View
72
Download
0
Category
Preview:
Citation preview
Mohammad Fheili – fheilim@jtbbank.com
A Qualitative Assessment of Risks in Electronic Banking…
The Cyber Challenge!
Mohammad Fheili – fheilim@jtbbank.com
Mohammad Fheili “Over 30 years of Experience in Banking. mifheili@gmail.com (961) 3 337175 Risk & Capacity Building Specialist. Trainer in Risk & Compliance University Lecturer: Economics, Risk, and Banking
Operations Currently serves in the capacity of an Executive (AGM) at
JTB Bank in Lebanon. Served as:
• An Economist at ABL, • Senior Manager at BankMed • Senior Manager & Chief Risk Officer at Group
Fransabank Mohammad received his college education
(undergraduate & graduate) at Louisiana State University (LSU), and has been teaching Economics and Finance for over 25 continuous years at reputable universities in the USA (LSU) and Lebanon (LAU).
Finally, Mohammad published over 25 articles, of those many are in refereed Journals (e.g., Journal of Money Laundering & Control; Journal of Operational Risk; Journal of Law & Economics; etc.) and Bulletins.”
Mohammad Fheili – fheilim@jtbbank.com
If You’re Convinced that we have been evolving in that fashion, then the extreme majority of anticipated and undertaken projects is about “AUTOMATION”, or IT in General. Increasing Demands for Certain Skills. The Absence of Such Technical Skills reflects Negatively on the Success of the Majority of Undertaken Projects, and introduces an element of Risk in Planned Projects..
Mohammad Fheili – fheilim@jtbbank.com
Banking (& Business Transactions) …. got complicated
Complexity Human Induced
Mohammad Fheili – fheilim@jtbbank.com
Human Induced Complexity in
the Game: Instant Replay!
Mohammad Fheili – fheilim@jtbbank.com
Traditional Banking
Modern Banking
People Come First
Data Come First
The Age of Instant Interconnectivity…a human induced complexity in
Banking
Mohammad Fheili – fheilim@jtbbank.com
Survey Says!
Mohammad Fheili – fheilim@jtbbank.com
Mohammad Fheili – fheilim@jtbbank.com
Mobile Internet
Automation of Knowledge Work
Internet of Things
Cloud Technology
Advanced Robotics
Increasingly inexpensive and capable mobile computing devices and Internet connectivity.
Intelligent software systems that can perform knowledge work tasks involving unstructured command and subtle judgments.
Networks of low-cost sensors and actuators for data collection, monitoring, decision making, and process optimization.
Use of computer hardware and software resources delivered over a network or the Internet, often as a service.
Increasingly capable robots with enhanced senses, dexterity, and intelligence used to automate tasks or augment humans.
Disruptive Technological Change
Autonomous Vehicles Vehicles that can navigate and operate with reduced or no human intervention.
Mohammad Fheili – fheilim@jtbbank.com
SmartPhone 2016
Super Computer 1975
Mohammad Fheili – fheilim@jtbbank.com
Next Generation Genomics
Energy Storage
3D Printing
Advanced Materials
Advanced Oil & Gas Exploration & Recovery
Renewable Energy
Fast, low-cost gene sequencing, advanced big data analytics, and synthetic biology (“writing” DNA)
Devices or systems that store energy for later use, including batteries.
Additive manufacturing techniques to create objects by printing layers of material based on digital models.
Materials designed to have superior characteristics (e.g., strength, weight, conductivity) or functionality.
Exploration and recovery techniques that make extraction of unconventional oil & gas economical.
Generation of electricity from renewable sources with reduced harmful climate impact..
Disruptive Technological Change … Continues
Mohammad Fheili – fheilim@jtbbank.com
√√
Mohammad Fheili – fheilim@jtbbank.com
Mohammad Fheili – fheilim@jtbbank.com
Mohammad Fheili – fheilim@jtbbank.com
Mohammad Fheili – fheilim@jtbbank.com
√
√√
Mohammad Fheili – fheilim@jtbbank.com
Rising Cyber-Risks
Mohammad Fheili – fheilim@jtbbank.com
In 2015, 38% more security incidents were detected than in 2014.
Theft of “hard” intellectual property increased 56% in 2015.
While staff remains the most cited source of compromise, incidents attributed to business partners climbed 22%.
