March 2007 1
Creating value: Effective risk management in fi nancial services – Focus on Asia
Welcome to the third Asia specifi c fi nancial services briefi ng entitled
Creating value: Effective risk management in fi nancial services.
Executive summary
PricewaterhouseCoopers Global Financial Services Briefi ng Programme
This briefi ng, written in cooperation with the Economist
Intelligence Unit (EIU), looks at risk management in the fi nancial
services industry in Asia. Financial institutions have devoted
considerable time and resources to risk management over the
past few years, often in response to regulatory initiatives such as
Basel II, Sarbanes-Oxley and others. But how effective is
the risk management function at adding value to the business
in Asia and how does this compare to other regions?
The research effort for this briefi ng comprised two
global initiatives:
The EIU and PricewaterhouseCoopers1 conducted a special on-
line survey of senior executives in fi nancial institutions
on the subject of risk management. Executives from over
420 institutions worldwide participated, of which 117 were from
Asia. The survey was conducted during December 2006 and
January 2007.
The EIU held over 14 one-to-one interviews with senior
executives at fi nancial institutions in Asia.
The survey fi ndings and interviews were further supplemented by
signifi cant desk research.
•
•
I am confi dent that you will fi nd this briefi ng thought-provoking
and insightful. This Asia specifi c briefi ng is part of our global
Financial Services Briefi ng Programme and soft copies of
this, along with our previous global and Asia briefi ngs on
Wealth Management, Economic Capital, Risk Management, The Trust Challenge, IFRS, Compliance, Restructuring, Governance, Performance Improvement, Growth, Offshoring, Customer-centric Growth and Market Reporting, are all
available free of charge from our web site (www.pwc.com/fi nancialservices).
If you would like to discuss any of the issues raised in this briefi ng
in more detail, please speak with your usual contact at
PricewaterhouseCoopers or one of the editorial board members
listed at the end of this briefi ng. We would also appreciate your
feedback on this briefi ng as it helps us to ensure that we are
addressing the issues that you are focusing on.
Dominic NixonFinancial Services Leader, Asia
1 In this publication, unless the context requires otherwise, the term ‘PricewaterhouseCoopers’ refers to the network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a seperate and independent limited legal entity.
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Executive summary continued
The risk management function in Asian fi nancial services fi rms is undergoing dramatic change.
As with their counterparts in Europe, North America and
elsewhere, risk managers have been required by regulators to
enact sweeping reforms to the way that they handle risk. At the same
time, the market and business environment for the fi nancial
services industry in Asia is being transformed, in no small part
because of the rapid development of the region’s most populous
nation – China. In combination, these trends have ensured that the profi le of the risk function in
Asia has never been higher.
But at the same time, the risk discipline is still
somewhat neglected. According to a survey
of 117 senior executives in fi nancial services
throughout Asia, which formed part of a
global survey carried out exclusively for this
briefi ng by the Economist Intelligence Unit
(EIU) on behalf of PricewaterhouseCoopers,
the current limitations of risk management
become very clear:
Focus on regulators. As the tide of activity
caused by Basel II, which is being phased
in across Asia from 2008, has been an
important driver of the risk management
agenda in recent years. As a result, there is
a tendency for banks in the region to defi ne
risk management largely in regulatory
terms. There are notable differences,
however, between developed economies,
such as Hong Kong and Singapore,
and emerging ones, such as China and
Indonesia. Looking ahead to the next
three years, the former expect regulatory
pressures to be a greater driver for change
than the latter. This is surprising, given that
developing economies are less advanced in
their implementation of Basel II and are
currently gearing up for the change. The
fi nding suggests that these countries may
be underestimating the challenges ahead.
•
Lost potential to create value. When asked about the ways in which
risk management confers competitive
advantage on the organisation, banks
in Asia were more likely to cite a better
reputation among customers as being
important than the overall global set of
respondents. Signifi cant numbers of
respondents also believe that effective risk
management burnishes their reputation
with shareholders, enables sustainable
investment performance, delivers better
management data and enables more
competitive pricing. But, as with their global
counterparts, reputation with regulators is
still seen as a key source of competitive
advantage, and is considered more
important than, say, the ability to free up
capital for investment. This suggests that
signifi cant potential to create value for the
business is being lost.
Disengagement by the business. Just
over half of Asian respondents say that
there is a structured assessment of risk
around strategy development, which means
that they are slightly more likely than those
from Europe and North America to have
input in this area. In general, however, there
is limited input from the risk function in a
•
•
number of key business activities. Only
41% say that risk management is formally
involved in budgeting and fi nancial
reporting, and just 23% say that there
is a structured assessment of risk around
mergers and acquisitions (M&A). There
continues to be a pressing need for risk
managers in Asian fi nancial institutions to
become more involved in these crucial
strategic decisions. Only then will they be
able to demonstrate that they can deliver
real value to the business and boost
expected profi ts.
As the tide of activity caused by Basel II
and other initiatives begins to bite in Asian
markets, the time is right for executives
inside and outside the risk function to
re-evaluate the contribution that risk
management makes to the business.
‘Financial institutions in Asia have come
a long way in terms of their risk management
in recent years’, says Chris Matten, a partner
of PricewaterhouseCoopers Singapore,
and a specialist in risk and capital
management. ‘To capitalise on the progress
they have made so far and to make the most
of their investment in future they need to
develop a better understanding of risk and
how to create value from managing it.’
2
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Executive summary continued
Asian fi nancial services fi rms will not reap
maximum value from risk management
unless their culture, organisation, processes
and data are all properly aligned. The survey
fi ndings and interviews conducted for this
briefi ng suggest that institutions must
concentrate on the following areas:
Commitment from the top. Asked to
identify the changes that would enable
the risk management function to add more
value to the business, the greatest number
of respondents plumped for a change in
mindset – seeing risk management as a
more strategic function. For risk managers
to participate fully in critical business
decisions, it is essential that senior
management remains committed to,
and engaged with, the function.
Embedded risk managers ... Just as
companies have embedded the fi nance
function in individual business units, with
the result that commercial managers are
now expected to demonstrate greater levels
of fi nancial literacy, so too there should be
similar scope to embed the risk function
more deeply. Embedding risk managers
within individual business lines leads to
greater understanding and awareness of
risk, and its link to performance. While this
strategy has been employed for some time
at a number of Asian companies, there is
clearly still room for improvement. Only
around one in six respondents believes that
their organisations’ business units and risk
management function are very well integrated
at the moment; only one in four thinks that
the risk management and fi nance functions
are very well integrated.
… and a strong central presence. A central risk management function with
a strong mandate remains essential to
monitor, measure and oversee treatment
of risk by individual business units, and to
ensure that independence and objectivity
are not sacrifi ced. Strong controls at the
centre are also needed to ensure that risk
information is rigorous and relevant to
decisions being taken. Risk managers
should also be involved in key discussions
around strategy development, M&A, and
other corporate activities. History has
proved, however, that it is diffi cult to strike
the right balance between embedded risk
managers and a strong central presence.
Overlapping roles and responsibilities. An unintended consequence of the rush
to meet regulatory standards on risk and
control has been a profusion of separate,
and expensive, overlaps in governance, risk
and compliance. For example, identifying
and assessing risks in different disciplines
is frequently duplicated across multiple
functions, such as compliance and internal
audit, and business units. By adopting a
principles-based approach to such tasks
and recognising risk assessment as a
common activity across the organisation,
fi rms can optimise their risk models and
make substantial savings.
Quality and utility of data. There is no
shortage of risk-related data circulating
within fi nancial institutions, but often there
remains considerable doubt over its quality
or utility. Survey respondents were equivocal
about how valuable the data they receive is,
as a tool for managing their businesses. Risk
managers must therefore enter into a closer
dialogue with executives outside the risk
function to ensure that the data they gather
is accurate and useful for them to create
value as well as ward off risks.
