1

Strategic Risk Management

How A Comprehensive Approach to RiskManagement Can Improve Corporate Governance

and Increase Shareholder Value

Ron HarasymVice-President Risk Management

ron.harasym@aegoncanada.ca

2

Agenda

Risk Management Post Sarbanes-Oxley

Governance Process

Best Practices – Risk Management & Internal Controls

Risk Management Infrastructure

Risk Management Hierarchy

Risk Culture – Processes vs. Getting it Right

Summary – Success Factors

3

Risk Management Post Sarbanes-Oxley

• Regulators and rating agencies are intensifying focus on RiskManagement standards; there is less room for negotiation.

• Recognition that risks are increasingly correlated across businessesand sometimes across different risk types, requiring a much moreintegrated approach to managing them.

• Heightened market sensitivity to unanticipated risk events; fiscalsurprises of any kind now leading to market penalties often amultiple of the real economic loss to shareholders.

• Boards and CEOs have responded by becoming more involved.End result has been the overhaul of Risk Management practices.

4

Governance Process

Board Committees• Approve risk appetite limits and set strategic direction for the

Corporation• Provide oversight for Risk Management activities

Management Committees• Develop strategic vision for key enterprise-level activities• Approve policies governing enterprise level activities

Working Committees• Develop framework for implementing key risk activities• Develop and adopt policies governing key risk activities

5

Best Practices – Risk Management &Internal Controls

• Best practices are about management, not models.

• Has Sarbanes-Oxley helped or hindered best practices?

• Core elements to best practices risk management are:

• Defining the risk strategy & risk appetite

• Instilling effective and efficient risk processes

• Full risk transparency

• Establishing a robust risk organization with a shared riskculture

6

Risk Management Infrastructure

• Strong and visible commitment from top management

• Central oversight of risk management across the enterprise

• Separation of duties

• Clearly defined responsibility and accountability

• Full ownership of risk and risk management at business unit level

• Cost effectiveness & Cost efficiency

• Adds value (not just bureaucracy) both defensively andoffensively.

7

Risk Management Hierarchy

Long-Term Strategic Plan

Performance Objectives & Compensation Risk Philosophy/Appetite

Risk Management Policy

Corporate Risk Management Policies

• Aligned with strategy• Risk limits/tolerances by risk pool• Absolute standards in line with risk appetite

Business Level Policy Guidelines

• Business specific guidelines• Aligned with Policy standards

Board Level

Management CommitteeLevel

Business/ManagementCommittee Level

Credit Administration Procedures

• Consistent measurement/monitoring of risk• Specific processes

Business/Administration Level

Approval andException Reporting: Examples:

• Risk Tolerance Limits• Risk Culture & Philosophy

• Policies for Key Risk Drivers

•Administration ProceduresManuals

•Risk-specific policies geared forthe business unit

8

Risk Culture: Processes vs. Getting it Right

• Processes:• Risk limits & policy setting.• Capital allocation• Risk adjusted performance measurement• Model validation• Documentation

• Getting it Right:• Building a partnership between Risk Management and the

Business Units• Aligning incentives & compensation• The search for talent.

9

Summary – Success Factors

• Board Involvement• Management Leadership• Corporate-wide Initiative• Values Based Process• Regulatory Partnership

Drivers of SuccessSuccess Factors

• Enterprise-wide View

• Effective & Efficient Governance

• Separation of Duties

• Aggregation of Risks

• Transparency of Risks & Reporting

• Consistency of Practices

• Accountability

“Best-in-class” Risk ManagementOrganization

Objective