SlideShare une entreprise Scribd logo

A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper)

NAFCU Services Corporation
NAFCU Services Corporation

“Many firms have made progress in developing their risk appetite frameworks and have begun multiyear projects to improve the supporting IT infrastructure,” said David M. Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk solutions, we have seen much more interest over the past three years in firms looking to have additional technology to support a firmwide view of risk exposures. Learn more at: www.nafcu.org/sas

1  sur  14
Télécharger pour lire hors ligne
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy CONCLUSIONS PAPER Insights from a Global Association of Risk Professionals (GARP) webcast sponsored by SAS Featuring: Deepa Govindarajan, Lecturer, IMCA Centre, Henley Business School, University of Reading Lon O’Sullivan, Executive Director, Firm Market Risk, Morgan Stanley David M. Wallace, Global Financial Services Marketing Manager, SAS Peter Went, Senior Researcher, Global Association of Risk Professionals (GARP) Research Center
SAS Conclusions Paper Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Icebergs and Unsinkable Ships. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Risk Appetite: What It Is and What It Isn’t . . . . . . . . . . . . . . . . . . . . . . 3 Risk Appetite, Risk Tolerance, Risk Profile and Risk Ceiling . . . . . . . 3 Seven Recommendations for Stronger Risk Management. . . . . . . . . 5 1. Address the Full Risk Ecosystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Create a Meaningful Risk Appetite Statement. . . . . . . . . . . . . . . . . . 6 3. Manage the End-to-End Risk Life Cycle. . . . . . . . . . . . . . . . . . . . . . 6 4. Establish an Environment of Collaborative Decision Making. . . . . . . 6 5. Strike a Balance Between Bottom-Up and Top-Down Approaches . 7 6. Report on Risk in a Way that Supports Sound Decisions. . . . . . . . . 8 7. Establish Ownership at Multiple Levels of the Company. . . . . . . . . . 9 Closing Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 About the Presenters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy Introduction “ firms that recorded relatively larger unexpected losses tended to champion … the expansion of risk without commensurate focus on controls across the organization or at the business-line level.” “ senior management’s drive to generate earnings was not accompanied by … clear guidance on the tolerance for expanding exposures to risk.” “ balance sheet limits may have been freely exceeded rather than serving as a … constraint to business lines.” “ irms rarely compile for their boards and senior management relevant measures F of risk … a view of how risk levels compare with limits, the level of capital that the firm would need to maintain after sustaining a loss of the magnitude of the risk measure, and the actions that management could take to restore capital after sustaining a loss.” Those words came from the report, Risk Management Lessons from the Global Banking Crisis of 2008, submitted by the international Senior Supervisors Group. In hindsight, the authors could have dropped the year from that title. They did drop it the next year, when their report focused on risk management frameworks and the IT infrastructures that support those frameworks. The report card for financial services firms wasn’t much “ n integrated, firmwide risk A better in that report: management system – one that “ no single firm was observed to have developed a fully comprehensive … can provide immediate analysis framework containing all the better practice elements described in this report.” and speedy results… is going “ aggregation of risk data remains a challenge for institutions, despite its … to be key to success in the criticality to strategic planning and decision making.” volatile financial environment that we are clearly are going to “…considerably more work is needed to strengthen those practices that were revealed to be especially weak at the height of the crisis.”1 have for the next several years.” David Wallace “Many firms have made progress in developing their risk appetite frameworks and have Global Financial Services Marketing begun multiyear projects to improve the supporting IT infrastructure,” said David M. Manager, SAS Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk solutions, we have seen much more interest over the past three years in firms looking to have additional technology to support a firmwide view of risk exposures. “Consolidation of risk data on spreadsheets doesn’t provide the required ability for stress testing and scenario analysis. An integrated, firmwide risk management system – one that can provide immediate analysis and speedy results, one that can allow senior management and boards of directors to make decisions in near-real time – is going to be key to success in the volatile financial environment that we are clearly are going to have for the next several years.” 1 Source: Senior Supervisors Group, Observations on Developments in Risk Appetite Frameworks and IT Infrastructure, December 29, 2010. 1
SAS Conclusions Paper Icebergs and Unsinkable Ships “The recent financial meltdown has come as something of a shock to those who had been led to believe the modern financial industry had seen the end of boom-and- bust cycles, through the optimization of resource allocation and very sophisticated risk diversification managed by very intelligent people sitting in financial analyst firms,” said Deepa Govindarajan, a lecturer at the Henley Business School at the University of Reading. “As a consequence of the crisis, firms, regulators and governments are paying much more attention to recovery and resolution plans, stress testing, and other tools to prevent future crises. Still, the correct scrutiny of corporate risk appetite has been given considerably less attention than other prominently debated mechanisms, such as macroprudential oversight and resolution tools. This might be because some influential commentators and regulators are still intrinsically wedded to the belief that the need for a regulatory presence or intervention is solely for cases where the market failed to make “ e may build very well- W its own corrections. In their view, the regulators’ place in the financial world is to ensure capitalized firms and have that failing firms are wound down in an orderly manner, and that any systemic bubbles are addressed as they come up. excellent macroprudential oversight, but it’s really “This sounds perfectly reasonable and proportionate, but it is based on an immature important that strategic philosophy that views the world solely through the lens of utopian mathematical economic models, such as those that assume that other things remain constant. choices are evaluated in conjunction with the risks “Here’s a simple analogy. Even if we build a very robust passenger ship – the Titanic, those choices pose. … for example – it is advisable not to crash it into icebergs every day. It is really important that the ship is well-run and on a sensible course in the first place. We need to ensure We must adopt a more that the crew is not incentivized to take disproportionate risks that could cause a tragic realistic approach to the catastrophe, even if the Coast Guard has sophisticated weather reports, or even if there management of risk, beyond are enough lifeboats to get people ashore. simply attempting to prevent “Similarly, we may build very well-capitalized firms and have excellent macroprudential stakeholder detriment or oversight, but it’s really important that strategic choices are evaluated in conjunction with addressing it after the fact.” the risks those choices pose. More attention deserves to be paid to proactively holding boards accountable, and by this, I mean by institutional investors [and] regulators who Deepa Govindarajan are more really informed parties within the discussion about the firm itself. We must Lecturer, IMCA Centre, Henley Business adopt a more realistic approach to the management of risk, beyond simply attempting School, University of Reading to prevent stakeholder detriment or addressing it after the fact. “As the first port of call, a formal risk appetite statement allows the board to provide strong boundaries within which management executes business strategy. It allows interested parties to properly evaluate those strategic choices. In situations where boards are unwilling or unable to disclose this information more widely, we would require regulators to step in to address those deficiencies, because there are some discussions that can only be held in a closed room.” 2
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy Risk Appetite: What It Is and What It Isn’t “Experts argue that because risk appetite has been poorly understood, both by boards “ isk appetite is complex. R and by senior management, in turn, it was inappropriately implemented by those who were mandated to assume risks on a daily basis,” said Peter Went, Senior Researcher It reflects risk culture. It reflects at the Global Association of Risk Professionals (GARP) Research Center. “That is widely how well active risk taking is believed to have contributed to the extent of this crisis.” understood and incorporated In a perfect world, risk appetite is: into the institutional, cultural, strategic and governance fabric • Defined as the level and duration of quantifiable and active risk exposure (including the potential for adverse outcomes) that organizations are willing and/or able to of the firm. If it is not incorporated assume to achieve strategic objectives. well, this delicate structure • Embedded in the governance framework in support of stakeholders’ tactical and breaks at its weakest link.” strategic priorities, decisions and objectives. Peter Went • Reflected in hard and soft risk metrics – such as threshold income levels and Senior Researcher, GARP Research Center benchmark risk-adjusted return levels – that support business decision making and reporting, both internal and external. • Understood to be a continuously evolving and consistently articulated connection between strategic objectives and realities, target setting and follow-up, and risk management priorities. “Risk appetite is both a process – developing the framework – and a policy statement that reflects the risk appetite,” said Went. “A formal risk appetite statement, effectively stated, allows the board to provide strong boundaries within which management executes business strategy. A consistently promoted, policed and polished risk appetite is an essential component of any robust risk architecture.” Risk Appetite, Risk Tolerance, Risk Profile and Risk Ceiling What do we mean by risk appetite? People often talk about risk ceiling, appetite, “ isk appetite is a continuously R tolerance and profile in the same breath, when they actually mean different things. Figure 1 presents Govindarajan’s approach to differentiating these terms. evolving and consistently articulated connection Risk ceiling. The black line at the top of the chart represents the risk ceiling, the between strategic objectives threshold beyond which firms would no longer be able or allowed to operate. This threshold could be breached by financial weakness, loss of reputation or other and realities, target setting temporary shock from which the firm might not recover without extreme measures, such and follow-up, and risk as government intervention. management priorities.” Risk appetite. The red line depicts risk appetite, the aggregated account of the Peter Went, board’s willingness to allow management to take certain risks in the pursuit of strategic Senior Researcher, GARP Research Center objectives. While the risk ceiling is relatively stable (assuming there’s no major financial crisis), the risk appetite does change to reflect internal and external conditions. 3
