Upload
sap-turkiye
View
99
Download
0
Embed Size (px)
Citation preview
SAP FORUM İSTANBUL Reimagine Business for the Digital Economy
SAP Operational Risk Management Konuşmacı Adı :Burcu Kutlu
Firma Adı :SAP Türkiye
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 2
Agenda
Business Context and Challenges
SAP and Risk Management for Banking
SAP ORM Solution Overview
Customer Benefits
Early Customer Experiences
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 3
Agenda
Business context and challenges
SAP and Risk Management
Building Blocks
Benefits
Early customer experiences
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 4
Why Operational Risk Management?
Sep 2011 UBS announced a 1.4 bn GBP loss due as a result of
unauthorized trading performed by Kweku Adoboli
Credit Suisse loss of EUR 1.9 bn in 2008 due to CDO price
changes by Higgs and Siddiqui
4.9 bn EUR loss at SocGen induced by Jerome Kerviel in Jan 2008
Collapse of Barings Bank caused by Nick Leeson in Feb 1995
In the last 20 years, operational risks have been root cause of major losses in Banks
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 5
Operational Risk Categories show expansion and complexity
Internal Fraud
Credit Suisse loss
of EUR 1.9 bn in
2008 due to CDO
price changes by
Higgs and Siddiqui.
External Fraud
In 2002, three men
who ran a precious
metals trading firm
deceived a group of
banks by $800M
loss.
Clients, Products,
& Business
Practices
In 2000, Providian
Financial paid
$405M in
settlements relating
to aggressive sales
and billing
practices.
Employment
Practices &
Workplace Safety
In 1999, Merrill
Lynch paid $250M
to settle a gender
discrimination
lawsuit.
Damage to
Physical Assets
In 1982, a fire
gutted Norwest
Bank‘s
headquarters,
causing a $100M
damage.
Business
Disruption and
System Failures
Bank of New York
estimated the
impact of the 9/11
disaster to be
$242M pretax.
Execution,
Delivery, and
Process
Management
In 1998, UBS
announced 650M
SFr in Losses due
to a calculation
error in an option
pricing model.
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 6
Increasing Number, Complexity and Costs
of Regulations
MAP
IAS
Regulatory Capital
Country regulations
US GAAP
Basel II
SOX
Patriot Act/ AML
Dodd
Frank
Credit Card Act
AML III
Basel III
1995
Com
ple
xity, D
egre
e o
f R
egu
lation
REG NMS
MIFID
IFRS 9
Solvency II
• Overwhelming amount of data to
sort and organize
• More granular information
required
• Deeper level of enquiry
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 7
Operational Risk Management Today’s reality?
The bank examiners
arrive in 10 minutes…
And they are
NOT happy !
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 8
What are the Challenges?
Lack of visibility on top
risks and exposures
Fragmented processes
/ excessive workload
Lack of integration
(incl. with other
business systems)
Inability to proactively
mitigate / prevent risks
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 9
Agenda
Business Context and Challenges
SAP and Risk Management for Banking
SAP ORM Solution Overview
Customer Benefits
Early Customer Experiences
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 10
Interest rate risk
Currency risk
Equity risk
Commodity risk
Funding Liquidity
Risk
SAP Financial and Operational Risk Management A Complete Coverage for the Financial Sector
Credit Risk Market Risk Liquidity Risk Operational Risk
Concentration risk
Counterparty risk
Securitization risk
Organizational risk
Bus. process risk
Technology risk
People-related risk
External events risk
Requirements the Financial Services Industry: comprehensive coverage with the
SAP and SAP BusinessObjects product portfolio
SAP Basel III
Solution
SAP Credit Portfolio
Management
SAP Enterprise Risk
Reporting 2.0
SAP Enterprise
Risk Reporting 2.0
SAP GRC Risk
Management
Basis: Cash-Flow
Engine
SAP Enterprise Risk
Reporting 2.0
Liquidity Risk
Managmt@HANA
SAP Regulatory
Reporting (Partner)
Asset Liability
Management
NPV analysis
Gap analysis
Manipulation:
Cashflow splitting
Due date scenarios
SAP Enterprise
Risk Reporting 2.0
Capital Definition
SAP Enterprise
Risk Reporting 2.0
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 11
Agenda
Business Context and Challenges
SAP and Risk Management for Banking
SAP ORM Solution Overview
Customer Benefits
Early Customer Experiences
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 12
Scope of SAP Operational Risk Management
Static
Data
Mgmt
Operational Risk Framework
Reporting
Loss
Event
Mgmt
Key
Risk
Indi-
cators
Risk
Control
Self
Assess-
ment
Issues,
Action
Plans,
Work-
flows
Scenario
Analysis
Risk
Engine
: AMA Approach covered by a SAP NetWeaver certified Partner QRR
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 13
Static Data Management Organization Structures
Consistent organization structuring to
support all components and
processes of a complete operational
risk management
Operational risks breakdown into risk
categories
Multiple breakdowns for the Bank:
Organizational Units and/ or
Processes (one hierarchy for the whole
bank) and/ or
Products (different hierarchies for different
business lines needed)
Other possible breakdowns:
By Projects
By Causes ...
