DOCSLIB.ORG

Principles of Risk Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Principles of Risk Management THE PAYMENTS INSTITUTE — July 20-23, 2014 Emory Conference Center Hotel, Emory University, Atlanta, Georgia Principles of Risk Management Norman Robinson, AAP President & CEO EastPay, Providing Payments Expertise® Agenda • Risk management terminology and concepts • The risk management lifecycle • Define risk categories and elements • Define enterprise or operational risk • Define cross-channel risk • Review • Discussion 2 Learning Objectives • Understand and recognize the elements of risk, including strategic, liquidity, reputational, fraud, credit, transactional, compliance, operational, cross channel) • Understand how these risk elements apply across payment channels 3 4 5 Five Steps to Risk Management 1. Identify and understand your major risks 5. Align 2. Decide strategies and which risks the organization Risk are natural around risk 4. Embed risk 3. Determine in all decisions capacity and & processes tolerance for risk 6 Payments Used to be simple Cash Banking Circa 1970 Wire Checks Transfer 7 Payments are now more complex Cash Mobile Checks Wire Virtual Transfer Banking Circa 2014 Remote ATM’s Deposit Debit ACH Cards Credit Cards 8 Risk Categories 1. Financial Risks 2. Management Risks 3. Operational Risk 9 1. Financial Risks • Interest rate – Deposit terms and rates • Price – Non-interest income • Liquidity – Deposit operations fund the bank 10 Financial Risks Interest Rate • Asset Liability Committee (ALCO) in place • Assets = ? • Liabilities = ? • Spread • Impact on earnings today? • Impact on earnings next year? • Stress tests • Emphasis on Capital 11 Financial Risks Pricing • Direct impact on earnings • Missed opportunities • FI’s philosophy • Customer relations • Market relevance • Regulatory intervention – Overdraft programs – Durbin amendment – Dodd-Frank Amendment 1073 – CFPB 12 Financial Risks Liquidity • Deposit operations provide the overwhelming majority of funding for loan operations • Interest rates and pricing impact liquidity • Critical to success of the bank – Many recent failures were liquidity driven 13 2. Management Risk • Strategic risk – Technology as an example • Credit – Deposit operations • Reputation – Customer service • Business/Legal – Contracts/Agreements 14 Management Risk Strategic Risk • Flawed or failed strategies • Deployment of technology • Impact on financial performance • Bleeds over into other risks or directly impacts them – Data breaches – Reputation risks 15 Management Risk Credit Risk • The obvious • The not-so-obvious • Broad implications for – Deposit operations – Wire transfer – ACH origination 16 Management Risk Reputation Risk • Probably the hottest topic today • Not only who you are but who you do business with • Loss of customer confidence • Impact on earnings • Loss of shareholder values 17 Management Risk Business/Legal Risks • Risk of opening the doors – Physical security falls into this category • Proper policies • Internal controls • Procedures • Documentation • Contracts & Agreements 18 3. Operational Risk • Transactional – Billions of transactions daily • Compliance – The cost of not complying 19 Operational Risk Transactional Risk • Sheer volume of transactions • Multiple points of entry into legacy systems • Internal controls • Disaster recovery • Contingency planning 20 Operational Risk Compliance Risk • Regulatory compliance – Alphabet soup including Reg CC and Reg E – OFAC – AML/BSA • Legal compliance – UCC 3 & 4 including Check 21 – UCC 4a - wire transfer • Network compliance – Pulse/VisaNet/Maestro/Star/Others – ACH Operating Rules 21 What is Enterprise Risk? • Risk of loss across the entire financial institution resulting from inadequate or failed controls relating to: – Internal processes – People – Systems – External Events • “Operational risk is embedded in virtually every activity a financial institution engages in, from check processing to trading activities, and the more complex the institution or process, the greater the risk of operational failure.” • Thomas Curry, Comptroller of the Currency, March 4, 2013 22 Examples • Internal fraud • External fraud • Customer or client interactions • Financial products • Business practices • Damage to physical plant • Business interruption • System failures • Execution and delivery of commitments • Process management • Employment practices • Workplace safety 23 Manifestations • Failures of: – Manual processes – Automated processes – Interaction of processes with faulty data • One time events • Cascading of multiple failures over time 24 Key Decision • How to allocate capital to operational risk • Challenge: – Operational risk has no naturally occurring monetary measurement; therefore, – No profit incentive exists to effective motivate increased efforts to reduce operational