You are on page 1of 28

New Product Oversight and

Strategic Initiative Oversight

Dolores Atallo
Firm Director, Deloitte

April , 2011
Today’s Discussion
 Introduction and Session Objectives

 New Product Oversight

 New Product Regulatory Guidance and Industry Perspective
 Critical Success Factors for the New Product Approval Process
 Drivers of New Product Opportunities

 Strategic Initiative Oversight

 Strategic Risk Oversight Considerations
 Tools for Strategic Risk Oversight

 The Role of Enterprise Risk Management (ERM)L

 Q&A

Introductions and Session Objectives

 Financial Institutions are facing more pressure than ever before from new
Financial Regulatory Reform and more stringent standards and limitations on
certain business activities.

 Part of that increased scrutiny focuses on the new product and strategic initiative
oversight processes, including:
 Consideration of regulatory compliance requirements
 Creating/enhancing a robust new product process
 Drivers of new product opportunities
 The role of risk management practices in strategic and new product initiatives

New Product Governance

Defining a “New Product”

New Product Quiz

A New Product is defined as a product or service…….

 A: never before provided by the institution

 B: previously provided but with changes, enhancements and/or modifications
 C: previously provided but ramping up due to market opportunity
 D: currently/previously offered but now subject to a change in regulation or policy
 E: all of the above

New Product Regulatory Guidance and Industry Perspective
Remarks by Federal Reserve Board Governor Susan Schmidt Bies (2004)

•New products include products or services being offered to, or activities being
conducted for the first time in, a new market or to a new category of customers or
counterparties. For example, a product traditionally marketed to institutional
customers that is being rolled out to retail customers generally should be reviewed
as a new product.

•Significant modifications to products, services, and activities or their pricing warrant

review as a new product.
Defining New
Products •Small changes in the terms of products or the scope of services or activities can
greatly alter their risk profiles and justify review as a new product.

•When in doubt about whether a product, service or activity warrants review as a new
product, financial firms should err on the side of conservatism and route the proposal
through the new-product approval process.

•Cutting short a new-product review because of a rush to deliver a new product to

market, or because of performance pressures, increases the potential for risk.
Source: Remarks by Governor Susan Schmidt Bies, At the Bond Market Associations Legal and Compliance Conference, New York, NY February 2004

New Product Regulatory Guidance and Industry Perspective
Standard & Poor’s Rating Criteria and Best Practices ERM For Financial Institutions

•The NPA process should be clearly documented in the risk management policy
handbook and should clearly articulate the steps required for approval.

•There should be a specified time period of no longer than six months after the
transaction is initially approved for trading, after which its reviewed for consistency.
All transactions that go through the NPA process should be documented and tracked
Industry through secure databases and electronic media.
Practices for
New Product •No proposed transaction should be expected to trade without a model validation and
Oversight/ vetting by Risk Management and a clear understand of the risk profile of the
transaction and its implications on the overall risk appetite of the firm and its
Approval reputation.

•The CRO must be a member of the NPA committee and should be granted the
authority to sign off on all transactions. The NPA committee should include senior
individuals from all the decision support areas, namely, Operations, Legal, Tax, Audit,
Accounting, Risk Systems, Risk Analytics, Compliance, and Documentation, as well
as the representatives of the business units.

Source: Standard & Poors, Enterprise Risk Management for Financial Institutions, Ratings Criteria and Best Practices November 2005

New Product Regulatory Guidance and Industry Perspective
NASD and FINRA Complex Product Guidelines

• A new product committee may condition approval for a complex product on

specific limitations, such as limiting the sale of the product to customers meeting
certain characteristics and sophistication thresholds; or restricting the right to
market or sell the product to representatives who have completed certain
product-specific training courses.

• Products approved on the basis of these restrictions, or based on critical market

assumptions, should be subject to a formalized, ongoing review of the conditions
of approval for up to one year. Customer complaints relating to the product
should also be tracked and monitored.
Guidance For
Complex • Some products may be approved by a new products committee subject to
Products certain restrictions, such as: “No more than X percentage of a customer’s net
worth may be invested in Y product, or any product similar to Y.”

• A new product committee should not approve a product based on such a

condition unless it has determined, prior to approval. that the limitation is
feasible from the perspective of training, supervision and operations

• Bright line Suitability Tests for Complex Products.