Source: Global State of Information Security Survey, March 2016
Mohammad Fheili – fheilim@jtbbank.com
Suppliers / Partners
35% 34%
30% 29%
18%22%
15%
19%
13%
16%
20152014Current
EmployeesFormer
EmployeesCurrent Service
Providers/Consultants/Contractors
Former Service Providers/Consultants/Contractors
Sources of Security IncidentsSource: Global State of Information Security Survey, March 2016
Mohammad Fheili – fheilim@jtbbank.com
Implicate the Employee Or Eradicate the Business
Mohammad Fheili – fheilim@jtbbank.com
Abilities
Knowledge
(Knowledge + Skills)X(Attitude) = Abilities
Formal + Self-Acquired
To Perform & Excel And Grow
SkillsTechnical +
Soft
Human Capital Accumulation = ∑Abilities
The NOT so visible Argument that we
often forget
Mohammad Fheili – fheilim@jtbbank.com
Skill Marketability
Loyalty To The Organization
Loyalty To One’s Profession
Skill Marketability Reflects Favorably On The Career And The Salary Of The Individual
Loyalty To The Organization May Help The Individual Sustain A Company-Specific Employment
Loyalty To One’s Profession Exerts The Necessary Pressure On Knowledge And Skill Build-Up (Benefiting Both The Individual & The Organization)
Mohammad Fheili – fheilim@jtbbank.com
Enterprise Service General Ledger
Clients & Settlement P & L Risk
Reporting
Core Analytical
Engine
Model Risk M
anagement
Other Models
Predictive Models
Regulatory Models
Asset-Liability Management
Models
Risk Models
Business Strategy Analysis
Valuation Models
Pricing Models
Exposure Measurements
B ACD
These Risks could Exist Inside each
Module and in the Interface between
Two or More Modules
Interface Between Two Modules
Mohammad Fheili – fheilim@jtbbank.com
Model Risk M
anagement
The Financial Models & Model Risk Management (MRM)
Mohammad Fheili – fheilim@jtbbank.com
Sources of Operational Risks (Ref: Basel ii)
PRIMARY SECONDARY
PEOPLE
Employee Fraud / Malice (Criminal)
PROCESSES
Payment / settlement / delivery risk
SYSTEMS
Technology investment risk
EXTERNAL
Legal / Regulatory Risk / Public Liability
Unauthorized activity / Employee misdeed (Willful) Employment LawWorkforce disruption Loss or lack of key personnel
Documentation or contract riskValuation / Pricing Internal / External reporting and complianceProject risk / Change management Selling Risks
System development and implementationSystems failuresSystems security breachSystems capacity
Criminal Activities Out-sourcing / Supplier RiskIn-sourcing RisksDisaster and Infrastructural utilities FailuresPolitical and Government Risks
Mohammad Fheili – fheilim@jtbbank.com
have led to:• Increased Usage of Impersonal Electronic Services: Low Cost Electronic
Services; Widespread and Diffused Customer Base. This, in turn led to:Lower Customer Intimacy.Reduced Switching Costs Between Different Banks (Customers
these days are constantly shopping for the better deal)Increased Chances of Fraud and Credit RiskIncreased the Demand for Transparency
• Less Time to Know and Influence Customers. Research shows that Customer Interest peaks and falls rapidly
especially in response to a Promotional Event.This makes it absolutely necessary for banks to optimally leverage
all available customer touch points so as to be able to influence the customer (e.g., You find ads and offers on ATM receipts).
Mohammad Fheili – fheilim@jtbbank.com
Information Technology at the forefront of Operational Risk: But ….!
The Introduction of any form of technology in a given production process or the mere modification of an existing IT environment necessitates a number of changes which spillover on Branch Performance: Staff Skills, Workflows, Policies & Procedures, and a host of other changes.
In today’s technologically intense production processes, information technology (IT) risks cannot be considered independently of other types of risks since it reflects on our ability to serve and satisfy our clients.
Recognizing these challenges and acknowledging that the Branch has a role to play in managing this risk will put management one step ahead. Because processes are Technology dependent, Accurate, Complete and timely data collection has changed from being mostly qualitative to overwhelmingly quantitative; Types/Nature of Mistakes committed by Branch Employees are Different; etc.
