Creating value: Effective risk management in ﬁ nancial services – Focus on Asia Executive summary continued

Financial Services

Creating value: Effective risk management in financial services*

Focus on Asia

March 2007 1

Creating value: Effective risk management in fi nancial services – Focus on Asia

Welcome to the third Asia specifi c fi nancial services briefi ng entitled

Creating value: Effective risk management in fi nancial services.

Executive summary

PricewaterhouseCoopers Global Financial Services Briefi ng Programme

This briefi ng, written in cooperation with the Economist

Intelligence Unit (EIU), looks at risk management in the fi nancial

services industry in Asia. Financial institutions have devoted

considerable time and resources to risk management over the

past few years, often in response to regulatory initiatives such as

Basel II, Sarbanes-Oxley and others. But how effective is

the risk management function at adding value to the business

in Asia and how does this compare to other regions?

The research effort for this briefi ng comprised two

global initiatives:

The EIU and PricewaterhouseCoopers1 conducted a special on-

line survey of senior executives in fi nancial institutions

on the subject of risk management. Executives from over

420 institutions worldwide participated, of which 117 were from

Asia. The survey was conducted during December 2006 and

January 2007.

The EIU held over 14 one-to-one interviews with senior

executives at fi nancial institutions in Asia.

The survey fi ndings and interviews were further supplemented by

signifi cant desk research.

•

•

I am confi dent that you will fi nd this briefi ng thought-provoking

and insightful. This Asia specifi c briefi ng is part of our global

Financial Services Briefi ng Programme and soft copies of

this, along with our previous global and Asia briefi ngs on

Wealth Management, Economic Capital, Risk Management, The Trust Challenge, IFRS, Compliance, Restructuring, Governance, Performance Improvement, Growth, Offshoring, Customer-centric Growth and Market Reporting, are all

available free of charge from our web site (www.pwc.com/fi nancialservices).

If you would like to discuss any of the issues raised in this briefi ng

in more detail, please speak with your usual contact at

PricewaterhouseCoopers or one of the editorial board members

listed at the end of this briefi ng. We would also appreciate your

feedback on this briefi ng as it helps us to ensure that we are

addressing the issues that you are focusing on.

Dominic NixonFinancial Services Leader, Asia

1 In this publication, unless the context requires otherwise, the term ‘PricewaterhouseCoopers’ refers to the network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a seperate and independent limited legal entity.

March 2007


Executive summary continued

The risk management function in Asian fi nancial services fi rms is undergoing dramatic change.

As with their counterparts in Europe, North America and

elsewhere, risk managers have been required by regulators to

enact sweeping reforms to the way that they handle risk. At the same

time, the market and business environment for the fi nancial

services industry in Asia is being transformed, in no small part

because of the rapid development of the region’s most populous

nation – China. In combination, these trends have ensured that the profi le of the risk function in

Asia has never been higher.

But at the same time, the risk discipline is still

somewhat neglected. According to a survey

of 117 senior executives in fi nancial services

throughout Asia, which formed part of a

global survey carried out exclusively for this

briefi ng by the Economist Intelligence Unit

(EIU) on behalf of PricewaterhouseCoopers,

the current limitations of risk management

become very clear:

Focus on regulators. As the tide of activity

caused by Basel II, which is being phased

in across Asia from 2008, has been an

important driver of the risk management

agenda in recent years. As a result, there is

a tendency for banks in the region to defi ne

risk management largely in regulatory

terms. There are notable differences,

however, between developed economies,

such as Hong Kong and Singapore,

and emerging ones, such as China and

Indonesia. Looking ahead to the next

three years, the former expect regulatory

pressures to be a greater driver for change

than the latter. This is surprising, given that

developing economies are less advanced in

their implementation of Basel II and are

currently gearing up for the change. The

fi nding suggests that these countries may

be underestimating the challenges ahead.

•

Lost potential to create value. When asked about the ways in which

risk management confers competitive

advantage on the organisation, banks

in Asia were more likely to cite a better

reputation among customers as being

important than the overall global set of

respondents. Signifi cant numbers of

respondents also believe that effective risk

management burnishes their reputation

with shareholders, enables sustainable

investment performance, delivers better

management data and enables more

competitive pricing. But, as with their global

counterparts, reputation with regulators is

still seen as a key source of competitive

advantage, and is considered more

important than, say, the ability to free up

capital for investment. This suggests that

signifi cant potential to create value for the

business is being lost.

Disengagement by the business. Just

over half of Asian respondents say that

there is a structured assessment of risk

around strategy development, which means

that they are slightly more likely than those

from Europe and North America to have

input in this area. In general, however, there

is limited input from the risk function in a

•

•

number of key business activities. Only

41% say that risk management is formally

involved in budgeting and fi nancial

reporting, and just 23% say that there

is a structured assessment of risk around

mergers and acquisitions (M&A). There

continues to be a pressing need for risk

managers in Asian fi nancial institutions to

become more involved in these crucial

strategic decisions. Only then will they be

able to demonstrate that they can deliver

real value to the business and boost

expected profi ts.

As the tide of activity caused by Basel II

and other initiatives begins to bite in Asian

markets, the time is right for executives

inside and outside the risk function to

re-evaluate the contribution that risk

management makes to the business.

‘Financial institutions in Asia have come

a long way in terms of their risk management

in recent years’, says Chris Matten, a partner

of PricewaterhouseCoopers Singapore,

and a specialist in risk and capital

management. ‘To capitalise on the progress

they have made so far and to make the most

of their investment in future they need to

develop a better understanding of risk and

how to create value from managing it.’

2

March 2007


Executive summary continued

Asian fi nancial services fi rms will not reap

maximum value from risk management

unless their culture, organisation, processes

and data are all properly aligned. The survey

fi ndings and interviews conducted for this

briefi ng suggest that institutions must

concentrate on the following areas:

Commitment from the top. Asked to

identify the changes that would enable

the risk management function to add more

value to the business, the greatest number

of respondents plumped for a change in

mindset – seeing risk management as a

more strategic function. For risk managers

to participate fully in critical business

decisions, it is essential that senior

management remains committed to,

and engaged with, the function.

Embedded risk managers ... Just as

companies have embedded the fi nance

function in individual business units, with

the result that commercial managers are

now expected to demonstrate greater levels

of fi nancial literacy, so too there should be

similar scope to embed the risk function

more deeply. Embedding risk managers

within individual business lines leads to

greater understanding and awareness of

risk, and its link to performance. While this

strategy has been employed for some time

at a number of Asian companies, there is

clearly still room for improvement. Only

around one in six respondents believes that

their organisations’ business units and risk

management function are very well integrated

at the moment; only one in four thinks that

the risk management and fi nance functions

are very well integrated.

… and a strong central presence. A central risk management function with

a strong mandate remains essential to

monitor, measure and oversee treatment

of risk by individual business units, and to

ensure that independence and objectivity

are not sacrifi ced. Strong controls at the

centre are also needed to ensure that risk

information is rigorous and relevant to

decisions being taken. Risk managers

should also be involved in key discussions

around strategy development, M&A, and

other corporate activities. History has

proved, however, that it is diffi cult to strike

the right balance between embedded risk

managers and a strong central presence.

Overlapping roles and responsibilities. An unintended consequence of the rush

to meet regulatory standards on risk and

control has been a profusion of separate,

and expensive, overlaps in governance, risk

and compliance. For example, identifying

and assessing risks in different disciplines

is frequently duplicated across multiple

functions, such as compliance and internal

audit, and business units. By adopting a

principles-based approach to such tasks

and recognising risk assessment as a

common activity across the organisation,

fi rms can optimise their risk models and

make substantial savings.

Quality and utility of data. There is no

shortage of risk-related data circulating

within fi nancial institutions, but often there

remains considerable doubt over its quality

or utility. Survey respondents were equivocal

about how valuable the data they receive is,

as a tool for managing their businesses. Risk

managers must therefore enter into a closer

dialogue with executives outside the risk

function to ensure that the data they gather

is accurate and useful for them to create

value as well as ward off risks.