SAS Conclusions Paper Risk profile. The green line describes the risk profile, the true risk position of the firm at any given point. “The diagram shows that it takes a little bit of time for the actual risk profile of the firm to adjust to changes in risk appetite, assuming it’s a well-run firm, and people actually do what the board wants them to do,” said Govindarajan. Risk tolerances. The two blue lines reflect the risk tolerances, the boundaries within which executive management is willing to allow the true, day-to-day risk profile of the firm to fluctuate. “The upper line reflects the level to which the risk profile can rise before the executive team expects board intervention,” said Govindarajan. “The lower bound of risk tolerance reflects the minimum level of risk the executive team would expect to take “ ome argue that risk appetite S Terminology to achieve strategic objectives. We cannot achieve returns without risk. The risk-bearing capacity is basically that zone below the risk ceiling in which the firm seeks to achieve a is simply a chicken-and-egg trade-off between risk and return.” problem. The risk culture 6 reflects the risk appetite, and Ri sk Ce i l i ng the risk appetite shapes the 5 risk culture. Acknowledging this Ri sk Appe ti te interrelationship is essential, 4 since these two jointly define 3 Ri sk Profi l e the level, complexity and aggressiveness that firms can 2 Ri sk take risks and expose their Tol e rance - Uppe r stakeholders to these risks.” 1 Ri sk Tol e rance - Peter Went Lowe r Senior Researcher, GARP Research Center 0 Jan- Feb- Mar- Apr- May- Jun- Jul- Aug- Sep- Oct- 09 09 09 09 09 09 09 09 09 09 Ti me Hori z on Figure 1. The relative relationships among risk ceiling, risk appetite, risk profile and risk tolerances. It is important to distinguish between risk appetite and risk tolerance, because they are not the same thing, said Govindarajan. “In the real world, there is invariably a time lag between the communication of a board decision, the change in risk appetite, and the reality of when management can translate that into credible actions. … Setting the ongoing tolerance to the variability of the profile allows executive management to react to factors such as movements in the market, the competence of staff in achieving targets, cultural issues, measurement errors and model risks. “Even where risk appetite is understood and deployed effectively, events such as limit breaches can and do occur, and we all know that in our day-to-day world. An upper bound of risk tolerance therefore provides a legitimate and formal means for executive management to ensure that the time lag in the transmission of risk appetite to each of the various business areas does not result in breaches of the board’s risk appetite on a day-to-day basis. 4
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy “The headroom between the risk profile and the upper bound of risk tolerance allows “ eflect on your own risk R management to deploy resources and take necessary mitigating actions before risk appetite statement, if you appetite as a whole is infringed. It also gives executives the freedom and the legitimacy to engage in risk taking and to act without constantly referring back to the board have one, and see whether room or requiring regulatory nannying. The lower bound is also important, because it it reflects a difference underlines the extent to which executive teams believe that it makes credible business between risk appetite and sense to make further investments that would result in the reduction of risk. There is no point reducing risk if it the investment is not generating return.” risk tolerance, whether you make a clear distinction “Reflect on your own risk appetite statement, if you have one, and see whether there between risk tolerances and it reflects a difference between risk appetite and risk tolerance, whether you make a clear distinction between risk tolerances and risk profiles, and whether your resource risk profiles, and whether your deployment and your investments reflect your risk appetite in appropriate policies, resource deployment and your processes, systems and transparent limits.” investments reflect your risk appetite in appropriate policies, Seven Recommendations for Stronger Risk Management processes, systems and transparent limits.” Our panelists discussed seven practices that bring greater clarity to risk appetite while also embedding it into the overall risk management framework. Deepa Govindarajan Lecturer, IMCA Centre, Henley Business School, University of Reading 1. Address the Full Risk Ecosystem In setting risk appetite, firms will attempt to quantify and analyze five common types of risk, said Lon O’Sullivan, Executive Director of Firm Market Risk at Morgan Stanley: • Market risk focuses on changes in portfolio value related to changes in market prices, correlations and volatilities, using tools such as Value at Risk (VaR) analysis, stress testing and reverse stress testing to articulate this risk and quantify it to senior management. • Credit risk relates primarily to lending and counterparty risk, pricing that risk and setting appropriate limits. “This is a critical piece for most banks, as a big chunk of the exposures that any financial institution will face has to do with counterparties Benefits of a Sound Risk and lending activities,” said O’Sullivan. Appetite Statement • Operational risk relates to processes and people, uncovering operational risk • Establish and communicate a issues and determining how to mitigate them, often revealed through such tools high-level strategy. as risk and control self-assessment (RCSA). • Ensure good governance and • Liquidity risk concerns the ability to fund and trade the products on the balance board accountability. sheet, to manage the sources and maturities of the funding, and to make sure • Evaluate performance and temper there is a sufficient liquidity pool. irrational exuberance. • Capital risk, or the risk of a company losing the amount of an investment, has become one of the most important aspects of the firm in the last few years, and • Mitigate capital and other financial one of the key metrics used to measure risk appetite and risk tolerance. risks. • Manage risk in holistic context. 5
SAS Conclusions Paper 1. Create a Meaningful Risk Appetite Statement “Risk appetite is a corollary for business strategies, so boards that cannot articulate or “ isks are not additive in nature. R oversee risk appetite are inherently saying they cannot oversee the associated business strategy,” said Govindarajan. “Currently, executives have found it difficult to engage the If we were to take any traditional risk appetite statement, because the statement has come to resemble a series of very firm and simply sum up the empty platitudes. The banality of such statements ensures that they cannot be turned lowest limits there, no firm into practical policies, and this clearly defeats the motives of soundness, consistency and transparency. would be in business. There are diversifications and correlations “Some boards have delegated the creation of risk appetite statements to the executive to consider to understand how team or to the risk management function. This may be due to the mistaken belief that risk appetite can be aggregated from the underlying limits currently used within the risk the risks actually evolve in the management framework, which, unfortunately, means that the cart is placed before market and can interact or the horse. In such cases, interactions of risks – and the articulation and balancing of trigger each other.” stakeholder objectives – have inadvertently been glossed over. Lon O’Sullivan “It is important that risk appetite is articulated by the board. The executives must then Executive Director, Firm Market Risk, translate that risk appetite into sensible processes, policies, limits and procedures.” Morgan Stanley 3. Manage the End-to-End Risk Life Cycle Financial firms must have a mechanism that manages all the stages of the risk life cycle and aligns with the risk appetite statement. It must also have formal processes to: • Identify the key risks in their area, on all five dimensions described earlier. • Assess the potential impact of these risks, using standardized risk measurement methodologies and reporting. • Implement a control structure around these risks – such as stated limits, ongoing monitoring and early warning of potential breaches – to certify that risk appetite is being appropriately managed. • Report on all of the firm’s risk exposures, material concentrations and key risk indicators (KRIs). • Manage those risks to optimize the risk and capital profile, advise senior management on risk-based decisions, and help the corporate board and senior management set appropriate risk appetite levels. “Reporting needs to occur at a variety of levels – at a very granular level and a very high level – to be able to aggregate a comprehensive set of risk reports that capture the full populations of positions and counterparties in one’s portfolio,” said O’Sullivan. 4. Establish an Environment of Collaborative Decision Making Higher-risk products may carry higher margins; more conservative products deliver lower returns. Therefore, should the risk management function define the product mix that traders should sell? Whose responsibility is it to strike that balance between marketing/sales revenues and risk management controls? 6
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy This is a provocative question for which the answer is evolving, said Went. “We have “f you look at the lessons from I seen a change in practice in that the control function is getting more and more power in some decisions. Even though it should not be the risk managers’ role to decide what the financial crisis, it seems trades to put on, their voices have to be heard. Their understanding of other risk aspects that many risk decisions were that perhaps the business side is not fully aware of must be incorporated in these made in silos. There wasn’t decisions. It should be an integrated and mutually supportive discussion between the a very good feedback loop business and the control side. between the bottom-up risk “I cannot masquerade as a trader, and traders cannot masquerade as risk managers. It decisions and what the board is more important for these two professional groups to jointly arrive to a solution that is and senior management not only beneficial for the trader but also beneficial for the long-term success, survivability and sustainability of the institution.” understood was going on from the perspective of the 5. Strike a Balance Between Bottom-Up and Top-Down Approaches risk appetite and the level of O’Sullivan described and compared two very different models for managing risk: bottom- exposures that were trending up and top-down. up in many cases during the “Bottom-up risk management considers risk at the transaction or risk factor level and height of the crisis.” is very detailed. For each product or position that comes on, an evaluation is done. David Wallace Limits or other controls are set at the individual trading desk or at the business level. Global Financial Services Marketing Risk reporting is typically done at the product or business level as well. Market, credit, Manager, SAS operational and liquidity risks tend to be managed independently at this level. Risk and business heads attempt to put the story together in order to construct the big picture. “The advantage to this bottom-up approach is that you get much more detailed information about product or business-facing risks in your portfolio. You are able to independently evaluate market, credit and operational risk in isolation – and spend a lot of time thinking about how each will impact the desk level or an individual transaction. You get a very detailed understanding of each transaction, which makes it easier to manage at a very granular level. Typically, you are working with heads of desks or individual traders to define the risk appetite and tolerance, and to negotiate amongst these parties. The challenge here is that it is very difficult to see the forest when you’re focused on “ he advantage to this T specific trees.” bottom-up approach is that you get much more detailed “If you look at the lessons from the financial crisis, it seems that many risk decisions were made in silos. There wasn’t a very good feedback loop between the bottom-up risk information about product or decisions and what the board and senior management understood was going on from business-facing risks in your the perspective of the risk appetite and the level of exposures that were trending up in portfolio. … The challenge here many cases during the height of the crisis,” said Wallace. is that it is very difficult to see In contrast, a top-down risk management approach takes a more enterprise-level view the forest when you’re focused of risk, looking across combined market, credit, operational, liquidity and capital risks. on specific trees.” Stress testing and reverse stress testing is implemented across all products, businesses and risk types. There may be a dedicated team that works with business and risk heads Peter Went to manage the big picture. Risk appetite decisions are made at the firm level. Senior Researcher, GARP Research Center 7
