En Enterp rpri rise R Risk M Management Foundations of an E - - PowerPoint PPT Presentation

en enterp rpri rise r risk m management
SMART_READER_LITE
LIVE PREVIEW

En Enterp rpri rise R Risk M Management Foundations of an E - - PowerPoint PPT Presentation

Jan 11, 2024 445 likes •708 views

En Enterp rpri rise R Risk M Management Foundations of an E nterprise R isk M anagement Program Pres esen ented ed b by Cathy S Smoy moyer Seni enior Vi Vice P e Pres eside dent t & & Chi Chief R Risk O Officer ERM

slide-1
SLIDE 1

En Enterp rpri rise R Risk M Management

slide-2
SLIDE 2

Foundations of an

Enterprise Risk Management Program

Pres esen ented ed b by Cathy S Smoy moyer Seni enior Vi Vice P e Pres eside dent t & & Chi Chief R Risk O Officer

slide-3
SLIDE 3

ERM is…

A comprehensive enterprise-wide risk framework that aligns

  • rganizational risks with risk

appetite and strategic objectives

slide-4
SLIDE 4

ERM…What it is

  • Integrates risk management throughout organization
  • Allows for informed risk decisions (avoid, reduce,

share, accept)

  • Reduces potential for surprises
  • Identifies areas of opportunity
  • Assists management to stay within boundaries set by

strategic objectives and risk appetite

  • Different for every entity – must be appropriate for

the size and complexity of the organization

slide-5
SLIDE 5

ERM…What it is NOT

  • Risk elimination process
  • Enforcement process
  • Just to comply with regulations
  • Going to stop bad things from occurring
  • Going to identify all potential risks
  • A static program or process
  • An audit function
  • Drive or run the organization

Don’t run from risk…embrace risk and make it work for you

RISK

slide-6
SLIDE 6

ERM Stages of Development

Strategic Operational Developmental

Spreadsheets and nominal technology Introduction of risk assessment software Full package ERM software with assessment, monitoring, reporting, and management modules

slide-7
SLIDE 7

Three ee Lines es o

  • f Defen

ense

First Line Business Unit

  • Serves as first line
  • f defense to

identify and address risk

  • Understands risk of

individual business lines

  • Manages processes
  • Monitors risks

within business line Second Line Risk Management

  • Responsible for

ERM architecture and framework

  • Provides credible

challenge to management Third Line Internal Audit

  • Provides

independent review of the adequacy of controls

slide-8
SLIDE 8

Risk Categories

  • Credit Risk
  • Interest Rate Risk
  • Liquidity Risk
  • Transaction Risk
  • Compliance Risk
  • Strategic Risk
  • Reputation Risk
  • Technology Risk
  • Legal Risk

K

CREDIT RISK - The risk to current or anticipated earnings or capital arising from an obligor's failure to meet the terms of any contract with the Credit Union or perform as agreed. INTEREST RATE RISK - The risk to current or anticipated earnings or capital arising from movements in interest rates. LIQUIDITY RISK - The risk to current or anticipated earnings or capital arising from an inability to meet

  • bligations when they come due.

TRANSACTION RISK - The risk to current or anticipated earnings or capital arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. COMPLIANCE RISK - The risk to current or anticipated earnings or capital arising from violations of laws, rules or regulations, or from noncomformance with prescribed practices, internal policies and procedures, or ethical standards. STRATEGIC RISK - The risk to current or anticipated earnings, capital, or franchise or enterprise value arising from adverse business decisions, poor implementation of business decisions, or lack of responsiveness to changes in the financial institution industry and operating environment. REPUTATION RISK - The risk to current or anticipated earnings, capital, or equity value arising from negative public opinion. TECHNOLOGY RISK - The risk to current or anticipated earnings or capital arising from inadequate or failed internal systems or adverse external events affecting external or internal systems. LEGAL RISK - The risk to current or anticipated earnings or capital arising from litigation caused by non- compliance with laws and regulations, as well as prudent ethical standards and contractual

  • bligations.
slide-9
SLIDE 9

Risk Committee

Purpose

To implement and manage the ERM Program and to ensure the management, risk, compliance, and audit functions are appropriately identifying, measuring, addressing, and monitoring risks within the governance structure set by the CEO and the Board of Directors. Members

  • Board Member
  • Chief Executive Officer
  • Chief Operations Officer
  • Chief Financial Officer
  • Chief Risk Officer (Chair)
  • Chief Information

Systems/Technology Officer

  • Chief Human Resources Officer
  • Chief Lending Officer

Risks Identified Measured Mitigated Accepted Transferred Monitored

slide-10
SLIDE 10

Enter erprise e Risk M k Managem emen ent

Pres esen ented ed b by Ken S Sch chaafsma VP P of En Enterprise R Risk M Management

slide-11
SLIDE 11

Risk Universe

Market & Liquidity

Internal Fraud External Fraud

Operational Credit Compliance Strategic

Execution & Delivery Business Disruption Business Practices Obligor Counterparty Concentration Business Strategy Reputation Interest Rate Liquidity Regulation Financial Crime Concentration

slide-12
SLIDE 12

Risk Inventory Example

Operational

Internal Fraud

Theft of NPI Theft of Assets Theft of Equipment

External Fraud

Identity Theft – Loan Application Member deposit of fraudulent or worthless check Malware which steals member NPI

Clients, Products, Employment & Business Practices

Investment Advisor recommends a product that does not fit member investment profile Violence at an Alliant location by employee, member, or guest Employment practices not in compliance with regulation

Business Disruption , System Failures, Damage to Assets

Physical assets unavailable Human capital unavailable Systems unavailable Vendors unavailable

Execution, Delivery & Process Management

Vendor fails to execute under terms of the contract Deposit Transactions are not completed timely or accurately Improper or late placement of lien on collateral used for loan

slide-13
SLIDE 13

Risk Appetite

  • The Board should approve risk appetite measures for each category of risk. The

Executive Leadership Team should approve lower and upper tolerance levels.