Risk is positive as well as negative. Highly

successful fi rms have demonstrated that

risk management has a proactive role

to play in shaping new ideas for products

or services as well as for protecting a

company’s franchise. Nurturing a creative

tension between these two faces of an

organisation is often the fi rst step in reaping

more rewards from investment in risk

management and generating more value

from it in future.

Culture and governance. The organisational

structure, processes and data must be

underpinned by a culture of risk awareness

and sound governance. There is a long way

to go for many Asian fi nancial institutions in

this regard: only one in six respondents

strongly agrees that an awareness of risk is

pervasive in their organisations.

Reaching the next stage in risk management

3

March 2007


Regulatory pressures have overshadowed the risk

management function for the past few years. The new standards for capital adequacy to be imposed

on international banks under Basel II have been years in the

making, as have other initiatives for insurers and asset managers.

From 2008, much of Asia will start to come into line with the basic

standards required under the new Basel accord.

For some institutions, this will require much

more work than others; for banks in territories

with the most ambitious targets – such as

Hong Kong and Singapore – regulators have

been pressing hard. The introduction of

International Financial Reporting Standards

(IFRS) represents another hefty burden with

which fi rms must comply.

It is no surprise, then, that nearly two-thirds

of the 117 respondents to our survey cited

regulatory pressures as one of the main

drivers of change in their risk management

priorities over the past three years. Nor are

these pressures about to disappear. Even

after they have introduced the basic

standards enshrined under Basel II, banks will

have to get to grips with additional measures

pertaining to Pillars 2 and 3 of the framework.

In some countries, such as China, India and

Indonesia, the deadlines for these phases

have yet to be decided.

When we compare the results from developed

Asian economies – Hong Kong, Singapore

and Japan – with emerging economies, it is

interesting to note that the former tend to

expect that regulatory pressures will be a

greater driver of change in risk management

priorities over the next three years than the

latter. Given that the developed economies

are largely over the hurdle in their

consideration of Basel II, and that emerging

economies are starting to come under

pressure from regulators to gear up for

the change, one might have expected the

opposite. The fi ndings suggest, perhaps, that

emerging economies are not yet as prepared

for the challenges ahead as they should be.

‘There is evidence that institutions in Asia’s

emerging markets may be underestimating

the challenges ahead of them, while those

in developed economies will continue to

be under pressure to match international

standards’, says Mr Matten.

Nowhere is the range of expertise and

capabilities more pronounced than in China

itself: at one extreme is the handful of mega-

banks whose shares have been fl oated and

which are learning fast from the foreign

institutions that have invested in them

(see box on Chinese banks). At the other

end of the spectrum are dozens of smaller

institutions across the mainland whose

operations remain opaque and whose

standards of risk management are

signifi cantly less developed.

Nevertheless, this gap between capabilities is

expected to narrow in the years ahead. ‘Over

time, the huge differences in the standards of

risk management between banks in Asia will

tend to narrow’, says David Eldon, Senior

Adviser to PricewaterhouseCoopers and a

former chairman of HSBC Asia Pacifi c,

‘but many institutions still have a lot of ground

to make up. Although there have been

signifi cant strides in credit risk, a lot remains

to be done in areas, such as operational risk,

which are harder to quantify and more diffi cult

to assess.’

The implementation of initiatives, such as

Basel II, is changing the nature and reach

of risk management within fi nancial

organisations. Nor will they just have an

impact on those working in fi nance, risk

management and compliance. ‘Every aspect

of a fi rm’s infrastructure – from budgeting

To Basel and beyond

4

March 2007


To Basel and beyond continued

to reporting and everything in-between –

is likely to be affected by the new

standards’, says Tim Pagett, a partner

of PricewaterhouseCoopers, Beijing.

Leaving aside the regulatory pressures on

risk management priorities, it is possible

to discern the faint outlines of a redefi ned

agenda emerging among respondents.

Compared with priorities for the past few

years, a higher proportion expects the aim

of increasing the value of risk management

to the business to drive change in the years

ahead. Similarly, securing competitive

advantage over rivals is also expected to rise

in importance. ‘Banks must ensure fi rst and

foremost that their investment in risk

management creates value, as well as helping

them to negotiate regulatory hurdles’, says

Mr Matten.

5

Winds of change

(Main drivers of change in risk management priorities over the next three years; % change from drivers of change over the past three years)

Increased focus on risk management on the part of senior management and board -12%Regulatory pressures -9%Increased levels of IT security risk -3%Losses at our own institution -3%Increased levels of geopolitical risk -3%Governance scandals affecting other fi nancial institutions or major corporates -3%Macroeconomic volatility -2%Focus on cost reduction and effi ciency -2%Focus on social responsibility programmes -2%Demands for corporate transparency and accountability 1%Threat of terrorist activity 1%Changes in reporting standards 2%Levels of customer satisfaction and/or churn 3%Increased stakeholder focus on risk management practices 3%Increased offshoring activities leading to greater emphasis on business continuity 4%Financial market volatility 5%Increased focus on risks pertaining to people and behaviour 5%Securing competitive advantage over competitors 7%Aim of increasing value of risk management to the business 7%

Source: PricewaterhouseCoopers/EIU survey, January 2007

March 2007


6

To Basel and beyond continued

It is sobering to think that, before its shares

were listed in Hong Kong and Shanghai

at the end of last year, the Chinese

government pumped $15 billion into ICBC

(the Industrial and Commercial Bank of

China). Before it did so, more than one-fi fth

of the bank’s portfolio of loans was ‘non-

performing’. Now ICBC is not only China’s

largest bank by market capitalisation;

it is also one of the top ten worldwide.

Since 1998, says Standard & Poor’s (S&P),

a ratings agency, the Chinese government

has injected into its banks and fi nancial

institutions a sum equivalent to 22% of the

country’s gross domestic product (GDP) in

2004. And yet risks still abound. In theory,

China’s banks are on a sounder footing than

they were, even a couple of years ago. In

practice, though, it is sometimes hard to tell.

True, the handful of what are known as

‘mega’ banks and national institutions,

including ICBC, whose shares are listed on

recognised stock exchanges, prepare their

fi nancial statements in accordance with IFRS

and their statements are audited by the Big

Four international accounting fi rms.

But what about the dozens of unlisted

national and city-commercial banks across

the country? The quality of their disclosure,

says S&P, is ‘generally poor’. Some do not

make their fi nancial statements available

to the public; those that do publish annual

statements, invariably do so late. Even when

there are fi gures, it is hard to know whether

to believe them or not. ‘A typical ruse’, says

S&P, ‘is to charge loan loss expenses

directly to shareholders’ equity rather than

recognising them as expenses or capitalising

them as losses.’

Indeed, when S&P published a report last

year of China’s top 50 banks, no fewer than

16 institutions produced such piecemeal

information that the agency was unable to

include them in a peer review. Information

risk was high and the quality of disclosure

was a concern. Yet standards are improving.

As S&P itself points out, progress has been

so rapid that, even a couple of years earlier,

such a report on the country’s banks would

have been ‘mission impossible’, because of

the paucity of information. Investors can

only hope that standards of disclosure and

risk management continue to show signs

of improvement.

Chinese banks: the known unknowns

March 2007


Building value

What would a new value-based agenda for risk

managers encompass? Rather than seeing risk

management through the prism of regulation and loss, risk managers would instead direct their attention towards

those activities that boost profi ts, improve service to

customers and enhance competitive advantage.

One area where a stronger focus is needed is

the effi ciency with which operations are run.