Mohammad Fheili – fheilim@jtbbank.com
The Devil Is In The Details
• Pay Attention
Mohammad Fheili – fheilim@jtbbank.com
All Organizations need to take Risks to achieve their Goals.
The Prevailing Risk Culture within an Organization can make it significantly Better or Worse at Managing these Risks.
Risk Culture significantly affects the organizational capability to take strategic risk decisions and deliver on Performance Promises.
It’s never been about the presence of a Risk Culture
nor the absence of!
Risk is there; like it or not!
How Do You Do Things (& Think) Around Here?
There are MANY Risks but ONE Risk Culture!
Mohammad Fheili – fheilim@jtbbank.com
Where Should We Go To Look For Risk Culture?
Board of Directors?
Staff: Every Day Fire Fighters?
Mohammad Fheili – fheilim@jtbbank.com
Then We Should Go Look For Risk Culture In
Every individual comes to an organization with his/er own personal Perception of Risk.
Every individual comes with his/er own Inventory of Moral Values and these have a great influence over the decisions they make on day-to-day basis.
The Man In The Mirror . . .
Mohammad Fheili – fheilim@jtbbank.com
People vary in all sorts of ways and this includes their predisposition toward Risk. Two specific Traits:1. The extent to which people are either:
spontaneous and challenge convention or organized, systematic and compliant.
2. The extent to which people may be: cautious, pessimistic and anxious, or optimistic, resilient and fearless.
Organizations need to pay attention to the ethical profile of those working in their business. Every individual comes with their own inventory of moral values and these have a great influence over the decisions they make on day-to-day basis.
Three ethical consciences, significantly influencing individuals’ Decision Making:1. Ethic of Obedience (Rule Compliance, Spirit of the Law, etc.)2. Ethic of Care (Empathy, Concern, Respect, etc.) 3. Ethic of Reason (Wisdom, Experience, Prudence, etc.)
Mohammad Fheili – fheilim@jtbbank.com
Risk Culture
Personal Predisposition
of Risk
Personal Ethics
Behavior
Organizational Culture
Individual values and beliefs and attitudes toward risk contribute to and are affected by the wider overall culture of the organization.It is useful to consider Organizational culture in relation to two key dimensions: 1. Sociability: People Focus (based on
how well staff get on socially)2. Solidarity: Task Focus (based on
goal oriented and team performance)
Mohammad Fheili – fheilim@jtbbank.com
Risk Management Is Everybody’s Business
Staff Business Unit Senior Management
Assessment & Follow Up
Acceptance or Mitigation of Identified Risks
Follow Up on Decided Actions
Oversight & Control
Reports to Enable Senior Management Appraisal
IdentificationReporting
Registration of Incidents and Monitoring of the
Internal Control Environment
Problems with Risk Culture are frequently found at the root of organizational scandals and collapses.
Every individual comes to an
organization with his/er own
personal perception of
Risk
It Starts Here
Risks
Mohammad Fheili – fheilim@jtbbank.com
Risk Management & Associated Culture
The Chief Risk Officer
Your Risk Culture Can Be Characterized as: Participative Risk Management Autocratic Risk Management
Mohammad Fheili – fheilim@jtbbank.com
Participative Risk
Management
Full and Consistent
Communication & Coordination
with all Business Units
Involve EveryoneCulture is subject to cycles which
can self-reinforce in either virtuous, or vicious, circles.
Mohammad Fheili – fheilim@jtbbank.com
Autocratic Risk
Management
I Know what to do, and I will do it all alone.
My way or the
highway!
Involve EveryoneCulture is subject to cycles which
can self-reinforce in either virtuous, or vicious, circles.
Mohammad Fheili – fheilim@jtbbank.com
Increasing Our Understanding of Potential Outcomes
Incr
easin
g Ev
iden
ce o
n Pr
obab
ility
of
occu
rren
ce
Ambiguity
Unce
rtain
ty Ignorance
A Bank is expected to collect ALL needed data to move closer to Risk Management and Away from: Ambiguity, Ignorance, and Uncertainty.
The Fallacy . . .
Mohammad Fheili – fheilim@jtbbank.com
Brilliant Surgery!Well Done!Shame the patient died.
Outcomes
Fear of AML Violation Penalty (i.e., Outcome), the FI decides not to serve the client (i.e., Decision) sparing itself the pain of Enhanced Due Diligence.