Risk is positive as well as negative. Highly
successful fi rms have demonstrated that
risk management has a proactive role
to play in shaping new ideas for products
or services as well as for protecting a
company’s franchise. Nurturing a creative
tension between these two faces of an
organisation is often the fi rst step in reaping
more rewards from investment in risk
management and generating more value
from it in future.
Culture and governance. The organisational
structure, processes and data must be
underpinned by a culture of risk awareness
and sound governance. There is a long way
to go for many Asian fi nancial institutions in
this regard: only one in six respondents
strongly agrees that an awareness of risk is
pervasive in their organisations.
Reaching the next stage in risk management
3
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Regulatory pressures have overshadowed the risk
management function for the past few years. The new standards for capital adequacy to be imposed
on international banks under Basel II have been years in the
making, as have other initiatives for insurers and asset managers.
From 2008, much of Asia will start to come into line with the basic
standards required under the new Basel accord.
For some institutions, this will require much
more work than others; for banks in territories
with the most ambitious targets – such as
Hong Kong and Singapore – regulators have
been pressing hard. The introduction of
International Financial Reporting Standards
(IFRS) represents another hefty burden with
which fi rms must comply.
It is no surprise, then, that nearly two-thirds
of the 117 respondents to our survey cited
regulatory pressures as one of the main
drivers of change in their risk management
priorities over the past three years. Nor are
these pressures about to disappear. Even
after they have introduced the basic
standards enshrined under Basel II, banks will
have to get to grips with additional measures
pertaining to Pillars 2 and 3 of the framework.
In some countries, such as China, India and
Indonesia, the deadlines for these phases
have yet to be decided.
When we compare the results from developed
Asian economies – Hong Kong, Singapore
and Japan – with emerging economies, it is
interesting to note that the former tend to
expect that regulatory pressures will be a
greater driver of change in risk management
priorities over the next three years than the
latter. Given that the developed economies
are largely over the hurdle in their
consideration of Basel II, and that emerging
economies are starting to come under
pressure from regulators to gear up for
the change, one might have expected the
opposite. The fi ndings suggest, perhaps, that
emerging economies are not yet as prepared
for the challenges ahead as they should be.
‘There is evidence that institutions in Asia’s
emerging markets may be underestimating
the challenges ahead of them, while those
in developed economies will continue to
be under pressure to match international
standards’, says Mr Matten.
Nowhere is the range of expertise and
capabilities more pronounced than in China
itself: at one extreme is the handful of mega-
banks whose shares have been fl oated and
which are learning fast from the foreign
institutions that have invested in them
(see box on Chinese banks). At the other
end of the spectrum are dozens of smaller
institutions across the mainland whose
operations remain opaque and whose
standards of risk management are
signifi cantly less developed.
Nevertheless, this gap between capabilities is
expected to narrow in the years ahead. ‘Over
time, the huge differences in the standards of
risk management between banks in Asia will
tend to narrow’, says David Eldon, Senior
Adviser to PricewaterhouseCoopers and a
former chairman of HSBC Asia Pacifi c,
‘but many institutions still have a lot of ground
to make up. Although there have been
signifi cant strides in credit risk, a lot remains
to be done in areas, such as operational risk,
which are harder to quantify and more diffi cult
to assess.’
The implementation of initiatives, such as
Basel II, is changing the nature and reach
of risk management within fi nancial
organisations. Nor will they just have an
impact on those working in fi nance, risk
management and compliance. ‘Every aspect
of a fi rm’s infrastructure – from budgeting
To Basel and beyond
4
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
To Basel and beyond continued
to reporting and everything in-between –
is likely to be affected by the new
standards’, says Tim Pagett, a partner
of PricewaterhouseCoopers, Beijing.
Leaving aside the regulatory pressures on
risk management priorities, it is possible
to discern the faint outlines of a redefi ned
agenda emerging among respondents.
Compared with priorities for the past few
years, a higher proportion expects the aim
of increasing the value of risk management
to the business to drive change in the years
ahead. Similarly, securing competitive
advantage over rivals is also expected to rise
in importance. ‘Banks must ensure fi rst and
foremost that their investment in risk
management creates value, as well as helping
them to negotiate regulatory hurdles’, says
Mr Matten.
5
Winds of change
(Main drivers of change in risk management priorities over the next three years; % change from drivers of change over the past three years)
Increased focus on risk management on the part of senior management and board -12%Regulatory pressures -9%Increased levels of IT security risk -3%Losses at our own institution -3%Increased levels of geopolitical risk -3%Governance scandals affecting other fi nancial institutions or major corporates -3%Macroeconomic volatility -2%Focus on cost reduction and effi ciency -2%Focus on social responsibility programmes -2%Demands for corporate transparency and accountability 1%Threat of terrorist activity 1%Changes in reporting standards 2%Levels of customer satisfaction and/or churn 3%Increased stakeholder focus on risk management practices 3%Increased offshoring activities leading to greater emphasis on business continuity 4%Financial market volatility 5%Increased focus on risks pertaining to people and behaviour 5%Securing competitive advantage over competitors 7%Aim of increasing value of risk management to the business 7%
Source: PricewaterhouseCoopers/EIU survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
6
To Basel and beyond continued
It is sobering to think that, before its shares
were listed in Hong Kong and Shanghai
at the end of last year, the Chinese
government pumped $15 billion into ICBC
(the Industrial and Commercial Bank of
China). Before it did so, more than one-fi fth
of the bank’s portfolio of loans was ‘non-
performing’. Now ICBC is not only China’s
largest bank by market capitalisation;
it is also one of the top ten worldwide.
Since 1998, says Standard & Poor’s (S&P),
a ratings agency, the Chinese government
has injected into its banks and fi nancial
institutions a sum equivalent to 22% of the
country’s gross domestic product (GDP) in
2004. And yet risks still abound. In theory,
China’s banks are on a sounder footing than
they were, even a couple of years ago. In
practice, though, it is sometimes hard to tell.
True, the handful of what are known as
‘mega’ banks and national institutions,
including ICBC, whose shares are listed on
recognised stock exchanges, prepare their
fi nancial statements in accordance with IFRS
and their statements are audited by the Big
Four international accounting fi rms.
But what about the dozens of unlisted
national and city-commercial banks across
the country? The quality of their disclosure,
says S&P, is ‘generally poor’. Some do not
make their fi nancial statements available
to the public; those that do publish annual
statements, invariably do so late. Even when
there are fi gures, it is hard to know whether
to believe them or not. ‘A typical ruse’, says
S&P, ‘is to charge loan loss expenses
directly to shareholders’ equity rather than
recognising them as expenses or capitalising
them as losses.’
Indeed, when S&P published a report last
year of China’s top 50 banks, no fewer than
16 institutions produced such piecemeal
information that the agency was unable to
include them in a peer review. Information
risk was high and the quality of disclosure
was a concern. Yet standards are improving.
As S&P itself points out, progress has been
so rapid that, even a couple of years earlier,
such a report on the country’s banks would
have been ‘mission impossible’, because of
the paucity of information. Investors can
only hope that standards of disclosure and
risk management continue to show signs
of improvement.
Chinese banks: the known unknowns
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Building value
What would a new value-based agenda for risk
managers encompass? Rather than seeing risk
management through the prism of regulation and loss, risk managers would instead direct their attention towards
those activities that boost profi ts, improve service to
customers and enhance competitive advantage.
One area where a stronger focus is needed is
the effi ciency with which operations are run.
For example, fi rms have paid too little attention
to seeking out synergies between departments
on risk and controls processes. Much of this
is because regulators focus on a particular
business or regulation and insist on certain
steps being taken. Only later do companies
realise that, because their compliance
functions also concentrate on specifi c areas
of the business, the institution as a whole has
collected duplicate sets of data, several times
over, using different tools or standards.