For example, fi rms have paid too little attention

to seeking out synergies between departments

on risk and controls processes. Much of this

is because regulators focus on a particular

business or regulation and insist on certain

steps being taken. Only later do companies

realise that, because their compliance

functions also concentrate on specifi c areas

of the business, the institution as a whole has

collected duplicate sets of data, several times

over, using different tools or standards.

Another area where greater value could be

derived is in strengthening the integration

between risk and other functions, especially

with the fi nance function. Recent progress

in risk management has helped companies

to reduce the number of surprises to their

earnings. It has also resulted in a more

balanced approach to the deployment of

capital at the group level. The closer the

alignment of key measures of risk and fi nancial

performance, the more rational the basis for

management decisions and the sharper the

focus on growth and the creation of value.

Among the greatest innovations seen

in recent years has been the ability for

companies to cascade metrics on capital

allocation and risk-adjusted performance

from the level of the business entity all

the way down to products and the client.

‘You can get a more accurate assessment

of customers, which sectors render more

income and better margins, and which types

of customer or sector do not contribute to the

bottom line’, explains Dr Joseph Eby Ruin,

the outgoing Head of Risk at Malaysia’s

RHB Bank.

The risk function should also focus on ways

in which it can confer competitive advantage

in relationships with customers and

shareholders. Many survey respondents are

keenly aware of the reputational effects of

good risk management. Asked how risk

management confers competitive advantage

on their organisations, the highest response

was for better reputations among customers,

which was cited by 48% of respondents. In a

region where the reputation of the institution

is a key differentiator for customers, this

objective is seen as particularly important.

Pricing is another area where risk management

can have a material impact. The disciplines

embodied in economic capital have helped

leading fi rms to set appropriate pricing,

leading to better, and more profi table,

products. ‘You can test to what extent clients

are prepared to pay more for products that

they like. You can also begin to strip away

features which add little value in customers’

eyes but which reduce your margins’, says

Koos Timmermans, Deputy Chief Risk Offi cer

and a member of the main board of ING Group.

7

March 2007


The effective identifi cation and pricing of

risks can be another source of competitive

advantage, says Tham Ming Soong, Head of

Risk Management at Singapore’s United

Overseas Bank. ‘This is true regardless of

markets and the line of business’, he says.

Product development is yet another area

where risk management can add value. For

example, risk managers have helped to

devise and create some of today’s most

successful credit derivatives, says Richard

Evans, Deputy Chief Risk Offi cer at Deutsche

Bank. Such instruments are designed to

provide a way for institutions to generate

liquidity while laying off risk.

Building value continued

8

Benefi ts package

In what ways, if any, does effective risk management confer competitive advantage on your organisation? (% of respondents)

We have a better reputation among customers 48%We have a better relationship with regulators 45%We have better and timelier data on our internal performance 45%We are able to improve returns relative to the risks taken 42%We have a better reputation with analysts and rating agencies 38%Our selection of customers has improved 33%We have a better reputation with shareholders 31%We have better and timelier data on our markets 31%Our pricing is more competitive 26%We have freed up more capital for investment in our business 26%We are better at attracting and retaining talent 23%We have reduced the cost of risk management 20%We have a better reputation with employees 19%We have better relationships within the communities in which we operate 18%None of the above 1%Other, please specify 0%


March 2007


Up to the challenge?

If some institutions are already focused on creating value,

many others still have a long way to go. A better relationship

with customers comes top when respondents in Asia are asked how risk management

confers competitive advantages on their organisations, but it is

only just ahead of better relationships with regulators.

Indeed, the fact that better relationships with

regulators ranks above improving returns

relative to the risks taken, bettering talent

management and enhancing data as a source

of competitive advantage, suggests that

success for risk managers is still defi ned

in terms of regulatory risk and compliance,

rather than the needs of the business.

Interestingly, when asked how risk

management confers competitive advantage

on their organisations, respondents from

emerging economies in Asia are more likely

than respondents in developed ones to

point to improvements in their selection of

customers and more competitive pricing.

This may be because, at the outset, basic

risk management tools can make a big

difference to an institution’s profi tability.

But, like the law of diminishing returns,

incremental gains become harder to deliver

as the system, and the market in which it

operates, become more refi ned.

The survey indicates that Asian risk managers

are not formally involved in many key

business processes. Only a quarter of

respondents say that they include a

structured assessment of risk in process

and performance improvements, such as

offshoring and outsourcing, and a similar

number involves risk formally in planning

M&A. Even the development of strategy

often lacks the formal involvement of risk

managers, with only 50% of respondents

saying that they conducted a structured

risk assessment in this area. In general,

involvement of risk managers in tactical

business processes, such as pricing and

capital allocation, tends to be greater among

developed Asian countries than in the

region’s emerging economies.

It is noteworthy, too, that when asked how

well their organisations manage certain risks,

respondents to our survey are most confi dent

in their ability to deal with the traditional (and

usually quantifi able) risks associated with

banking and fi nancial services, such as credit

and market risk. This is to be expected, even

if some institutions – especially those in

emerging markets – may overestimate their

ability to manage such risks.

The areas where they feel less confi dent are

around risks that are more diffi cult to quantify,

such as operational risk and reputational risk.

Operational risk is a particular bugbear for

many banks, which have had to move quickly

to bring their data into line with Basel II. Even

for banks like Australia’s Westpac, which

has long used a measure of operational risk

as part of its economic capital framework,

the hurdles have been high. ‘Being able to

reconcile your internal data is a positive step

but it is likely to give you input on probably

only one portion of the loss spectrum you

desire,’ says Daryl Newton, head of the

bank’s Basel programme. ‘To get a complete

picture, you have to use external data and

combine it with your own loss and scenario

data.’

9

March 2007


Up to the challenge? continued

As institutions chase growth by expanding

into new markets, anxieties about the quality

of data mount (see box on Standard

Chartered in China). Adding to the pressure

is the blurring between credit and market

risk, says Nell Cady-Kruse, Head of Risk

Management in Asia for Credit Suisse.

Because of this, fi rms need to take a wider

view of the hazards involved. ‘More and

more, we fi nd that we need to seek overall

guidance from the chief risk offi cer, and not

just go to the heads of credit or market risk

individually’, she says. ‘We need to think

about risk more strategically and not

segregate between credit and market risk -

there are many deals and trades that combine

elements of both.’

10

Limited infl uence

In which of the following business processes does your organisation include a structured assessment of risk? (% of respondents)

New product development/approval 73%Compliance 57%Allocation of capital to lines of business 51%Strategy development 50%Budgeting and fi nancial reporting 41%Entering new geographical markets 40%Customer selection and acceptance 38%Data management and governance 38%Setting prices 36%Process and performance improvement (offshoring, outsourcing) 24%Merger and acquisition acvtivity 23%Forming alliances and partnerships 22%Assessment of business unit performance 22%Recruitment and retention policies 18%Setting compensation policies 15%Pension scheme funding 3%Other 1%None of the above 0%


March 2007


Up to the challenge? continued

Doing business in China is a double-edged

sword. On the one hand, it offers the rewards

associated with investing in an economy

that could be the world’s largest within the

next 25 years. At the same time, Chinese

standards of corporate governance and

regulation are evolving very quickly as the

economy has opened up to foreign

investment following its WTO entry. Avoiding

the pitfalls while adding value through

innovative risk management is a diffi cult

balancing act.

The potential of the country has attracted

huge foreign investment in recent years,

led by fi nancial institutions, which both

fi nance and reap the benefi ts of China’s

growth. One such institution is Standard

Chartered, the British-based bank, which

has more than 2,200 staff in 12 branches,

eight sub-branches and three representative

offi ces on the Chinese mainland.

Standard Chartered has been operating

in the country since 1858, when it opened

a branch in Shanghai, giving it an advantage

over many of its competitors. It has committed

to rapid expansion in the country to

consolidate its position among the

market leaders.