SAS Conclusions Paper “The key advantage of this approach is that you can focus not only on individual transactions but also the correlations amongst the various assets, products, positions and counterparties,” said O’Sullivan. “We can consider risks across businesses and across products. “Putting together a cohesive picture of risk across all dimensions is challenging, and “ ffective risk management E something that needs to be invested in by firms to consider all risks, not just individual is often about delivering the risks. Sometimes the sum of the parts is more than the whole, and sometimes it’s less, but putting this kind of structure in place will allow firms to gain competitive advantage.” message in a simple and clear manner, while still translating 6. Report on Risk in a Way that Supports Sound Decisions the key message or challenge “Risk reporting sometimes gets trivialized as just something that one does,” said that will require a risk decision O’Sullivan. “However, it is one of the most critical components of the risk framework. to be made. Many risk Poor risk reporting, missing exposures, not having consistency in the way that you’re managers are notoriously poor thinking about risks – it all equals bad decision making in firms. at this critical management “Good risk reporting should cover all material product areas and all of the skill.” aforementioned risks. It should use standardized measures, so risks can be clearly communicated,” said O’Sullivan. “If we have, say, interest rate risk being calculated Lon O’Sullivan Executive Director, Firm Market Risk, one way for one position and a different way for another position, how would the firm Morgan Stanley put those risks together and determine its aggregate risk exposure on interest rates? Without standardized measurements, it is very difficult for a board or senior executives to act on a risk decision.” Risk reporting should reflect ongoing monitoring of key controls, such as position limits or VaR limits, so the control process is transparent and senior management can evaluate how the portfolio stands relative to risk appetite. Equally important, risk reporting should address its audience, be readily understood by them, and be comprehensive enough to support decisive action. “The second element of delivering the message is effective management through risk advisory,” said O’Sullivan. “In my view, risk advisory is the most important element in risk management. Measuring and reporting is fundamental, but influencing risk decisions is the most important aspect of being a risk manager. “In order to exert that influence, you have to be able to explain a case to board members who are not likely to be intimate with the jargon and complexities of risk professionals. Therefore, the most effective risk managers are those who can make themselves understood to an audience that might not have a technical or risk background. When I construct presentations, I often think: If I had to give this presentation to my grandmother, would she understand it? And if my answer is no, then I start over.” 8
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy 7. Establish Ownership at Multiple Levels of the Company O’Sullivan summarized three levels of governance that would typically occur in a financial “ ood risk management is not G institution: only about having the right • At the top of the list is the Board Risk Committee, a subcommittee of the board answer. It’s about being able to of directors that is chartered to handle specific risk issues. Typically composed of communicate the answer and non-management directors, this subcommittee sets risk appetite, enforces the risk governance structure and monitors the risk profile against the agreed-upon risk influence the correct decision appetite. to be made.” • Executive Risk Committees are management committees typically composed of the Lon O’Sullivan most senior officers (C-level executives and their direct reports). These committees Executive Director, Firm Market Risk, tend to meet once or twice a month and are accountable for day-to-day risk Morgan Stanley management for the firm. • Divisional Risk Committees are charged with looking at each division independently and coming up with a risk strategy and a risk tolerance. These committees are typically made up of desk heads and other key executives who meet weekly and focus on business-specific issues. “Effective governance means that information flows seamlessly up and down this hierarchy of risk committees,” said O’Sullivan. “Risk decisions made by the Board Risk Committee should be pushed down to the Executive Risk Committee and ultimately down to the Divisional Risk Committees. A feedback and interaction loop flowing up the chain is equally important.” “ here should be no such thing T Govindarajan agreed: “There should be ownership at board level, ownership at executive as a separate, standalone level, and ownership within the firm. The board must oversee how the scene is set and balance strategic objectives. Executives must manage the risk profile and the risk risk appetite framework. Risk management framework. And through a good risk culture, the organization must own appetite guides your risk the risk appetite statement.” management framework and the way you manage risk within Closing Thoughts the firm.” “Boards that view risk functions simply as a way to keep out of trouble – and who do not Deepa Govindarajan play an active role in setting risk appetite and risk limits – are really not doing a service Lecturer, IMCA Centre, Henley Business to their shareholders,” said O’Sullivan. “Risk is also about addressing strategic business School, University of Reading risk and future business opportunities, in addition to managing what’s currently on the books.” Effective governance structures promote better management of future risks, as well as better understanding of past risks. “To do this well – to establish a meaningful risk appetite statement and framework – requires consistent and unwavering support and monitoring by the board and faithful enforcement by senior management,” said Went. “That is why risk appetite is not a static statement, but rather a proactive and dynamic framework that distills changing conditions, possibilities and constraints.” 9
SAS Conclusions Paper About the Presenters Deepa Govindarajan Lecturer and Visiting Fellow, ICMA Centre Henley Business School, University of Reading Deepa Govindarajan, Lecturer and Visiting Fellow at the ICMA Centre at the University of Reading’s Henly Business School, teaches compliance, risk management and regulation within the master’s program. Her research interests cover corporate risk appetite, senior management arrangements and governance within financial institutions, qualitative decision making, operational risk, the sociopolitical context of banking and financial regulation, and the comparative study of international banking regulations. Govindarajan periodically serves as an independent expert advisor to regulators, banks, asset managers and insurers. She facilitates board discussions related to the definition and dissemination of risk appetite, and the risk implications of strategic choices. As a specialist in governance and risk oversight, Govindarajan also evaluates financial firms’ governance arrangements, risk management frameworks and risk culture. In addition to roles at Citigroup, the UK Financial Services Authority (FSA), and Lloyds Banking Group, Govindarajan has also held positions in consulting and academia. Lon O’Sullivan, FRM Executive Director, Firm Market Risk Division Morgan Stanley As Executive Director in Morgan Stanley’s Firm Market Risk Division, Lon O’Sullivan leads the Global Portfolio Analysis group and is responsible for briefing senior management on key market risk exposures. He spent three years at Morgan Stanley’s London office, where he was responsible for creating the regional analysis and reporting team. Prior to Morgan Stanley, O’Sullivan worked as a market risk manager for foreign exchange and commodity risk, and as an equity derivatives product controller at Deutsche Bank. O’Sullivan earned a bachelor’s degree in economics from Binghamton University, State University of New York (SUNY), and a master’s in finance from the London Business School. He has been a certified Financial Risk Manager (FRM®) with the Global Association of Risk Professionals (GARP) since 2005. O’Sullivan served on the committee for GARP’s professional chapter in London before his relocation back to New York and is currently a co-director for the New York chapter of GARP. 10
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy David M. Wallace Global Financial Services Marketing Manager SAS As Global Financial Services Marketing Manager for SAS, David M. Wallace is responsible for defining industry strategy for the banking and capital markets segments of the global financial services industry. He has more than 30 years of experience in applying information technology to solve customer needs, including a focus on the financial services industry for nearly 20 years. Before joining SAS, Wallace was Manager, Corporate Investment Banking, Americas FSI Marketing for Hewlett-Packard. He also held a number of senior sales and marketing positions over a 23-year career at HP. During a 10-year assignment managing the relationship with a top-five US financial services firm, Wallace was responsible for client projects in consumer banking, commercial banking, trust administration, retirement services, corporate and investment banking, shared services, and retail brokerage, among others. Wallace holds a bachelor’s degree in economics from the University of North Carolina at Wilmington and an MBA from East Carolina University. Peter Went Senior Researcher GARP Research Center Peter Went is a Senior Researcher for GARP’s Research Center, where he conducts research in financial risk management. Went has co-authored five books on risk management and numerous articles on foreign exchange, global equity market and commodity risk, as well as on the effects of emerging financial regulation on financial and capital markets. Previously, Went worked for a boutique investment firm and taught finance and risk management at University of Nebraska and the University of Connecticut. Went has a degree in economics from the Stockholm School of Economics and a doctorate in finance from the University of Nebraska. He is a Chartered Financial Analyst (CFA) and a board member of Woodlands Financial Services Corporation. 11
About SAS SAS is the leader in business analytics software and services, and the largest independent vendor in the business intelligence market. Through innovative solutions, SAS helps customers at more than 55,000 sites improve performance and deliver value by making better decisions faster. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW ® For more information on . SAS® Business Analytics software and services, visit sas.com. SAS Institute Inc. World Headquarters   +1 919 677 8000 To contact your local SAS office, please visit: sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA egistration. Other brand and product names are trademarks of their respective companies. Copyright © 2012, SAS Institute Inc. All rights reserved. 105872_S83089_0712