Another area where greater value could be
derived is in strengthening the integration
between risk and other functions, especially
with the fi nance function. Recent progress
in risk management has helped companies
to reduce the number of surprises to their
earnings. It has also resulted in a more
balanced approach to the deployment of
capital at the group level. The closer the
alignment of key measures of risk and fi nancial
performance, the more rational the basis for
management decisions and the sharper the
focus on growth and the creation of value.
Among the greatest innovations seen
in recent years has been the ability for
companies to cascade metrics on capital
allocation and risk-adjusted performance
from the level of the business entity all
the way down to products and the client.
‘You can get a more accurate assessment
of customers, which sectors render more
income and better margins, and which types
of customer or sector do not contribute to the
bottom line’, explains Dr Joseph Eby Ruin,
the outgoing Head of Risk at Malaysia’s
RHB Bank.
The risk function should also focus on ways
in which it can confer competitive advantage
in relationships with customers and
shareholders. Many survey respondents are
keenly aware of the reputational effects of
good risk management. Asked how risk
management confers competitive advantage
on their organisations, the highest response
was for better reputations among customers,
which was cited by 48% of respondents. In a
region where the reputation of the institution
is a key differentiator for customers, this
objective is seen as particularly important.
Pricing is another area where risk management
can have a material impact. The disciplines
embodied in economic capital have helped
leading fi rms to set appropriate pricing,
leading to better, and more profi table,
products. ‘You can test to what extent clients
are prepared to pay more for products that
they like. You can also begin to strip away
features which add little value in customers’
eyes but which reduce your margins’, says
Koos Timmermans, Deputy Chief Risk Offi cer
and a member of the main board of ING Group.
7
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
The effective identifi cation and pricing of
risks can be another source of competitive
advantage, says Tham Ming Soong, Head of
Risk Management at Singapore’s United
Overseas Bank. ‘This is true regardless of
markets and the line of business’, he says.
Product development is yet another area
where risk management can add value. For
example, risk managers have helped to
devise and create some of today’s most
successful credit derivatives, says Richard
Evans, Deputy Chief Risk Offi cer at Deutsche
Bank. Such instruments are designed to
provide a way for institutions to generate
liquidity while laying off risk.
Building value continued
8
Benefi ts package
In what ways, if any, does effective risk management confer competitive advantage on your organisation? (% of respondents)
We have a better reputation among customers 48%We have a better relationship with regulators 45%We have better and timelier data on our internal performance 45%We are able to improve returns relative to the risks taken 42%We have a better reputation with analysts and rating agencies 38%Our selection of customers has improved 33%We have a better reputation with shareholders 31%We have better and timelier data on our markets 31%Our pricing is more competitive 26%We have freed up more capital for investment in our business 26%We are better at attracting and retaining talent 23%We have reduced the cost of risk management 20%We have a better reputation with employees 19%We have better relationships within the communities in which we operate 18%None of the above 1%Other, please specify 0%
Source: PricewaterhouseCoopers/EIU survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Up to the challenge?
If some institutions are already focused on creating value,
many others still have a long way to go. A better relationship
with customers comes top when respondents in Asia are asked how risk management
confers competitive advantages on their organisations, but it is
only just ahead of better relationships with regulators.
Indeed, the fact that better relationships with
regulators ranks above improving returns
relative to the risks taken, bettering talent
management and enhancing data as a source
of competitive advantage, suggests that
success for risk managers is still defi ned
in terms of regulatory risk and compliance,
rather than the needs of the business.
Interestingly, when asked how risk
management confers competitive advantage
on their organisations, respondents from
emerging economies in Asia are more likely
than respondents in developed ones to
point to improvements in their selection of
customers and more competitive pricing.
This may be because, at the outset, basic
risk management tools can make a big
difference to an institution’s profi tability.
But, like the law of diminishing returns,
incremental gains become harder to deliver
as the system, and the market in which it
operates, become more refi ned.
The survey indicates that Asian risk managers
are not formally involved in many key
business processes. Only a quarter of
respondents say that they include a
structured assessment of risk in process
and performance improvements, such as
offshoring and outsourcing, and a similar
number involves risk formally in planning
M&A. Even the development of strategy
often lacks the formal involvement of risk
managers, with only 50% of respondents
saying that they conducted a structured
risk assessment in this area. In general,
involvement of risk managers in tactical
business processes, such as pricing and
capital allocation, tends to be greater among
developed Asian countries than in the
region’s emerging economies.
It is noteworthy, too, that when asked how
well their organisations manage certain risks,
respondents to our survey are most confi dent
in their ability to deal with the traditional (and
usually quantifi able) risks associated with
banking and fi nancial services, such as credit
and market risk. This is to be expected, even
if some institutions – especially those in
emerging markets – may overestimate their
ability to manage such risks.
The areas where they feel less confi dent are
around risks that are more diffi cult to quantify,
such as operational risk and reputational risk.
Operational risk is a particular bugbear for
many banks, which have had to move quickly
to bring their data into line with Basel II. Even
for banks like Australia’s Westpac, which
has long used a measure of operational risk
as part of its economic capital framework,
the hurdles have been high. ‘Being able to
reconcile your internal data is a positive step
but it is likely to give you input on probably
only one portion of the loss spectrum you
desire,’ says Daryl Newton, head of the
bank’s Basel programme. ‘To get a complete
picture, you have to use external data and
combine it with your own loss and scenario
data.’
9
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Up to the challenge? continued
As institutions chase growth by expanding
into new markets, anxieties about the quality
of data mount (see box on Standard
Chartered in China). Adding to the pressure
is the blurring between credit and market
risk, says Nell Cady-Kruse, Head of Risk
Management in Asia for Credit Suisse.
Because of this, fi rms need to take a wider
view of the hazards involved. ‘More and
more, we fi nd that we need to seek overall
guidance from the chief risk offi cer, and not
just go to the heads of credit or market risk
individually’, she says. ‘We need to think
about risk more strategically and not
segregate between credit and market risk -
there are many deals and trades that combine
elements of both.’
10
Limited infl uence
In which of the following business processes does your organisation include a structured assessment of risk? (% of respondents)
New product development/approval 73%Compliance 57%Allocation of capital to lines of business 51%Strategy development 50%Budgeting and fi nancial reporting 41%Entering new geographical markets 40%Customer selection and acceptance 38%Data management and governance 38%Setting prices 36%Process and performance improvement (offshoring, outsourcing) 24%Merger and acquisition acvtivity 23%Forming alliances and partnerships 22%Assessment of business unit performance 22%Recruitment and retention policies 18%Setting compensation policies 15%Pension scheme funding 3%Other 1%None of the above 0%
Source: PricewaterhouseCoopers/EIU survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Up to the challenge? continued
Doing business in China is a double-edged
sword. On the one hand, it offers the rewards
associated with investing in an economy
that could be the world’s largest within the
next 25 years. At the same time, Chinese
standards of corporate governance and
regulation are evolving very quickly as the
economy has opened up to foreign
investment following its WTO entry. Avoiding
the pitfalls while adding value through
innovative risk management is a diffi cult
balancing act.
The potential of the country has attracted
huge foreign investment in recent years,
led by fi nancial institutions, which both
fi nance and reap the benefi ts of China’s
growth. One such institution is Standard
Chartered, the British-based bank, which
has more than 2,200 staff in 12 branches,
eight sub-branches and three representative
offi ces on the Chinese mainland.
Standard Chartered has been operating
in the country since 1858, when it opened
a branch in Shanghai, giving it an advantage
over many of its competitors. It has committed
to rapid expansion in the country to
consolidate its position among the
market leaders.
Standard Chartered can draw on its
experience in emerging markets around
the world to feed into its risk management
planning in any one country. ‘One of our
key advantages is a unique network built
up from our presence in Asia, Africa and
the Middle East’, explains David Godwin,
Head of Client Relationships for Standard
Chartered’s Chinese operations. ‘We put
a lot of effort into using the power of this
network. There is a strong teamwork culture
in the bank, with all the country operations
sharing resources and information.’