Standard Chartered can draw on its

experience in emerging markets around

the world to feed into its risk management

planning in any one country. ‘One of our

key advantages is a unique network built

up from our presence in Asia, Africa and

the Middle East’, explains David Godwin,

Head of Client Relationships for Standard

Chartered’s Chinese operations. ‘We put

a lot of effort into using the power of this

network. There is a strong teamwork culture

in the bank, with all the country operations

sharing resources and information.’

This approach helps to increase effi ciency

and reduce duplication, but the bank also

recognises the importance of supplementing

this with data gathered on the ground.

To this end, it assesses separately the risks

associated with China, such as politics,

regulation and trade relations. In assessing

credit risk, Standard Chartered applies

similar techniques to those it uses

anywhere. This entails a bottom-up

approach, which means that each country

applies different criteria. ‘We stay very close

to our customers and watch the cash cycle

carefully’, says Mr Godwin. ‘We don’t just

dish out working capital. In the case of

SMEs (small and medium-sized enterprises),

we like to grow with the company. This is

both profi table and a good way to manage

risk.’ The local risk function in China will

then report to a regional division, which,

in turn, reports to the bank’s wholesale risk

function and fi nally to the executive board,

which meets in London.

The bottom-up approach will become even

more relevant as the Chinese consumer

market opens up in 2007. Until now, foreign

banks have only been allowed to lend to

foreigners living in China or through joint

ventures with local fi nancial institutions.

Standard Chartered applied at the end of

2006 to set up a locally incorporated

subsidiary that will allow it to compete in the

domestic loans, mortgages and credit card

businesses. The risks are huge, but for

banks with in-depth experience of emerging

markets, so are the potential rewards.

Case study: Standard Chartered in China

11

March 2007


Shared responsibilities

Enabling the risk management function to shift gears and

contribute greater value to the business is no easy task.

For anything to happen, senior management has to be fully

engaged. What matters most, says Raj Singh, Chief Risk Offi cer

of Allianz, is that an institution’s directors are committed to

proactive risk management and that its value to the group as a

whole is recognised.

According to Chng Sok Hui, Managing

Director and Head of Group Risk at DBS

Bank, responsibilities need to be clearly

assigned to risk-takers and risk controllers

alike, within a bank’s corporate governance

framework. ‘The process has to be an

intrinsic part of doing business, as well as

being aligned with the incentive structure

of the fi rm’, she says.

Every organisation is different; and one size

does not fi t all. Yet more and more institutions

are moving towards a system that makes

individual businesses more accountable for

the risks they run. ‘At DBS, we have individual

risk managers within the various lines of

business to work with business heads to

identify and manage their risk profi les and to

implement appropriate controls. We assess

the model from time to time to ensure that it

remains effective as the business grows and

evolves’, explains Ms Chng.

Setting the risk appetite of individual

businesses is a crucial step in this process.

Not only does this determine at the outset

the parameters within which each business

is expected to operate, it also reinforces the

role of the risk manager. Indeed, no fewer

than 60% of respondents said their

organisation would need to defi ne its risk

appetite more clearly for risk managers to

add more value to the business.

‘One of the most critical functions of the risk

governance process is ensuring a proper

communication of risk tolerance levels’,

says Ms Chng. ‘DBS has implemented

an integrated risk framework to give greater

clarity, focus and consistency across different

areas in the governance of risk. Under this

framework, aggregate limits guide risk-taking

within the group.’

As well as defi ning risk appetite more clearly,

survey respondents also point to the need

to see risk management as a more strategic

function, if its potential to create value is to

be released. Indeed, this is seen as the most

important change required, cited by 72%

of respondents.

Even when directors of fi nancial institutions

insist on risk managers having their say, often

too little attention is paid to embedding risk

managers in the individual businesses. This

makes it harder to get to grips with the

intricacies of the business; it also slows down

the speed with which risk offi cers can respond.

Respondents to our survey seem to

agree. When asked how their organisation’s

attitude to risk and risk management should

change for it to add greater value to the

business, 65% of respondents pointed

to the need to embed risk managers and

their risk management processes into

individual businesses.

12

March 2007


Show me the way

As important as embedding risk managers within the business units and local

territories, is the need to have a coherent central approach to risk. At UOB, for example,

risk management is not the sole responsibility of risk managers.

It is the joint responsibility of both the business and the

infrastructure support units, says Mr Tham. ‘While senior

management provides strategic leadership, tactical leadership is

provided by the risk management sector.’

RBS Group – which has a 10% stake in Bank

of China, the mainland’s second-largest

lender – appoints a risk offi cer for each

operating division of the Group. Although they

are embedded in the business, each manager

operates ‘under licence’ to the Group’s chief

risk offi cer, says Richard Gossage, the bank’s

former Group Chief Risk Offi cer. So senior

risk offi cers may report to the head of the

division in which they operate, but are

functionally responsible to the Group’s chief

risk offi cer.

This can be vital in helping to maintain a

sense of cohesion on risks encountered by

separate (and often competing) divisions of

a multifaceted institution. At Deutsche Bank,

for instance, risk offi cers are more than just

devil’s advocates – they are ‘representatives

of the group’s top-down perspective’, says

Mr Evans. Indeed, there is much to be said,

he says, for a function that is intimately

involved in the day-to-day running of the

business, but which identifi es closely with

the Group’s overall franchise.

According to Dr Ruin, of RHB Bank, effective

risk management requires a combination of

two approaches. From the top comes the

necessary budget and commitment of senior

managers; from below comes the involvement

of managers within the various business units.

He believes that successful risk management

requires a dedicated and robust framework,

which is constructed at the centre. Without

this, he says, there is always a risk that

models will not be implemented and aims

will be missed.

Sean Ringsted, Chief Actuary of the ACE

Group, an international insurer, and chair of

the company’s Risk Committee, believes that

the one of the key benefi ts of effective

enterprise risk management is the ability to

look at threats to an organisation holistically,

be they from outside or from within. ‘It joins

up the dots between the inevitable silos of

exposure across the company. Once you

aggregate the exposure across the balance

sheet and other sources to threats such as

catastrophes and credit defaults, you have a

much more complete understanding of those

threats to your organisation’, he says.

13

March 2007


Forward in step

If effective risk management requires the function to have a

foot in all camps, straddling business units and Group, local

territories and headquarters, then it is also imperative that

these various groups are well coordinated. That, at any rate, is the theory. In practice,

it does not always happen. Few survey respondents believe

that the risk management function and the individual

business units are highly integrated; indeed, many think

that risk managers at the centre fail to communicate adequately

with their local counterparts.

Clear process provides one solution to this

problem of coordination. But more important

still – and the foundation of successful risk

management in general – is the need to

instil a culture of risk management and

governance, which crosses functional as

well as geographical boundaries.

Ensuring that fi rms and their employees

demonstrate the effectiveness of their internal

controls goes only so far, says Seiichi Hara,

a partner of PricewaterhouseCoopers, Japan

(Tokyo offi ce). Institutions must also focus

on leadership and the need to reinforce

accountability at every level of

the organisation.

With concerns over corporate responsibility

on the rise, institutions will need to pay even

more attention to standards of governance.

As Sir John Bond, Chairman of Vodafone and

a former head of HSBC Holdings, once said:

‘It used to take years of dedicated bad

management to destroy a company. Now it

can be done almost overnight.’ This, more

than anything else, should persuade risk

managers to look beyond relationships with

the regulator as a yardstick of success.

14

March 2007


The Economist Intelligence Unit and PricewaterhouseCoopers conducted a special online survey of senior executives in fi nancial institutions on the subject of risk management. Executives from over 420 institutions worldwide participated, of which 117 were from Asia. The survey was conducted during December 2006 and January 2007.Our thanks are due to all those who participated for sharing their insights with us.

Please note that totals do not always

add up to 100 because of rounding,

or because respondents could choose

more than one answer.

