INTELLIGENT RISK knowledge for the PRMIA community
April 2018 ©2018 - All Rights Reserved Professional Risk Managers’ International Association
PROFESSIONAL RISK MANAGERS’ INTERNATIONAL ASSOCIATION CONTENT EDITORS
INSIDE THIS ISSUE
Steve Lindo
003
A letter from PRMIA leadership
Principal, SRL Advisory Services and Lecturer at Columbia University
005
Editor’s introduction
006
Diversification behaviour in standard and internal model approach of the Fundamental Review of the Trading Book - by Giovanni Sonnino
010
PRMIA member profile - by Adam Lindquist
012
Economic paradoxes in ever increasing markets - by Alex Marinov
016
Is toxic leadership the greatest human capital risk? by Dr. Monika Smatralova, Colm Fitzgerald, Monica Smith & Dr. Jonathan Allenby
022
Quantifying the scope and reach of federal mandates on manufacturing and supply chain risk - by Jim Elder
028
The emergence of enterprise model risk management by Peter Plochan
032
Women in risk - spotlight - with Aileen Gillan
034
Confidence is the key… - by Saadia Mujeeb & Sarah Nowell
038
The enterprise risk culture framework - by Debashis Banerjee
042
Financial services industry disruption and risk management by Andy Zhulenev & Alexandru Voicu
045
Why risk managers need a crash course in organizational behavior by Ketan Kapoor
048
Overview & implementation issues - Large exposure Framework (LEF) by Asad Khan & Nagaraja Kumar Deevi
052
Intraday liquidity management – the role of risk controlling under BCBS 248 - by Thomas Steiner & Heike Dengler
056
CCAR - beyond regulatory reporting - by Priyanka Pande
059
PRMIA risk leader roundtable: deregulation and markets by Joo-Yung Lee
Dr. David Veen Director, School of Business Hallmark University
Nagaraja Kumar Deevi Managing Partner | Senior Advisor DEEVI | Advisory Services | Research Studies Finance | Risk | Regulations | Analytics
SPECIAL THANKS Thanks to our sponsors, the exclusive content of Intelligent Risk is freely distributed worldwide. If you would like more information about sponsorship opportunities contact sponsorship@prmia.org.
FIND US ON
SPONSORED BY prmia.org/irisk
@prmia
prmia
We deliver exceptional solutions, for exceptional results. Every day at S&P Global Market Intelligence, we collect, scrub, interpret, and analyze vast volumes of content, turning it into actionable intelligence on the global financial markets and the companies and industries that comprise those markets. We deliver the data and insight you need to make informed, smarter business decisions and investment decisions that are critical to your future. Driven by our core tenets of accuracy, relevance, completeness, and timeliness, S&P Global Market Intelligence is a leading provider of financial and industry data, research, news and analytics to investment professionals, government agencies, corporations, and universities worldwide. By unifying the highest quality data and industry-leading solutions from S&P Capital IQ and SNL, we integrate news, comprehensive market and sector-specific data and analytics into a variety of tools to help clients track performance, generate alpha, identify investment ideas, understand competitive and industry dynamics, perform valuations, and assess credit risk.
002
Intelligent Risk - April 2018
letter from PRMIA leadership
Justin M. McCarthy Chair, PRMIA
Kraig Conrad CEO, PRMIA
Welcome to the Spring 2018 Edition of Intelligent Risk. In this edition we further dialog on many leading topics that have been discussed by practitioners in PRMIA webinars, learning courses, and Chapter events around the world. We encourage you to join in the conversation at events and the soon-to-launch Community area of our site.
progress toward your future PRMIA The Board met for its spring meeting to review strategy and discuss how we accelerate growth in service of your member-led, mission-focused organization. The dialog was deliberative and able to be powerful given the many improvements made over the last 2 years. This Board is ready for the challenges and committed to expanding on our unique value and increasing the connection of that value to our relevance to the future of the profession.
like peanut butter and chocolate...for your career Many CFAÂŽ charterholders in the risk community have taken advantage of exam exemptions for the PRMTM where they do not have to take our Exams I & II. We are pleased to work with CFA Institute to provide a broader understanding of risk management to CFA charterholders, offering knowledge and skills that are critical to financial professionals. By taking advantage of this exam exemption, CFA charterholders are able to save time and money in the PRM study and preparation process, and statistics show that they are scoring higher on their exams than non-CFA charterholders. This is a great value that will pay back in career opportunities.