risk – Ergo: justifying “up” is very difficult 25 Cross-Channel Risk Risk associated with deposit accounts by way of multiple points of access —branch, ATM, call center, debit card, online banking, check, ACH, wire, etc., or the presence of multiple risk types. • Legal • Reputational • Operational • Compliance • Fraud • Liquidity 26 Cross-Channel Risk and Account Takeover 27 Regulator Statement… “…Thomas J. Curry, the head of the OCC, stated that although asset quality has improved, charge-off rates have fallen, and capital now stands at its highest level in a decade, another type of risk is gaining increasing prominence; Operational Risk. In fact, the OCC considers it currently to be at the top of the list of safety and soundness issues for the institutions they supervise. Furthermore, because the implications of operational risk extend to all other risks….“Management should distinguish the operational risk component from other risks to enable a stronger focus on operational risk mitigation.“ Source: Compliance Guru, July 2012 28 $17million Embezzlement • Allegedly Defrauded More Than 100 Investors • $17million Unaccounted For • Bank Closed by FDIC • No Controls to Monitor “Investments” Source: CNN July 2012 29 Account Takeover What can criminals do if they access your Online Banking credentials? Answer: Anything you can do • Drain Funds • ACH • Checks • Wires • Consumer & Business 30 Account Takeover Harvested Data: • OLB Info • Challenge Questions Criminal Victim’s Computer 31 Account Takeover Realities • Stolen credentials, not weakness of Online Banking • Matter of when a business network is infected, not if • Even strong security can be bypassed • Significant losses & damaged reputations • Attacks will continue to get worse • Typically learn of network intrusion when accounts are compromised 32 32 Account Takeover Red Flags File or Wire Exceeds Exposure Limits Unusual log-in activity (failed attempts, etc) Transactions on unusual days or multiple transactions in short period of time Unusual Activity (Wires vs ACH, 2 ACH Files in 1 day, etc) Report of unauthorized activity New Admin Credentials created Report from Users their authority was changed 33 Mitigation How to avoid potential loss Origination calendars Reasonable exposure limits Client education Static IP or IP address authentication Layered security Behavioral analytics and/or transaction analytics Out of Band Authentication 34 ODFI Actions Terminate or suspend access Contact the RDFIs Request R06 returns Have Originator submit files other ways Utilize ACH Operator risk monitoring service Account takeover doesn’t always mean infected computer Have an Action Plan / Incident Response Plan 35 Learning Objectives • Understand and recognize the nine elements of enterprise risk (strategic, liquidity, cross channel, reputational, fraud, credit, transactional, compliance, operational) • Understand how these risk elements apply across payment channels 36 Discussion Questions 37 .
Load more

Recommended publications
  • Basel III: Post-Crisis Reforms
    Basel III: Post-Crisis Reforms Implementation Timeline Focus: Capital Definitions, Capital Focus: Capital Requirements Buffers and Liquidity Requirements Basel lll 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 1 January 2022 Full implementation of: 1. Revised standardised approach for credit risk; 2. Revised IRB framework; 1 January 3. Revised CVA framework; 1 January 1 January 1 January 1 January 1 January 2018 4. Revised operational risk framework; 2027 5. Revised market risk framework (Fundamental Review of 2023 2024 2025 2026 Full implementation of Leverage Trading Book); and Output 6. Leverage Ratio (revised exposure definition). Output Output Output Output Ratio (Existing exposure floor: Transitional implementation floor: 55% floor: 60% floor: 65% floor: 70% definition) Output floor: 50% 72.5% Capital Ratios 0% - 2.5% 0% - 2.5% Countercyclical 0% - 2.5% 2.5% Buffer 2.5% Conservation 2.5% Buffer 8% 6% Minimum Capital 4.5% Requirement Core Equity Tier 1 (CET 1) Tier 1 (T1) Total Capital (Tier 1 + Tier 2) Standardised Approach for Credit Risk New Categories of Revisions to the Existing Standardised Approach Exposures • Exposures to Banks • Exposure to Covered Bonds Bank exposures will be risk-weighted based on either the External Credit Risk Assessment Approach (ECRA) or Standardised Credit Risk Rated covered bonds will be risk Assessment Approach (SCRA). Banks are to apply ECRA where regulators do allow the use of external ratings for regulatory purposes and weighted based on issue SCRA for regulators that don’t. specific rating while risk weights for unrated covered bonds will • Exposures to Multilateral Development Banks (MDBs) be inferred from the issuer’s For exposures that do not fulfil the eligibility criteria, risk weights are to be determined by either SCRA or ECRA.