Appendix: Survey results

15

41

4149

43

1

11

1

12

13

14

14

30

16

18

16

16

46

11

8

8

19

41

37

37

44

34

39

24

15

17

43

23

22

2

22

24

9

3

7

7

6

0 20 40 60 80 100%

Communicating key risks to the executive team

Identifying new and emerging risks

Communicating key risks to investors

Ensuring regulatory compliance

Classifying types of risks

Maximising loss avoidance

Enabling line-of-business managers to make better business decisions

Assisting management on a day-to-day basis with business/strategic decision-making

Measuring and monitoring risk

Setting the organisation’s risk appetite

Monitoring the organisation’s risk appetite

Enabling more efficient capital allocation

Instilling a culture of risk awareness throughout the organisation

Other, please specify

Americas Asia Europe

1. What, in your judgement, are the most important objectives of the risk management function? Select no more than three objectives.

Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007

March 2007


Appendix: Survey results continued

16

28 33 23 12 422 44 18 10 5

20 49 20 8 3

12 33 38 12 5 17 35 38 16 3 2

4 42 34 15 25

10 20 30 15 5 204 26 37 10 7 155 21 42 12 201

31 36 15 6 4 726 43 16 10 2 3

20 39 24 7 83

15 40 26 12 6 114 37 37 9 2 215 34 37 12 12

9 31 36 15 2 77 34 31 20 3 6

5 42 35 12 32

9 28 30 22 10 18 35 28 24 1 311 29 37 17 24

22 28 25 20 518 36 34 10 219 46 26 5 4

9 23 34 19 4 118 23 38 22 2 89 28 31 20 84

12 28 33 16 7 49 26 33 22 3 78 34 35 15 25

8 28 25 20 7 128 22 32 22 6 109 26 38 11 78

15 25 30 23 5 19 30 40 15 5 19 41 26 18 24

10 30 30 21 5 46 29 42 19 3

8 33 37 13 36

0 20 40 60 80 100%

Communicating key risks to the senior executive team

Identifying new and emerging risks

Communicating key risks to investors

Ensuring regulatory compliance

Classifying types of risk

Maximising loss avoidance

Enabling line-of-business managers to make better business decisions

Assisting management on a day-to-day basis with business/strategic decision-making

Measuring and monitoring risk

Setting the organisation’s risk appetite

Monitoring the organisation’s risk appetite

Enabling more efficient capital allocation

Instilling a culture of risk awareness throughout the organisation

AmericasAsia

Europe

Verysuccessfully

1 2 3 4

Not successfully

5

Notwithinscope

2. How effectively do you think your organisation’s risk management function performs the following tasks? Rate each on a scale of 1 to 5, where 1 = Very successfully and 5 = Not at all successfully, or indicate if the task is not within the scope of your risk management function.


March 2007



17

0 20 40 60 80 100%

Decrease in investment

No change in investment

0-5% increase

5-10% increase

10-15% increase

15-25% increase

More than 25% increase

Don’t know


19

19

10

1

18

13

1515

11

0

17

16

6

68

8

24

20

20

25

9

9

3

7

3. On average, what change in levels of investment in risk management-related resources (i.e. people, technology and data) has your institution made annually over the past three years?

Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007

0 20 40 60 80 100%

Substantially more value

Slightly more value

No more value

Slightly less value

Substantially less value

Don’t know


41

41

31

32

13

13

1

11

0

0

4

3

9

9

47

47

7

4. Does the risk management function at your organisation add more value to the business now than it did three years ago?


March 2007



18

0 20 40 60 80 100%

We have a better reputation among customers

We have freed up more capital for investment in our business

Our selection of customers has improved

We are better at attracting and retaining talent

We have better and timelier data on our internal performance

We have better and timelier data on our markets

We have a better reputation with analysts and rating agencies

Our pricing is more competitive

We have reduced the cost of risk management

We have a better reputation with shareholders

We have a better reputation with employees

We have a better relationship with regulators

We are able to improve returns relative to the risks taken

We have better relationships within the communities in which we operate

None of the above



28

48

48

45

45

45

13

1

31

31

31

26

23

2317

44

3

33

24

0

18

18

57

32

3447

47

19

15

45

58

15

38

2

2

1621

6

8

24

20

20

4242

26

29

35

39

5. In what ways, if any, does effective risk management confer competitive advantage on your organisation? Select all that apply.


March 2007



19

0 20 40 60 80 100%

Regulatory pressures

Increased levels of geopolitical risk

Threat of terrorist activity

Macroeconomic volatility

Financial market volatility

Changes in reporting standards

Levels of customer satisfaction and/or churn

Increased levels of IT security risk

Losses at our own institution

Increased focus on risk management on the part of senior management and the board

Governance scandals affecting other financial institutions or major corporates

Increased offshoring activities leading to greater emphasis on business continuity, etc.

Demands for corporate transparency and accountability

Increased stakeholder focus on risk management practices

Aim of increasing value of risk management to the business

Increased focus on risks pertaining to people and behaviour

Focus on cost reduction and efficiency

Securing competitive advantage over competitors

Focus on social responsibility programmes


Americas

Asia

Europe

16

49

6666

23

21

2828

1818

10

4341

1

1

44

4

4

12

12

5

5

5

57

7

14

14

14

67

13

13

13

13

13

13

3

3

3

15

15

15

15

2

2

2

2

2

9

9

9

9

6

6

6

8

8

19

19

6. What have been the major drivers of change in your organisation’s risk management priorities over the past three years? Select the three most important drivers of change.


March 2007



20

57

18

18

18

4

4

4

15

15

58

1

1

1

25

19

34

24

24

17

17

17

8

8

8

13

13

13

3330

30

9

9

9

9

51

7

7

7

7

7

22

29

12

12

11

6

6

31

31

5

5

5

16

14

14

23

3

3

0 20 40 60 80 100%

Regulatory pressures

Increased levels of geopolitical risk

Threat of terrorist activity

Macroeconomic volatility

Financial market volatility

Changes in reporting standards

Levels of customer satisfaction and/or churn

Increased levels of IT security risk

Losses at our own institution

Increased focus on risk management on the part of senior management and the board

Governance scandals affecting other financial institutions or major corporates

Increased offshoring activities leading to greater emphasis on business continuity, etc.

Demands for corporate transparency and accountability

Increased stakeholder focus on risk management practices

Aim of increasing value of risk management to the business

Increased focus on risks pertaining to people and behaviour

Focus on cost reduction and efficiency

Securing competitive advantage over competitors

Focus on social responsibility programmes


Americas

Asia

Europe

7. What do you think will be the major drivers of change in your organisation’s risk management priorities over the next three years? Select the three most important drivers of change.


March 2007



21

0 20 40 60 80 100%

Credit risk

Market risk

Operational risk

Regulatory risk

Business/strategic risk

Reputational risk

Interest rate risk/ALM

Liquidity risk

Customer-related risk (selection, acceptance)

Tax risk

Legal risk

Business continuity risk

Sovereign/political risk

Third-party risk (outsourcing service providers, suppliers, etc.)

HR/people risk (talent recruitment and retention, etc.)

Environmental risk

IT/technology risk

3225

23

2628

38

2222

161

9

79

131615

2824

20

3035

29

2425

29 4

77

129

18

2117

14

3641

29

3326

3812

722

1318

1619

12

3230

21

3130

36 8

4 17 1

1614

24

171716

3438

32

3329

33 3

2 13

1312

16

2327

20

2925

35

2924

301

8 1

5 15

1317

7

1414

5

2228

19

3223

30 14 3

10 211

2024

28

711

5

1622

17

3423

301

2

3214

10 130

1430

577

3328

24

3233

27 311

8 110 3

2120

27

23

2

810

8

2528

23 427

25 222 5

3730

36

48

3

1916

15

3135

312

16 2

9 113

3626

33

77

5

1720

14

3534

31 14 1

1114 4

3021

36

107

3

1015

12

2120

226

3

2421

34 131

3030

434

212422

3034

29 11 2

16 112 4

2922

32

1311

7

2932

34

3436

31 6 1

4 17 2

1912

22

41

6

88

6

1732

16 36 2

41 623 9

2428

33

1211

7

3637

33

3332

35 5

6 18 1

131121

AmericasAsia

Europe

Verythreatening

1 2 3 4

Not threatening

5Don’tknow

8. Which of the following types of risk are the most threatening to your organisation’s earnings? Rate on a scale of 1 to 5, where 1 = Very threatening and 5 = Not at all threatening.