Intelligent Risk - April 2018
003
upcoming changes to the PRMTM credential The Education Committee was thorough and expeditious in a recent review of the Professional Risk Manager program. This Committee, through ongoing efforts, monitors all aspects of the credential, from content to test structure, to ensure our practitioner-focused certification meets high standards.
grow your career and make an impact on the profession As we do with each edition of Intelligent Risk, we invite you to join us on our journey to serve the global risk profession. Many find their volunteer experience personally and professionally rewarding as their work helps define the future of our profession. Please join your peers in shaping the PRMIA future by visiting prmia. org/volunteer.
Justin McCarthy Chair, PRMIA
004
Intelligent Risk - April 2018
Kraig Conrad Chief Executive Officer, PRMIA
editor introduction
Steve Lindo Editor, PRMIA
Dr. David Veen
Nagaraja Kumar Deevi
Editor, PRMIA
Editor, PRMIA
welcome to the first Intelligent Risk issue of 2018 In selecting a 360 degree focus on risk as the theme for this issue of Intelligent Risk, we were confident that it would generate a wide variety of relevant articles, all equally important to the field of risk management. The ones selected for this issue fully justify our confidence, comprising an impressive assortment of perspectives and topics related to bank risk metrics, risk culture, model risk and macroeconomics. The first category features articles about CCAR, FRTB, Large Exposure Framework and Intraday Liquidity. The second category features articles on risk culture framework, organizational behavior and toxic leadership. The remaining categories feature articles on enterprise model risk management and the social consequences of monetary policy. As usual, we greatly enjoyed reading these thoughtful and articulate pieces contributed by PRMIA members. We hope you enjoy reading the final versions as much as we did editing them.
Intelligent Risk - April 2018
005
diversification behaviour in standard and internal model approach of the Fundamental Review of the Trading Book
by Giovanni Sonnino FRTB introduction The global financial crisis exposed the shortcomings of market risk management practices of the trading book. As a consequence, the Basel Committee for Banking Supervision (BCBS) overhauled the current approach to assess capital requirements related to market risk with the Fundamental Review of the Trading Book (FRTB). This is a major change to the industry’s current practices. Among the major changes stand out a stricter boundary between the trading and banking book and a more stringent approval process for the use of an internal model approach (IMA) which is now to be obtained (and lost) at the single desk level. The main advantages of IMA are a supposedly lower charge than under SA and that financial institutions have more flexibility in their specific modelling choices. The possibility of choosing the approach to apply at desk level opens up the debate about which approach, IMA or SA, to use for each desk and what is the optimal mix between the two. This decision cannot in fact be based on looking at all the combinations, since these grow exponentially with the number of desks.
diversification and the cliff effect In order to find the optimal mix, banks need to consider the pro and cons of each, taking into account the amount of the capital charge under each approach, the likelihood of obtaining approval for the IMA and the additional cost associated with its implementation and maintenance. Additionally, since no diversification is allowed between approaches, the benefit this diversification provides to each desk needs to be carefully analyzed. The final charge will be the sum of two separate components, coming from those desks capitalised under IMA and those under SA. We should consider not only the diversification effects of single desk positions within the overall valuation portfolio, but also the consequences of moving them from the IMA to the SA approach or vice versa.
006
Intelligent Risk - April 2018
In fact, two desks with perfectly offsetting PVs are likely to have a very small net sensitivity to risk factors in SA and a low net expected shortfall in IMA. If they are, however, capitalized separately under two approaches, the netting disappears, and this can create a so-called “cliff effect” resulting in an unwanted movement in capital charges. Considering the high probability to lose IMA approval, analyzing the diversification characteristics between a financial institution’s trading desks is crucial to understand the magnitude of potential cliff effects.
author Adam Litke
findings We ran a specific analysis on an exemplary portfolio and discovered some interesting results, which we believe can be translated to larger, more complex portfolios: • For a well-diversified desk, it is less relevant which approach is used, since the net PVs will be close to 0. For an undiversified portfolio, however, a decrease in capital charge can be obtained by applying IMA, as this approach generally generates lower charges.