This approach helps to increase effi ciency
and reduce duplication, but the bank also
recognises the importance of supplementing
this with data gathered on the ground.
To this end, it assesses separately the risks
associated with China, such as politics,
regulation and trade relations. In assessing
credit risk, Standard Chartered applies
similar techniques to those it uses
anywhere. This entails a bottom-up
approach, which means that each country
applies different criteria. ‘We stay very close
to our customers and watch the cash cycle
carefully’, says Mr Godwin. ‘We don’t just
dish out working capital. In the case of
SMEs (small and medium-sized enterprises),
we like to grow with the company. This is
both profi table and a good way to manage
risk.’ The local risk function in China will
then report to a regional division, which,
in turn, reports to the bank’s wholesale risk
function and fi nally to the executive board,
which meets in London.
The bottom-up approach will become even
more relevant as the Chinese consumer
market opens up in 2007. Until now, foreign
banks have only been allowed to lend to
foreigners living in China or through joint
ventures with local fi nancial institutions.
Standard Chartered applied at the end of
2006 to set up a locally incorporated
subsidiary that will allow it to compete in the
domestic loans, mortgages and credit card
businesses. The risks are huge, but for
banks with in-depth experience of emerging
markets, so are the potential rewards.
Case study: Standard Chartered in China
11
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Shared responsibilities
Enabling the risk management function to shift gears and
contribute greater value to the business is no easy task.
For anything to happen, senior management has to be fully
engaged. What matters most, says Raj Singh, Chief Risk Offi cer
of Allianz, is that an institution’s directors are committed to
proactive risk management and that its value to the group as a
whole is recognised.
According to Chng Sok Hui, Managing
Director and Head of Group Risk at DBS
Bank, responsibilities need to be clearly
assigned to risk-takers and risk controllers
alike, within a bank’s corporate governance
framework. ‘The process has to be an
intrinsic part of doing business, as well as
being aligned with the incentive structure
of the fi rm’, she says.
Every organisation is different; and one size
does not fi t all. Yet more and more institutions
are moving towards a system that makes
individual businesses more accountable for
the risks they run. ‘At DBS, we have individual
risk managers within the various lines of
business to work with business heads to
identify and manage their risk profi les and to
implement appropriate controls. We assess
the model from time to time to ensure that it
remains effective as the business grows and
evolves’, explains Ms Chng.
Setting the risk appetite of individual
businesses is a crucial step in this process.
Not only does this determine at the outset
the parameters within which each business
is expected to operate, it also reinforces the
role of the risk manager. Indeed, no fewer
than 60% of respondents said their
organisation would need to defi ne its risk
appetite more clearly for risk managers to
add more value to the business.
‘One of the most critical functions of the risk
governance process is ensuring a proper
communication of risk tolerance levels’,
says Ms Chng. ‘DBS has implemented
an integrated risk framework to give greater
clarity, focus and consistency across different
areas in the governance of risk. Under this
framework, aggregate limits guide risk-taking
within the group.’
As well as defi ning risk appetite more clearly,
survey respondents also point to the need
to see risk management as a more strategic
function, if its potential to create value is to
be released. Indeed, this is seen as the most
important change required, cited by 72%
of respondents.
Even when directors of fi nancial institutions
insist on risk managers having their say, often
too little attention is paid to embedding risk
managers in the individual businesses. This
makes it harder to get to grips with the
intricacies of the business; it also slows down
the speed with which risk offi cers can respond.
Respondents to our survey seem to
agree. When asked how their organisation’s
attitude to risk and risk management should
change for it to add greater value to the
business, 65% of respondents pointed
to the need to embed risk managers and
their risk management processes into
individual businesses.
12
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Show me the way
As important as embedding risk managers within the business units and local
territories, is the need to have a coherent central approach to risk. At UOB, for example,
risk management is not the sole responsibility of risk managers.
It is the joint responsibility of both the business and the
infrastructure support units, says Mr Tham. ‘While senior
management provides strategic leadership, tactical leadership is
provided by the risk management sector.’
RBS Group – which has a 10% stake in Bank
of China, the mainland’s second-largest
lender – appoints a risk offi cer for each
operating division of the Group. Although they
are embedded in the business, each manager
operates ‘under licence’ to the Group’s chief
risk offi cer, says Richard Gossage, the bank’s
former Group Chief Risk Offi cer. So senior
risk offi cers may report to the head of the
division in which they operate, but are
functionally responsible to the Group’s chief
risk offi cer.
This can be vital in helping to maintain a
sense of cohesion on risks encountered by
separate (and often competing) divisions of
a multifaceted institution. At Deutsche Bank,
for instance, risk offi cers are more than just
devil’s advocates – they are ‘representatives
of the group’s top-down perspective’, says
Mr Evans. Indeed, there is much to be said,
he says, for a function that is intimately
involved in the day-to-day running of the
business, but which identifi es closely with
the Group’s overall franchise.
According to Dr Ruin, of RHB Bank, effective
risk management requires a combination of
two approaches. From the top comes the
necessary budget and commitment of senior
managers; from below comes the involvement
of managers within the various business units.
He believes that successful risk management
requires a dedicated and robust framework,
which is constructed at the centre. Without
this, he says, there is always a risk that
models will not be implemented and aims
will be missed.
Sean Ringsted, Chief Actuary of the ACE
Group, an international insurer, and chair of
the company’s Risk Committee, believes that
the one of the key benefi ts of effective
enterprise risk management is the ability to
look at threats to an organisation holistically,
be they from outside or from within. ‘It joins
up the dots between the inevitable silos of
exposure across the company. Once you
aggregate the exposure across the balance
sheet and other sources to threats such as
catastrophes and credit defaults, you have a
much more complete understanding of those
threats to your organisation’, he says.
13
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Forward in step
If effective risk management requires the function to have a
foot in all camps, straddling business units and Group, local
territories and headquarters, then it is also imperative that
these various groups are well coordinated. That, at any rate, is the theory. In practice,
it does not always happen. Few survey respondents believe
that the risk management function and the individual
business units are highly integrated; indeed, many think
that risk managers at the centre fail to communicate adequately
with their local counterparts.
Clear process provides one solution to this
problem of coordination. But more important
still – and the foundation of successful risk
management in general – is the need to
instil a culture of risk management and
governance, which crosses functional as
well as geographical boundaries.
Ensuring that fi rms and their employees
demonstrate the effectiveness of their internal
controls goes only so far, says Seiichi Hara,
a partner of PricewaterhouseCoopers, Japan
(Tokyo offi ce). Institutions must also focus
on leadership and the need to reinforce
accountability at every level of
the organisation.
With concerns over corporate responsibility
on the rise, institutions will need to pay even
more attention to standards of governance.
As Sir John Bond, Chairman of Vodafone and
a former head of HSBC Holdings, once said:
‘It used to take years of dedicated bad
management to destroy a company. Now it
can be done almost overnight.’ This, more
than anything else, should persuade risk
managers to look beyond relationships with
the regulator as a yardstick of success.
14
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
The Economist Intelligence Unit and PricewaterhouseCoopers conducted a special online survey of senior executives in fi nancial institutions on the subject of risk management. Executives from over 420 institutions worldwide participated, of which 117 were from Asia. The survey was conducted during December 2006 and January 2007.Our thanks are due to all those who participated for sharing their insights with us.
Please note that totals do not always
add up to 100 because of rounding,
or because respondents could choose
more than one answer.
