Risk Management

Framework in Banks

March 2014
Agenda

 Risk Management Framework – The

Concept
 Regulatory Evolution Of Risk Management
In Pakistan
 Risk Management Framework – SAARC
Overview
 Modern Day Risk Management
 EIRM
 EIRM – Beyond Regulatory Compliance
 Risk Management – Future Perspective
 Concept

PwC 3
Risk Management Framework – The Concept

“A comprehensive document that systematically

and practically defines an implementation
approach helping organisations, regardless of
size; of mission, to identify events and measure,
prioritize and respond to the risks challenging its
most critical objectives and related projects,
initiatives and day-to-day operating practices”

What it aims for?

It enhances an organization’s ability to effectively manage uncertainty

PwC 4
 Regulatory Evolution of Risk Management -
Pakistan

PwC 5
 Regulatory Evolution of Risk Management in
Pakistan

2006
- Enhanced Guidelines

2014
on Internal Controls

2008
- Risk Management

2010
- AML/ CFT

2012
Guidelines for Islamic - Guidelines on
- SBP Basel II Regulations
Internal Control over
2004

Banks
- Guidelines on Framework Financial Reporting
Country Risk (ICFR) - Enhanced ICAAP
- Guidelines on ICFR
Guidelines
Reporting
- Guidelines on - Eligibility criteria for
Internal Controls/ use of external ratings - Enhanced Guidelines
- Stringent requirements
ICFR in Basel II on Stress Testing
for Tier 1 Capital

- Guidelines on ICAAP

- Enhanced financial - Guidelines on Basel

statements disclosure III - Capital
requirement for Risk - Guidelines on Internal
Management Framework Credit Risk Rating - Enhanced
- Enhanced Prudential
- Guidelines on and Statement of Internal Systems - Revision of MCR Guidelines on
Regulations
Risk Management Controls Framework under Basel Internal Credit Risk
II Rating Systems
- MCR Disclosure
- Decision for adoption of
requirements
Basel II - Roadmap - Revised timeline for
- Enhanced

2013
mandatory ICFR
- Guidelines on Reporting AML/CFT
2003

Stress Testing Guidelines

2011
- Enhanced CDD
measures
2005

2007

2009

PwC 6
 Strengthening Risk Management – Basel and Capital
Management

2005 2006 2007 2008 2009 2010 2013

Decision for Release of Detailed Stringent Roadmap for Eligibility Internal Credit
implementation complete SBP guidelines on requirement for annual increase criteria for use of Risk Rating
of Basel II and Basel II development of Tier-1 Capital by in Minimum external ratings System for retail
provision of Framework Advanced requiring paid up Capital in Basel II portfolio
initial roadmap encompassing Internal Credit intangible assets requirement
to be deducted where by the Guidelines on
where all pillars, basic Risk Rating
from Tier-1 banks were Basel III – more
prescribed and advanced Systems
Capital required to reach Stringent Capital
timelines for approaches,
Calculation a level of requirements
implementation their
minimum Rs. 10 and immediate
of Standardized implementation
billion by 2013 reporting for
and transition to considerations MCR returns
Advanced and timelines based on Basel
approaches were including III
provided parallel run, etc.

