Professional Documents
Culture Documents
Framework in Banks
March 2014
Agenda
PwC 3
Risk Management Framework – The Concept
PwC 4
Regulatory Evolution of Risk Management -
Pakistan
PwC 5
Regulatory Evolution of Risk Management in
Pakistan
2006
- Enhanced Guidelines
2014
on Internal Controls
2008
- Risk Management
2010
- AML/ CFT
2012
Guidelines for Islamic - Guidelines on
- SBP Basel II Regulations
Internal Control over
2004
Banks
- Guidelines on Framework Financial Reporting
Country Risk (ICFR) - Enhanced ICAAP
- Guidelines on ICFR
Guidelines
Reporting
- Guidelines on - Eligibility criteria for
Internal Controls/ use of external ratings - Enhanced Guidelines
- Stringent requirements
ICFR in Basel II on Stress Testing
for Tier 1 Capital
- Guidelines on ICAAP
2013
mandatory ICFR
- Guidelines on Reporting AML/CFT
2003
2011
- Enhanced CDD
measures
2005
2007
2009
PwC 6
Strengthening Risk Management – Basel and Capital
Management
PwC 7
Strengthening Risk Management – ICAAP and Stress Testing
Encompassing techniques First guidelines on ICAAP Revised and much more Advanced and scenario
for Stress Testing, encompassing the following detailed Reporting Template based Stress Testing
framework for regular areas: for ICAAP released encouraged together with
Stress Testing, scope of containing all details of: further advanced concepts
Board and Senior
Stress Testing, for Reverse Stress Testing
Management oversight Structure and Operations
methodology and
Sound capital Governance
calibration of shocks for
assessment Risk assessment and
interest rate risk, exchange
Comprehensive capital adequacy
rate risk, credit risk, equity
assessment of Pillar 1 Stress testing
price risk and liquidity risk.
and 2 risks Capital planning
Reporting format for the Monitoring and Design, approval and
above mentioned was also Reporting requirements review of ICAAP process
Internal control review Risk appetite statement
prescribed
Risk aggregation calculation and
methodology
PwC
8
Strengthening Risk Management – Internal Controls
2004
2006 2008 2009 2010
Requirements on: Statutory auditors Banks required to develop Banks required to submit,
• Management’s statement on required to give a roadmap for completion a review report on ICFR to
Internal Controls opinion and report of ICFR till December 31, SBP to assess the stages
(Financial, operational on BoD’s 2009. of the roadmap
and compliance) endorsement completed,
• Management’s regarding approved by BOD or
Statutory auditors
evaluation of Internal efficiency of ICFR BAC.
required to submit
Controls
opinion on ICFR
• BOD’s endorsement of Statutory auditors to
the management’s statement submit Long Form
• Statutory auditors’ Report (LFR) for
attestation on Board’s onward submission to
endorsement regarding
SBP.
effectiveness of ICFR
• Statement of Internal
controls together with
auditors’ attestation to be
published in Annual
Reports
PwC 9
Risk Management – SAARC Overview
PwC 10
Risk Management – SAARC Overview*
Afghanistan Nepal
Maldives
* The information presented above may vary with respect to degree to accuracy as it is based on publically available information.
There
PwCmay be certain works in pipeline and several other supervision and inspection tools to support implementation of best
11
practice risk management frameworks.
