You are on page 1of 19
Macquarie First South Securities Risk Management and Operations Fawzia Suliman October 2014

Macquarie First South Securities

Risk Management and Operations

Fawzia Suliman

October 2014

Operations in a Stockbroking business

Are we making enough money

Operations in a Stockbroking business Are we making enough money Key man dependencies Settlements / Trade

Key man dependencies

Settlements / Trade Support

Non compliance with JSE regulations

Labour issues

Keeping good people

HR

Non compliance with company policies & procedures

Client misdeals / errors

BORM IT
BORM
IT

Finance

Inaccurate reporting

Fraudulent transactions

Non compliance with Companies Act

Trading Systems going down

FSB investigations e.g. Money laundering

Contents

  • 01 Processes & Procedures: Operational Risk Management Framework

3

  • 02 Risk Culture

12

  • 03 People: Staff retention

16

Contents 01 Processes & Procedures: Operational Risk Management Framework 3 02 Risk Culture 12 03 People:
01 Operational Risk Management Framework

01

Operational Risk Management Framework

What is Operational Risk?

What is Operational Risk? Operational Risk arises from execution of day-to-day business functions; it exists in

Operational Risk arises from execution of day-to-day business functions; it exists in all businesses

It is ... The risk of loss due to a breakdown in a process or procedure
It is ...
The risk of loss due to a breakdown in a process or procedure ...
People: data entry error results in an
incorrect trade captured or incorrect payment
to a client
Systems: network failure results in inability
to execute a trade, or close a deal
Controls: an inadequate control allows
someone to personally profit from a
transaction
Natural Disaster: rendering an office
building unsafe
Occupational Health & Safety: an
employee sustains a broken arm after
slipping down a flight of stairs

It isn’t ...

Defined risks such as ...

MARKET RISK

CREDIT RISK

COMPLIANCE RISK

STRATEGIC RISK

REPUTATIONAL RISK

These risk are typically managed through Policies, Procedures and Controls

However, the risk that one of these procedures or controls

could fail is an Operational Risk

Who is involved in managing operational risk in Macquarie?

Who is involved in managing operational risk in Macquarie? Three lines of defence LINE 1 Business
Three lines of defence LINE 1 Business Groups LINE 2 RMG Ops Risk LINE 3 Internal
Three lines of defence
LINE 1
Business Groups
LINE 2
RMG Ops Risk
LINE 3
Internal Audit
RMG Ops Risk
Compliance
Market
DataCredit
Policy
Risk
• Business Groups own
the risk
• Business heads appoint
dedicated Business
Operational Risk
managers (BORMs)
• BORMs manage the risk
using the Operational
Risk management
Framework (ORMF)
• RMG
is an independent
centralised team
• RMG provides tools and
guidance to ensure risk
management
effectiveness and
consistency across the
Business Groups
• RMG Op Risk focuses
on the management of
operational Risk
• Internal Audit provides
independent assurance
to the Board Audit
Committee (BAC) that
the ORMF is operating
effectively, including
business implementation
and RMG Op Risk
oversight

Macquarie Operational Risk Framework

Operational Risk Framework

Macquarie Operational Risk Framework Operational Risk Framework Risk identification, analysis and acceptance decision Execution and monitoring
Macquarie Operational Risk Framework Operational Risk Framework Risk identification, analysis and acceptance decision Execution and monitoring

Risk identification, analysis and acceptance decision

Execution and monitoring of risk management practices

Reporting and escalation of risk information on a routine and exception basis

Key Mandatory Elements of the Framework

Key Mandatory Elements of the Framework New product / business approval process (NPA) Operational Risk Policies

New product / business approval process (NPA)

Operational Risk Policies

Incident Reporting

Business Operational Risk Managers (BORMs)

Operational Risk self Assessment (ORSA) and Control Assurance

New Product/Business Approvals

New Product/Business Approvals A policy to ensure operational risks inherent in a new product or business

A policy to ensure operational risks inherent in a new product or business are identified, addressed and mitigated before implementation

Highlights

All risks associated with the particular product, business or change are required to be clearly documented. This will allow all other areas to adapt current internal controls / or new increased limits The future management of this risks must be considered and planned by the business

The process is not a “one-size fits all” process but as a general rule the below groups would likely sign off:

Risk Management Group (RMG)

Finance

Tax Division

Legal

BORM

Group Head

All new products must be approved on the Document Approval System (DAS)

ORSA & Control Assurance

ORSA & Control Assurance Working closely with the support function to understand and ensure that appropriate

Working closely with the support function to understand and ensure that appropriate controls are in place and are effective

Control Assurance

Controls Assurance, which involves the testing of critical controls within the business, is undertaken on a regular basis The future management of these risks must be considered and planned by the business

Operational Risk Self Assessment (ORSA)

A six monthly self assessment is designed to help the business increase its understanding of the operational risk it faces

Incident Reporting - Identification

Incident Reporting - Identification There are two main types of incidents that should be reported and

There are two main types of incidents that should be reported and escalated:

  • 1. Operational Risk incidents An operational risk incident is an event leading to an unexpected outcome due to inadequate or failed processes, people and systems, or due to external circumstances. Incidents which, at a minimum, must be reported include:

Operations Risk incidents resulting in an actual or potential gross loss or gain of AUD$10,000 or

more, including incidents averted (i.e. near misses) or those with non financial impacts of similar severity Incidents which could have significant negative reputational or internal consequences, or which represent a material regulatory breach

  • 2. Regulatory and compliance incidents

•.

