UBS presentation Key remediation actions
Nov 17, 2014 Group-wide actions
• Integration of Compliance and Operational Risk Control We have integrated Compliance and Operational Risk Control. The key benefits of the integration will be: − Achieving a stronger defense mechanism based on preventative measures, thereby reducing the likelihood and impact of a significant event. This will be achieved through combining skills across Risk, Compliance and Control and realigning activities appropriately across 1st & 2nd line of defense. − Becoming forward looking to identify and action potential significant risks and issues early. This will be achieved by focusing the view of consequential risk management on forward looking risk identification and industrializing the use of data analysis underpinned by technology. − Establishing one firm-wide consistent Risk & Control Framework to enable strengthened controls to be efficiently delivered. This will include the streamlining and enhancing of risk control assessments and operating seamless 'top down' and 'bottom up' risk & control assessment continuum. − Establishing clear accountability & prioritization, including the definition of clear roles and responsibilities for consequential risk management to mitigate execution risks. • Increased Monitoring and Surveillance We continue to enhance overall M&S capabilities to identify and detect improper business and employee practices. This works is focused across six work streams: • 1) Strengthening cross border monitoring, 2) Enhanced employee intelligence capabilities which consolidates multiple data points of individuals, 3) Electronic communications monitoring, 4) Enhanced monitoring of audio communications relating to benchmark submissions, 5) IB trade surveillance, 6) Unauthorised trading detection in the IB. • Enhanced whistleblowing process − We have enhanced the whistleblowing process, re-issued the Whistleblowing Protection policy for Employees, and increased communications on the program. − The case management process has been optimized to reduce the time for cases to be reviewed and closed. • Personal Account Dealing − The Personal Account Dealing policy has been revised to ensure that consistent, enhanced global standards are put in place and generally only UBS accounts are allowed for UBS employees to monitor own trading activity
1 Specific Investment Bank actions
• Policy and Conduct: − We have significantly updated the Fixed Income, Rates and Credit Handbook (Code of Conduct) and published and circulated the new Handbook to employees. Enhanced and new sections cover communication, behaviour, and market and client conduct. − We have completed mandatory conduct training for all IB Sales andTradingstaffwithover2,600staffhavingattendedthe live sessions. The new conduct training now forms part of the induction for all new IB Sales and Trading staff. − We have banned the use of personal mobile devices on trading floors globally. − We have been industry leaders in setting new procedures to ensure appropriate usage of chat rooms as a form of communication, including closure of chat rooms (ca 50%), banning of social chat and implementation of new policy including room owners, moderators and guidance on usage. • Systems and Organisation: ⁻ We have consolidated analytical surveillance activities into a single C&ORC Function to enhance our controls and to integrate into our trade surveillance infrastructure. ⁻ We have increased staffing levels to enhance management oversight. ⁻ We have further strengthened our infrastructure to ensure segregation of duties to avoid any conflicts of interest. • Process and Control: − We are continuing to roll out a new Employee Conduct Risk dashboard regionally. − We have issued guidance on completion of Trade Entry Error reports to ensure errors are reviewed and escalated in a timely manner. − We are introducing new procedures to ensure enhanced regular review of key front-to-back controls. − We have defined, and are in the process of implementing, a new set of metrics to enhance our management information in relation to our usage of third-party brokers • In control in business campaign (launched in July 2012) − Group wide awareness campaign highlighting the importance of risk control and the responsibility of the individual as a risk manager.
2 Lessons Learned: Improving Control Environment and Culture
Considering the lessons learned from the financial crisis and other internal and external events, UBS has taken a range of measures to improve the firm's risk management and control processes and drive the right behaviors to protect the firm's reputation and achieve the strategic goals.