Appendix: Survey results
15
41
4149
43
1
11
1
12
13
14
14
30
16
18
16
16
46
11
8
8
19
41
37
37
44
34
39
24
15
17
43
23
22
2
22
24
9
3
7
7
6
0 20 40 60 80 100%
Communicating key risks to the executive team
Identifying new and emerging risks
Communicating key risks to investors
Ensuring regulatory compliance
Classifying types of risks
Maximising loss avoidance
Enabling line-of-business managers to make better business decisions
Assisting management on a day-to-day basis with business/strategic decision-making
Measuring and monitoring risk
Setting the organisation’s risk appetite
Monitoring the organisation’s risk appetite
Enabling more efficient capital allocation
Instilling a culture of risk awareness throughout the organisation
Other, please specify
Americas Asia Europe
1. What, in your judgement, are the most important objectives of the risk management function? Select no more than three objectives.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
16
28 33 23 12 422 44 18 10 5
20 49 20 8 3
12 33 38 12 5 17 35 38 16 3 2
4 42 34 15 25
10 20 30 15 5 204 26 37 10 7 155 21 42 12 201
31 36 15 6 4 726 43 16 10 2 3
20 39 24 7 83
15 40 26 12 6 114 37 37 9 2 215 34 37 12 12
9 31 36 15 2 77 34 31 20 3 6
5 42 35 12 32
9 28 30 22 10 18 35 28 24 1 311 29 37 17 24
22 28 25 20 518 36 34 10 219 46 26 5 4
9 23 34 19 4 118 23 38 22 2 89 28 31 20 84
12 28 33 16 7 49 26 33 22 3 78 34 35 15 25
8 28 25 20 7 128 22 32 22 6 109 26 38 11 78
15 25 30 23 5 19 30 40 15 5 19 41 26 18 24
10 30 30 21 5 46 29 42 19 3
8 33 37 13 36
0 20 40 60 80 100%
Communicating key risks to the senior executive team
Identifying new and emerging risks
Communicating key risks to investors
Ensuring regulatory compliance
Classifying types of risk
Maximising loss avoidance
Enabling line-of-business managers to make better business decisions
Assisting management on a day-to-day basis with business/strategic decision-making
Measuring and monitoring risk
Setting the organisation’s risk appetite
Monitoring the organisation’s risk appetite
Enabling more efficient capital allocation
Instilling a culture of risk awareness throughout the organisation
AmericasAsia
Europe
Verysuccessfully
1 2 3 4
Not successfully
5
Notwithinscope
2. How effectively do you think your organisation’s risk management function performs the following tasks? Rate each on a scale of 1 to 5, where 1 = Very successfully and 5 = Not at all successfully, or indicate if the task is not within the scope of your risk management function.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
17
0 20 40 60 80 100%
Decrease in investment
No change in investment
0-5% increase
5-10% increase
10-15% increase
15-25% increase
More than 25% increase
Don’t know
Americas Asia Europe
19
19
10
1
18
13
1515
11
0
17
16
6
68
8
24
20
20
25
9
9
3
7
3. On average, what change in levels of investment in risk management-related resources (i.e. people, technology and data) has your institution made annually over the past three years?
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
0 20 40 60 80 100%
Substantially more value
Slightly more value
No more value
Slightly less value
Substantially less value
Don’t know
Americas Asia Europe
41
41
31
32
13
13
1
11
0
0
4
3
9
9
47
47
7
4. Does the risk management function at your organisation add more value to the business now than it did three years ago?
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
18
0 20 40 60 80 100%
We have a better reputation among customers
We have freed up more capital for investment in our business
Our selection of customers has improved
We are better at attracting and retaining talent
We have better and timelier data on our internal performance
We have better and timelier data on our markets
We have a better reputation with analysts and rating agencies
Our pricing is more competitive
We have reduced the cost of risk management
We have a better reputation with shareholders
We have a better reputation with employees
We have a better relationship with regulators
We are able to improve returns relative to the risks taken
We have better relationships within the communities in which we operate
None of the above
Other, please specify
Americas Asia Europe
28
48
48
45
45
45
13
1
31
31
31
26
23
2317
44
3
33
24
0
18
18
57
32
3447
47
19
15
45
58
15
38
2
2
1621
6
8
24
20
20
4242
26
29
35
39
5. In what ways, if any, does effective risk management confer competitive advantage on your organisation? Select all that apply.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
19
0 20 40 60 80 100%
Regulatory pressures
Increased levels of geopolitical risk
Threat of terrorist activity
Macroeconomic volatility
Financial market volatility
Changes in reporting standards
Levels of customer satisfaction and/or churn
Increased levels of IT security risk
Losses at our own institution
Increased focus on risk management on the part of senior management and the board
Governance scandals affecting other financial institutions or major corporates
Increased offshoring activities leading to greater emphasis on business continuity, etc.
Demands for corporate transparency and accountability
Increased stakeholder focus on risk management practices
Aim of increasing value of risk management to the business
Increased focus on risks pertaining to people and behaviour
Focus on cost reduction and efficiency
Securing competitive advantage over competitors
Focus on social responsibility programmes
Other, please specify
Americas
Asia
Europe
16
49
6666
23
21
2828
1818
10
4341
1
1
44
4
4
12
12
5
5
5
57
7
14
14
14
67
13
13
13
13
13
13
3
3
3
15
15
15
15
2
2
2
2
2
9
9
9
9
6
6
6
8
8
19
19
6. What have been the major drivers of change in your organisation’s risk management priorities over the past three years? Select the three most important drivers of change.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
20
57
18
18
18
4
4
4
15
15
58
1
1
1
25
19
34
24
24
17
17
17
8
8
8
13
13
13
3330
30
9
9
9
9
51
7
7
7
7
7
22
29
12
12
11
6
6
31
31
5
5
5
16
14
14
23
3
3
0 20 40 60 80 100%
Regulatory pressures
Increased levels of geopolitical risk
Threat of terrorist activity
Macroeconomic volatility
Financial market volatility
Changes in reporting standards
Levels of customer satisfaction and/or churn
Increased levels of IT security risk
Losses at our own institution
Increased focus on risk management on the part of senior management and the board
Governance scandals affecting other financial institutions or major corporates
Increased offshoring activities leading to greater emphasis on business continuity, etc.
Demands for corporate transparency and accountability
Increased stakeholder focus on risk management practices
Aim of increasing value of risk management to the business
Increased focus on risks pertaining to people and behaviour
Focus on cost reduction and efficiency
Securing competitive advantage over competitors
Focus on social responsibility programmes
Other, please specify
Americas
Asia
Europe
7. What do you think will be the major drivers of change in your organisation’s risk management priorities over the next three years? Select the three most important drivers of change.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
21
0 20 40 60 80 100%
Credit risk
Market risk
Operational risk
Regulatory risk
Business/strategic risk
Reputational risk
Interest rate risk/ALM
Liquidity risk
Customer-related risk (selection, acceptance)
Tax risk
Legal risk
Business continuity risk
Sovereign/political risk
Third-party risk (outsourcing service providers, suppliers, etc.)
HR/people risk (talent recruitment and retention, etc.)
Environmental risk
IT/technology risk
3225
23
2628
38
2222
161
9
79
131615
2824
20
3035
29
2425
29 4
77
129
18
2117
14
3641
29
3326
3812
722
1318
1619
12
3230
21
3130
36 8
4 17 1
1614
24
171716
3438
32
3329
33 3
2 13
1312
16
2327
20
2925
35
2924
301
8 1
5 15
1317
7
1414
5
2228
19
3223
30 14 3
10 211
2024
28
711
5
1622
17
3423
301
2
3214
10 130
1430
577
3328
24
3233
27 311
8 110 3
2120
27
23
2
810
8
2528
23 427
25 222 5
3730
36
48
3
1916
15
3135
312
16 2
9 113
3626
33
77
5
1720
14
3534
31 14 1
1114 4
3021
36
107
3
1015
12
2120
226
3
2421
34 131
3030
434
212422
3034
29 11 2
16 112 4
2922
32
1311
7
2932
34
3436
31 6 1
4 17 2
1912
22
41
6
88
6
1732
16 36 2
41 623 9
2428
33
1211
7
3637
33
3332
35 5
6 18 1
131121
AmericasAsia
Europe
Verythreatening
1 2 3 4
Not threatening
5Don’tknow
8. Which of the following types of risk are the most threatening to your organisation’s earnings? Rate on a scale of 1 to 5, where 1 = Very threatening and 5 = Not at all threatening.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
22
0 20 40 60 80 100%
Credit risk
Market risk
Operational risk
Regulatory risk
Business/strategic risk
Reputational risk
Interest rate risk/ALM
Liquidity risk
Customer-related risk (selection, acceptance)
Tax risk
Legal risk
Business continuity risk
Sovereign/political risk
Third-party risk (outsourcing service providers, suppliers, etc.)