    [Show full text]
  • Personal Loans 101: Understanding Your Credit Risk Loans Have Some Risk for Both the Borrower and the Lender
    PERSONAL LOANS 101: Understanding YoUr credit risk Loans have some risk for both the borrower and the lender. The borrower takes on the responsibilities and terms of paying back the loan. The lender’s risk is the chance of non-payment. Consumers can choose from several types of loans. As a borrower, you need to understand the type of loan you are considering and its possible risk. This brochure provides information to help you make a smart choice before applying for a loan. 2 It is important to review your financial situation to see if you can handle another monthly payment before applying for a loan. Creating a budget will help you apply for the loan that best meets your present and future needs. For an interactive budget, visit www.afsaef.org/budgetplanner or www.afsaef.org/personalloans101. You will need to show the lender that you can repay what you borrow, with interest. After you have made a budget, consider these factors, which maY redUce or add risk to a Loan. 3 abiLitY to repaY the Loan Is the lender evaluating your ability to repay the loan based on facts such as your credit history, current and expected income, current expenses, debt-to- income ratio (your expenses compared to your income) and employment status? This assessment, often called underwriting, helps determine if you can make the monthly payment and raises your chances of getting a loan to fit your needs that you can afford to repay. It depends on you providing complete and correct information to the lender. Testing “your ability to repay” and appropriate “underwriting” reduces your risk when taking out any type of loan.
    [Show full text]
  • Operational Risk Management Guide
    OPERATIONAL RISK MANAGEMENT GUIDE U.S. DEPARTMENT OF AGRICULTURE FOREST SERVICE 2020 Last Updated 02/26/2020 RISK MANAGEMENT COUNCIL IN COOPERATION WITH THE OFFICE OF SAFETY & OCCUPATIONAL HEALTH and THE NATIONAL AVIATION SAFETY COUNCIL Contents Contents ....................................................................................................................................................................................... 2 Executive Summary .................................................................................................................................................................. i Introduction ............................................................................................................................................................................... 1 What is Operational Risk Management? ................................................................................................................... 1 The Terminology of ORM ................................................................................................................................................ 1 Principles of ORM Application ........................................................................................................................................... 6 The Five-Step ORM Process ................................................................................................................................................ 7 Step 1: Identify Hazards ..................................................................................................................................................