Recommandé

Managing Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryManaging Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryFindWhitePapers
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk managementQuarterlyEarningsReports2
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk AppetiteHassan Zaitoun
 
Current Issues in Risk Mangement
Current Issues in Risk MangementCurrent Issues in Risk Mangement
Current Issues in Risk MangementCapco
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
Not-For-Profit Risk Management & The 7 Deadly Sins
Not-For-Profit Risk Management & The 7 Deadly SinsNot-For-Profit Risk Management & The 7 Deadly Sins
Not-For-Profit Risk Management & The 7 Deadly SinsCBIZ, Inc.
 

Recommandé

Managing Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryManaging Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryFindWhitePapers
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk managementQuarterlyEarningsReports2
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk AppetiteHassan Zaitoun
 
Current Issues in Risk Mangement
Current Issues in Risk MangementCurrent Issues in Risk Mangement
Current Issues in Risk MangementCapco
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
Not-For-Profit Risk Management & The 7 Deadly Sins
Not-For-Profit Risk Management & The 7 Deadly SinsNot-For-Profit Risk Management & The 7 Deadly Sins
Not-For-Profit Risk Management & The 7 Deadly SinsCBIZ, Inc.
 
Risk management-workshop-presentation
Risk management-workshop-presentationRisk management-workshop-presentation
Risk management-workshop-presentationsairatahir5
 
Supply Chain Recovery is a Competitive Capability
Supply Chain Recovery is a Competitive CapabilitySupply Chain Recovery is a Competitive Capability
Supply Chain Recovery is a Competitive CapabilityMissionMode
 
2015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.12015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.1Grant Fisher
 
Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Segun Ogunwale
 
4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking 4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking PECB
 
Jag Presentation V120601
Jag Presentation V120601Jag Presentation V120601
Jag Presentation V120601jagagnonconsultant
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaperEdgevalue
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Writing Sample 1
Writing Sample 1Writing Sample 1
Writing Sample 1John Maden
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyEMC
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Organizational Resilience Forum 2012
Organizational Resilience Forum 2012Organizational Resilience Forum 2012
Organizational Resilience Forum 2012Abu Dhabi University Knowledge Group (ADUKG)
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Steven McLaren
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteHassan Zaitoun
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Conference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And OutputConference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And Outputliztaylor
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Association for Project Management
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security InvestmentRoger Johnston
 
Chapter5.4
Chapter5.4Chapter5.4
Chapter5.4nglaze10
 
The Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
The Prophet Muhammad s.a.w Methods For Correcting People's MistakesThe Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
The Prophet Muhammad s.a.w Methods For Correcting People's MistakesFirdaus Wong Wai Hung
 

Contenu connexe

Tendances

Risk management-workshop-presentation
Risk management-workshop-presentationRisk management-workshop-presentation
Risk management-workshop-presentationsairatahir5
 
Supply Chain Recovery is a Competitive Capability
Supply Chain Recovery is a Competitive CapabilitySupply Chain Recovery is a Competitive Capability
Supply Chain Recovery is a Competitive CapabilityMissionMode
 
2015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.12015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.1Grant Fisher
 
Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Segun Ogunwale
 
4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking 4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking PECB
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaperEdgevalue
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Writing Sample 1
Writing Sample 1Writing Sample 1
Writing Sample 1John Maden
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyEMC
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Steven McLaren
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Conference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And OutputConference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And Outputliztaylor
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Association for Project Management
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security InvestmentRoger Johnston
 

Tendances (20)

Risk management-workshop-presentation
Risk management-workshop-presentationRisk management-workshop-presentation
Risk management-workshop-presentation
 
Supply Chain Recovery is a Competitive Capability
Supply Chain Recovery is a Competitive CapabilitySupply Chain Recovery is a Competitive Capability
Supply Chain Recovery is a Competitive Capability
 
2015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.12015 IA Presentation_G Fisher_V2.1
2015 IA Presentation_G Fisher_V2.1
 
Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)
 
4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking 4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking
 
Jag Presentation V120601
Jag Presentation V120601Jag Presentation V120601
Jag Presentation V120601
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance Mapping
 
Writing Sample 1
Writing Sample 1Writing Sample 1
Writing Sample 1
 
The Critical Incident Response Maturity Journey
The Critical Incident Response Maturity JourneyThe Critical Incident Response Maturity Journey
The Critical Incident Response Maturity Journey
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
Organizational Resilience Forum 2012
Organizational Resilience Forum 2012Organizational Resilience Forum 2012
Organizational Resilience Forum 2012
 
Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021Organisational Resilience Paper v0.021
Organisational Resilience Paper v0.021
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Conference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And OutputConference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And Output
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security Investment
 

En vedette

Chapter5.4
Chapter5.4Chapter5.4
Chapter5.4nglaze10
 
The Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
The Prophet Muhammad s.a.w Methods For Correcting People's MistakesThe Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
The Prophet Muhammad s.a.w Methods For Correcting People's MistakesFirdaus Wong Wai Hung
 
Quién es quién
Quién es quiénQuién es quién
Quién es quiénhorcajo64
 
Soliragchaa 3
Soliragchaa 3Soliragchaa 3
Soliragchaa 3Soko_92
 
Adding and subtracting fractions
Adding and subtracting fractionsAdding and subtracting fractions
Adding and subtracting fractionsnglaze10
 
Chapter1.8
Chapter1.8Chapter1.8
Chapter1.8nglaze10
 
Facebook advertising
Facebook advertisingFacebook advertising
Facebook advertisingPaul Stonier
 
Chapter2.8
Chapter2.8Chapter2.8
Chapter2.8nglaze10
 
Exploring patterns of expenditure among older people and what explains these
Exploring patterns of expenditure among older people and what explains theseExploring patterns of expenditure among older people and what explains these
Exploring patterns of expenditure among older people and what explains theseILC- UK
 
Introduction to sl4 a
Introduction to sl4 aIntroduction to sl4 a
Introduction to sl4 alouieuser
 
Using LinkedIn to Generate Business
Using LinkedIn to Generate BusinessUsing LinkedIn to Generate Business
Using LinkedIn to Generate BusinessPaul Stonier
 
Tsahim sudalgaa
Tsahim sudalgaaTsahim sudalgaa
Tsahim sudalgaaZaya80
 
Professional learning persuasive writing
Professional learning persuasive writingProfessional learning persuasive writing
Professional learning persuasive writingG.j. Darma
 
Bandwidth dan throughput
Bandwidth dan throughputBandwidth dan throughput
Bandwidth dan throughputslamet01
 
29Oct14 - Productive Ageing - Dr Ros Altmann
29Oct14 - Productive Ageing - Dr Ros Altmann 29Oct14 - Productive Ageing - Dr Ros Altmann
29Oct14 - Productive Ageing - Dr Ros Altmann ILC- UK
 
Chapter3.3
Chapter3.3Chapter3.3
Chapter3.3nglaze10
 

En vedette (20)

Chapter5.4
Chapter5.4Chapter5.4
Chapter5.4
 
The Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
The Prophet Muhammad s.a.w Methods For Correcting People's MistakesThe Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
The Prophet Muhammad s.a.w Methods For Correcting People's Mistakes
 
Quién es quién
Quién es quiénQuién es quién
Quién es quién
 
Soliragchaa 3
Soliragchaa 3Soliragchaa 3
Soliragchaa 3
 
Adding and subtracting fractions
Adding and subtracting fractionsAdding and subtracting fractions
Adding and subtracting fractions
 
The Talmud
The TalmudThe Talmud
The Talmud
 
Chapter1.8
Chapter1.8Chapter1.8
Chapter1.8
 
Facebook advertising
Facebook advertisingFacebook advertising
Facebook advertising
 
Chapter2.8
Chapter2.8Chapter2.8
Chapter2.8
 
Exploring patterns of expenditure among older people and what explains these
Exploring patterns of expenditure among older people and what explains theseExploring patterns of expenditure among older people and what explains these
Exploring patterns of expenditure among older people and what explains these
 