• Certain “bright line” tests relating to the suitability of new products have emerged
through regulatory guidance,

Sources: 1 NASD Notice to Members 05-59, “Structured Products - NASD Provides Guidance Concerning the Sale of Structured Products,” September 2005 8
2 FINRA Regulatory Notice 10-09, “FINRA Reminds Firms of Their Sales Practice Obligations With Reverse Exchangeable Securities” February 2010
New Product Regulatory Guidance and Industry Perspective
US Treasury Department Report on Financial Regulatory Reform

• Federal banking agencies should promulgate regulations that require originators

or sponsors to retain an economic interest in a material portion of the credit risk
of securitized credit exposures.
• Regulators should promulgate additional regulations to align the compensation
of market participants with longer term performance of the underlying loans.
• The Securities and Exchange Commission (SEC) should continue its efforts to
CDOs and increase the transparency and standardization of securitization markets and be
given clear authority to require robust reporting by issuers of ABS.
Financial • The SEC should continue its efforts to strengthen the regulation of credit rating
Regulation agencies, including through measures to promote robust policies and
procedures that manage and disclose conflicts of interest, differentiate between
structured and other products, and otherwise strengthen the integrity of the
ratings process.
• Regulators should reduce their use of credit ratings in regulations and
supervisory practices, wherever possible.

Source: US Treasury Department Report on “Financial Regulatory Reform–A New Foundation: Rebuilding Financial Supervision and Regulation” in June 2009

New Product Approval Policy: Setting the Tone

• Set new product definition for the institution

– Define parameters and exceptions

• Define roles and responsibilities

– Submission, approval and ratification

• Provide a common language and approach for new product assessment

– Articulate new product risk appetite
– Describe acceptable and prohibited products
– Define the exception process
– Define an escalation protocol

New Product Approval Policy (Illustrative)


Board of Directors

Risk Committee CRO

New Product Committee

Approve/Ratify New Product Establish

Approval Policy

Policy Requirements
Scope/ Description
Policy Policy Policy *Related Appendices
Roles & Resp. Definitions*
Objectives (Policy Statement & Exceptions* Admin. Polices **
Scope) *New Product Approval Process

Definition of a New
Product Glossary NPA Form

Listing of

The Role of the New Product Approval Committee (NPA)

The NPA Charter should reflect the objectives, scope of authority, duties and
practices of the Committee and can include the following components:
• Committee Authority
• Decision vs. Information
• Duties
• Committee Protocols
• Agenda
• Minutes
• Meeting frequency
• Membership (Voting and Non-voting)

• Examples New Product Committee practices can include:

• Review and perform an assessment of the New Product
• Make Recommendations on New Products to Enterprise Risk Committee.
• Oversee the New Product Approval Process, i.e. ensuring documentation is
collected and analyzed prior to recommendation
• Maintain and update the New Product Form, NPA Policy and NPA Process as
frequently as significant changes occur
• Monitor new product performance
New Product Committee (NPC) Protocols


Board of Directors ERM

Risk Committee

Approve/Ratify Establish
NPC Charter

Constitution, Membership and Meetings

Authority Duties Administration
Quorum/ Comm Committee
Agenda Meetings Minutes Members
Voting Chair Secretary

New Product Approval: Supporting the Business Case
• Define sponsorship process for submission
– Who can submit a new product for approval?
– What documentation is required?

• New product risk assessment

– Consider impact to the institution’s risk profile
– Leverage existing risk management practices
• Risk categories, Metrics/Key Risk Indicator

• Assess profitability
– Key Metrics
• Cost to market, Capital impact, Projected P&L

• Approval authority
– Role and responsibilities
• NPA Committee, Senior Management, Board of Directors

New Product Approval Form (Illustrative)

New Product/Initiative Approval Form

Instructions for completing the New Product/Initiative Approval Form:
1. The Sponsoring Business Unit (“SBU”) should complete New Product/Initiative Summary Worksheet (pages 1 and 2) authorize it, and provide to
the Head of ERM for review
2. The SBU should complete the New Product/Initiative Detailed Worksheets in consultation with the appropriate Risk Owners (see Appendix A - List
of Risk Owners )
3. Risk Owners should sign off on their appropriate sections within the New Product/Initiative Detailed Worksheets
4. The New Product/Initiative Approval Form must be approved by the Head of ERM and the Chief Risk Officer
5. The New Product/Initiative Approval Form will be provided to the Enterprise Risk Committee for their review and approval

New Product/Initiative Summary Worksheet

Product/Initiative Information
Name of Product/Initiative:
SBU: Planned Launch Date: Target Approval Date:
Cost of Initiative ($):

Product/Initiative Description
Describe the product/initiative:
Describe the Strategic Objectives of the product/initiative?
What process changes are being impacted by this product/initiative?
What people changes are being impacted by this product/initiative?
What technology changes are being impacted by this product/initiative?

Risk Summary
# Risk Risk? Provide brief explanation below for both No and Yes:

New Material Risk?