Extensive Organizational Modelling Possibilities Bank
Group
Corp. &
Markets
CM1 CM2 B1 B2
Banking
Bank
Group
Bank inc
BAG1 BAG2 S1 S2
Sub-
sidiary
Processes
Finance
Exp. Trade FT1 FT2
Funds
Transfer
Products
Fixed
Income
FI1 FI2 CC1 CC2
Credit
Cards
Basel II
Categ.
Internal
Fraud
Theft Fraud E1 E2
Exec.
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 14
Static Data Management Structure Mapping
Central maintenance of master
structures; data is pushed to dependent
structures:
• Organisation units
• Risk categories
• Processes /products
Complete structure mapping:
• Management structure
• Basel II structure
Automatic reassignments of data when
re-structuring:
• Losses
• Risks
• KRIs
Easier Maintenance and Flexibility – Structure Mapping and
Inheritance
All
Fraud
Int. Ext. B1 B2
Banking
All
Fraud
Int. Ext. BP1 BP6
Bus.
Practice
All
Internal
Fraud
Theft Fraud E1 E2
Exec.
All
Internal
Fraud
Fraud Sec. D1 D2
Damage
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 15
Loss Event Management Internal Loss Events
• Transparency in terms of:
• loss event detection and processing
• impacted banking processes and systems
• Comprehensive process for collection of loss
data to allow:
• proper quantification of levels of operational risk
• better communication and awareness on operational risk
losses amongst employees
• migration capability to incorporate past losses
information
• Configurable workflow:
• initial recording of loss event /notification to relevant
personnel
• complete documentation of details, impacts etc.
• review by managers /approval (s)
Optimize loss event information for risk visibility and
improvement
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 16
Loss Event Management External Loss Events
• Use of external loss data as benchmark for
internal loss information or for validation
• Leverage external loss data (i.e. operational loss
data of other financial institutions) collected via
different data consortia (for instance ORX,
Operational Risk Exchange Association)
Leverage External Loss Event Data Enhancing Operational Risk Management
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 17
Risk Monitoring Key Risk Indicators
• Early warning system to reflect internal
operational risk levels of the bank
• Business Rules can be defined to generate
alerts when KRI is above thresholds.
• Fully configurable rules for calculations and for
aggregations
• Data feed automation / can integrate to Source
data from external systems.
Proactively prevent risk from occurring
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 18
Risk Assessment R.C.S.As
Business Context Based Assessments – a Dynamic Process
Preparation
In the preparation phase, questions are combined into
surveys to be used in plans:
• Question Library
• Survey Library
Surveys are generated from chosen questions.
Planning
Plan definition:
• Plan Name (ex. RCSA Survey)
• Plan Activity (ex. Perform Risk Survey)
• Survey Name
• Start Date
• Due Date
Execution /Monitoring
Tracking of recipients status, response and overall
statistics
Aggregation of results
Across organisation units, risk categories – various
calculation rules
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 19
Issue Management Ad hoc Issues and Action Plans
Manage Issue at all levels and effectively track action items
• Global and comprehensive management of issues arising from risks, loss
events, KRI's, RCSA's, Controls:
• Detection of issues, documentation and ownership assignment
• Tracking of action items, escalations...
Issue Management - Process Overview
Report Issue
Corrective
Actions
Issue
Completed
Action Items
Owner 1
Action Items
Owner N
Preventive
Actions
Remediation
required
Nature of
remediation
Simple CAPA
No
Yes
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 20
Scenario Analysis and Risk Engine Scenario Analysis
Clearer, Integrated View of Risk Potentials in Multiple
Dimensions
• Evaluate the exposure to high-
severity events and derive the need
of internal process enhancements
• Tightly linked with Risk Control Self-
Assessments and Key Risk
Indicators for more in-depth
scenario analysis
• Scenario losses can be generated
from within Loss Event
Management or from the Risk
• Loss distribution approach can be
performed by risk type and
business line
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 21
Scenario Analysis and Risk Engine Risk Engine - Advanced Measurement Approach (AMA)
• Develop empirical
models through
calibration of loss
frequency and loss
severity distribution
• Various distributions,
tests and estimators as
wells as the most
important Loss
Distribution Approach
(LDA) are supported.