Week 6
Week 6Week 6
Week 6
 
AdvisorVault's Client View
AdvisorVault's Client ViewAdvisorVault's Client View
AdvisorVault's Client View
 
Introduction to sl4 a
Introduction to sl4 aIntroduction to sl4 a
Introduction to sl4 a
 
Using LinkedIn to Generate Business
Using LinkedIn to Generate BusinessUsing LinkedIn to Generate Business
Using LinkedIn to Generate Business
 
Tsahim sudalgaa
Tsahim sudalgaaTsahim sudalgaa
Tsahim sudalgaa
 
Professional learning persuasive writing
Professional learning persuasive writingProfessional learning persuasive writing
Professional learning persuasive writing
 
Bandwidth dan throughput
Bandwidth dan throughputBandwidth dan throughput
Bandwidth dan throughput
 
11.4
11.411.4
11.4
 
29Oct14 - Productive Ageing - Dr Ros Altmann
29Oct14 - Productive Ageing - Dr Ros Altmann 29Oct14 - Productive Ageing - Dr Ros Altmann
29Oct14 - Productive Ageing - Dr Ros Altmann
 
Chapter3.3
Chapter3.3Chapter3.3
Chapter3.3
 

Similaire à A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper)

Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0Amrut Joshi
 
Sap 2009 06 02 Risk Management
Sap 2009 06 02 Risk ManagementSap 2009 06 02 Risk Management
Sap 2009 06 02 Risk ManagementPierre Harboun
 
GRC CMAJ Bala and Shyam
GRC CMAJ Bala and ShyamGRC CMAJ Bala and Shyam
GRC CMAJ Bala and Shyamshyam sundar
 
Managingintoughtimes
ManagingintoughtimesManagingintoughtimes
ManagingintoughtimesVoscur Staff
 
The importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governanceThe importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governanceAtul
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureAndrew Smart
 
Risk and Return: Striking the Right Balance (Whitepaper)
Risk and Return: Striking the Right Balance (Whitepaper)Risk and Return: Striking the Right Balance (Whitepaper)
Risk and Return: Striking the Right Balance (Whitepaper)NAFCU Services Corporation
 
Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...
Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...
Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...FERMA
 
Managing amid uncertainty dtt
Managing amid uncertainty dttManaging amid uncertainty dtt
Managing amid uncertainty dttkengilo
 
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
 
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxCHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxketurahhazelhurst
 
View from the top. A board-level perspective of current business risks
View from the top. A board-level perspective of current business risksView from the top. A board-level perspective of current business risks
View from the top. A board-level perspective of current business risksThe Economist Media Businesses
 
Discussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docxDiscussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docxmadlynplamondon
 
40 whats different in the corporate world
40 whats different in the corporate world40 whats different in the corporate world
40 whats different in the corporate worldCarlos T.C. Fernandes
 
Dow Jones Watchlist White Paper
Dow Jones Watchlist White PaperDow Jones Watchlist White Paper
Dow Jones Watchlist White Paperwilshsh
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management studyLapman Lee ✔
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 
ASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESS
ASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESSASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESS
ASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESSRobin Beregovska
 

Similaire à A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper) (20)

Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0
 
Sap 2009 06 02 Risk Management
Sap 2009 06 02 Risk ManagementSap 2009 06 02 Risk Management
Sap 2009 06 02 Risk Management
 
GRC CMAJ Bala and Shyam
GRC CMAJ Bala and ShyamGRC CMAJ Bala and Shyam
GRC CMAJ Bala and Shyam
 
Managingintoughtimes
ManagingintoughtimesManagingintoughtimes
Managingintoughtimes
 
The importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governanceThe importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governance
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And Exposure
 
Risk and Return: Striking the Right Balance (Whitepaper)
Risk and Return: Striking the Right Balance (Whitepaper)Risk and Return: Striking the Right Balance (Whitepaper)
Risk and Return: Striking the Right Balance (Whitepaper)
 
Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...
Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...
Risk Governance Conference - Board Governance and Emerging Risks in the 21st ...
 
Managing amid uncertainty dtt
Managing amid uncertainty dttManaging amid uncertainty dtt
Managing amid uncertainty dtt
 
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
 
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docxCHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
CHAPTER 34Turning Crisis into OpportunityBuilding an ERM.docx
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
View from the top. A board-level perspective of current business risks
View from the top. A board-level perspective of current business risksView from the top. A board-level perspective of current business risks
View from the top. A board-level perspective of current business risks
 
Discussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docxDiscussion1Explaining the results of Efficient Frontier Analysis.docx
Discussion1Explaining the results of Efficient Frontier Analysis.docx
 
40 whats different in the corporate world
40 whats different in the corporate world40 whats different in the corporate world
40 whats different in the corporate world
 
Ssg risk mgt_doc_final_2008
Ssg risk mgt_doc_final_2008Ssg risk mgt_doc_final_2008
Ssg risk mgt_doc_final_2008
 
Dow Jones Watchlist White Paper
Dow Jones Watchlist White PaperDow Jones Watchlist White Paper
Dow Jones Watchlist White Paper
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management study
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk Management
 
ASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESS
ASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESSASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESS
ASSESSING THE RELATIONSHIP EFFECTIVE RISK ANALYSIS HAVE ON BUSINESS SUCCESS
 

Plus de NAFCU Services Corporation

Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014NAFCU Services Corporation
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models NAFCU Services Corporation
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...NAFCU Services Corporation
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...NAFCU Services Corporation
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comNAFCU Services Corporation
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...NAFCU Services Corporation
 
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...NAFCU Services Corporation
 
Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...NAFCU Services Corporation
 
Credit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesCredit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesNAFCU Services Corporation
 
Quantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programQuantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programNAFCU Services Corporation
 
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...NAFCU Services Corporation
 
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...NAFCU Services Corporation
 
Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)NAFCU Services Corporation
 
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)NAFCU Services Corporation
 

Plus de NAFCU Services Corporation (20)

Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
Keys to Subservicer Evaluation and Selection | Dovenmuehle 2014
 
Debt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | SecurianDebt: The Inheritance No One Wants | Securian
Debt: The Inheritance No One Wants | Securian
 
Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient? Can I Be Compliant and Efficient?
Can I Be Compliant and Efficient?
 
Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models Non-Interest Income and Future Business Models
Non-Interest Income and Future Business Models
 
Strategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ MyersStrategic Succession Planning | DDJ Myers
Strategic Succession Planning | DDJ Myers
 
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
Rising Above Uncertainty: Opportunities and Challenges for Credit Unions in P...
 
Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number? Credit Scores: What’s Behind the Number?
Credit Scores: What’s Behind the Number?
 
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
Insuritas: Boost Income and Expand Wallet Share by Engaging the Digitally Dis...
 
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.comInternational Payments Post Dodd-Frank: A Game Changer | eZforex.com
International Payments Post Dodd-Frank: A Game Changer | eZforex.com
 
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
Money Concepts: Slides for What to Look for in Your Wealth Manangement Progra...
 
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
Genworth Financial: Slides for Understanding Freddie Mac’s Loan Prospector Fe...
 
Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...Deluxe Financial Services: Building an effective social marketing program | D...
Deluxe Financial Services: Building an effective social marketing program | D...
 
Credit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivablesCredit Control: Best practices for outsourcing receivables
Credit Control: Best practices for outsourcing receivables
 
Quantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management programQuantivate: Ten tips to improve vendor management program
Quantivate: Ten tips to improve vendor management program
 
SAS Institute: Big data and smarter analytics
SAS Institute: Big data and smarter analyticsSAS Institute: Big data and smarter analytics
SAS Institute: Big data and smarter analytics
 
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
2013 NAFCU BFB Survey of Executive Compensation and Benefits (Presentation Sl...
 
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
Study Confirms Debit Strength, Reveals Reward Trends (Payment Choice Study Re...
 
Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)Five Truths to Defining Mortgage Strategy (Webinar Slides)
Five Truths to Defining Mortgage Strategy (Webinar Slides)
 
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
Branch Network Transformation: Staying Ahead of Shifting Priorities (Slides)
 
Desktop Underwriter® Training Webinar Slides
Desktop Underwriter® Training Webinar SlidesDesktop Underwriter® Training Webinar Slides
Desktop Underwriter® Training Webinar Slides
 

A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper)

  • 1. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy CONCLUSIONS PAPER Insights from a Global Association of Risk Professionals (GARP) webcast sponsored by SAS Featuring: Deepa Govindarajan, Lecturer, IMCA Centre, Henley Business School, University of Reading Lon O’Sullivan, Executive Director, Firm Market Risk, Morgan Stanley David M. Wallace, Global Financial Services Marketing Manager, SAS Peter Went, Senior Researcher, Global Association of Risk Professionals (GARP) Research Center
  • 2. SAS Conclusions Paper Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Icebergs and Unsinkable Ships. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Risk Appetite: What It Is and What It Isn’t . . . . . . . . . . . . . . . . . . . . . . 3 Risk Appetite, Risk Tolerance, Risk Profile and Risk Ceiling . . . . . . . 3 Seven Recommendations for Stronger Risk Management. . . . . . . . . 5 1. Address the Full Risk Ecosystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Create a Meaningful Risk Appetite Statement. . . . . . . . . . . . . . . . . . 6 3. Manage the End-to-End Risk Life Cycle. . . . . . . . . . . . . . . . . . . . . . 6 4. Establish an Environment of Collaborative Decision Making. . . . . . . 6 5. Strike a Balance Between Bottom-Up and Top-Down Approaches . 7 6. Report on Risk in a Way that Supports Sound Decisions. . . . . . . . . 8 7. Establish Ownership at Multiple Levels of the Company. . . . . . . . . . 9 Closing Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 About the Presenters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
  • 3. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy Introduction “ firms that recorded relatively larger unexpected losses tended to champion … the expansion of risk without commensurate focus on controls across the organization or at the business-line level.” “ senior management’s drive to generate earnings was not accompanied by … clear guidance on the tolerance for expanding exposures to risk.” “ balance sheet limits may have been freely exceeded rather than serving as a … constraint to business lines.” “ irms rarely compile for their boards and senior management relevant measures F of risk … a view of how risk levels compare with limits, the level of capital that the firm would need to maintain after sustaining a loss of the magnitude of the risk measure, and the actions that management could take to restore capital after sustaining a loss.” Those words came from the report, Risk Management Lessons from the Global Banking Crisis of 2008, submitted by the international Senior Supervisors Group. In hindsight, the authors could have dropped the year from that title. They did drop it the next year, when their report focused on risk management frameworks and the IT infrastructures that support those frameworks. The report card for financial services firms wasn’t much “ n integrated, firmwide risk A better in that report: management system – one that “ no single firm was observed to have developed a fully comprehensive … can provide immediate analysis framework containing all the better practice elements described in this report.” and speedy results… is going “ aggregation of risk data remains a challenge for institutions, despite its … to be key to success in the criticality to strategic planning and decision making.” volatile financial environment that we are clearly are going to “…considerably more work is needed to strengthen those practices that were revealed to be especially weak at the height of the crisis.”1 have for the next several years.” David Wallace “Many firms have made progress in developing their risk appetite frameworks and have Global Financial Services Marketing begun multiyear projects to improve the supporting IT infrastructure,” said David M. Manager, SAS Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk solutions, we have seen much more interest over the past three years in firms looking to have additional technology to support a firmwide view of risk exposures. “Consolidation of risk data on spreadsheets doesn’t provide the required ability for stress testing and scenario analysis. An integrated, firmwide risk management system – one that can provide immediate analysis and speedy results, one that can allow senior management and boards of directors to make decisions in near-real time – is going to be key to success in the volatile financial environment that we are clearly are going to have for the next several years.” 1 Source: Senior Supervisors Group, Observations on Developments in Risk Appetite Frameworks and IT Infrastructure, December 29, 2010. 1
  • 4. SAS Conclusions Paper Icebergs and Unsinkable Ships “The recent financial meltdown has come as something of a shock to those who had been led to believe the modern financial industry had seen the end of boom-and- bust cycles, through the optimization of resource allocation and very sophisticated risk diversification managed by very intelligent people sitting in financial analyst firms,” said Deepa Govindarajan, a lecturer at the Henley Business School at the University of Reading. “As a consequence of the crisis, firms, regulators and governments are paying much more attention to recovery and resolution plans, stress testing, and other tools to prevent future crises. Still, the correct scrutiny of corporate risk appetite has been given considerably less attention than other prominently debated mechanisms, such as macroprudential oversight and resolution tools. This might be because some influential commentators and regulators are still intrinsically wedded to the belief that the need for a regulatory presence or intervention is solely for cases where the market failed to make “ e may build very well- W its own corrections. In their view, the regulators’ place in the financial world is to ensure capitalized firms and have that failing firms are wound down in an orderly manner, and that any systemic bubbles are addressed as they come up. excellent macroprudential oversight, but it’s really “This sounds perfectly reasonable and proportionate, but it is based on an immature important that strategic philosophy that views the world solely through the lens of utopian mathematical economic models, such as those that assume that other things remain constant. choices are evaluated in conjunction with the risks “Here’s a simple analogy. Even if we build a very robust passenger ship – the Titanic, those choices pose. … for example – it is advisable not to crash it into icebergs every day. It is really important that the ship is well-run and on a sensible course in the first place. We need to ensure We must adopt a more that the crew is not incentivized to take disproportionate risks that could cause a tragic realistic approach to the catastrophe, even if the Coast Guard has sophisticated weather reports, or even if there management of risk, beyond are enough lifeboats to get people ashore. simply attempting to prevent “Similarly, we may build very well-capitalized firms and have excellent macroprudential stakeholder detriment or oversight, but it’s really important that strategic choices are evaluated in conjunction with addressing it after the fact.” the risks those choices pose. More attention deserves to be paid to proactively holding boards accountable, and by this, I mean by institutional investors [and] regulators who Deepa Govindarajan are more really informed parties within the discussion about the firm itself. We must Lecturer, IMCA Centre, Henley Business adopt a more realistic approach to the management of risk, beyond simply attempting School, University of Reading to prevent stakeholder detriment or addressing it after the fact. “As the first port of call, a formal risk appetite statement allows the board to provide strong boundaries within which management executes business strategy. It allows interested parties to properly evaluate those strategic choices. In situations where boards are unwilling or unable to disclose this information more widely, we would require regulators to step in to address those deficiencies, because there are some discussions that can only be held in a closed room.” 2
  • 5. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy Risk Appetite: What It Is and What It Isn’t “Experts argue that because risk appetite has been poorly understood, both by boards “ isk appetite is complex. R and by senior management, in turn, it was inappropriately implemented by those who were mandated to assume risks on a daily basis,” said Peter Went, Senior Researcher It reflects risk culture. It reflects at the Global Association of Risk Professionals (GARP) Research Center. “That is widely how well active risk taking is believed to have contributed to the extent of this crisis.” understood and incorporated In a perfect world, risk appetite is: into the institutional, cultural, strategic and governance fabric • Defined as the level and duration of quantifiable and active risk exposure (including the potential for adverse outcomes) that organizations are willing and/or able to of the firm. If it is not incorporated assume to achieve strategic objectives. well, this delicate structure • Embedded in the governance framework in support of stakeholders’ tactical and breaks at its weakest link.” strategic priorities, decisions and objectives. Peter Went • Reflected in hard and soft risk metrics – such as threshold income levels and Senior Researcher, GARP Research Center benchmark risk-adjusted return levels – that support business decision making and reporting, both internal and external. • Understood to be a continuously evolving and consistently articulated connection between strategic objectives and realities, target setting and follow-up, and risk management priorities. “Risk appetite is both a process – developing the framework – and a policy statement that reflects the risk appetite,” said Went. “A formal risk appetite statement, effectively stated, allows the board to provide strong boundaries within which management executes business strategy. A consistently promoted, policed and polished risk appetite is an essential component of any robust risk architecture.” Risk Appetite, Risk Tolerance, Risk Profile and Risk Ceiling What do we mean by risk appetite? People often talk about risk ceiling, appetite, “ isk appetite is a continuously R tolerance and profile in the same breath, when they actually mean different things. Figure 1 presents Govindarajan’s approach to differentiating these terms. evolving and consistently articulated connection Risk ceiling. The black line at the top of the chart represents the risk ceiling, the between strategic objectives threshold beyond which firms would no longer be able or allowed to operate. This threshold could be breached by financial weakness, loss of reputation or other and realities, target setting temporary shock from which the firm might not recover without extreme measures, such and follow-up, and risk as government intervention. management priorities.” Risk appetite. The red line depicts risk appetite, the aggregated account of the Peter Went, board’s willingness to allow management to take certain risks in the pursuit of strategic Senior Researcher, GARP Research Center objectives. While the risk ceiling is relatively stable (assuming there’s no major financial crisis), the risk appetite does change to reflect internal and external conditions. 3