Modern day Risk
Management
Modern day Risk Management
PwC 13
Modern day Risk Management – Entity wide
integration
PwC 14
Modern day Risk Management – Lines of Defense
Risk Area 1st Line of Defense 2nd Line of Defense 3rd Line of Defense
Credit CIBG
Retail
Commercial CRBG
Market
IRR
Treasury
Liquidity
Price Risk (Investments)
Operational
Operations (Assets/ Liabilities)
Technology
Fraud Risk Management
Accounting/ Financial Controls Internal Audit
& Compliance
HR
Model
All Business &
Support
Compliance
Business/ Strategic
Reputational
PwC 15
Enterprise-wide
Integrated Risk
Management
Single View into Risk Management
The next generation of risk management solutions calls for an EIRM
approach that encompasses all dimensions of entity and risks
Investment Banking
• MIS
Agri Finance
Treasury
• Risk Tools
Corporate Banking
Operational Risk,
Liquidity Risk
Islamic Banking
Risk
Retail Banking
Concentration Risk
• Risk Assessment Risks Country Risk, 3rd Party
• Risk Mitigation Risk
• Risk Monitoring
Credit, Market Risk
• Risk Reporting
Business and Strategic
Risk
PwC 17
Enterprise-wide Integrated Risk Management
Board & Board
Committee
Internal Audit
Objectives
Objectives
Risk Risk
Identification Response
Management
& monitoring
PwC 19
Framework Implementation
STRATEGIC
Framework
TACTICAL
Internal Departments
Finance Risk Compliance Operations
Audit
Develop a collaborative relationship between all stakeholders
Develop strong Board and Executive Management support for Best Practice Risk Management
Framework
PwC 20
Risk Management – Organisational
Structure
PwC 21
Risk Management Structure
A dedicated Risk Management Function – An Illustration
PwC 22
Risk Management – Risk Areas
PwC 23
Credit Risk
Policies &
Monitoring
Procedures
Credit
Credit Risk Review
Documentation
Credit Risk
Portfolio Data Management
Management and MIS
Country Risk
Risk Models
Management
Credit Risk
Assessment Process
PwC 24
Market Risk
MRM MRM
Structure Strategy
Limit Data
Setting Management
& MIS
Market
Risk Risk Policy and
Models Procedure
Portfolio
Management Monitoring
Stress
Testing
PwC 25
Operational Risk
Operational Risk
PwC 26
Asset Liability Management
ALM
PwC 27
Key Initiatives
PwC 28
Systems and Automation
Significant Headways
Significant Initiative
End to End Credit Risk Engines/ Systems
in Pipelines
Cycle Automation IT
Business Intelligence
Made
WALL between Risk Management and Data and MIS Structure as well as Quality
Business
Risk and Supporting Core and Analytical
Resistance to Change Management Applications
Entity-wide Risk Management Meaningful Industry Assessments and
Awareness RAACs
Compliance vs. Business Approach to Risk Model Predictability and Back
Implementation Testing
Risk Talent and Retention Programme Breaches and Inefficiencies
(reasons such as multiple projects,
Individual vs. Corporate Ownership and
resource planning etc.)
Succession Planning
Risk Integration into Strategic Planning
Risk Authority, Accountability,
Performance Management and KPIs Model Integration with Business
Decisions
Supporting Strategic and Operational
Frameworks ICAAP
PwC 30
Globally acknowledged need for change
%
Corporate Governance 8 16 17 33
Recognise need to
change
Approach to managing Risk 11 19 22 31
Change programme
Technology Investments 10 19 27 35 underway or
completed
Talent Strategies 12 22 27 32
Domain EIRM
EIRM Enhancement
PwC 33
EIRM - Moving beyond regulatory compliance
Advanced Risk Management and Monitoring
PwC 34
Risk Management –
Future Perspective
Future of Risk Management
CRO
CROs need to play a pivotal role in organisational success for dealing with evolving regulatory,
business and operational challenges and global trends
Capital Risk
Stress testing
Risk Risk
measurement integration monitoring
modelling
Cross
Governance Board Senior mgt
functional Crisis roles
engagement engagement
roles
Risk adjusted
TOM Processes and Internal
performance Limits
organization controls
& pricing
Performance Performance
Reporting
Incentives &
Disclosure
measurement compensation
evaluation
PwC 37
Risk Advisory Services Clients
People
Delivering Success Community
© 2012 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the United States
member firm, and may sometimes refer to the PwC network. Each member firm is a separate
legal entity. Please see www.pwc.com/structure for further details.