HR/people risk (talent recruitment and retention, etc.)
Environmental risk
IT/technology risk
3018
27
3847
44
1922
202
4
464
37
5
1920
24
4645
49
2124
16 12
322 3
869
99
7
3136
38
4440
40 2 1
154
111012
2017
11
3838
39
3131
34 2 2
3 12 3
710
11
129
5
2829
36
4139
43 2
1146
1612
14
201113
3641
31
3233
372
2
112
1012
17
249
15
3441
39
2532
27 5 8
4 43 6
99
6
3216
20
3343
34
2526
3252
72
129
39
139
6
3228
32
414543 42
1 33 4
111012
1813
11
2730
29
3432
33 83
4 95 8
712
15
18811
404639
3034
281
2 3
4 21
710
16
146
11
333932
3729
38 1 2
3 14 3
1319
17
14109
2222
21
2640
2611
19
145
4 1911618
54
2
2625
22
4544
46 5 3
1 84 5
1418
22
543
2117
21
4037
42 6 2
7 49 3
2330
25
857
2017
18
3332
32 8 16
3 2210 17
1419
18
76
2
232432
444439 24
2 24 2
222021
AmericasAsia
Europe
Veryeffectively
1 2 3 4
Not effectively
5Not
managed
9. How effectively do you think your organisation manages the following types of risk? Rate on a scale of 1 to 5, where 1 = Very effectively and 5 = Not at all effectively, or indicate if the risk is not managed at all.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
23
18
20
52
43
45
4760
72
44
3131
49
57
65
62
6565
23
35
22
51
31
43
0 20 40 60 80 100%
We would need to change the metrics by which risk managers are judged
We would need to change the metrics by which business units are judged
We would need to define our risk appetite more clearly
We would need to see risk management as a more strategic function
We would need to be less focused on compliance
We would need to embed risk management processes and people more deeply into the lines of business
We would need to be less focused on downside risks and more on upside risks/opportunities
We would need more effective cross-functional coordination
Americas Asia Europe
24
10. How would your organisation’s attitude to risk and risk management need to change in order for the function to add greater value to the business, in your view? Select all that apply.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
24
50
50
73
48
48
40
51
3423
36
18
15
25
35
31
2
46
66
49
41
41
16
12
12
2222
22
0
1
45
62
39
30
43
43
33
24
24
3838
38
32
14
14
29
42
5757
27
7
3
3
3
5
0 20 40 60 80 100%
Strategy development
New product development/approval
Entering new geographical markets
Budgeting and financial reporting
Allocation of capital to lines of business
Merger and acquisition activity
Forming alliances and partnerships
Customer selection and acceptance
Setting prices
Recruitment and retention policies
Setting compensation policies
Process and performance improvement (i.e. offshoring, outsourcing)
Data management and governance
Compliance
Assessment of business unit performance
Pension scheme funding
None of the above
Other, please specify
Americas Asia Europe
11. In which of the following business processes does your organisation include a structured assessment of risk? Select all that apply.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
25
0 20 40 60 80 100%
Strategy development
New product development/approval
Entering new geographical markets
Budgeting and financial reporting
Allocation of capital to lines of business
Merger and acquisition activity
Forming alliances and partnerships
Customer selection and acceptance
Setting prices
Recruitment and retention policies
Setting compensation policies
Process and performance improvement (i.e. offshoring, outsourcing)
Data management and governance
Compliance
Assessment of business unit performance
Pension scheme funding
Veryinfluential
Somewhatinfluential
Not influential
Notapplicable
AmericasAsia
Europe
2330
21
4652
54
2216
21
93
5
2837
29
4248
42
2111
22
93
6
2029
20
3140
37
3316
25
1516
18
1726
23
3541
49
342721
1467
2631
26
3337
40
2622
24
151010
1519
16
3643
33
2416
25
2522
26
812
5
2531
24
4945
57
1912
15
713
8
1926
26
5448
53
211313
101113
3653
43
3427
32
209
12
141615
3745
36
3026
32
1913
17
1719
17
2343
38
4327
29
1711
15
1217
11
3039
39
3832
37
2012
13
171514
3763
55
3317
25
1356
3941
32
3642
46
1411
17
1265
132321
363845
373126
1478
743
1521
16
3830
42
4144
39
12. How infl uential is your organisation’s chief risk offi cer (or equivalent) in the following activities and decisions?
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
26
0 20 40 60 80 100%
Risk-based capital measure
Data on reputation for risk management among key stakeholders (i.e. customer satisfaction surveys/comments from ratings agencies, etc.)
Earnings volatility against a predefined benchmark
Client complaints/litigation
Losses against a predefined benchmark
Credit quality distribution
Data on contribution of risk management to increased shareholder value
By country By businessunit
By product By customersegment
AmericasAsia
Europe
1924
19
434347
222021
161313
1527
22
5443
42
1416
17
1814
19
1516
14
5353
50
2122
23
108
13
1320
15
5140
45
151918
212122
1419
15
5150
46
2320
29
121110
1718
20
4140
36
2121
22
212122
1820
17
5254
52
2015
17
101115
13. Which of the following types of risk-related data are routinely circulated within your organisation? Select all that apply.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
27
0 20 40 60 80 100%
Risk-based capital measure
Data on reputation for risk management among key stakeholders (i.e. customer satisfaction surveys/comments from ratings agencies, etc.)
Earnings volatility against a predefined benchmark
Client complaints/litigation
Losses against a predefined benchmark
Credit quality distribution
Data on contribution of risk management to increased shareholder value
AmericasAsia
Europe
30 31 11 8 18226 29 19 4 3 18
32 33 12 2 2 20
7 29 28 11 3 2215 29 29 5 2 20
8 24 25 12 292
16 32 24 10 1 1725 36 24 1 3 12
10 30 29 7 231
3 26 33 17 4 1718 32 31 7 1 12
12 21 22 19 214
16 34 22 11 2 1424 30 28 4 2 12
15 34 24 8 191
27 39 14 9 1 1027 34 21 8 3 728 32 18 5 142
9 22 21 11 4 3216 24 22 5 294
6 17 21 10 406
Extremelyuseful
1 2 3 4
Not useful
5Not
used
14. How useful are the following types of risk-related data as tools for managing the business? Rate on a scale of 1 to 5, where 1 = Extremely useful and 5 = Not at all useful, or indicate if your organisation does not use these measures.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
28
0 20 40 60 80 100%
Greater profitability for individual lines of business
More efficient allocation of capital to lines of business
More appropriate pricing levels
More appropriate remuneration packages for senior executives
Satisfying regulatory requirements (e.g. capital adequacy)
Greater understanding of risk on part of business units
Clearer reporting and disclosure to shareholders
Veryeffective Effective
Neithereffective norineffective Ineffective
Veryineffective
Don’tknow
AmericasAsia
Europe
11 35 28 6 2015 40 26 2 3 13
5 49 23 6 16
18 42 18 5 1813 53 16 4 2 1114 45 16 9 16
10 34 31 8 1 169 36 30 10 3 12
8 38 25 8 21
4 27 30 10 3 266 33 27 13 1 20
1 22 32 14 302
19 41 22 11 1623 47 17 5 1 6
20 42 17 164
18 43 16 5 3 1724 44 16 5 3 7
14 54 17 4 12
10 29 36 5 2013 49 18 5 122
8 47 24 4 161
15. If your organisation assesses its performance on a measure of risk-based capital, please rate how effective it is at meeting the following objectives.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
29
0 20 40 60 80 100%
Credit risk
Market risk
Operational risk
Regulatory risk
Business/strategic risk
Reputational risk
Interest rate risk/ALM
Liquidity risk
Governance risk
Customer-related risk (selection, acceptance, etc.)