  • 6. SAS Conclusions Paper Risk profile. The green line describes the risk profile, the true risk position of the firm at any given point. “The diagram shows that it takes a little bit of time for the actual risk profile of the firm to adjust to changes in risk appetite, assuming it’s a well-run firm, and people actually do what the board wants them to do,” said Govindarajan. Risk tolerances. The two blue lines reflect the risk tolerances, the boundaries within which executive management is willing to allow the true, day-to-day risk profile of the firm to fluctuate. “The upper line reflects the level to which the risk profile can rise before the executive team expects board intervention,” said Govindarajan. “The lower bound of risk tolerance reflects the minimum level of risk the executive team would expect to take “ ome argue that risk appetite S Terminology to achieve strategic objectives. We cannot achieve returns without risk. The risk-bearing capacity is basically that zone below the risk ceiling in which the firm seeks to achieve a is simply a chicken-and-egg trade-off between risk and return.” problem. The risk culture 6 reflects the risk appetite, and Ri sk Ce i l i ng the risk appetite shapes the 5 risk culture. Acknowledging this Ri sk Appe ti te interrelationship is essential, 4 since these two jointly define 3 Ri sk Profi l e the level, complexity and aggressiveness that firms can 2 Ri sk take risks and expose their Tol e rance - Uppe r stakeholders to these risks.” 1 Ri sk Tol e rance - Peter Went Lowe r Senior Researcher, GARP Research Center 0 Jan- Feb- Mar- Apr- May- Jun- Jul- Aug- Sep- Oct- 09 09 09 09 09 09 09 09 09 09 Ti me Hori z on Figure 1. The relative relationships among risk ceiling, risk appetite, risk profile and risk tolerances. It is important to distinguish between risk appetite and risk tolerance, because they are not the same thing, said Govindarajan. “In the real world, there is invariably a time lag between the communication of a board decision, the change in risk appetite, and the reality of when management can translate that into credible actions. … Setting the ongoing tolerance to the variability of the profile allows executive management to react to factors such as movements in the market, the competence of staff in achieving targets, cultural issues, measurement errors and model risks. “Even where risk appetite is understood and deployed effectively, events such as limit breaches can and do occur, and we all know that in our day-to-day world. An upper bound of risk tolerance therefore provides a legitimate and formal means for executive management to ensure that the time lag in the transmission of risk appetite to each of the various business areas does not result in breaches of the board’s risk appetite on a day-to-day basis. 4
  • 7. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy “The headroom between the risk profile and the upper bound of risk tolerance allows “ eflect on your own risk R management to deploy resources and take necessary mitigating actions before risk appetite statement, if you appetite as a whole is infringed. It also gives executives the freedom and the legitimacy to engage in risk taking and to act without constantly referring back to the board have one, and see whether room or requiring regulatory nannying. The lower bound is also important, because it it reflects a difference underlines the extent to which executive teams believe that it makes credible business between risk appetite and sense to make further investments that would result in the reduction of risk. There is no point reducing risk if it the investment is not generating return.” risk tolerance, whether you make a clear distinction “Reflect on your own risk appetite statement, if you have one, and see whether there between risk tolerances and it reflects a difference between risk appetite and risk tolerance, whether you make a clear distinction between risk tolerances and risk profiles, and whether your resource risk profiles, and whether your deployment and your investments reflect your risk appetite in appropriate policies, resource deployment and your processes, systems and transparent limits.” investments reflect your risk appetite in appropriate policies, Seven Recommendations for Stronger Risk Management processes, systems and transparent limits.” Our panelists discussed seven practices that bring greater clarity to risk appetite while also embedding it into the overall risk management framework. Deepa Govindarajan Lecturer, IMCA Centre, Henley Business School, University of Reading 1. Address the Full Risk Ecosystem In setting risk appetite, firms will attempt to quantify and analyze five common types of risk, said Lon O’Sullivan, Executive Director of Firm Market Risk at Morgan Stanley: • Market risk focuses on changes in portfolio value related to changes in market prices, correlations and volatilities, using tools such as Value at Risk (VaR) analysis, stress testing and reverse stress testing to articulate this risk and quantify it to senior management. • Credit risk relates primarily to lending and counterparty risk, pricing that risk and setting appropriate limits. “This is a critical piece for most banks, as a big chunk of the exposures that any financial institution will face has to do with counterparties Benefits of a Sound Risk and lending activities,” said O’Sullivan. Appetite Statement • Operational risk relates to processes and people, uncovering operational risk • Establish and communicate a issues and determining how to mitigate them, often revealed through such tools high-level strategy. as risk and control self-assessment (RCSA). • Ensure good governance and • Liquidity risk concerns the ability to fund and trade the products on the balance board accountability. sheet, to manage the sources and maturities of the funding, and to make sure • Evaluate performance and temper there is a sufficient liquidity pool. irrational exuberance. • Capital risk, or the risk of a company losing the amount of an investment, has become one of the most important aspects of the firm in the last few years, and • Mitigate capital and other financial one of the key metrics used to measure risk appetite and risk tolerance. risks. • Manage risk in holistic context. 5
  • 8. SAS Conclusions Paper 1. Create a Meaningful Risk Appetite Statement “Risk appetite is a corollary for business strategies, so boards that cannot articulate or “ isks are not additive in nature. R oversee risk appetite are inherently saying they cannot oversee the associated business strategy,” said Govindarajan. “Currently, executives have found it difficult to engage the If we were to take any traditional risk appetite statement, because the statement has come to resemble a series of very firm and simply sum up the empty platitudes. The banality of such statements ensures that they cannot be turned lowest limits there, no firm into practical policies, and this clearly defeats the motives of soundness, consistency and transparency. would be in business. There are diversifications and correlations “Some boards have delegated the creation of risk appetite statements to the executive to consider to understand how team or to the risk management function. This may be due to the mistaken belief that risk appetite can be aggregated from the underlying limits currently used within the risk the risks actually evolve in the management framework, which, unfortunately, means that the cart is placed before market and can interact or the horse. In such cases, interactions of risks – and the articulation and balancing of trigger each other.” stakeholder objectives – have inadvertently been glossed over. Lon O’Sullivan “It is important that risk appetite is articulated by the board. The executives must then Executive Director, Firm Market Risk, translate that risk appetite into sensible processes, policies, limits and procedures.” Morgan Stanley 3. Manage the End-to-End Risk Life Cycle Financial firms must have a mechanism that manages all the stages of the risk life cycle and aligns with the risk appetite statement. It must also have formal processes to: • Identify the key risks in their area, on all five dimensions described earlier. • Assess the potential impact of these risks, using standardized risk measurement methodologies and reporting. • Implement a control structure around these risks – such as stated limits, ongoing monitoring and early warning of potential breaches – to certify that risk appetite is being appropriately managed. • Report on all of the firm’s risk exposures, material concentrations and key risk indicators (KRIs). • Manage those risks to optimize the risk and capital profile, advise senior management on risk-based decisions, and help the corporate board and senior management set appropriate risk appetite levels. “Reporting needs to occur at a variety of levels – at a very granular level and a very high level – to be able to aggregate a comprehensive set of risk reports that capture the full populations of positions and counterparties in one’s portfolio,” said O’Sullivan. 4. Establish an Environment of Collaborative Decision Making Higher-risk products may carry higher margins; more conservative products deliver lower returns. Therefore, should the risk management function define the product mix that traders should sell? Whose responsibility is it to strike that balance between marketing/sales revenues and risk management controls? 6
  • 9. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy This is a provocative question for which the answer is evolving, said Went. “We have “f you look at the lessons from I seen a change in practice in that the control function is getting more and more power in some decisions. Even though it should not be the risk managers’ role to decide what the financial crisis, it seems trades to put on, their voices have to be heard. Their understanding of other risk aspects that many risk decisions were that perhaps the business side is not fully aware of must be incorporated in these made in silos. There wasn’t decisions. It should be an integrated and mutually supportive discussion between the a very good feedback loop business and the control side. between the bottom-up risk “I cannot masquerade as a trader, and traders cannot masquerade as risk managers. It decisions and what the board is more important for these two professional groups to jointly arrive to a solution that is and senior management not only beneficial for the trader but also beneficial for the long-term success, survivability and sustainability of the institution.” understood was going on from the perspective of the 5. Strike a Balance Between Bottom-Up and Top-Down Approaches risk appetite and the level of O’Sullivan described and compared two very different models for managing risk: bottom- exposures that were trending up and top-down. up in many cases during the “Bottom-up risk management considers risk at the transaction or risk factor level and height of the crisis.” is very detailed. For each product or position that comes on, an evaluation is done. David Wallace Limits or other controls are set at the individual trading desk or at the business level. Global Financial Services Marketing Risk reporting is typically done at the product or business level as well. Market, credit, Manager, SAS operational and liquidity risks tend to be managed independently at this level. Risk and business heads attempt to put the story together in order to construct the big picture. “The advantage to this bottom-up approach is that you get much more detailed information about product or business-facing risks in your portfolio. You are able to independently evaluate market, credit and operational risk in isolation – and spend a lot of time thinking about how each will impact the desk level or an individual transaction. You get a very detailed understanding of each transaction, which makes it easier to manage at a very granular level. Typically, you are working with heads of desks or individual traders to define the risk appetite and tolerance, and to negotiate amongst these parties. The challenge here is that it is very difficult to see the forest when you’re focused on “ he advantage to this T specific trees.” bottom-up approach is that you get much more detailed “If you look at the lessons from the financial crisis, it seems that many risk decisions were made in silos. There wasn’t a very good feedback loop between the bottom-up risk information about product or decisions and what the board and senior management understood was going on from business-facing risks in your the perspective of the risk appetite and the level of exposures that were trending up in portfolio. … The challenge here many cases during the height of the crisis,” said Wallace. is that it is very difficult to see In contrast, a top-down risk management approach takes a more enterprise-level view the forest when you’re focused of risk, looking across combined market, credit, operational, liquidity and capital risks. on specific trees.” Stress testing and reverse stress testing is implemented across all products, businesses and risk types. There may be a dedicated team that works with business and risk heads Peter Went to manage the big picture. Risk appetite decisions are made at the firm level. Senior Researcher, GARP Research Center 7