    [Show full text]
  • Credit Risk Models
    Lecture notes on risk management, public policy, and the financial system Credit risk models Allan M. Malz Columbia University Credit risk models Outline Overview of credit risk analytics Single-obligor credit risk models © 2020 Allan M. Malz Last updated: February 8, 2021 2/32 Credit risk models Overview of credit risk analytics Overview of credit risk analytics Credit risk metrics and models Intensity models and default time analytics Single-obligor credit risk models 3/32 Credit risk models Overview of credit risk analytics Credit risk metrics and models Key metrics of credit risk Probability of default πt defined over a time horizon t, e.g. one year Exposure at default: amount the lender can lose in default For a loan or bond, par value plus accrued interest For OTC derivatives, also driven by market value Net present value (NPV) 0 ( counterparty risk) S → But exposure at default 0 ≥ Recovery: creditor generally loses fraction of exposure R < 100 percent Loss given default (LGD) equals exposure minus recovery (a fraction 1 − R) Expected loss (EL) equals default probability × LGD or fraction πt × (1 − R) Credit risk management focuses on unexpected loss Credit Value-at-Risk related to a quantile of the credit return distribution Differs from market risk in excluding EL Credit VaR at confidence level of α defined as: 1 − α-quantile of credit loss distribution − EL 4/32 Credit risk models Overview of credit risk analytics Credit risk metrics and models Estimating default probabilities Risk-neutral default probabilities based on market
    [Show full text]
  • Capital Adequacy Requirements (CAR)
    Guideline Subject: Capital Adequacy Requirements (CAR) Chapter 3 – Credit Risk – Standardized Approach Effective Date: November 2017 / January 20181 The Capital Adequacy Requirements (CAR) for banks (including federal credit unions), bank holding companies, federally regulated trust companies, federally regulated loan companies and cooperative retail associations are set out in nine chapters, each of which has been issued as a separate document. This document, Chapter 3 – Credit Risk – Standardized Approach, should be read in conjunction with the other CAR chapters which include: Chapter 1 Overview Chapter 2 Definition of Capital Chapter 3 Credit Risk – Standardized Approach Chapter 4 Settlement and Counterparty Risk Chapter 5 Credit Risk Mitigation Chapter 6 Credit Risk- Internal Ratings Based Approach Chapter 7 Structured Credit Products Chapter 8 Operational Risk Chapter 9 Market Risk 1 For institutions with a fiscal year ending October 31 or December 31, respectively Banks/BHC/T&L/CRA Credit Risk-Standardized Approach November 2017 Chapter 3 - Page 1 Table of Contents 3.1. Risk Weight Categories ............................................................................................. 4 3.1.1. Claims on sovereigns ............................................................................... 4 3.1.2. Claims on unrated sovereigns ................................................................. 5 3.1.3. Claims on non-central government public sector entities (PSEs) ........... 5 3.1.4. Claims on multilateral development banks (MDBs)
    [Show full text]
  • Quarter Ended September 30, 2020
    PILLAR 3 REGULATORY CAPITAL DISCLOSURES For the quarterly period ended September 30, 2020 Table of Contents Disclosure map 1 Introduction 2 Report overview 2 Basel III overview 2 Firmwide risk management 3 Governance and oversight 3 Regulatory capital 4 Components of capital 4 Risk-weighted assets 5 Capital adequacy 6 Supplementary leverage ratio 8 Total Loss-Absorbing Capacity 8 Credit risk 9 Retail credit risk 11 Wholesale credit risk 13 Counterparty credit risk 14 Securitization 15 Equity risk in the banking book 19 Market risk 20 Material portfolio of covered positions 20 Value-at-risk 20 Regulatory market risk capital models 21 Independent review 24 Stress testing 24 Operational risk 25 Interest rate risk in the banking book 26 Supplementary leverage ratio 27 Appendix 28 Valuation process 28 References 28 DISCLOSURE MAP Pillar 3 Report page 3Q20 Form 10-Q 2019 Form 10-K Pillar 3 Requirement Description reference page reference page reference Capital structure Terms and conditions of capital instruments 5 1, 259, 261 Capital components 4 95 148, 259, 261 Capital adequacy Capital adequacy assessment process 6 52 86 Risk-weighted assets by risk stripe 5 Regulatory capital metrics 7 178 271 Credit risk: general Policies and practices 9 60 100, 178, 208, 219, disclosures 217, 272 Credit risk exposures 9 60, 85 100, 127 Retail Distribution of exposure 11 62, 149, 150, 180 103, 222, 232, 273 Allowance for Credit Losses 10 151, 159 223, 240 Wholesale Distribution of exposure 13 67, 136, 156, 180 108, 208, 234, 273 Allowance for Credit Losses
    [Show full text]
  • Guidance for Managing Third-Party Risk
    GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution’s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from such relationships, to the same extent as if the activity were handled within the institution. This guidance includes a description of potential risks arising from third-party relationships, and provides information on identifying and managing risks associated with financial institutions’ business relationships with third parties.1 This guidance applies to any of an institution’s third-party arrangements, and is intended to be used as a resource for implementing a third-party risk management program. This guidance provides a general framework that boards of directors and senior management may use to provide appropriate oversight and risk management of significant third-party relationships. A third-party relationship should be considered significant if the institution’s relationship with the third party is a new relationship or involves implementing new bank activities; the relationship has a material effect on the institution’s revenues or expenses; the third party performs critical functions; the third party stores, accesses, transmits, or performs transactions on sensitive customer information; the third party markets bank products or services; the third party provides a product or performs a service involving subprime lending or card payment transactions; or the third party poses risks that could significantly affect earnings or capital. The FDIC reviews a financial institution’s risk management program and the overall effect of its third-party relationships as a component of its normal examination process.