1. Credit Risk No Yes
2. Market Risk No Yes
3. Liquidity Risk No Yes
4. Operational Risk No Yes
5. Compliance, Regulatory and Legal Risk No Yes
6. Strategic Risk No Yes
7. Reputational Risk No Yes
New Product Approval Form (cont’d-Illustrative)

New Product/Initiative Profitability Analysis New Product/Initiative Profitability Analysis

Please Provide assumptions related to the Product/Initiative Analysis
Estimated Volume: (Term Capital allocation, Cost of funds, etc.):
Yr. 1 Yr. 2+
Volume $ - $ -
Estimated Profitability: Yr. 1 Yr. 2
Pre-Tax Income $ - $ -
Net Income $ - $ -
ROA % %
ROCE % %
Net Margin $ - $ -
Risk Adj Margin $ - $ -
Non-Spread Revenue $ - $ -
Total Revenue $ - $ -
Non-Spread % To Total
Revenue % %
Credit Quality:
Net Charge-Offs $ - $ -
% to AFR % %
Provision $ - $ -
Estimated Expenses
Expenses $ - $ -
% to AMA % %
Efficiency Ratio % %
Sponsoring Business Unit Approval
Authorized by:
Head of Risk Management: Chief Risk Officer:
Name: Name:
Signature: Signature:
Date: Date:
Product Cancelled/Deferred: Date of Cancellation/Deferral: 16
New Product Approval Process

• Final Approval
 Upon the recommendation of the New Executive Management Committee BOD
Product Committee, approves new (Approval)
products and services to be offered Final
• Recommendations for Approval Approval
 Oversees the New Product Approval New Product Recommended for Approval For Some
New Products
 Reviews New Product documentation
to ensure full evaluation of risk is
 Makes Recommendations on New
Products to Enterprise Risk Committee.
 Risk leaders sign off after vetting of New Product Committee
new product and New Product Committee (Review and Approval)
meeting is complete.
• Completion of New Product Form
 Works with business line to solicit input
on potential benefits and risks of new SBU Introduces New Product
 Should ensure that all necessary
documentation is collected and
researched to complete New Product
Sponsoring Business Unit
(Pitches New Product)

Drivers/Triggers for the New Product Approval Committee
• New Regulation, i.e.:
– Dodd-Frank Act
• The “Volcker” Rule
– Will cause banks to exit certain proprietary businesses/products
• Compensation and Governance
• Living Wills/Basel III
– Capital Impacts of products and services

• New Regulators, i.e.,

– Dodd-Frank Act
• Systemic Oversight Council
• Consumer Financial Protection Bureau
• Migration of OTS oversight to OCC

• Changes in market conditions

– Changes in market conditions can drive the need to for new products including hedging
strategies for risk mitigation purposes or new products to capitalize on shifting consumer
market demand

Critical Success Factors for a Robust New Product Approval Process

• The definition of what is considered a New Product should be socialized across

the company to ensure accountability and compliance.

• There should be clear delegations of authority for approval, review by

constituents of business plan, and agreed materiality thresholds.

• The New Product Committee should have disciplinary authority in place to

address non-compliance.

• The Board of Directors should ratify product changes and in cases of changes in
strategy have approval authority.

Strategic Initiative Oversight
Strategic Risk Oversight Key Considerations
• Recognize strategy, strategic planning and assessment as an on going cycle
– Build in touch points

• Integrate existing risk practices into the strategic planning and assessment
– Consider risk by category
– Establish metrics/limits for on going monitoring
– Align strategic initiatives with committee oversight

• Determine protocols for assessment of risk to achieving strategic objectives:

– Role of Board, Management and Risk/Chief Risk Officer
– Articulate risk appetite and limits
• Timing and escalation protocols

Strategic Risk Management Considerations

Strategic risk management

Component Evaluation criteria
 High level of involvement throughout the organization
Risk management
culture  High-quality, well-structured risk management Risk Extreme Risk &
control event econo
proces manage mic
 Accuracy of risk identification and monitoring ses ment capital
Risk control s
 Availability and effectiveness of programs for
compliance and post loss remediation Risk management culture

 Use of scenario analysis and stress testing which flow into an early warning system and a
Extreme event disaster and contingency plan
 Ability to mitigate risk and keep an adequate amount of catastrophe reinsurance

Risk and economic  Capacity to develop and use accurate risk and economic models
capital models  Capability to validate the data and results of these models

Strategic risk  Processes to ensure proper alignment of retained risk profiles

 Maintenance of metrics for strategic asset allocation and risk-adjusted return

Risk Assessment of Strategic Business Objectives and Initiatives

Strategic Risk assessment and

Risk identification
Planning prioritization

Key activities
 Review 3-5 year business plan,  Based on information gathered, create  Develop likely and worst case
business objectives, company goals customized and company-specific risk scenarios from key external
and strategies profile risks
 Gather research, documents, to identify  Develop risk ranking criteria (impact,  On going discussion to
potential strategic initiatives vulnerability, speed of onset) prioritize key strategic and
 Document and prioritize strategic emerging risks for scenarios
initiatives  Develop monitoring roadmap
for tracking strategic initiatives
milestones and periodic status