March 2007



22

0 20 40 60 80 100%

Credit risk

Market risk

Operational risk

Regulatory risk


Reputational risk


Liquidity risk

Customer-related risk (selection, acceptance)

Tax risk

Legal risk




HR/people risk (talent recruitment and retention, etc.)

Environmental risk

IT/technology risk

3018

27

3847

44

1922

202

4

464

37

5

1920

24

4645

49

2124

16 12

322 3

869

99

7

3136

38

4440

40 2 1

154

111012

2017

11

3838

39

3131

34 2 2

3 12 3

710

11

129

5

2829

36

4139

43 2

1146

1612

14

201113

3641

31

3233

372

2

112

1012

17

249

15

3441

39

2532

27 5 8

4 43 6

99

6

3216

20

3343

34

2526

3252

72

129

39

139

6

3228

32

414543 42

1 33 4

111012

1813

11

2730

29

3432

33 83

4 95 8

712

15

18811

404639

3034

281

2 3

4 21

710

16

146

11

333932

3729

38 1 2

3 14 3

1319

17

14109

2222

21

2640

2611

19

145

4 1911618

54

2

2625

22

4544

46 5 3

1 84 5

1418

22

543

2117

21

4037

42 6 2

7 49 3

2330

25

857

2017

18

3332

32 8 16

3 2210 17

1419

18

76

2

232432

444439 24

2 24 2

222021

AmericasAsia

Europe

Veryeffectively

1 2 3 4

Not effectively

5Not

managed

9. How effectively do you think your organisation manages the following types of risk? Rate on a scale of 1 to 5, where 1 = Very effectively and 5 = Not at all effectively, or indicate if the risk is not managed at all.


March 2007



23

18

20

52

43

45

4760

72

44

3131

49

57

65

62

6565

23

35

22

51

31

43

0 20 40 60 80 100%

We would need to change the metrics by which risk managers are judged

We would need to change the metrics by which business units are judged

We would need to define our risk appetite more clearly

We would need to see risk management as a more strategic function

We would need to be less focused on compliance

We would need to embed risk management processes and people more deeply into the lines of business

We would need to be less focused on downside risks and more on upside risks/opportunities

We would need more effective cross-functional coordination


24

10. How would your organisation’s attitude to risk and risk management need to change in order for the function to add greater value to the business, in your view? Select all that apply.


March 2007



24

50

50

73

48

48

40

51

3423

36

18

15

25

35

31

2

46

66

49

41

41

16

12

12

2222

22

0

1

45

62

39

30

43

43

33

24

24

3838

38

32

14

14

29

42

5757

27

7

3

3

3

5

0 20 40 60 80 100%

Strategy development

New product development/approval

Entering new geographical markets

Budgeting and financial reporting

Allocation of capital to lines of business

Merger and acquisition activity

Forming alliances and partnerships

Customer selection and acceptance

Setting prices

Recruitment and retention policies

Setting compensation policies

Process and performance improvement (i.e. offshoring, outsourcing)

Data management and governance

Compliance

Assessment of business unit performance

Pension scheme funding

None of the above



11. In which of the following business processes does your organisation include a structured assessment of risk? Select all that apply.


March 2007



25

0 20 40 60 80 100%

Strategy development

New product development/approval

Entering new geographical markets

Budgeting and financial reporting

Allocation of capital to lines of business

Merger and acquisition activity

Forming alliances and partnerships

Customer selection and acceptance

Setting prices

Recruitment and retention policies

Setting compensation policies

Process and performance improvement (i.e. offshoring, outsourcing)

Data management and governance

Compliance

Assessment of business unit performance

Pension scheme funding

Veryinfluential

Somewhatinfluential

Not influential

Notapplicable

AmericasAsia

Europe

2330

21

4652

54

2216

21

93

5

2837

29

4248

42

2111

22

93

6

2029

20

3140

37

3316

25

1516

18

1726

23

3541

49

342721

1467

2631

26

3337

40

2622

24

151010

1519

16

3643

33

2416

25

2522

26

812

5

2531

24

4945

57

1912

15

713

8

1926

26

5448

53

211313

101113

3653

43

3427

32

209

12

141615

3745

36

3026

32

1913

17

1719

17

2343

38

4327

29

1711

15

1217

11

3039

39

3832

37

2012

13

171514

3763

55

3317

25

1356

3941

32

3642

46

1411

17

1265

132321

363845

373126

1478

743

1521

16

3830

42

4144

39

12. How infl uential is your organisation’s chief risk offi cer (or equivalent) in the following activities and decisions?


March 2007



26

0 20 40 60 80 100%

Risk-based capital measure

Data on reputation for risk management among key stakeholders (i.e. customer satisfaction surveys/comments from ratings agencies, etc.)

Earnings volatility against a predefined benchmark

Client complaints/litigation

Losses against a predefined benchmark

Credit quality distribution

Data on contribution of risk management to increased shareholder value

By country By businessunit

By product By customersegment

AmericasAsia

Europe

1924

19

434347

222021

161313

1527

22

5443

42

1416

17

1814

19

1516

14

5353

50

2122

23

108

13

1320

15

5140

45

151918

212122

1419

15

5150

46

2320

29

121110

1718

20

4140

36

2121

22

212122

1820

17

5254

52

2015

17

101115

13. Which of the following types of risk-related data are routinely circulated within your organisation? Select all that apply.


March 2007



27

0 20 40 60 80 100%

Risk-based capital measure

Data on reputation for risk management among key stakeholders (i.e. customer satisfaction surveys/comments from ratings agencies, etc.)

Earnings volatility against a predefined benchmark

Client complaints/litigation

Losses against a predefined benchmark

Credit quality distribution

Data on contribution of risk management to increased shareholder value

AmericasAsia

Europe

30 31 11 8 18226 29 19 4 3 18

32 33 12 2 2 20

7 29 28 11 3 2215 29 29 5 2 20

8 24 25 12 292

16 32 24 10 1 1725 36 24 1 3 12

10 30 29 7 231

3 26 33 17 4 1718 32 31 7 1 12

12 21 22 19 214

16 34 22 11 2 1424 30 28 4 2 12

15 34 24 8 191

27 39 14 9 1 1027 34 21 8 3 728 32 18 5 142

9 22 21 11 4 3216 24 22 5 294

6 17 21 10 406

Extremelyuseful

1 2 3 4

Not useful

5Not

used

14. How useful are the following types of risk-related data as tools for managing the business? Rate on a scale of 1 to 5, where 1 = Extremely useful and 5 = Not at all useful, or indicate if your organisation does not use these measures.


March 2007



28

0 20 40 60 80 100%

Greater profitability for individual lines of business

More efficient allocation of capital to lines of business

More appropriate pricing levels

More appropriate remuneration packages for senior executives

Satisfying regulatory requirements (e.g. capital adequacy)

Greater understanding of risk on part of business units

Clearer reporting and disclosure to shareholders

Veryeffective Effective

Neithereffective norineffective Ineffective

Veryineffective

Don’tknow

AmericasAsia

Europe

11 35 28 6 2015 40 26 2 3 13

5 49 23 6 16

18 42 18 5 1813 53 16 4 2 1114 45 16 9 16

10 34 31 8 1 169 36 30 10 3 12

8 38 25 8 21

4 27 30 10 3 266 33 27 13 1 20

1 22 32 14 302

19 41 22 11 1623 47 17 5 1 6

20 42 17 164

18 43 16 5 3 1724 44 16 5 3 7

14 54 17 4 12

10 29 36 5 2013 49 18 5 122

8 47 24 4 161

15. If your organisation assesses its performance on a measure of risk-based capital, please rate how effective it is at meeting the following objectives.