• Allows to simulate future
capital requirements Internal
Losses
Monte Carlo
RCSA
Key Risk
Indicator
Insurances
Pre-Adjustments Post-Adjustments
Pre-EC
Post-EC
External
Losses
Business
Experts Operational
Systems
*: : OpVision
AMA supported with SAP NetWeaver
certified partner solution OpVision from
QRR (www.qrr.es)
Supporting Advance Measurement Approach
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 22
Risk Reporting and Analytics (Enterprise-wide and Specific)
• Monitor the operational risk management program
with a comprehensive set of reports and analytics
• Reports provide loss event historical views with
categorization, trends, business metrics, and identification
of hot spots
• Analytics provide aggregated views with drill down
capabilities
• Examples of reports and analytics include:
• Loss Event Matrix Analysis
• Loss Event Overview
• Loss Event Structure
• Top Loss Events
• Gross Loss Amount by Organizational Unit
• Loss Events by Organizational Unit
• Loss Events by Risk Category
• Insurance Payments by Organizational Unit
• Loss Effect Allocations by Organizational Unit
• KRI Aggregation Report
• RCSA Aggregation Report
Extensive Range of Reports & Dashboards Available for Different Management Levels
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 23
Getting visual – the Bow Tie builder …
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 24
Integration with Access Control and Process Control
Mitigating the risks
SAP GRC Access Control:
• Integration in terms of organisation
unit hierarchies
• Implement specific bank rules to
segregate users via role definition
(Help avoid cases like Leeson and Kerviel –
mitigate access risks)
SAP GRC Process Control:
• Integration in terms of organisation
unit and risk hierarchies
• Risk mitigation with responses and
controls tracked in Process Control
(Define and monitor controls; i.e. opening a
customer account: steps/ documents required)
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 25
Agenda
Business Context and Challenges
SAP and Risk Management for Banking
SAP ORM Solution Overview
Customer Benefits
Early Customer Experiences
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 26
Solution Benefits
Ensure ORM compliance (Basel II /III)
Fulfillment of audit requirements
Basel II requirements covered and new Principles supported
Loss reduction
Detailled Loss Data Model (e.g. effects, loss allocation, ...)
Generate risk from loss supports prevention of recurring losses
Deeper risk mitigation: SAP Operational Risk solution integrated with other GRC
components:
GRC Access Control, GRC Process Control, GRC Risk Management
ORM process optimization
Reduction of regulatory capital
Scenario Analysis supported with Scenario Losses generated from Risks
AMA banks have lower risk capital to gross income ratio (10.8%) than BIA (15%)
or STA (12-18%)
Profit increase
Increased rating agency confidence
Integration of AC, PC and RM and forward looking in terms of KRI and RCSA
could convince rating agencies having a modern integrated approach
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 27
SAP GRC ORM for Banking Value proposition
Reduction of Loss
&Regulatory Capital
Detailed and flexible loss data model,
generating risk from loss to protect against
recurrence of loss & lower risk capital with
Advanced Measurement Approach
-15% Reduction in risk
and loss events
- 3% of Gross Incomes
Reduction in risk capital
with AMA
Compliance
Satisfy regulatory requirements, such as
compliance with Basel II, Basel III, ORX 2011
regulations and the Sarbanes-Oxley Act.
-39%
Fewer compliance and
risk management staff in
companies
Deeper risk mitigation through integration with
SAP Access Control and SAP Process
Control applications & Optimize operational
risk management to handle huge numbers of
losses
Performance
Optimization
-25%
Reduction of insurance
premiums by
implementing ORM
Profit increase Fulfillment of audit
requirements
Increased rating agency
confidence
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 28
Agenda
Business Context and Challenges
SAP and Risk Management for Banking
SAP ORM Solution Overview
Customer Benefits
Early Customer Experiences
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 29
Operational Risk Management for Financial Institutions Customer Success Story – Banque Cantonale de Fribourg, Switzerland
Licensed Solutions
SAP BusinessObjects GRC
Risk Management 10.0
SAP BusinessObjects GRC
Process Control 10.0
Customer Pain Points
Combine internal control system with
operational risk management:
o Ability to map and manage Basel II/III
requirements
o Mapping risks to bank specific
processes, mitigate risks by controls
and ad hoc actions
o Upload and manage existing loss
database
o Risk management for all employees
o Specific reporting capabilities
Why SAP?