PwC 7
Strengthening Risk Management – ICAAP and Stress Testing
2005
Encompassing techniques
for Stress Testing,
framework for regular
Stress Testing, scope of
Stress Testing,
methodology and
calibration of shocks for
interest rate risk, exchange
rate risk, credit risk, equity
price risk and liquidity risk.
Reporting format for the
above mentioned was also
prescribed
Stress Testing
PwC
2008 2012 2012
First guidelines on ICAAP Revised and much more Advanced and scenario
encompassing the following detailed Reporting Template based Stress Testing
areas: for ICAAP released encouraged together with
containing all details of: further advanced concepts
 Board and Senior
for Reverse Stress Testing
Management oversight  Structure and Operations
 Sound capital  Governance
assessment  Risk assessment and
 Comprehensive capital adequacy
assessment of Pillar 1  Stress testing
and 2 risks  Capital planning
 Monitoring and  Design, approval and
Reporting requirements review of ICAAP process
 Internal control review  Risk appetite statement
 Risk aggregation calculation and
methodology
ICAAP ICAAP Stress Testing
8
Strengthening Risk Management – Internal Controls
2004
2006
Requirements on:
• Management’s statement on
Internal Controls
(Financial, operational
and compliance)
• Management’s
evaluation of Internal
Controls
• BOD’s endorsement of
the management’s statement
• Statutory auditors’
attestation on Board’s
endorsement regarding
effectiveness of ICFR
• Statement of Internal
controls together with
auditors’ attestation to be
published in Annual
Reports
PwC
2008 2009 2010
Statutory auditors Banks required to develop Banks required to submit,
required to give a roadmap for completion a review report on ICFR to
opinion and report of ICFR till December 31, SBP to assess the stages
on BoD’s 2009. of the roadmap
endorsement completed,
regarding approved by BOD or
Statutory auditors
efficiency of ICFR BAC.
required to submit
opinion on ICFR
Statutory auditors to
submit Long Form
Report (LFR) for
onward submission to
SBP.
9
 Risk Management – SAARC Overview

PwC 10
 Risk Management – SAARC Overview*
Afghanistan Nepal

- Capital Adequacy Regulations - Risk Management

- AML - Basel II/III
- Capital Adequacy Regulations
- AML
India - Stress Testing

- Risk Management Bhutan

- Internal Controls
- Basel II/III - Internal Controls
- Capital Adequacy Regulations - Capital Adequacy Regulations
- AML - AML
- Stress Testing
Bangladesh

Sri Lanka - Risk Management Guidelines

- Internal Controls
- Risk Management - Basel II
- Internal Controls - Capital Adequacy Regulations
- Basel II/III - Stress Testing
- Capital Adequacy Regulations - AML
- AML

Maldives

- Capital Adequacy Regulations

* The information presented above may vary with respect to degree to accuracy as it is based on publically available information.
There
PwCmay be certain works in pipeline and several other supervision and inspection tools to support implementation of best
11
practice risk management frameworks.
Modern day Risk
Management
 Modern day Risk Management

Capital Planning and Business Risk Review/

Management Credit Risk Review

Risk Automation & Compliance Risk

Process Efficiency Assessment

Modern day Risk Asset and Liability

Risk Models
Management Management

People & Change Advanced Portfolio

Management Management

Credit, Operational and

Advanced Stress Testing
Market Risks

PwC 13
 Modern day Risk Management – Entity wide
integration

Strategic aspects Value Addition

• Target markets, RAACs • Better target setting for business unit
• Portfolio mix/ diversification and effective operational roll-out
• Capital planning and allocation • Better monitoring platform for decision
• Pricing and collateralization strategies making
• Stressed projections and CAR • Rationalized portfolio quality
• Operational strategies • Effective MAPs for future capital
management concerns
Business optimization
Internal controls
Credit discipline Strategic Target NPLs
Target Capital Adequacy Ratio
Customer service
Compliance
Planning Target RWA
Target reduction in Operational
Retention of critical HR losses etc.
Corporate social responsibility
etc.
Aim Perspective
• Engage Business Units • Ownership, drive and accountability
• Integrate Risk Management in the • Independent view on planned risk
exercise exposures and markets
• Seek economic research support • Integrated annualized targets help in
• Integrate budgeting with strategic eventual achievement of long-term goals
planning

PwC 14
 Modern day Risk Management – Lines of Defense

Risk Area 1st Line of Defense 2nd Line of Defense 3rd Line of Defense

Credit CIBG
 Retail
 Commercial CRBG

Market
 IRR
Treasury
 Liquidity
 Price Risk (Investments)

Operational
 Operations (Assets/ Liabilities)
 Technology
 Fraud Risk Management
 Accounting/ Financial Controls Internal Audit
& Compliance
 HR
 Model
All Business &
Support
Compliance

Business/ Strategic

Reputational

PwC 15
Enterprise-wide
Integrated Risk
Management
 Single View into Risk Management
The next generation of risk management solutions calls for an EIRM
approach that encompasses all dimensions of entity and risks

Risk Management Entities

Infrastructure
• Governance COSO/ ICFR
• Strategy
• Organisational
Basel II/III
Structure
• IT Systems
• Policies & Processes ICAAP, Stress Testing