Tax risk
Legal risk
Business continuity risk
Sovereign/political risk
Third-party risk (outsourcing service providers, suppliers, etc.)
HR/people risk (recruitment and retention of talent, etc.)
Environmental risk
IT/technology risk
Central riskmanagement
functionBusiness
unit headsFinancefunction
Otherfunction Don’t know
AmericasAsia
Europe
65 16 12 5 266 24 9 11
58 18 15 7 4
53 30 11 5 154 33 10 22
50 31 13 3 3
59 28 5 6 249 39 4 6 249 38 4 7 3
48 13 11 25 250 26 6 314
46 25 6 19 4
31 44 4 17 541 42 5 10 3
28 50 5 12 5
31 34 2 24 951 26 5 216
33 34 1 23 9
30 21 31 11 742 19 30 5 3
33 13 43 6 5
31 25 31 8 543 19 30 35
28 14 44 7 7
40 19 6 29 646 24 6 18 5
38 15 7 28 13
18 58 1 14 921 61 3 41021 57 4 9 9
12 14 43 23 819 14 57 37
16 7 53 15 9
21 17 5 53 543 19 10 226
23 15 3 54 6
40 27 1 26 647 23 7 518
35 27 3 26 9
36 23 2 17 2350 20 3 1612
37 13 1 25 23
18 34 2 31 1428 38 5 82126 28 7 24 15
8 34 48 917 40 4 534
12 27 2 46 12
12 19 2 35 3131 23 4 2517
25 12 1 30 32
16 26 3 48 732 28 8 329
20 24 50 6
16. Please indicate who has strategic responsibility (e.g. setting policy and governance structures) for the following specifi c types of risk at your organisation. Note: The central risk management function includes business risk management teams if they report to central risk management. Business unit heads includes business risk management teams if they report to business unit heads. The fi nance function includes business risk management teams if they report to fi nance.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
30
Central riskmanagement
functionBusiness
unit headsFinancefunction
Otherfunction Don’t know
AmericasAsia
Europe
Credit risk
Market risk
Operational risk
Regulatory risk
Business/strategic risk
Reputational risk
Interest rate risk/ALM
Liquidity risk
Governance risk
Customer-related risk (selection, acceptance, etc.)
Tax risk
Legal risk
Business continuity risk
Sovereign/political risk
Third-party risk (outsourcing service providers, suppliers, etc.)
HR/people risk (recruitment and retention of talent, etc.)
Environmental risk
IT/technology risk
0 20 40 60 80 100%
35 49 11 2 244 41 10 23
37 41 13 4 4
31 50 14 5 139 48 10 22
30 46 14 6 4
21 70 5 4 134 55 3 6 2
30 54 4 7 6
24 42 10 22 237 41 6 313
33 40 7 16 4
18 61 2 15 526 60 2 7 5
19 62 2 10 7
14 60 1 17 937 44 2 314
22 49 1 20 9
16 36 33 9 633 26 31 5 4
21 20 44 10 4
20 35 31 8 632 26 31 37
19 24 42 10 5
22 43 5 22 841 32 6 17 3
28 26 7 29 10
11 67 2 12 917 70 3 46
15 62 1 14 8
8 27 36 21 714 21 53 66
11 14 51 16 8
14 35 5 40 536 28 13 320
15 26 4 49 5
16 50 2 26 633 42 5 515
21 42 4 24 9
23 40 3 15 1947 23 3 1412
33 24 1 20 22
11 49 3 25 1223 43 6 1019
12 42 4 28 13
3 48 40 919 38 4 533
7 38 1 43 11
5 31 2 32 3024 30 7 2316
19 20 32 28
9 36 2 47 724 34 9 429
14 30 49 7
17. Please indicate who has operational responsibility (i.e. execution of policy) for the following specifi c types of risk at your organisation. Note: The central risk management function includes business risk management teams if they report to central risk management. Business unit heads includes business risk management teams if they report to business unit heads. The fi nance function includes business risk management teams if they report to fi nance.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
0 20 40 60 80 100%
Risk management function and compliance function
Risk management function and finance function
Risk management function and the HR function
Risk management function and the senior executive team
Risk management function and individual business units
Central risk management function and regional/country risk management functions
Central risk management function and business unit risk management functions
AmericasAsia
Europe
3032
23
2326
33
1825
223
9 2
6137
108
11
1423
16
2829
31
2828
33 9
698 1
151110
3 149
3
2812
9
25 2228
213
23219
928
34
2322
24
4039
40
1223
25 21
9 43 3
119
8
1415
11
4130
43
2236
35 11
9 43 3
1113
9
2022
19
2623
28
1725
2517
6 14
7 183
119
8
2422
21
3625
31
1035
327
3 5
9 94
117
8
Highlyintegrated
1 2 3 4
Poorlyintegrated
5Don’tknow
18. How effectively integrated are the following functions and departments in your organisation? Rate on a scale of 1 to 5, where 1 = Highly integrated and 5 = Poorly integrated.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer.Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
Appendix: Survey results continued
31
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
0 20 40 60 80 100%
Risk appetite is clearly defined and drives decision-making cross-functionally
Risk and control assessments across the organisation share common risk definitions, frameworks, methodologies and risk rating scales
Monitoring and testing activities are formally defined, coordinated and leveraged cross-functionally
Risk management processes and technology are effectively and efficiently integrated across the enterprise
Our organisation has an integrated governance, risk and compliance programme
An awareness of risk is pervasive in our organisation
The recent focus on regulations such as Basel II and Sarbanes-Oxley has made our organisation too risk-averse
Recent regulations on risk management are more of a compliance burden than a contributor to business value
Senior management recognise that the most important elements of risk management are the attitudes, competencies and behaviour of people
in the organisation
There is an appropriate balance between risk and opportunity in our organisation’s business decisions
We spend too little money on risk management
Stronglyagree Agree
Neither agree nor disagree Disagree
Stronglydisagree
AmericasAsia
Europe
11 44 20 17 820 39 26 12 3
16 40 21 22 2
18 39 19 19 524 40 21 14 2
23 43 20 11 2
12 39 25 19 520 36 32 10 2
9 43 31 13 3
7 34 26 27 614 33 31 18 3
7 44 26 21 2
16 33 23 20 715 45 24 14 3
12 35 29 21 3
23 34 23 13 716 44 30 10 1
13 48 30 8 2
4 12 38 36 99 26 31 28 6
4 18 28 42 8
20 33 21 23 316 32 34 14 4
8 37 25 28 3
28 36 17 12 722 54 16 8 1
13 52 20 15
9 41 25 21 413 42 30 10 4
8 55 22 15
18 22 31 22 715 20 31 25 9
14 29 32 20 5
19. Please indicate whether you agree or disagree with the following statements about risk management at your organisation.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
32
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
33
28
5
31
3
0 20 40 60 80 100%
Americas
Asia (excluding Australia & New Zealand)
Australia/New Zealand
Europe
Middle East & Africa
In which region are you personally based?
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
0 20 40 60 80 100%
Board member
CEO/President/Managing Director
CFO/Treasurer/Comptroller
CRO/Chief risk officer
CIO/Technology director
Other C-level executive
SVP/VP/Director
Head of business unit
Head of department
Manager
Other
Americas Asia Europe
1
11
1
55
7
7
10
6
6
8
6
60
31
15
14
20
19
19
11
2
2
34
0
0
0
0
0
18
9
9
What is your title?