On going cycle of planning, assessment and prioritization

Tools For Assessing Strategic Risk
• Peer Benchmarking
• Consider performing a benchmarking analysis against industry peers
• Executive Workshops
• Identify risks against strategic objectives
• Critically evaluate strengths and weakness and target weakness
• Reassess regularly
• Top down risk assessment
• Identify and prioritize top 10 risks to the organization to achieving objectives
• Scenario analysis
• Stress test business plans for relevant threat scenarios (e.g., economic downturn, cat and large losses,
competitive pressures, etc.)
• ERM’s should focus on preparation of risk mitigation strategies that are designed to support senior
management’s business plan
• Work closely with the finance and investment and functions to demonstrate the sensitivity of business plans to
external factors, underlying assumptions and unanticipated variance in assumptions.
• Provide research and analysis on external trends that would inform senior management decision making
regarding areas of growth or investment
• Risk Selection
• Assess and react to short term and long term market conditions to choose which risks to take and which to retain:
• Consider using Risk Reward analysis or just combined ratio targets
• Cycle Management (Credit, Interest Rate or Equity Market Cycles)
• Strategic trade-offs in Investment Selection
• Assess risks based on risks embedded in products
• Recognize long term view of risk adjusted returns of investment choices

Enterprise Risk Management can Facilitate Strategic Risk
Oversight and the New Product Approval Process

Management actions
Risk/Reward frontier
• ERM processes can be used to assess how specific
management actions move the company on the

risk/reward frontier:
– Providing a cost benefit analysis of specific risk
mitigation activities
– Determining the set of activities to be deployed
in the event of an extreme risk event
= same reward with lower risk Capital allocations
= higher reward with same risk
• Management can use ERM to determine the most
= higher reward with appropriately
efficient allocation of capital across the organization:
higher risk
– Using models to determine necessary levels of
Strategy capital to support each business and its risk
• ERM provides a framework for assessing the
benefits and risks of various strategic decisions: Communication
– Identifying the potential risks inherent in a new • The insights gained through robust ERM practices
strategy allow management to communicate more effectively
– Determining the changes in control frameworks, about risk:
governance, and reporting required to support a – Designing clearer and more informative risk
new strategy disclosures that go beyond the minimum
– Measuring the impact of strategic decisions on requirements to better inform stakeholders
company value on a risk-adjusted basis – Developing more robust risk reporting
frameworks 25
Questions & Answers
Presenter Biography

Firm Director Experience: Over 20 years experience assisting clients in

Financial Services Industry building, enhancing and integrating their risk management
Governance Risk & Regulatory practices.
Deloitte & Touche LLP
Education: Rutgers University B.A. Information Management, M.B.A.
New York, NY
+1 212 436 5346

Dolores Atallo is a Firm Director and a tenured leader in the Governance Risk And Regulatory Strategy financial services
practice focusing on Enterprise Risk Management (ERM), Corporate Governance, Enterprise, Credit and Operational Risk.
Currently, she is the Co-Lead of the Deloitte Financial Reform Center of Excellence and the US Leader for Living Wills. She
also serves as the National Relationship Leader for the Federal Home Loan Bank System.

Dolores has extensive experience assisting clients in building, enhancing and integrating their risk management practices
from the Board of Directors to the business process level. She advises the firm’s financial services clients on full life cycle
risk management projects, by designing and enhancing ERM programs that assess risk as business impact and analyze
opportunities to efficiently leverage risk, control and compliance initiatives. In this role, she advises board members and
senior management in matters of governance practices, committee charters and structures, articulation of risk appetite,
thresholds, metrics and risk program branding, linkage to strategy, cultural integration and program implementation,
including training and facilitation.

Prior to joining Deloitte & Touche in 1996, Dolores was a charter member of Coopers & Lybrand’s In-Control Services
Practice, an early adopter among the Big Four to focus on the linkage between governance, risk management, internal
controls and regulatory compliance. She specialized in risk management and regulatory services for the financial services
industry and also served as the global leader for COSO training.

Dolores speaks and publishes extensively on topics related to enterprise risk management most recently for the Federal
Financial Institutions Examination Council (FFIEC), Fiduciary Investment Risk Management Association (FIRMA), the
Professional Risk Managers International Association (PRMIA) and International Financial Services Association (IFSA).
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering
accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a
substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may
affect your business. Before making any decision or taking any action that may affect your business, you should consult a
qualified professional advisor.

Deloitte, its affiliates and related entities shall not be responsible for any loss sustained by any person who relies on this

A member firm of
Copyright ©2011 Deloitte Development LLC. All rights reserved. Deloitte Touche Tohmatsu 28