    [Show full text]
  • Credit Risk Measurement: Developments Over the Last 20 Years
    Journal of Banking & Finance 21 (1998) 1721±1742 Credit risk measurement: Developments over the last 20 years Edward I. Altman, Anthony Saunders * Salomon Brothers Center, Leonard Stern School of Business, New York University, 44 West 4th street, New York, NY 10012, USA Abstractz This paper traces developments in the credit risk measurement literature over the last 20 years. The paper is essentially divided into two parts. In the ®rst part the evolution of the literature on the credit-risk measurement of individual loans and portfolios of loans is traced by way of reference to articles appearing in relevant issues of the Journal of Banking and Finance and other publications. In the second part, a new approach built around a mortality risk framework to measuring the risk and returns on loans and bonds is presented. This model is shown to oer some promise in analyzing the risk-re- turn structures of portfolios of credit-risk exposed debt instruments. Ó 1998 Elsevier Science B.V. All rights reserved. JEL classi®cation: G21; G28 Keywords: Banking; Credit risk; Default 1. Introduction Credit risk measurement has evolved dramatically over the last 20 years in response to a number of secular forces that have made its measurement more * Corresponding author. Tel.: +1 212 998 0711; fax: +1 212 995 4220; e-mail: asaun- [email protected]. 0378-4266/97/$17.00 Ó 1997 Elsevier Science B.V. All rights reserved. PII S 0 3 7 8 - 4 2 6 6 ( 9 7 ) 0 0 0 3 6 - 8 1722 E.I. Altman, A. Saunders / Journal of Banking & Finance 21 (1998) 1721±1742 important than ever before.
    [Show full text]
  • FICO Mortgage Credit Risk Managers Handbook
    FICO Mortgage Credit Risk Manager’s Best Practices Handbook Craig Focardi Senior Research Director Consumer Lending, TowerGroup September 2009 Executive Summary The mortgage credit and liquidity crisis has triggered a downward spiral of job losses, declining home prices, and rising mortgage delinquencies and foreclosures. The residential mortgage lending industry faces intense pressures. Mortgage servicers must better manage the rising tide of defaults and return financial institutions to profitability while responding quickly to increased internal, regulatory, and investor reporting requirements. These circumstances have moved management of mortgage credit risk from backstage to center stage. The risk management function cuts across the loan origination, collections, and portfolio risk management departments and is now a focus in mortgage servicers’ strategic planning, financial management, and lending operations. The imperative for strategic focus on credit risk management as well as information technology (IT) resource allocation to this function may seem obvious today. However, as recently as June 2007, mortgage lenders continued to originate subprime and other risky mortgages while investing little in new mortgage collections and infrastructure, technology, and training for mortgage portfolio management. Moreover, survey results presented in this Handbook reveal that although many mortgage servicers have increased mortgage collections and loss mitigation staffing, few servicers have invested sufficiently in data management, predictive analytics, scoring and reporting technology to identify the borrowers most at risk, implement appropriate treatments for different customer segments, and reduce mortgage re-defaults and foreclosures. The content of this Handbook is based on a survey that FICO, a leader in decision management, analytics, and scoring, commissioned from TowerGroup, a leading research and advisory firm focusing on the strategic application of technology in financial services.