Intelligent Risk - April 2018
007
• Products with sensitivities to several asset classes, among which there is a negative correlation, and products with optionality are better capitalized under IMA. • A dopting a mix of approaches could be therefore the optimal route, whereby some desks are capitalized under SA and others under IMA, according to the guidelines highlighted above. However, a sudden or unexpected change of approach can generate a cliff effect and may result in a much higher total capital charge due to a loss of diversification.
conclusions The effects of diversification, which is unstable and difficult to predict due to stricter requirements to maintain IMA approval, will directly impact the implementation of FRTB. A well-managed diversification can reduce the charge to near zero. However, a sudden switch of one desk from one approach to the other, whether intentional or not, can cause the capital requirements to jump to significant levels which has implications for capital planning and related costs. From a process and operations point of view, financial institutions will need to establish new processes designed to monitor and control trading desks allocation: • At inception, the tendencies of the various approaches and asset classes need to be studied to identify the trends which can deliver a lower charge. • These studies will have to be repeated periodically, to ensure desks continue to reflect the same composition of products and exposure to risk factors that drove the initial decision on which approach to adopt. • For those desks that have received IMA approval, a financial institution needs to introduce a process to assess the diversification effect provided by each desk. For those desks that provide a high diversification benefit, an ongoing estimate of compliance with IMA requirements needs to be carried out. Desks that fear losing their IMA approval must take corrective plans to handle consequences of a potential jumping capital charge due to loss of IMA approval.
008
Intelligent Risk - April 2018
author Giovanni Sonnino, Senior Manager Gianni is responsible for the BearingPoint consulting effort in those areas related to the risk of the trading book. Prior to joining BearingPoint in 2016, he worked as Senior Financial Engineer in Algorithmics, where he led several functional implementations of risk management solutions across European Banks. Before starting at Algorithmics in 2011 he worked at Credit Suisse in the Investment Advisory and Strategies Department, where he designed risk models for Private Clients. Gianni is a specialised trainer in risk management topics having collaborated with the IEB university of Madrid and several professional training organisations.
Intelligent Risk - April 2018
009
PRMIA member profile - Antonio Jimenez Sanchez
by Adam Lindquist, Director of Membership, PRMIA Adam
How did you choose a career in risk management?
Antonio I would say it was a combination of two factors: It was the right timing when I was offered a risk management job, and it was my passion to understand how financial markets and complex financial instruments work. After graduating from university during the middle of the financial crisis in 2009 I started working in the field of risk management in 2010. My role was performing fundamental valuation of mortgage-backed securities.
Adam
You hold both a CFA and a PRM. How do they complement each other?
Antonio As a treasury risk officer at the European Investment Bank, I am in charge of risk analytics for several fixed income portfolios. CFA Institute resources are excellent in topics such as investment valuation, benchmarking methodologies, fixed income analytics, derivatives theory and portfolio management. PRMIA resources are extremely useful when it comes to market risk, credit risk and banking regulation. I must say that I benefit massively for having access to both organizations and, depending on my needs, I consult one or the other.
Adam
Why did you choose to pursue the PRM?
Antonio I enrolled in the PRM program right after I completed the CFA program to deepen my knowledge of risk management theory and models. I found the PRM program well-structured, and it is recognized worldwide by risk practitioners. The fact that several of my colleagues are also PRM holders was a great motivation to pursue it.
Adam
What do you find are some of the benefits of PRMIA membership?
Antonio Continuous education is critical in this fast-evolving field. PRMIA members are constantly updated about the latest developments and trends in risk management. Members have access to a vast library of state-of-the-art papers in addition to numerous webinars conducted by world class scholars and practitioners. Being up-to-date on best banking practices is something that our management and my employer highly reward.
010
Intelligent Risk - April 2018
Adam
How useful has having the PRM been in your career development?
Antonio So far my management has recognized it, and I firmly believe it can make a difference to move forward in my career.
Adam
How have you applied what you learned?
Antonio I was able to rapidly apply the concepts I learned regarding counterparty risk and derivatives, as we just introduced bond futures for some portfolios. The credit risk concepts that I apply when performing fundamental analysis for some of our counterparties has been incredibly useful.
Adam
How do you see the risk profession changing in the next 5 years?