Investment Banking
• MIS

Agri Finance
Treasury
• Risk Tools

Corporate Banking
Operational Risk,
Liquidity Risk

Risk Management Process Legal Risk, Reputational

Islamic Banking
Risk

• Risk Identification IT Risk, Interest Rate Risk,

Retail Banking
Concentration Risk
• Risk Assessment Risks Country Risk, 3rd Party
• Risk Mitigation Risk
• Risk Monitoring
Credit, Market Risk
• Risk Reporting
Business and Strategic
Risk

PwC 17
Enterprise-wide Integrated Risk Management
Board & Board
Committee

Senior Management Committee

Corporate Retail Operations Finance Treasury HR IT

Risk Management & Compliance

Compliance & Reporting

Strategic & Operational

Internal Audit

Objectives
Objectives

Risk Risk
Identification Response

Management
& monitoring

Overall Business Optimisation

Risk Authority Performance Capacity

Tone at the People & Effective
& Mgt./Risk & Building/ Technology Data & MIS
Top Change Processes
Accountability Rewards Training
PwC 18
Critical Success Factors
Enterprise-wide Integrated Risk Management -
Objectives & Goals

Provide greater transparency and consistency to the risk

and governance process across the organization

Move the organizational culture from a solely compliance Implement a

focused organization to an integrated ‘Risk Management’ coordinated,
culture
integrated,
efficient and
Evangelize a philosophy of ownership and effective
accountability for risk and control to line management framework
for risk
management
Provide a cost effective infrastructure that integrates
the risk and governance framework of the organization across the
enterprise
Improve risk management practices across the
organization

PwC 19
 Framework Implementation
STRATEGIC

Identify Key Evaluate Alternative Develop Develop

Identify Core
Stakeholders Approaches Vision for the Framework
Objectives
PROCESS

Framework

TACTICAL

Develop Phased Implement Implement an Implement

Enhance integration into the
Implementation Individual program for managing consistent
Business Process
Roadmap Domains based challenges Enterprise - Monitoring &
on Business wide Reporting
priorities
Executive Management

CEO COO CRO CFO CCO CIO

PEOPLE

Internal Departments
Finance Risk Compliance Operations
Audit
 Develop a collaborative relationship between all stakeholders
 Develop strong Board and Executive Management support for Best Practice Risk Management
Framework

PwC 20
 Risk Management – Organisational
Structure

PwC 21
Risk Management Structure
A dedicated Risk Management Function – An Illustration

PwC 22
 Risk Management – Risk Areas

PwC 23
Credit Risk

NPL Management Stress Testing

Policies &
Monitoring
Procedures

Credit
Credit Risk Review
Documentation
Credit Risk
Portfolio Data Management
Management and MIS

Country Risk
Risk Models
Management
Credit Risk
Assessment Process

PwC 24
Market Risk

MRM MRM
Structure Strategy

Limit Data
Setting Management
& MIS

Market
Risk Risk Policy and
Models Procedure

Portfolio
Management Monitoring

Stress
Testing

PwC 25
Operational Risk

Operational Risk

PwC 26
Asset Liability Management

ALM

PwC 27
Key Initiatives

 Risk Governance and Independence

 Credit Risk Model Upgradations
 Risk Technology Investments
 Data Enrichment
 Concentration Management
 Internal Control Programme
 Operational Risk Advancements
 Relatively Advanced Stress Testing
 Independent Risk Review
 ALCO’s role in ALM

PwC 28
Systems and Automation
Significant Headways

Significant Initiative
End to End Credit Risk Engines/ Systems

in Pipelines
Cycle Automation IT
Business Intelligence
Made

Consumer Front End

Architecture
Enhancement Core Banking upgrades
Core Banking
Core Banking Enhancements