Holistic GRC approach – internal control
system with operational risk
management
Usability – Adobe interactive forms,
Bow-tie builder, Dashboards, and Role-
based access
Banking specific functionality – loss
event management, static data
management, KRI’s, and simulations
Banking specific content
Using SAP FI/CO/HR with good
experiences
Interested in SAP Analytical Banking
portfolio
Implementation Roadmap
Kick off: January 18th, 2012
Technical installation and basic
configuration: March 2012
Blue Print: June 2012
Go Live: Sept 2012
QUICK FACTS
Banque Cantonale de Fribourg
(www.bcf.ch)
Location: Fribourg Switzerland
Industry: Banking
Member of the Association of Swiss
Cantonal Banks
Products/Services: Address financial needs
for companies and individuals . Secure
investments for saving deposits and capital
Total Balance Sheet: CHF 11'540 Mio
Credit Volume: CHF 10'064 Mio
Deposits: CHF 8'367 Mio
Employees: 436
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 30
Operational Risk Management for Financial Institutions Customer Success Story – BNDES – Brazilian Development Bank
Licensed Solutions
SAP GRC Risk Management
10.0
SAP GRC Process Control
10.0
Customer Pain Points
Combine internal control system with
operational risk management:
o Mapping risks to bank specific
processes, mitigate risks by controls
and ad hoc actions
o Upload and manage existing loss
database
o Risk management for critical
processes in scope
o Lack of integrated platform to
compile and consolidate operational
risks for reporting
o Lack of survey capability to help to
automate and escalate risk
management practices
Why SAP?
Banking specific functionality – loss
event management, KRI’s, surveys,
and simulations
Holistic GRC approach – internal
control system with operational risk
management
Usability – Adobe interactive forms,
Bow-tie builder, Dashboards, and
Role-based access
Implementation Roadmap
Implementation Partner: Indra
QUICK FACTS
Bank
Brazil
Industry: Financial Services
Products/Services: Provides financing for
long-term investments projects, specially in
industry and infrastructure, and credit for
acquiring machinery and equipments.
Disbursements: > BRL 120 Mio
Total Balance Sheet: > BRL 600 Mio
Credit Volume: > BRL 400 Mio
Employees: > 2.500
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 31
Operational Risk Management for Financial Institutions Customer Success Story – CaixaBank
Licensed Solutions
SAP GRC Process Control
SAP GRC Risk Management
SAP GRC Operational Risk
Management for Banking
SAP GRC Audit Management
SAP HANA
SAP Single Sign On (SSO)
Customer Pain Points
Manual processes, fragmented
approaches, inefficiencies, high risk
in compliance, lack of overall
visibility, increase of costs, have
been the pain in the areas of control
such us Internal Audit Department,
Compliance Department, Internal
Control Department, Operational
Risk Department, IT Security, among
others.
CaixaBank defined as its strategic
goal to go to the Advanced
Measurement Approach (AMA) in
Operational Risk Management
according to the Basel III regulation,
which would allow them to reduce
their capital reserves in several tens
of millions in the balance sheet
Why SAP?
SAP has been the only provider
capable of delivering such a holistic,
integrated, automated approach.
They have fully understood the
holistic SAP GRC approach and
believe it’s what they need.
They believe we have full coverage
of all present and future
requirements.
They have seen the banking specific
content as a clear bet of SAP toward
the banking sector.
Partners Involved:
Deloitte, as a very good services
provider
QRR with the integrated NetWeaver
certified ORM calculation engine, with
the best expertise in AMA for Basel
III.
QUICK FACTS
Bank
Barcelona, Spain
Industry: Financial Services
Annual Revenue (2013): Euro 91,249
million
Employees and Branches (March 2014):
More than 31,500 serving 13.6 million
clients through 5,716 branches
Ranked as the third bank in Spain
Website:
http://www.CaixaBank.com/index_en.html
© 2016 SAP AG or an SAP affiliate company. All rights reserved. 32
Key Differentiators
•Support Structures/Changes, e.g. Different Organisational Hierarchies, Mappings, Reassignments
Static Data Management
•Support Loss Data specifics (e.g. Effect Types, Allocations), External Data, Generate Risk from Loss
Loss Event Management
•Integration with operative systems, Workflow, Dynamic Aggregation (Scores and/or Weightings)
Key Risk Indicators
•Workflow, Dynamic Aggregation (Scores and/or Weightings), Result Analysis
Risk Control Self Assessment
•Support global and centralized management of issues
Issue Management
•Scenario Losses (e.g. based on Losses, Risks), Approaches BIA, STA supported, Export data for AMA
Scenario Analysis and Risk Engine
•Analytical Reports and Integration with Quantitative Part and other Risk Categories (Market, Credit)
Reporting, system-specific and enterprise-wide
•Integration with Access Control and Process Control regarding Organisational Hierarchy and Risk Mitigation
Access Control and Process Control
© 2014 SAP AG or an SAP affiliate company. All rights reserved.
Thank You!
Burcu Kutlu Solution Manager Financial Services
Phone +49 (0) 6227 7-45559 Mobil +49 (0) 170 8555364
[email protected] http://www.sap.com