    [Show full text]
  • Risk-Based Capital Rules
    Financial Institution Letter FIL-69-2008 Federal Deposit Insurance Corporation July 29, 2008 550 17th Street NW, Washington, D.C. 20429-9990 RISK-BASED CAPITAL RULES Notice of Proposed Rulemaking on Risk-Based Capital Standards: Standardized Framework Summary: The federal bank and thrift regulatory agencies have jointly issued the attached Notice of Proposed Rulemaking (NPR) and are seeking comment on the domestic application of the Basel II standardized framework for all domestic banks, bank holding companies, and savings associations that are not subject to the Basel II advanced approaches rule. The FDIC will accept comments on the NPR through October 27, 2008. Distribution: FDIC-Supervised Banks (Commercial and Savings) Highlights: Suggested Routing: Chief Executive Officer In the attached NPR, the agencies propose to Chief Financial Officer implement a new optional framework for calculating Chief Accounting Officer risk-based capital based on the Basel II Standardized Related Topics: Approach to credit risk and the Basel II Basic Risk-Based Capital Rules Indicator Approach to operational risk. The proposal 12 CFR Part 325 would: Basel II Attachment: • Expand the use of credit ratings for • “Key Aspects of the Proposed Rule on Risk- determining risk weights, Based Capital Guidelines: Capital Adequacy Guidelines; Standardized Framework” • Base risk weights for residential mortgages • Notice of Proposed Rulemaking, Risk-Based on loan-to-value ratios, Capital Guidelines; Capital Adequacy Guidelines; Standardized Framework • Expand the types of financial collateral and guarantees available to banks to offset credit Contact: risk, Nancy Hunt, Senior Policy Analyst, at [email protected] or (202) 898-6643 • Offer more risk-sensitive approaches for Ryan D.
    [Show full text]
  • Currency Risk Management Model
    e Theoretical and Applied Economics Volume XXVI (2019), No. 3(620), Autumn, pp. 21-34 Currency risk management model Constantin ANGHELACHE Bucharest University of Economic Studies, Romania “Artifex” University of Bucharest, Romania [email protected] Mădălina Gabriela ANGHEL “Artifex” University of Bucharest, Romania [email protected] Dana Luiza GRIGORESCU Bucharest University of Economic Studies, Romania [email protected] Abstract. The currency risk management is a very important aspect, especially in the case of companies that also carry out import-export activities. The currency risk is the one that can bring a series of elements that can be positive in terms of the results of the trading company or negative. Thus, for example, we can discuss the exchange rate on imports, which as it increases determines a price instability on the importer's market or on export, which as it decreases is favorable for the exporter. In the management of currency risk, volatility, exchange ratio, optimization of the ratio and the specific risks of the commercial bank must be taken into account. The risk management is an issue of utmost importance and it is carried out in several stages, pursuing precise objectives of control and adequacy of currency problems, so as to minimize and eliminate currency risks. This is a problem that is still stressful for Romania, in the context where it is a country that is not part of the Euro-monetary Union and then all intra and extra-EU transactions are made on the basis of the exchange ratio. And the calculation of the macroeconomic indicators of results being performed according to Eurostat requirements and in foreign currency, determines a certain evolution of the most representative indicator of results, namely the gross domestic product.
    [Show full text]
  • Legal Risk Section 2070.1
    Legal Risk Section 2070.1 An institution’s trading and capital-markets will prove unenforceable. Many trading activi- activities can lead to significant legal risks. ties, such as securities trading, commonly take Failure to correctly document transactions can place without a signed agreement, as each indi- result in legal disputes with counterparties over vidual transaction generally settles within a very the terms of the agreement. Even if adequately short time after the trade. The trade confirma- documented, agreements may prove to be unen- tions generally provide sufficient documentation forceable if the counterparty does not have the for these transactions, which settle in accor- authority to enter into the transaction or if the dance with market conventions. Other trading terms of the agreement are not in accordance activities involving longer-term, more complex with applicable law. Alternatively, the agree- transactions may necessitate more comprehen- ment may be challenged on the grounds that the sive and detailed documentation. Such documen- transaction is not suitable for the counterparty, tation ensures that the institution and its coun- given its level of financial sophistication, finan- terparty agree on the terms applicable to the cial condition, or investment objectives, or on transaction. In addition, documentation satisfies the grounds that the risks of the transaction were other legal requirements, such as the ‘‘statutes of not accurately and completely disclosed to the frauds’’ that may apply in many jurisdictions. investor. Statutes of frauds generally require signed, writ- As part of sound risk management, institu- ten agreements for certain classes of contracts, tions should take steps to guard themselves such as agreements with a duration of more than against legal risk.
    [Show full text]