March 2007



29

0 20 40 60 80 100%

Credit risk

Market risk

Operational risk

Regulatory risk


Reputational risk


Liquidity risk

Governance risk

Customer-related risk (selection, acceptance, etc.)

Tax risk

Legal risk




HR/people risk (recruitment and retention of talent, etc.)

Environmental risk

IT/technology risk

Central riskmanagement

functionBusiness

unit headsFinancefunction

Otherfunction Don’t know

AmericasAsia

Europe

65 16 12 5 266 24 9 11

58 18 15 7 4

53 30 11 5 154 33 10 22

50 31 13 3 3

59 28 5 6 249 39 4 6 249 38 4 7 3

48 13 11 25 250 26 6 314

46 25 6 19 4

31 44 4 17 541 42 5 10 3

28 50 5 12 5

31 34 2 24 951 26 5 216

33 34 1 23 9

30 21 31 11 742 19 30 5 3

33 13 43 6 5

31 25 31 8 543 19 30 35

28 14 44 7 7

40 19 6 29 646 24 6 18 5

38 15 7 28 13

18 58 1 14 921 61 3 41021 57 4 9 9

12 14 43 23 819 14 57 37

16 7 53 15 9

21 17 5 53 543 19 10 226

23 15 3 54 6

40 27 1 26 647 23 7 518

35 27 3 26 9

36 23 2 17 2350 20 3 1612

37 13 1 25 23

18 34 2 31 1428 38 5 82126 28 7 24 15

8 34 48 917 40 4 534

12 27 2 46 12

12 19 2 35 3131 23 4 2517

25 12 1 30 32

16 26 3 48 732 28 8 329

20 24 50 6

16. Please indicate who has strategic responsibility (e.g. setting policy and governance structures) for the following specifi c types of risk at your organisation. Note: The central risk management function includes business risk management teams if they report to central risk management. Business unit heads includes business risk management teams if they report to business unit heads. The fi nance function includes business risk management teams if they report to fi nance.


March 2007



30

Central riskmanagement

functionBusiness

unit headsFinancefunction

Otherfunction Don’t know

AmericasAsia

Europe

Credit risk

Market risk

Operational risk

Regulatory risk


Reputational risk


Liquidity risk

Governance risk

Customer-related risk (selection, acceptance, etc.)

Tax risk

Legal risk




HR/people risk (recruitment and retention of talent, etc.)

Environmental risk

IT/technology risk

0 20 40 60 80 100%

35 49 11 2 244 41 10 23

37 41 13 4 4

31 50 14 5 139 48 10 22

30 46 14 6 4

21 70 5 4 134 55 3 6 2

30 54 4 7 6

24 42 10 22 237 41 6 313

33 40 7 16 4

18 61 2 15 526 60 2 7 5

19 62 2 10 7

14 60 1 17 937 44 2 314

22 49 1 20 9

16 36 33 9 633 26 31 5 4

21 20 44 10 4

20 35 31 8 632 26 31 37

19 24 42 10 5

22 43 5 22 841 32 6 17 3

28 26 7 29 10

11 67 2 12 917 70 3 46

15 62 1 14 8

8 27 36 21 714 21 53 66

11 14 51 16 8

14 35 5 40 536 28 13 320

15 26 4 49 5

16 50 2 26 633 42 5 515

21 42 4 24 9

23 40 3 15 1947 23 3 1412

33 24 1 20 22

11 49 3 25 1223 43 6 1019

12 42 4 28 13

3 48 40 919 38 4 533

7 38 1 43 11

5 31 2 32 3024 30 7 2316

19 20 32 28

9 36 2 47 724 34 9 429

14 30 49 7

17. Please indicate who has operational responsibility (i.e. execution of policy) for the following specifi c types of risk at your organisation. Note: The central risk management function includes business risk management teams if they report to central risk management. Business unit heads includes business risk management teams if they report to business unit heads. The fi nance function includes business risk management teams if they report to fi nance.


March 2007


0 20 40 60 80 100%

Risk management function and compliance function

Risk management function and finance function

Risk management function and the HR function

Risk management function and the senior executive team

Risk management function and individual business units

Central risk management function and regional/country risk management functions

Central risk management function and business unit risk management functions

AmericasAsia

Europe

3032

23

2326

33

1825

223

9 2

6137

108

11

1423

16

2829

31

2828

33 9

698 1

151110

3 149

3

2812

9

25 2228

213

23219

928

34

2322

24

4039

40

1223

25 21

9 43 3

119

8

1415

11

4130

43

2236

35 11

9 43 3

1113

9

2022

19

2623

28

1725

2517

6 14

7 183

119

8

2422

21

3625

31

1035

327

3 5

9 94

117

8

Highlyintegrated

1 2 3 4

Poorlyintegrated

5Don’tknow

18. How effectively integrated are the following functions and departments in your organisation? Rate on a scale of 1 to 5, where 1 = Highly integrated and 5 = Poorly integrated.



31

March 2007



0 20 40 60 80 100%

Risk appetite is clearly defined and drives decision-making cross-functionally

Risk and control assessments across the organisation share common risk definitions, frameworks, methodologies and risk rating scales

Monitoring and testing activities are formally defined, coordinated and leveraged cross-functionally

Risk management processes and technology are effectively and efficiently integrated across the enterprise

Our organisation has an integrated governance, risk and compliance programme

An awareness of risk is pervasive in our organisation

The recent focus on regulations such as Basel II and Sarbanes-Oxley has made our organisation too risk-averse

Recent regulations on risk management are more of a compliance burden than a contributor to business value

Senior management recognise that the most important elements of risk management are the attitudes, competencies and behaviour of people

in the organisation

There is an appropriate balance between risk and opportunity in our organisation’s business decisions

We spend too little money on risk management

Stronglyagree Agree

Neither agree nor disagree Disagree

Stronglydisagree

AmericasAsia

Europe

11 44 20 17 820 39 26 12 3

16 40 21 22 2

18 39 19 19 524 40 21 14 2

23 43 20 11 2

12 39 25 19 520 36 32 10 2

9 43 31 13 3

7 34 26 27 614 33 31 18 3

7 44 26 21 2

16 33 23 20 715 45 24 14 3

12 35 29 21 3

23 34 23 13 716 44 30 10 1

13 48 30 8 2

4 12 38 36 99 26 31 28 6

4 18 28 42 8

20 33 21 23 316 32 34 14 4

8 37 25 28 3

28 36 17 12 722 54 16 8 1

13 52 20 15

9 41 25 21 413 42 30 10 4

8 55 22 15

18 22 31 22 715 20 31 25 9

14 29 32 20 5

19. Please indicate whether you agree or disagree with the following statements about risk management at your organisation.


32

March 2007



33

28

5

31

3

0 20 40 60 80 100%

Americas

Asia (excluding Australia & New Zealand)

Australia/New Zealand

Europe

Middle East & Africa

In which region are you personally based?


0 20 40 60 80 100%

Board member

CEO/President/Managing Director

CFO/Treasurer/Comptroller

CRO/Chief risk officer

CIO/Technology director

Other C-level executive

SVP/VP/Director

Head of business unit

Head of department

Manager

Other


1

11

1

55

7

7

10

6

6

8

6

60

31

15

14

20

19

19

11

2

2

34

0

0

0

0

0

18

9

9

What is your title?