Actual, potential or suspected breaches of laws or regulations.; this includes any incident which is likely

•.

to result in a failure to meet client, market, regulator, contractual or management expectations or market practice standards; or may or will affect Macquarie’s ability to meet its regulatory obligations a material exception to internal or Macquarie-wide policies established to prevent or minimise the risks of

•.

such a breach or A situation that may or will impact Macquarie’s reputation internally or externally

Business Management & BORM

Business Management & BORM Macquarie’s first line of defence is its people with management setting expectation

Macquarie’s first line of defence is its people with management setting expectation of the standards to be met

  • 1. Senior Management oversight and Accountability

  • 2. Business Operational Risk Manager (BORM)

Identify, record and assess operational risk and report issues

Perform or co-ordinate testing of key controls ensuring effectiveness

Escalate and report issues, where appropriate, outside the Group

Identify opportunities for process improvements to address systematic issues

02 Risk Culture

02

Risk Culture

Creating an Effective Risk Culture

Creating an Effective Risk Culture Common elements of an effective Risk Culture*  Committed leadership 

Common elements of an effective Risk Culture*

Committed leadership Horizontal information sharing

Vertical escalation of threats and fears Continuous and constructive challenging of the organisation’s actions and preconceptions Active learning from mistakes Incentives that reward thinking about the whole organisation An effective governance structure

Access to Authority A Chief Risk Officer (CRO) with extensive influence

Communication of risk tolerance to the organisation and external parties

Evidence of management objectives linked to risk management objectives

* Common Elements as identified by the Institute of International Finance (IIF)

Creating an Effective Risk Culture

COMMITTED LEADERSHIP

Creating an Effective Risk Culture COMMITTED LEADERSHIP Integrity, respect and risk are common themes in all

Integrity, respect and risk are common themes in all forums Leaders demonstrate & communicate appropriate behaviours Open door / no door and open plan offices

BUILDING CAPABILITY

ORGANISATIONAL GOVERNANCE

INCENTIVES & CONSEQUENCE MNGT

Ensuring staff have the skills to

Benchmarking against Macquarie

engage in the right behaviours

Policies & Procedures

KPI’s

Business led penalty systems

Embracing our diversity

Sharepoint site for MFS policies

Disciplinary processes

Managing expectations with effective

BORM function established

Risk Key Performance indicators

communication

Incident escalation & reporting

Empowerment - Emotional

Manco & Opco forums seen as

Muffins & coffee for

intelligence and personal power Self management and Accountability

opportunities for sharing risk related matters

latecomers Self payment for non-

Performance Management

Active learning from mistakes

attendance at training

Monthly ROC meetings

Office clown award

guidelines

ORSA completed bi-annually

Constantly working on getting the balance right

LESSONS LEARNED SESSIONS

Post incident review by Opco forum

Messages cascaded down to teams Active learning from mistakes

Creating an Effective Risk Culture

INNOVATIONS FORUM

THINKING OUTSIDE THE BOX

Creating an Effective Risk Culture INNOVATIONS FORUM Innovation Innovation Projects Forum Back Office Strategy Day 
Innovation Innovation Projects Forum
Innovation
Innovation
Projects
Forum
Back Office Strategy Day
Back Office
Strategy
Day

Innovation forum meets once a month Project teams present Innovative solutions to existing problems Focus is on improving efficiency, reducing costs and mitigating risks Teams encouraged to think about problems in the whole organisation Opco forum approves selected projects Incentives given to teams once project is successfully implemented Creating a culture of mutual respect between colleagues

Creating an Effective Risk Culture INNOVATIONS FORUM Innovation Innovation Projects Forum Back Office Strategy Day 

TEAMS RECEIVE FEEDBACK ON THE QUALITY OF THEIR PRESENTATIONS

ACTIVE LEARNING

THE ENTIRE BACK OFFICE IS ENCOURAGED TO CHALLENGE THE CURRENT PROCESSES IN

PLACE & GET REWARDED FOR DOING THIS SUCCESSFULLY!!

CHALLENGE THE CURRENT STATUS QUO

FEEDBACK IS GIVEN AS TO WHY A PROPOSAL WAS UNSUCCESFUL

ACTIVE LEARNING

NON-CONTRIBUTING MEMBERS ARE CHALLENGED BY THEIR TEAMS AND CAN BE EXCLUDED FROM SHARING IN THE INCENTIVE AWARD

ACCOUNTABILITY

TEAMS COMPRISE STAFF FROM DIFFERENT DEPARTMENTS

ENCOURAGE HORIZONTAL INFORMATION SHARING

03 Staff Retention

03

Staff Retention

Developing our Retention strategy

Developing our Retention strategy Strategy to be a Discerning employer: Creating a leadership culture focused on

Strategy to be a Discerning employer: Creating a leadership culture focused on people achieving their potential through Opportunity, Empowerment and Accountability

Opportunity

Responsibilities (including US sales)

  • - EA’s promoted to BORM &

Corporate Access - Guest Relations staff promoted to Accounts Payable

Options for personal and professional development

Exposure to other parts of the business

Being observed, coached and mentored

  • - Sales Traders and Sales given Account Management, as well as Domestic and Global Sales

Recruitment from within, promotions & career growth opportunities.

Empowerment

makes a difference

Confirmation what they do

Assisting in the development of others

thoughts/ views before decisions and changes are communicated Ability to innovate improvements and bring them to reality within the business

programs for senior and mid- tier management Access to further studies Engagement for ideas/

Access to global Macquarie leadership programs Access to local leadership

Accountability

KPI’s Development expectations/ timelines Ongoing/ immediate feedback Information on business performance Clarity of strategy and sharing Not tolerating low performers/ breaches Positive feedback and attribution to positive internal/ external results Ownership of projects and involvement in task forces

“There is nothing more unequal than the equal treatment of unequal people” – Thomas Jefferson

Questions ...

Questions ... STRICTLY CONFIDENTIAL  MACQUARIE PAGE 19
Questions ... STRICTLY CONFIDENTIAL  MACQUARIE PAGE 19