2008 - 2011 2012 -> ongoing 2013 -> ongoing 2014 -> ongoing • Refresh of the code of business • Enhanced Operational Risk • Independent management testing • Enhancements to the conduct and ethics Framework (ORF2) of key controls whistleblowing process • Introduction of Group Significant • Master List of Significant Issues • Development of an • Integration of Compliance and Operational Risk Issues (GSORIs) Managing Director intelligence capability – enhanced Operational Risk Control • Creation of the Master List of ownership and independent monitoring • Conduct Risk Significant Issues (MLSI) assurance • Libor Lessons learned initiatives on • FX Spot Review and associated • Risk Effectiveness program • Strengthening front-to-back the 2nd line of defense controls and governance • Enhanced remuneration framework control accountabilities through the • Enhanced investigation framework remediation – introduction of deferred Chief Operating Officers • Whistleblowing communication compensation and forfeiture of • Investment Bank Unauthorized campaign compensation Trading Accident remediation • Comprehensive program on including leadership and behaviors behavioral program • Market Conduct Enhancement • Risk embedded in performance and Program compensation • Enhanced Supervision • In Control In Business communication campaign • Performance Management assessment and promotions • Enhanced Incidents and Consequences process
Control Remediation Increasing Complementary Focus on Behavioral Aspects Strengthening the culture takes time – programs are in progress 3 Lessons Learned: Improving Control Environment and Culture
Measures and programs
• Enhanced Operational Risk Framework (ORF2) . Complementing current Operational Risk assessments with sub divisional Front to Back risk assessments . Key controls continue to be embedded into the Chief Operating Officer dashboards and run the bank operations . Control assessment process embedded within strategic change programme design phase . Positive regulatory assessment received of Enhanced Operational Risk Framework implementation
. Independent management testing of key . Introduction of independent management testing of key controls and full testing of relevant population of bank controls . Complementary to the internal control testing and provides an additional level of assurance
. Commenced development of an 'intelligence . The 'intelligence capability' contains 3 elements: capability' – enhanced monitoring . Development and implementation of a capability to link disparate information from multiple sources at employee level . Enhancements to electronic communications monitoring and discovery capabilities . Enhancement of alert generation capabilities
. Libor Lessons learned initiatives on the 2nd line . The assessment of current measures in place – ensuring that they are completed and embedded in the firm of defense . Clarification of control expectations for the 2nd line of defense for conduct, regulatory and reputations risks CONTROLS
. FX Controls and Governance Review . Group Internal Audit and Operational Risk Control review of the Front to Back control and governance aspects of the FX spot business including - FX Business Profile and Organizational set up - Front Office supervision / Performance Review - Control Function Processes • In addition the applicability of FX remediation actions against other Investment Bank Business lines is conducted to determine where control enhancements can be leveraged to mitigate against threats to the wider organisation.
. Investment Bank 'Look Across' Review . A firm wide risk assessment, the "Look Across Process" was conducted in Q4 2013 to test the hypothesis that markets and businesses which share some of the same attributes common to LIBOR and FOREX events could also be susceptible to market misconduct
4 Lessons Learned: Improving Control Environment and Culture
Measures and programs
. Introduction of Group Significant Operational Risk Issues . Identification of the key operational risks for the firm and establishment of effective remediation (GSORIs) . Clear ownership with individual Group Executive Board members . Creation of the Master List of Significant Issues (MLSI) . Common rating scale in place across the firm . Master List of Significant Issues Managing Director . Level 4 and 5 issues assigned to MDs and included in Performance Management objectives ownership and independent assurance . Independent assurance of associated remediation by GIA for all risk issues and actions impacting the firm
• Strengthening front-to-back control accountabilities through . Revised mandate for Chief Operating Officers to re-emphasize the Front to Back control responsibility the Chief Operating Officers . Chief Operating Officers dashboards introduced to provide visibility of the Front to Back control environment
. Investment Bank Unauthorized Trading Accident . Completion of complex and broad remediation program on time remediation including behavioral program . Included a behavioral program led by the Investment Bank Executive Committee PROCESS
. Risk and Behaviors embedded in performance and . Process to embed control function feedback into the performance assessment and compensation processes compensation
. Enhanced Investigations framework . Common approach and governance for level 4 and 5 investigations
. Conduct Risk . Develop an approach to identification, assessment and reporting of Conduct Risk across the firm
5 Lessons Learned: Improving Control Environment and Culture
Measures and programs
. Refresh of the Code of business conduct and . The Code reflects principles and practices that are binding for all of UBS's employees and Board members to follow ethics unreservedly . It is available on the intranet in 10 languages . Online training is also available . Implemented training activities to ensure that it is properly understood and correctly applied
. Enhanced supervision . Critical initiative to set and embed higher expectations of supervisors across all functions. . Group Executive Board approved the "Principles of Good Supervision" (2H12) and self assessment completed by each function . Online mandatory training modules introduced for both supervisors and non-supervisors
. Communications programs . "In Control In Business" (ICIB) is a Group-wide internal communications campaign designed to help establish a stronger . In control In Business risk culture across the firm . "In Control In Business" campaign was launched in June 2012 . Whistleblowing . "Principles of Good Supervision" were published and reinforced through "In Control In Business" campaign
. Whistleblowing policy has been reviewed to confirm it adequately covers ethical matters . A campaign around whistleblowing procedures was launched by the Chairman and Group CEO to encourage staff to raise concerns CULTURE . Comprehensive program on leadership and . Program set-up in 1Q13 behaviors . Tone from the top – engagement and reinforcement actions are being implemented across the firm . Key behaviors defined and rolled out to the firm. All 60000 employees touched.
. Performance Management assessment and . Key behaviors embedded in the Performance Management/comp process promotions . Enhanced Incident and Consequences process . Promotion proposals assessed against behavior / disciplinary actions . Senior leadership using "Master List of Significant Issues" assurance work as a factor in compensation decisions
. Compliance and Operational Risk Control . Move of Compliance to Risk Control and integration with Operational Risk Control to consolidate the second line of Integration defence for consequential risk . Positioning the Compliance organization as a control function within the firm
6