Antonio From a risk officer point of view, automation, big data and artificial intelligent will definitely shape the tools we use today through 5 years from now. Hence, thousands of jobs in compliance or reporting may disappear. From a credit risk perspective, disruptive technologies (digitalization, block-chain and cryptocurrencies) are something to keep an eye on as they might completely change the classical banking business model, pushing some of the market players out of business.
interviewee Antonio Jimenez Sanchez, PRM, CFA Treasury Risk Officer, European Investment Bank
Intelligent Risk - April 2018
011
economic paradoxes in ever increasing markets
by Alex Marinov policy makers’ dilemma The current economic paradigm that is plaguing central banks across the globe is: when should we stop our stimulus programs launched after the onslaught of the 2008 financial crisis? Currently, central banks in several geographical regions are still supporting accommodative monetary policies, which have hit savers and pensioners the hardest. The question is not an easy one, as the current market environment is very favorable towards stock prices. Most major indices have recovered since their 2008 losses and have reached all time highs recently the Dow Jones reached a record 26,000 level. This has, of course, been beneficial to investors and major corporations, by allowing them to borrow and invest more while growing their businesses. However, the effects have been less than beneficial for the average worker, as salaries and wage growth have stagnated for the last 10 years. Central banks have reached a pivotal moment because their monetary policy has been more than successful. However, some policy makers are still reluctant to change the markets’ perceptions that these policies will be reversed very soon. It seems that policy makers are trapped in an environment that pushes them to keep things as they are, which leads to ever rising stock prices, rather than reduce their stimulus and deflate an ever-expanding bull market, which seems poised to set new record levels. Rising interest rates could be of great benefit to savers, pensioners and risk-averse investors who have been pushed into much riskier assets in search of return. The low interest rate environment has made bonds a very unattractive investment and has pushed investors into more risky and speculative bonds, especially from not so reliable sovereigns, who have a history of not honoring their debt.
masking weaknesses Another issue which is caused by the current environment is that it has become harder and harder to differentiate well-performing companies from ones that are struggling. The reason is that bond issuance has been at historical highs thanks to low interest rates. This has allowed bad apples to exist for longer periods of time. Even when a corporation doesn’t have a very stable financing position, it can continue to borrow from the markets on very favorable terms.
012
Intelligent Risk - April 2018
These misalignments continue to build up in the global economic system which, although it has recovered significantly since 2008, shows uneven signs of growth (around 2-3% globally), with higher growth rates reserved for the likes of China, India, Brazil and other developing countries. Some advanced economies are still experiencing moderate to high levels of unemployment, straining the social-economic paradigm in countries such as Spain, Portugal, Italy and Greece.
job quality attrition In this environment, the type of job creation is more problematic than the level. Even though data shows that employment has recovered, the types of job that are being offered to potential employees are certainly not the ones that they might expect. The “gig economy,” or zero-hour contracts, have created another instability, because they offer less social security, saving employers millions on benefits such as healthcare, maternity/paternity leave, stable working hours and others. All of the above create an environment of inequality between those with a stable full-time job and people working on part-time contracts. These ongoing issues have more or less been ignored not only by policy makers but also by politicians. Rising prices and stagnating wages, combined with ever increasing markets, have created an explosive atmosphere, full of inequality and imbalances.
new thinking is needed So, what can policy makers and central bankers do in this environment? Even though at first sight it might seem that their options are limited, there are several avenues available that could be explored. Firstly, having an accommodative policy for close to 10 years has led to false expectations that it will continue well into the future. Even though policy makers have been communicating that this is going to end in the near future, no specific dates have been given, citing instead a 2% inflation target. However, the 2% inflation target being used by most central banks, reliable in normal times, isn’t appropriate in this case. Instead a new measure has to be used, one which is more in line with current realities and takes into account the ongoing inequalities in the markets. Secondly, the huge balance sheets accumulated by central banks are a cause of concern (for example the Federal Reserve (Fed)’s balance sheet is now $4.5 trillion) and have to be reduced significantly. Some central banks have started that process on a gradual basis, but most critics say that their reduction is too slow and too small, and at the current pace would continue to the end of 2020 and beyond. The problem is that not every central bank’s balance sheet is the same, nor are its goals. The Fed aims for a stable inflation target, and so do the Bank of England and the ECB. However, the PBOC is more concerned with growth rate targets, while the Bank of Japan is trying to raise inflation targets after two decades of deflationary expectations, and the Swiss National Bank seeks to preserve stable exchange rate mechanisms.