Mohammad Fheili – fheilim@jtbbank.com
Level Of Maturity in AML Compliance
Nat
ure
& E
xten
t of E
ffort
s Dep
loye
d
DD
EDD
RBA
Due Diligence
Enhanced Due Diligence
Risk-Based Approach to AML Compliance
Enhancing Compliance Capabilities …
AML Cost
Skills Needs
Know-How
AML Analytics
Those Enhanced AML Compliance Steps: Are clear indication of a desire, on the
part of the FI, to continue on serving the Client.
Otherwise, the FI would engage in Derisking.
Enhance AML Compliance require: The Use of Technology:
Quantification/Data-Rich vs. Judgment/Opinion-Rich
Increase reliance on Technology: Less Human Intervention;
Increase exposure to Technology Failures: Different Sets of Skills are required.
Reliance on Technology may Reduce Frequency But Increase Impact.
Being Pragmatic About Compliance?
Culture-Driven
Mohammad Fheili – fheilim@jtbbank.com
Risk
Management is a Decision & a Choice. Compliance With Regulatory Guidelines & Rules
Pillar 1 is More Attractive.
Standardized Approach in Credit & Market Risks
Basic Indicator Approach in
Operational Risk. Advanced Approaches
… No Way! ICAAP only if Required
by Regulator; and the bare minimum.
RCSA Marginalized. IFRS 9 ………a
nightmare!
Pillar 2 is at the top of Risk Management
Priorities. Advanced
Approaches are Effectively Explored.
ICAAP required by Management as a
Desired Self-Assessment Tool.
RCSA is Essential. IFRS 9 is a welcomed
wakeup call. Etc.
Risk Culture Failure: Regulatory Compliance is Competing with Risk
Management
Mohammad Fheili – fheilim@jtbbank.com
It’s been Pouring Regulatory Guidelines Ever since its inception . . .
Mohammad Fheili – fheilim@jtbbank.com
Basel IBasel II
Credit Risk
Credit RiskMarket Risk
Operational Risk
1986 proposed
1999 proposed
1988 effective
2007 effective
Basel III
Credit RiskMarket Risk
Operational RiskCapital Quality
Additional BuffersLiquidity: LCR, NSFR
2009 proposed
Kick Off in 2011
Amendm
ents
Amendm
ents
Basel 2 ½
Basel 1 ½
Amendm
ents
Basel 3 ½
Basel IV2017 Anticipated Or Not
Kick Off in 20??
• Capital Requirements• Liquidity Requirements • Disclosure Requirements • National Divergences• Risk Sensitivity • Use of Internal Models in
Decision Making
• Total Risks = Credit Plus Market Risks
• Internal Models Emerged
• Later on, Tier 3 Capital
• Enhanced Pillar 2, 3
• Complex Securitization obtained higher Risk Weights.
• Trading Books
Tequila Crisis
Asian Market Crisis
Shadow Banking Crisis
Regulator’s Risk Culture
The Basel Accord with a
history of Incomple
te Impleme
ntation
The Signal it Sends has much to do with Regulatory Risk Culture.
Mohammad Fheili – fheilim@jtbbank.com
Your Life Begins At the End Of
Your Comfort Zone
Coping With
What’s @Risk ? Risk Culture is!
a Rapidly Changing Banking Environment
Your Life Begins At the End Of
Your Comfort Zone
Mohammad Fheili – fheilim@jtbbank.com
Poor
Unclear
Lack of Insight
Over Confidence
No Challenge
Fear of Bad News
Indifference
Slow
Gaming
Beat the System
Good
Clear
Good Insight
Confident But Careful
Constructive Challenge
Reward Honesty
Diligence
Fast
Coordinating
Play By The Rules
Communication
Tolerance
Level Of Insight
Openness
Confidence
Challenge
Level of Care
Speed of Response
Cooperation
Adherence to Rules
Transparency of Risk
Acknowledgement of Risk
Responsiveness To Risk
Respect For Risk
High Risk Low Risk
Risk Culture Framew
ork
Beware of the Weak End of the Continuum!
Mohammad Fheili – fheilim@jtbbank.com
Risk Management of Today has been Contaminated by the Complexity of Regulations. … Where in Many Jurisdictions Risk Management should be as Simplistic as the Environment it Operates in.
Mohammad Fheili – fheilim@jtbbank.com
Recommended