  • Actual results should be monitored against appetite and tolerance levels. Results

exceeding any of these levels should be escalated to defined governance groups.

0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 2016 Q1 2016 Q2 2016 Q3 2016 Q4 2017 Q1

Loss as a Percent of Revenue

(Sample Metric and Data)

Actual Results Appetite Upper Tolerance Lower Tolerance

slide-14
SLIDE 14

Risk Reporting and Metrics

Risk management reporting should be delivered to the Board of Directors, Executive Management and relevant governance committees regularly. The reporting could include:

  • An Enterprise Risk Profile (sample depicted below)
  • A table reflecting risk results vs risk appetite and tolerance levels
  • A report of top enterprise risks, which reflect the risk ratings and actions being taken to mitigate the top

risks

  • Summaries for each risk type which provide a more granular look into the risk profile, themes, and

metrics for the risk type along with updates on current projects and action plans to reduce risk levels

slide-15
SLIDE 15

Sample Governance Structure

Full Board Supervisory Committee Asset and Liability Committee Credit Committee Executive Leadership Team / Enterprise Risk Committee Capital Analysis and Stress Testing Committee IALCO Compliance Committee Operational Risk Committee Internal Credit Committee

slide-16
SLIDE 16

Enter erprise e Risk M k Managem emen ent

Pres esen ented ed b by Lisa S Sunderman VP P of En Enterprise R Risk M Management

slide-17
SLIDE 17

Link k to Strategy y Setting

  • Competitive Positioning
  • Member Experience
  • Business Mix
  • Initiatives
  • Strategic Capital
slide-18
SLIDE 18

En Enterp rpri rise R Risk M Management’s Es Essential Link to St Strategic ic Plannin ing

  • Risk is possibility of not meeting
  • bjectives
  • Risk Management Policy

Statement sets range for success or failure – This is your guiding light

  • Monitoring of Tolerances set by

management

  • Feedback to Strategy Setting
slide-19
SLIDE 19

Ex Example: Inform rmation Securi rity Protect cting Assets

Objectives: security, integrity and confidentiality Responsibilities: Board, Committees, Management Risk Appetite Statement: Defines level of acceptable risk, reasons and approach Program Components: Access controls and restrictions, encryption, information system modifications, monitoring systems, response programs, backup and recovery Risk Assessment: Proactively identify foreseeable threats, assess likelihood and impact, assess control sufficiency and determine action to fill gaps

slide-20
SLIDE 20

Ex Example: Strategic Capital Your r Rainy Day O Opport rtunity

0% 2% 4% 6% 8% 10% 12% 14% 16%

4.5% Strategic Capital

Well Capitalized Minimum Target Capital Levels

  • Definition – Target capital level

above the regulatory minimum to cover:

  • Strategic Growth
  • Risk Management
  • Finance
slide-21
SLIDE 21
  • Every link in the Governance Structure
  • Board & Board Committees
  • Supervisory/Audit Committee
  • Management Committees
  • Business Leaders

+ Members and Regulators

ERM S Stakeh ehol

  • lder

ers

slide-22
SLIDE 22

Key Qu Ques estion

  • ns f

for ERM Stakeh ehol

  • lder

ers

  • What are key strategies/initiatives?
  • What are the consequences of achieving or not achieving them?
  • What are the potential risk events inherent in your part/role of the

business?

  • Which events could ruin the company? How fast could they happen?
  • How prepared are you to prevent or respond to those risk events?
  • How exposed are you? For the greatest ones, how likely are they?
  • What can be done to reduce our largest residual risks?
  • Are we positioning ourselves for opportunity?
  • How do you know your answers are reliable?
slide-23
SLIDE 23

Ris isk Metrics A At All ll Levels ls

Reach goals by applying an integrated approach across the enterprise to manage all classes of risk

  • Set and monitor risk indicators
  • Think and learn about outcomes
  • Recognize patterns early
  • Link to performance measures and incentives
  • Take action to improve resilience and agility
  • Learn from the results
slide-24
SLIDE 24

Risk Indi dicators

  • Delinquencies / Charge-offs
  • Loan loss projections (stress testing)

Credit

  • Stress test results
  • Changes in net interest spread
  • Mortgage volumes

Interest Rate

  • Loan to share ratio
  • Liquidity coverage ratio

Liquidity

  • Number of audit findings
  • Average age of outstanding items

Compliance

  • Member satisfaction scores (e.g. net promoter)
  • Member attrition rate

Reputation

  • Efficiency ratio/operating leverage
  • Market share
  • Regrettable employee losses

Strategic

  • Fraud losses
  • # of “red” residual risks

Transactional

slide-25
SLIDE 25

Enter erprise e Risk M k Managem emen ent Brings gs V Val alue

Your ERM program should help you focus your resources ERM contributes to your credit union’s ability to enhance overall performance and achieve competitive advantage