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
33
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Appendix: Survey results continued
0 20 40 60 80 100%
Customer service
Finance
General management
Human resources
Information and research
IT
Legal
Marketing and sales
Operations and production
Procurement
Risk
R&D
Supply-chain management
Strategy and business development
Other
Americas Asia Europe
1
1
1
5
5
5
5
5
7
7
6
66
1520
20
11
2
2
2
2
2
2
33
33
4
4
4
00
9
9
9
73
17
16
16
6965
2121
25
8
What are your main functional roles? Please choose no more than three functions.
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
0 20 40 60 80 100%
Asset management/Custodian
Bancassurance
Broker-dealer
Capital markets
Central bank/Regulator
Corporate banking
Credit card issuer/services
Financial services consulting
Hedge fund
Investment banking
Life insurance
Non-life insurance
Wealth management
Private equity/Venture capital
Trading
Real estate/Leasing
Reinsurance
Retail banking
Stock exchange/Trading system
Other, please specify
Americas Asia Europe
1
1
1
1
1
1
1
1
1
1
5
5
5
5
5
17
7
7
7
6
6
2911
11
2
2
2
2
2
22
2
3
3
3
3
3
3
13
13
14
14
4
4
4
4
4
0
0
0
0
0
0
9
9
12
8
8
8
8
In what area of fi nancial services do you personally work?
Please note that totals do not always add up to 100 because of rounding, or because respondents could choose more than one answer. Source: PricewaterhouseCoopers/Economist Intelligence Unit survey, January 2007
34
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Contacts
35
If you would like to discuss any of the issues raised in this briefi ng in more detail please speak to your usual contact at PricewaterhouseCoopers or call one of the following:
PricewaterhouseCoopers1 Editorial Board
1 PricewaterhouseCoopers refers to the global network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity2 Member of the Global Financial Services Leadership Team
Guillermo Montero Bardají34 915 684 [email protected]
Sandra Birkensleigh612 [email protected]
Christopher Box44 20 7804 [email protected]
Olivier Carré352 49 48 48 41 [email protected]
Ron Collard44 20 7212 [email protected]
Richard Stuart Collier44 20 7212 [email protected]
Allan Cuttle1 646 471 [email protected]
Rafael Ruano Díez56 2 940 [email protected]
Miles Everson1 646 471 [email protected]
Maria-Isabel Fadul33 1 56 57 81 [email protected]
Dylan Flavell61 3 8603 3002dylan.fl [email protected]
Carlo di Florio1 646 471 2275carlo.difl [email protected]
Seiichi Hara81 3 6266 [email protected]
Paul Horgan1 646 471 [email protected]
Matt Hosford852 92 72 [email protected]
Anita Mehta Iyer91 22 6669 [email protected]
Miles Kennedy44 20 7212 [email protected]
Jiri Klumpar420 251 152 [email protected]
Karen Loon65 6236 [email protected]
Monika Mars31 20 568 [email protected]
Chris Matten65 6236 [email protected]
Rosana Mazza00 54 11 4850 [email protected]
Fernando de la Mora1 646 471 [email protected]
Frank Morisano86 10 6533 [email protected]
Dominic Nixon65 6236 [email protected]
Kevin W O’Connell1 617 530 [email protected]
Steve Osei-Mensah44 20 7213 [email protected]
Neal Oswald 1 416 815 [email protected]
Tim Pagett86 10 6533 [email protected]
Stefan Palm49 69 9585 [email protected]
Jairaj Purandare91 22 6669 [email protected]
Hernán R. Pérez Raffo 54 11 4850 [email protected]
Phil Rivett2
44 20 7212 [email protected]
José Luís López Rodríguez34 91 568 44 [email protected]
Norberto Rodríguez00 54 11 4850 [email protected]
Robin Roy091 22 6669 [email protected]
Rafael Ruano Díez56 2 940 0181 [email protected]
Daniel J. Ryan 1 646 471 4212 [email protected]
Richard Smith 44 0 20 7213 [email protected]
Felix Sutter86 10 6533 [email protected]
Mark Train44 20 7804 [email protected]
Shyam Venkat1 646 471 [email protected]
Hajime Yasui81 90 6045 [email protected]
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Contacts continued
PricewaterhouseCoopers1 Global Financial Services Leadership Team
1 PricewaterhouseCoopers refers to the global network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity
Jeremy Scott
Chairman, Global Financial
Services Leadership Team
44 20 7804 2304
Benoît Catherine
33 1 56 57 12 38
Javier Casas Rúa
54 11 4850 4504
Diana L Chant
1 416 365 8207
Rahoul Chowdry
61 2 8266 2741
Ron Collard
44 20 7212 6827
Ian Dilks
44 20 7212 4658
James Flanagan
1 646 471 5220
james.f.fl [email protected]
Chris Jones
44 20 7804 2393
Colin McKay
1 646 471 5200
David Newton
44 20 7804 2039
Dominic Nixon
65 6236 3188
Tom Pirolo
1 646 471 3790
Phil Rivett
44 20 7212 4686
Marc Saluzzi
352 49 48 48 2511
Takashi Sasaki
81 90 6490 9333
Nigel J Vooght
44 20 7213 3960
Akira Yamate
81 90 1816 7737
36
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Contacts continued
Economist Intelligence Unit (EIU) 26 Red Lion Square, London WC1R 4HQ
Nigel Gibson
44 1825 791 474
Rob Mitchell
44 20 7576 8244
37
March 2007
Creating value: Effective risk management in fi nancial services – Focus on Asia
Wealth management at a crossroads: Serving today’s consumer – November 2001
Economic Capital: At the heart of managing risk and value – March 2002
Taming uncertainty: Risk management for the entire enterprise – July 2002
Risk Management Survey – A follow up to Taming uncertainty: Risk management for the entire enterprise – November 2002
The trust challenge: How the management of fi nancial institutions can lead the rebuilding of public confi dence – December 2002
Illuminating value: The business impact of IFRS – April 2003
Compliance: A gap at the heart of risk management – July 2003
Focus on restructuring: The drivers shaping the fi nancial services sector – December 2003
•
•
•
•
•
•
•
Governance: From compliance to strategic advantage – April 2004
Uncertainty tamed? The evolution of risk management in the fi nancial services industry – August 2004
From aspiration to achievement: Improving performance in the fi nancial services industry – December 2004
Focus on growth: Striking the right value balance within fi nancial services – May 2005
Offshoring in the fi nancial services industry: Risks and rewards – September 2005
Effective capital management: Economic capital as an industry standard? – December 2005
Winning the battle for growth: Building the customer-centric fi nancial institution – Focus on Asia – May 2006
Marketing reporting in Asia’s fi nancial sector: Bridging the gap between perception and reality – January 2007
•
•
•
•
•
•
•
•
PricewaterhouseCoopers Global Financial Services Briefi ng Programme
The member fi rms of the PricewaterhouseCoopers network (www.pwc.com) provide industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 140,000 people in 149 countries share their thinking, experience and solutions to develop fresh perspectives and practical advice.
The Financial Services Briefi ng Programme is produced by experts in their particular fi eld at PricewaterhouseCoopers, to address important issues affecting the fi nancial services industry. It is not intended to provide specifi c advice on any matter, nor is it intended to be comprehensive. If specifi c advice is required, or if you wish to receive further information on any matters referred to in this briefi ng, please speak to your usual contact at PricewaterhouseCoopers or those listed in this publication.
For information on the PricewaterhouseCoopers Global Financial Services Briefi ng Programme please contact Áine Bryn, Director, Head of Global Financial Services Marketing, on 44 20 7212 8839 or at [email protected]
For additional copies please contact Serene Chia at PricewaterhouseCoopers on 65 6236 3776 or at [email protected]
© 2007 PricewaterhouseCoopers. All rights reserved. ‘PricewaterhouseCoopers’ refers to the network of member fi rms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity. Designed by studio ec4 18566 (03/07)
38