Intelligent Risk - April 2018
013
What this means is that each institution has to analyze carefully its targets and determine an avenue of action which is neither too aggressive nor too cautious. Thirdly, judging by economic fundamentals, it becomes evident that firms’ profitability has recovered significantly but wage increases have stagnated. In relative terms, workers are now worse off due to rising home prices, transportation costs and utility rate increases, while at the same time salaries have stayed almost constant. Unions and workers need to be more proactive in negotiating their compensation, but also governments and policy makers could be more involved by taking a closer look at the so called “zero hour“ contracts, which create incentives for companies to pay meager wages to workers.
conclusion Finally, the ongoing issues are deep and need to be looked into further. In this article only the most important issues have been discussed. These are not only hot topics for most people, but also influence the stream of events, because any major policy changes would have an immediate impact on financial markets. However, these changes are necessary and long overdue, and the further they are pushed to the sidelines, the more serious and more difficult they will be to solve in the future.
author Alex Marinov Alexander Marinov is a Market Risk Associate at Barclays Investment Bank. Mr. Marinov has been working in the financial services industry since 2013. Prior to joining Barclays he worked at BNY Mellon. Mr. Marinov has a MSc in Economics and International Financial Economics from the University of Warwick and Bachelor’s in Economic and Social Studies from the University of Manchester. He is a PRM holder since 2015.
014
Intelligent Risk - April 2018
Access Global Insights A PRMIA Sustaining membership includes unlimited digital access to The Wall Street Journal for one year. Join now for insights from the world’s leading source of global business and financial news.
Become a member at www.PRMIA.org
Š 2017 Dow Jones & Company, Inc. All rights reserved.
is toxic leadership the greatest human capital risk? by Dr. Monika Smatralova, Colm Fitzgerald, Monica Smith & Dr. Jonathan Allenby
A precursor to this article, co-authored by Colm Fitzgerald, Dr Monika Smatralova and Dr. Jonathan Allenby, was published in the June 2016 issue of Intelligent Risk. That article briefly outlined a conceptual model for managing agency risk. The main elements of the conceptual model were: the classical principles of progress, the main obstacles to progress, political constraints and four types of behavior - citizens, egotists, conformists and brutes.
The Financial Times recently referred to 2016 as the ‘Year of the Demagogue’. It saw Brexit, the election of Donald Trump to the White House and the seeds of potentially similar political events being sown in other countries. As risk managers, we recognize that comparable behaviors and political dynamics are at work, to various degrees, in our own organizations, and that it’s our role to make sense of them so that they can be progressively managed. The purpose of this article is to outline the risks around toxic leadership in greater depth, so that we can shine more light and they can be better illuminated.
a deeper narrative on brutish behavior From classical philosophy and political science, we have inherited the concept of the brute. The characterization of a brute is a person that is pretentious and brutal in their actions to achieve their own desires. They are cowards who are enemies to anyone better than themselves, who often despise those who treat them well and look up to those who make no concessions. They are mostly filled with lies and have little that is trustworthy or true. Their consideration for others is limited and they can be quite callous. Brutes instinctively want to bring things down to their level. They sometimes don’t mind being destroyed if they also can destroy their enemy in the process, revenge is often more important for them than self-preservation. They can behave like trolls, sadists or psychopaths. Brutes are the greatest behavioural risk in any organization and can be poisonous to its culture. For a brute, their idea of freedom is about unconditionally getting what they want, using whatever lies or pretentious excuses they can to justify their actions (nonsense to others but validated by their egos). Abraham Lincoln said that “if you want to test a man’s character, give him power”. If a brute gets power, they seek their own ends in this manner, usually under some pretense to virtue. This is in contrast to a citizen, who sees being free as a virtue to be won rather than something that can be given, and who sees power as the opportunity to make genuine ethical progress. If you are helpful to a brute, they’ll see it as a sign of weakness and likely try to get one over you in return.