Core Banking Consumer Risk Automation

Credit Solutions
Solutions Solutions Solutions

Data Warehousing Initiatives

Data quality
 IBM  Vision +  IBM Algorithmics
 MYSIS Equation Data controls
Algorithmics -  SAS  SAS
 Temenos T-24 Credit Manager  Iflex Reveleus  Moody’s Data integration
 FIS Profile  Theta Origins  Iflex Reveleus
 Sungard Ambit
 Sungard  Emmaculate  MISYS Almonde
Meaningful MIS
 Theta Origins
Symbols Nucleus
 Emmaculate  Temenos T-risk Efficiency
 Oracle i-  Sungard Ambit  Sungard Ambit
Nucleus
Flexcube
 Triad  Oracle Hyperion

Increasing Awareness - Structured and Systematic Approach for Automation 29

PwC
Key Challenges
 WALL between Risk Management and
Business
 Resistance to Change Management
 Entity-wide Risk Management
Awareness
 Compliance vs. Business Approach to
Implementation
 Risk Talent and Retention
 Individual vs. Corporate Ownership and
Succession Planning
 Risk Authority, Accountability,
Performance Management and KPIs
 Supporting Strategic and Operational
Frameworks
PwC
 Data and MIS Structure as well as Quality
 Risk and Supporting Core and Analytical
Applications
 Meaningful Industry Assessments and
RAACs
 Risk Model Predictability and Back
Testing
 Programme Breaches and Inefficiencies
(reasons such as multiple projects,
resource planning etc.)
 Risk Integration into Strategic Planning
 Model Integration with Business
Decisions
 ICAAP
30
 Globally acknowledged need for change
%
Corporate Governance 8 16 17 33

Recognise need to
change
Approach to managing Risk 11 19 22 31

R & D and Innovation Capacity 13 22 24 27 Developing strategy

to change

Use and Management of Data and

12 21 26 28
Data Analytics
Plans to implement
change programme
Organisation Structure/ Design 7 21 25 35

Change programme
Technology Investments 10 19 27 35 underway or
completed

Talent Strategies 12 22 27 32

Source: PwC Global 17th CEO Survey

PwC 31
EIRM - Beyond
Regulatory Compliance
Initiatives strengthening EIRM

 Business Process Re-engineering/  Organisational Restructuring

Improvement  Other focused Advanced EIRM Tools
 Automation/ System optimisation  FATCA
 Centralisation  AML/ KYC
Strengthening

Domain EIRM
EIRM Enhancement

PwC 33
 EIRM - Moving beyond regulatory compliance
Advanced Risk Management and Monitoring

1 Econometric Credit Models

2 VaR based Market Models

3 Econometric Behavioural Model for ALM

4 Behavioural Scorecards for Consumer

5 Quantification of Risk Appetite/ Tolerance

6 Risk Based/ Adjusted Capital

7 Predictive mechanisms for Risk Management

PwC 34
Risk Management –
Future Perspective
Future of Risk Management
CRO
CROs need to play a pivotal role in organisational success for dealing with evolving regulatory,
business and operational challenges and global trends

Local challenges Global trends

 Portfolio Rationalisation  Basel III
 NPL Management  Sound Capital Planning Process
 New Products and Markets  Risk Data Aggregation and Reporting
 New Processes/ Process Improvements  AML/ KYC Enhancements
 New Projects  Foreign Account Tax Compliance Act (FATCA)
 Capital Management aligned with Strategic  OECD Common Reporting Standards
Outlook
 Industry Assessments and Ratings
 Model Integration into Decision Making
 ALM and Balance Sheet Management
 Evolving Regulatory Requirements (liquidity,
leverage and capital surcharges/ buffers)
PwC 36
Risk Based Capital Management
Capital
management
Capital
Capital Risk appetite Risk profile
Limit
structure
framework
strategy optimisation
Strategy and
Capital business
Capital Capital Value
planning allocation creation
planning planning

Capital Risk
Stress testing
Risk Risk
measurement integration monitoring
modelling
Cross
Governance Board Senior mgt
functional Crisis roles
engagement engagement
roles
Risk adjusted
TOM Processes and Internal
performance Limits
organization controls
& pricing

Performance Performance
Reporting
Incentives &
Disclosure
measurement compensation
evaluation

Infrastructure & capabilities

PwC 37
 Risk Advisory Services Clients
People
Delivering Success Community

© 2012 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the United States
member firm, and may sometimes refer to the PwC network. Each member firm is a separate
legal entity. Please see www.pwc.com/structure for further details.