33

March 2007



0 20 40 60 80 100%

Customer service

Finance

General management

Human resources

Information and research

IT

Legal

Marketing and sales

Operations and production

Procurement

Risk

R&D

Supply-chain management

Strategy and business development

Other


1

1

1

5

5

5

5

5

7

7

6

66

1520

20

11

2

2

2

2

2

2

33

33

4

4

4

00

9

9

9

73

17

16

16

6965

2121

25

8

What are your main functional roles? Please choose no more than three functions.


0 20 40 60 80 100%

Asset management/Custodian

Bancassurance

Broker-dealer

Capital markets

Central bank/Regulator

Corporate banking

Credit card issuer/services

Financial services consulting

Hedge fund

Investment banking

Life insurance

Non-life insurance

Wealth management

Private equity/Venture capital

Trading

Real estate/Leasing

Reinsurance

Retail banking

Stock exchange/Trading system



1

1

1

1

1

1

1

1

1

1

5

5

5

5

5

17

7

7

7

6

6

2911

11

2

2

2

2

2

22

2

3

3

3

3

3

3

13

13

14

14

4

4

4

4

4

0

0

0

0

0

0

9

9

12

8

8

8

8

In what area of fi nancial services do you personally work?


34

March 2007


Contacts

35

If you would like to discuss any of the issues raised in this briefi ng in more detail please speak to your usual contact at PricewaterhouseCoopers or call one of the following:

PricewaterhouseCoopers1 Editorial Board

1 PricewaterhouseCoopers refers to the global network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity2 Member of the Global Financial Services Leadership Team

Guillermo Montero Bardají34 915 684 [email protected]

Sandra Birkensleigh612 [email protected]

Christopher Box44 20 7804 [email protected]

Olivier Carré352 49 48 48 41 [email protected]

Ron Collard44 20 7212 [email protected]

Richard Stuart Collier44 20 7212 [email protected]

Allan Cuttle1 646 471 [email protected]

Rafael Ruano Díez56 2 940 [email protected]

Miles Everson1 646 471 [email protected]

Maria-Isabel Fadul33 1 56 57 81 [email protected]

Dylan Flavell61 3 8603 3002dylan.fl [email protected]

Carlo di Florio1 646 471 2275carlo.difl [email protected]

Seiichi Hara81 3 6266 [email protected]

Paul Horgan1 646 471 [email protected]

Matt Hosford852 92 72 [email protected]

Anita Mehta Iyer91 22 6669 [email protected]

Miles Kennedy44 20 7212 [email protected]

Jiri Klumpar420 251 152 [email protected]

Karen Loon65 6236 [email protected]

Monika Mars31 20 568 [email protected]

Chris Matten65 6236 [email protected]

Rosana Mazza00 54 11 4850 [email protected]

Fernando de la Mora1 646 471 [email protected]

Frank Morisano86 10 6533 [email protected]

Dominic Nixon65 6236 [email protected]

Kevin W O’Connell1 617 530 [email protected]

Steve Osei-Mensah44 20 7213 [email protected]

Neal Oswald 1 416 815 [email protected]

Tim Pagett86 10 6533 [email protected]

Stefan Palm49 69 9585 [email protected]

Jairaj Purandare91 22 6669 [email protected]

Hernán R. Pérez Raffo 54 11 4850 [email protected]

Phil Rivett2

44 20 7212 [email protected]

José Luís López Rodríguez34 91 568 44 [email protected]

Norberto Rodríguez00 54 11 4850 [email protected]

Robin Roy091 22 6669 [email protected]

Rafael Ruano Díez56 2 940 0181 [email protected]

Daniel J. Ryan 1 646 471 4212 [email protected]

Richard Smith 44 0 20 7213 [email protected]

Felix Sutter86 10 6533 [email protected]

Mark Train44 20 7804 [email protected]

Shyam Venkat1 646 471 [email protected]

Hajime Yasui81 90 6045 [email protected]

March 2007


Contacts continued

PricewaterhouseCoopers1 Global Financial Services Leadership Team

1 PricewaterhouseCoopers refers to the global network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity

Jeremy Scott

Chairman, Global Financial

Services Leadership Team

44 20 7804 2304

[email protected]

Benoît Catherine

33 1 56 57 12 38

[email protected]

Javier Casas Rúa

54 11 4850 4504

[email protected]

Diana L Chant

1 416 365 8207

[email protected]

Rahoul Chowdry

61 2 8266 2741

[email protected]

Ron Collard

44 20 7212 6827

[email protected]

Ian Dilks

44 20 7212 4658

[email protected]

James Flanagan

1 646 471 5220

james.f.fl [email protected]

Chris Jones

44 20 7804 2393

[email protected]

Colin McKay

1 646 471 5200

[email protected]

David Newton

44 20 7804 2039

[email protected]

Dominic Nixon

65 6236 3188

[email protected]

Tom Pirolo

1 646 471 3790

[email protected]

Phil Rivett

44 20 7212 4686

[email protected]

Marc Saluzzi

352 49 48 48 2511

[email protected]

Takashi Sasaki

81 90 6490 9333

[email protected]

Nigel J Vooght

44 20 7213 3960

[email protected]

Akira Yamate

81 90 1816 7737

[email protected]

36

March 2007


Contacts continued

Economist Intelligence Unit (EIU) 26 Red Lion Square, London WC1R 4HQ

Nigel Gibson

44 1825 791 474

[email protected]

Rob Mitchell

44 20 7576 8244

[email protected]

37

March 2007


Wealth management at a crossroads: Serving today’s consumer – November 2001

Economic Capital: At the heart of managing risk and value – March 2002

Taming uncertainty: Risk management for the entire enterprise – July 2002

Risk Management Survey – A follow up to Taming uncertainty: Risk management for the entire enterprise – November 2002

The trust challenge: How the management of fi nancial institutions can lead the rebuilding of public confi dence – December 2002

Illuminating value: The business impact of IFRS – April 2003

Compliance: A gap at the heart of risk management – July 2003

Focus on restructuring: The drivers shaping the fi nancial services sector – December 2003

•

•

•

•

•

•

•

Governance: From compliance to strategic advantage – April 2004

Uncertainty tamed? The evolution of risk management in the fi nancial services industry – August 2004

From aspiration to achievement: Improving performance in the fi nancial services industry – December 2004

Focus on growth: Striking the right value balance within fi nancial services – May 2005

Offshoring in the fi nancial services industry: Risks and rewards – September 2005

Effective capital management: Economic capital as an industry standard? – December 2005

Winning the battle for growth: Building the customer-centric fi nancial institution – Focus on Asia – May 2006

Marketing reporting in Asia’s fi nancial sector: Bridging the gap between perception and reality – January 2007

•

•

•

•

•

•

•

•

PricewaterhouseCoopers Global Financial Services Briefi ng Programme

The member fi rms of the PricewaterhouseCoopers network (www.pwc.com) provide industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 140,000 people in 149 countries share their thinking, experience and solutions to develop fresh perspectives and practical advice.

The Financial Services Briefi ng Programme is produced by experts in their particular fi eld at PricewaterhouseCoopers, to address important issues affecting the fi nancial services industry. It is not intended to provide specifi c advice on any matter, nor is it intended to be comprehensive. If specifi c advice is required, or if you wish to receive further information on any matters referred to in this briefi ng, please speak to your usual contact at PricewaterhouseCoopers or those listed in this publication.

For information on the PricewaterhouseCoopers Global Financial Services Briefi ng Programme please contact Áine Bryn, Director, Head of Global Financial Services Marketing, on 44 20 7212 8839 or at [email protected]

For additional copies please contact Serene Chia at PricewaterhouseCoopers on 65 6236 3776 or at [email protected]

© 2007 PricewaterhouseCoopers. All rights reserved. ‘PricewaterhouseCoopers’ refers to the network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. Designed by studio ec4 18566 (03/07)

38

www.pwc.com

Documents

Creating value: Effective risk management in financial services* · Creating value: Effective risk management in ﬁ nancial services – Focus on Asia Executive summary continued