  • 10. SAS Conclusions Paper “The key advantage of this approach is that you can focus not only on individual transactions but also the correlations amongst the various assets, products, positions and counterparties,” said O’Sullivan. “We can consider risks across businesses and across products. “Putting together a cohesive picture of risk across all dimensions is challenging, and “ ffective risk management E something that needs to be invested in by firms to consider all risks, not just individual is often about delivering the risks. Sometimes the sum of the parts is more than the whole, and sometimes it’s less, but putting this kind of structure in place will allow firms to gain competitive advantage.” message in a simple and clear manner, while still translating 6. Report on Risk in a Way that Supports Sound Decisions the key message or challenge “Risk reporting sometimes gets trivialized as just something that one does,” said that will require a risk decision O’Sullivan. “However, it is one of the most critical components of the risk framework. to be made. Many risk Poor risk reporting, missing exposures, not having consistency in the way that you’re managers are notoriously poor thinking about risks – it all equals bad decision making in firms. at this critical management “Good risk reporting should cover all material product areas and all of the skill.” aforementioned risks. It should use standardized measures, so risks can be clearly communicated,” said O’Sullivan. “If we have, say, interest rate risk being calculated Lon O’Sullivan Executive Director, Firm Market Risk, one way for one position and a different way for another position, how would the firm Morgan Stanley put those risks together and determine its aggregate risk exposure on interest rates? Without standardized measurements, it is very difficult for a board or senior executives to act on a risk decision.” Risk reporting should reflect ongoing monitoring of key controls, such as position limits or VaR limits, so the control process is transparent and senior management can evaluate how the portfolio stands relative to risk appetite. Equally important, risk reporting should address its audience, be readily understood by them, and be comprehensive enough to support decisive action. “The second element of delivering the message is effective management through risk advisory,” said O’Sullivan. “In my view, risk advisory is the most important element in risk management. Measuring and reporting is fundamental, but influencing risk decisions is the most important aspect of being a risk manager. “In order to exert that influence, you have to be able to explain a case to board members who are not likely to be intimate with the jargon and complexities of risk professionals. Therefore, the most effective risk managers are those who can make themselves understood to an audience that might not have a technical or risk background. When I construct presentations, I often think: If I had to give this presentation to my grandmother, would she understand it? And if my answer is no, then I start over.” 8
  • 11. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy 7. Establish Ownership at Multiple Levels of the Company O’Sullivan summarized three levels of governance that would typically occur in a financial “ ood risk management is not G institution: only about having the right • At the top of the list is the Board Risk Committee, a subcommittee of the board answer. It’s about being able to of directors that is chartered to handle specific risk issues. Typically composed of communicate the answer and non-management directors, this subcommittee sets risk appetite, enforces the risk governance structure and monitors the risk profile against the agreed-upon risk influence the correct decision appetite. to be made.” • Executive Risk Committees are management committees typically composed of the Lon O’Sullivan most senior officers (C-level executives and their direct reports). These committees Executive Director, Firm Market Risk, tend to meet once or twice a month and are accountable for day-to-day risk Morgan Stanley management for the firm. • Divisional Risk Committees are charged with looking at each division independently and coming up with a risk strategy and a risk tolerance. These committees are typically made up of desk heads and other key executives who meet weekly and focus on business-specific issues. “Effective governance means that information flows seamlessly up and down this hierarchy of risk committees,” said O’Sullivan. “Risk decisions made by the Board Risk Committee should be pushed down to the Executive Risk Committee and ultimately down to the Divisional Risk Committees. A feedback and interaction loop flowing up the chain is equally important.” “ here should be no such thing T Govindarajan agreed: “There should be ownership at board level, ownership at executive as a separate, standalone level, and ownership within the firm. The board must oversee how the scene is set and balance strategic objectives. Executives must manage the risk profile and the risk risk appetite framework. Risk management framework. And through a good risk culture, the organization must own appetite guides your risk the risk appetite statement.” management framework and the way you manage risk within Closing Thoughts the firm.” “Boards that view risk functions simply as a way to keep out of trouble – and who do not Deepa Govindarajan play an active role in setting risk appetite and risk limits – are really not doing a service Lecturer, IMCA Centre, Henley Business to their shareholders,” said O’Sullivan. “Risk is also about addressing strategic business School, University of Reading risk and future business opportunities, in addition to managing what’s currently on the books.” Effective governance structures promote better management of future risks, as well as better understanding of past risks. “To do this well – to establish a meaningful risk appetite statement and framework – requires consistent and unwavering support and monitoring by the board and faithful enforcement by senior management,” said Went. “That is why risk appetite is not a static statement, but rather a proactive and dynamic framework that distills changing conditions, possibilities and constraints.” 9
  • 12. SAS Conclusions Paper About the Presenters Deepa Govindarajan Lecturer and Visiting Fellow, ICMA Centre Henley Business School, University of Reading Deepa Govindarajan, Lecturer and Visiting Fellow at the ICMA Centre at the University of Reading’s Henly Business School, teaches compliance, risk management and regulation within the master’s program. Her research interests cover corporate risk appetite, senior management arrangements and governance within financial institutions, qualitative decision making, operational risk, the sociopolitical context of banking and financial regulation, and the comparative study of international banking regulations. Govindarajan periodically serves as an independent expert advisor to regulators, banks, asset managers and insurers. She facilitates board discussions related to the definition and dissemination of risk appetite, and the risk implications of strategic choices. As a specialist in governance and risk oversight, Govindarajan also evaluates financial firms’ governance arrangements, risk management frameworks and risk culture. In addition to roles at Citigroup, the UK Financial Services Authority (FSA), and Lloyds Banking Group, Govindarajan has also held positions in consulting and academia. Lon O’Sullivan, FRM Executive Director, Firm Market Risk Division Morgan Stanley As Executive Director in Morgan Stanley’s Firm Market Risk Division, Lon O’Sullivan leads the Global Portfolio Analysis group and is responsible for briefing senior management on key market risk exposures. He spent three years at Morgan Stanley’s London office, where he was responsible for creating the regional analysis and reporting team. Prior to Morgan Stanley, O’Sullivan worked as a market risk manager for foreign exchange and commodity risk, and as an equity derivatives product controller at Deutsche Bank. O’Sullivan earned a bachelor’s degree in economics from Binghamton University, State University of New York (SUNY), and a master’s in finance from the London Business School. He has been a certified Financial Risk Manager (FRM®) with the Global Association of Risk Professionals (GARP) since 2005. O’Sullivan served on the committee for GARP’s professional chapter in London before his relocation back to New York and is currently a co-director for the New York chapter of GARP. 10
  • 13. A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy David M. Wallace Global Financial Services Marketing Manager SAS As Global Financial Services Marketing Manager for SAS, David M. Wallace is responsible for defining industry strategy for the banking and capital markets segments of the global financial services industry. He has more than 30 years of experience in applying information technology to solve customer needs, including a focus on the financial services industry for nearly 20 years. Before joining SAS, Wallace was Manager, Corporate Investment Banking, Americas FSI Marketing for Hewlett-Packard. He also held a number of senior sales and marketing positions over a 23-year career at HP. During a 10-year assignment managing the relationship with a top-five US financial services firm, Wallace was responsible for client projects in consumer banking, commercial banking, trust administration, retirement services, corporate and investment banking, shared services, and retail brokerage, among others. Wallace holds a bachelor’s degree in economics from the University of North Carolina at Wilmington and an MBA from East Carolina University. Peter Went Senior Researcher GARP Research Center Peter Went is a Senior Researcher for GARP’s Research Center, where he conducts research in financial risk management. Went has co-authored five books on risk management and numerous articles on foreign exchange, global equity market and commodity risk, as well as on the effects of emerging financial regulation on financial and capital markets. Previously, Went worked for a boutique investment firm and taught finance and risk management at University of Nebraska and the University of Connecticut. Went has a degree in economics from the Stockholm School of Economics and a doctorate in finance from the University of Nebraska. He is a Chartered Financial Analyst (CFA) and a board member of Woodlands Financial Services Corporation. 11
  • 14. About SAS SAS is the leader in business analytics software and services, and the largest independent vendor in the business intelligence market. Through innovative solutions, SAS helps customers at more than 55,000 sites improve performance and deliver value by making better decisions faster. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW ® For more information on . SAS® Business Analytics software and services, visit sas.com. SAS Institute Inc. World Headquarters   +1 919 677 8000 To contact your local SAS office, please visit: sas.com/offices SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA egistration. Other brand and product names are trademarks of their respective companies. Copyright © 2012, SAS Institute Inc. All rights reserved. 105872_S83089_0712