Upload
jody-morgan
View
216
Download
0
Embed Size (px)
Citation preview
How the West Was Lost: What Asia Could Avoid.
Corporate Governance
Dr. Colin Lawrence Prudential Risk Division, Financial Services Authority,
UK
ASIAN BANKER RISK SUMMIT, 8th APRIL, 2011.
Over-arching Principles of Good Governance
3
Designing a CRO MandateThree Lines of Defence
Line 1 - The Business
Line 2 – Risk Function Line 3 – Internal Audit
Risk Management
Risk Advice
Risk Co-ordination
Risk Monitoring
Risk Challenge
Risk Assurance
4
Illustrative CRO MandateIndependent Advice, Co-ordination, Monitoring & Challenge
Advising on … Co-ordinating … Monitoring … Challenging …
•Risk strategy
•Risk framework
•Risk appetite and limits
•Key performance / risk indicators and
•Targets, limits, thresholds
•New product approvals
•Stress testing
•Scenario analysis
•Risk mitigation
•Model standards and
•Model related governance
• …
•Internal Capital Adequacy (ICA)/ Solvency 2
•The interactions in relation to the business planning cycle, encompassing risk and funding/ capital management
•Risk reporting from Divisional flows & analysis
•Regulatory interactions
•Training , knowledge management and awareness
•Disaster recovery coordination
• …
• Risk capacity vs. risk profile
• Limit breaches
•Cascade/escalation process
•Performance of “Line 1”
•Remediation actions
• …
•and escalating reports/ findings
•Business strategy
•Key/emerging trends,
•Variances and anomalies
•Major projects/change management programmes/ M&A
•The extent of embedding
• …
•Via the use of intensive reviews/ testing/ validation
5
Why do Institutions Find it so Hard To Deliver Effectively?Challenges on a Number of Fronts
• Organisational Issues– Enterprise-wide view vs Business Line view– Business and product complexity – how do risk factors interact?– Link with everyday business decisions at the front line– Economic vs Accounting vs Regulatory perspective– IT/Data challenges– Weak Management Information– Cost & Management time
• Principal/Agent problems– Asymmetry of information – Agent wants to maximise opacity– Principal cannot completely monitor Agent
– Agent has desire to hide the losses– Agent has desire to avoid internal challenge– Agent is incentivised to act inappropriately (shares in profits but not in losses...) – Agent will “gamble for resurrection” when things go wrong
• Moral hazard vs. Regulator– Gaming aspects of the regulatory system
Issues have to be addressed - strong management information can help
6
• Risk culture, philosophy & “tone at the top” Robust risk culture promoted by Board and Senior management NEDs insightful, able to access critical information NEDs provide effective challenge Risk culture understood and adhered to at all levels
• Risk governance frameworks Board approved risk governance framework, policies and practices Board engagement and challenge All material risks covered Clear accountability of risk management, control and assurance Clear mandate for Risk Control function Relationship between Risk, Finance and Treasury clear Balance sheet growth controlled Associated risks, funding and capital implications understood and managed
• Relationship Group Risk and Divisional Risk Clear accountability, reporting and escalation Effective risk governance Good MI
• Role & importance of CRO and Risk function CRO member of senior management, core Executive team and Board CRO and Risk function key member of decision making structures
Lessons from the Crisis What Differentiates Stronger Firms?
7
• Alignment of risk appetite, limits, understanding, behaviour and incentives Firm-wide approach to risk Control structures keep pace with growth Risk appetite enforced with top-down behaviours, limits and reward systems
• Understanding & use of economic capital and portfolio management competencies Conservative models built on through the cycle basis Scenario testing of tails of the distribution Understanding of limitations of models under stress Linked to aggregate risk appetite Portfolio management capabilities used to determine composition, concentration and planning Used in management performance metrics and incentives
• Informative & responsive risk measurement, risk management and risk reporting Adaptive vs static assumptions and correlations Use of models/rating agencies Independent challenge Stress testing with a holistic view
• Timing and quality of risk information Quality of data, infrastructure and analytics Silos/filters Delays/distortions Aggregation of divisional information for firm-wide view Dynamism Relationship between risks, capital required, liquidity and capital resources understood Range of scenarios and outcomes tested
Lessons from the Crisis Cont. What Differentiates Stronger Firms?