Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2014 Finity Consulting Pty Limited
Focus on Risk Management
NZ Director Forum
Presented by John Smeed & Jacob Mamutil | 11 June 2014
Content
Current requirements in New Zealand
APRA’s approach
What are the lessons for best practice in New Zealand?
Regulatory requirements in NZ
Risk Management Programme
In accordance with IPSA Act section 73-74
And any guidelines published by RBNZ
Section 75 fine of $500,000 for failure to comply
3
Risk Management Programme Guideline
Risk Management Programme
Document describing
risk assessment
process… Capture all Material
Risks
Describe roles that accept
and mge risk
Prescribes Information
flows System for addressing
non-compliance
Contingency plans
Ongoing review process
Link to solvency
policy
4
Including but not limited to: • Insurance Risk • Credit Risk • Liquidity Risk • Market Risk • Operational Risk
Governing body - responsibilities
• Solvency
• Capital Adequacy
• Liquidity
• Establish Risk Tolerances and communicate in meaningful way
• Conflict of interest policy; Related party transactions on arms length terms
Responsibilities
• Reporting requirements
• Policies
• Procedures
• Controls
Approve
• Risk exposures to ensure consistency with tolerances
• Legal compliance and compliance with internal policies and procedures Monitor
5
Risk Management for APRA
regulated institutions in
Australia
APRA – setting the context
More rigorous governance requirements
Consistency across all financial institutions (soon to include
Health Insurance as well)
“APRA’s integrated structure and approach have been one of its main
strengths” - APRA submission to the Financial System Inquiry (March 2014)
7
Build on GFC learnings in
restraining excessive risk taking
Market discipline not effective
Global regulation inadequate
Light-touch prudential supervision
found wanting
“Australia punches above its weight internationally in
influencing supervisory regulation”
Focus on risk
APRA recently introduced:
More risk sensitive capital measures (LAGIC)
Internal Capital Adequacy Assessment Process (ICAAP)
Formal Risk Appetite
More intensive supervision, e.g. meeting regularly with
Boards
Now with CPS 220 and CPS 510
Chief Risk Officer
Separate Board Risk and Board Audit Committees
Risk culture
Tighter Board oversight of risk framework
8
CPS 220
9
Consolidates and integrates all risk management components
into a refined Risk Management Framework
Business Plan ICAAP
Risk Management Strategy (RMS) Risk Appetite Statement (RAS)
Risk Management Policies and Procedures
Scenario analysis and stress testing
Chief Risk Officer Risk Management Information System (MIS)
Risk Management Function Annual Risk Management Declaration
Independent Reviews APRA reporting
Building a successful risk culture
When “oversight” becomes “ensure”
“The Board must ensure that:…..” CPS 220 Para 13
Requires more Board involvement in the business
operations
Has been gradually softened following strong feedback
‘Response to Submissions’ January 2014 noted “ensure”
was not to be read in isolation…to be practically applied.
On 8 May 2014 APRA sent a letter to all CEOs that they
will insert a definition in the standards
that defines ‘ensure’ to mean ‘all reasonable steps
and make all appropriate enquiries… to determine, to
the best of its knowledge’
10
Best Practice in New Zealand
– what are the key learnings?
The Big Picture
12
Objectives / Mission Statement
Business Plan
Capital strategy &
targets
Risk Management Framework
and Strategy
Strategy Risk Appetite
Risk Management Programme should be holistic – integrated with the company’s business strategy, risk appetite and capital targets
Governance
Three lines of defence model
Is a useful structured approach
13
3rd Line
Independent assurance
2nd line
Independent review
1st line
Embedded risk owners
3 Lines of Defence governance model: APRA’s view
14 Source: APRA draft Prudential Practice Guide CPG 220 – Risk Management, page 19
Clear statement of Risk Appetite
Risk Appetite is the “degree of risk that the institution is prepared to
accept in pursuit of its strategic objectives and business plan”.
In making decisions, have to ask two questions:
Is the risk of the decision acceptable regardless of the amount of
reward?
If yes, is the risk worth taking for the level of reward?
Test: let’s take an informal survey on “your” risk appetite
15
Risk Appetite – here is a test
16
Activity Yes/No
1. Online shopping
2. Investing in something that is too good to be true
3. Run along any road at night
4. Cross the road when the light is red (no cars)
5. Go sky-diving
6. Take part in a car rally
7. Go rock climbing/abseiling
8. Go bungee jumping
9. Drive in excess of the speed limit on a quiet road
10. Make decisions independently rather than rely on experts
The Board’s role in risk governance
In Australia, APRA believes there is room for material
improvement (bordering on intervention!)
Strong Board engagement with management lays a solid
foundation for risk governance and makes good sense
The takeaway for Boards is that a passive approach is
not appropriate
17
Passive BALANCED Active
Stronger risk management
Benefits that can be achieved
Improved resilience to internal and external shocks
Improved communication and information flows lead to better
decision making
Reduced volatility of results through better understanding and
treatment of risks
Improved risk-return profile
18
Some questions for Boards
Have you had a holistic look at your risk management
programme?
Are the risk management accountabilities clear throughout the
business and reporting to the Board effective?
Are you comfortable that the business understands the firm’s
risk appetite?
What testing of risk culture would give the Board comfort?
Do you feel that you have provided the appropriate level of
challenge to management?
19
Contact
John Smeed
Tel: 09 363 2894
Mobile: 021 796 326
www.finityconsulting.co.nz
Jacob Mamutil
Tel: +61 2 8252 3318
Mobile: +61 411 012 060