016
Intelligent Risk - April 2018
In contrast, if you’re genuinely helpful, in a non-egotistical way, to a citizen, they will remember it and likely reciprocate. In short, brutes are destructive – they don’t lead healthy lives and make it very difficult for those around them to live functional, healthy and happy lives.
human capital risk Failure to deal with brutish behavior results in increased behavioral risk that can be quite detrimental to an organization’s culture. The impact of this, especially if brutes are in positions of leadership, can significantly increase commercial risk and detract from the organization achieving its goals – there’s nothing like toxic infighting to detract organizational energy away from strategic plans into fire fighting and sideshows. A further people risk is that an organization can lose good talent – people naturally distance themselves from brutes – and go and find other good leaders/people to work with. Brutish leaders usually try to silence opposition and people “give up” - learned helplessness seeps in1. As a consequence there is a risk of poor decision-making due to a lack of challenge, difficulty to talk at meetings, and forms of intimidation, meaning things can spiral downwards, with the brutes increasingly taking charge and further poisoning things, bringing things down to their level.
identifying brutish behavior Brutish behavior is difficult to manage. Even the first step, identifying the behavior, is difficult, because by nature the behavior is pretentious. However, the confusion generated by it is usually the first signal that there is a problem. Also the emotions that it creates, anger, fear, and other emotions that get the blood up, are useful signals. The rhetorical devices used by the brute also give them away, e.g. the use of projection, and the more malignant form, DARVO (deny [abuse] attack, reverse victim and offender2). Their repertoire usually includes using seeming truths with distorted logic, classic misdirection, covert intimidation, scapegoating, some fear mongering and/or the encouragement of extremes. Brutes rely on poor levels of understanding and greater levels of forgetfulness. But, the best brutes and demagogues usually behave like Aristophanes’ Sausage-Seller in his play The Knights – mixing some good bits, with a lot of bad bits, but making sure to keep the proportions consistent, so people get used to the taste.
examples of brutish behavior An example of brutish behavior would be the character of Frank Underwood in the television series House of Cards – he’s a strategic manipulator for his own ends. A more extreme example of a brute would be the character Gollum in Lord of the Rings. He’s only interested in one thing, his desire to get the ring of power. He’s willing to lie and take any action, even killing somebody, to get it. His tactics are full of pretense. 1 / Reference Seligman: https://psychcentral.com/encyclopedia/learned-helplessness/ 2 / Link: https://en.wiktionary.org/wiki/DARVO
Intelligent Risk - April 2018
017
Donald Trump’s rhetoric has brutish elements. For example, the tweet above might be considered a seeming truth with distorted logic. His version of the theatre would only be for conformists – who desire safety and security – but who will not challenge him. However, theatre is supposed to be where the human condition is portrayed – to open our eyes to ourselves. Some might argue that Trump is one of the rudest guys on the planet, so this could be considered projection. And really he should apologize, so this has a hint of DARVO too!3
why are brutes tolerated? understanding power and its origins Being, living and taking action are necessities in life. As adults, when we don’t fully manage ourselves or utilize our full potential, by behaving like a citizen, we don’t use all our power and thus create a power vacuum that needs to be filled. By not fully ruling ourselves, we make our power available to others. Because most people don’t behave like citizens, we create positions of power and having leaders becomes an imperative. Similarly in an organization, ideally everyone takes responsibility and understands where their actions feed into creating and achieving the organization’s strategic goals, be that greater success, greater profits or greater market share. However, once even one person deviates from this ideal, some element of a power vacuum is created. Or even more specifically, once a strategic objective or plan of action is determined, without a healthy functioning plan for implementation, leaving some things open to interpretation, a power vacuum is created. The size of the power vacuum and how it is filled have a significant influence on the organization’s culture. The different behavioral types in our conceptual model create different power vacuum dynamics.
3 / Other examples include: http://www.spacesafetymagazine.com/space-disasters/challenger-disaster/challenger-management-failure https://www.army.mil/article/157327/Toxic_leaders_decrease_Soldiers http://uk.businessinsider.com/why-rbs-failed-as-an-investment-bank-2015-3
018
Intelligent Risk - April 2018
Egotists create a power vacuum when, even understanding the situation in which they act, act only when it furthers the narrative of their own self-interest, and not for the greater good of the organization. In ancient Athenians, egotists were considered to pose a threat to democracy. As Pericles, their famous leader, put it, “This is a peculiarity of ours: we do not think that a man that takes no interest in politics is a man who minds his own business; we say he has no business here at all.” Pericles and other Athenians felt this way because egotists are usually ruled by tyrants, due to the power vacuum they create, and one of the aims of the Athenian democracy was to prevent a return to their pre-democratic tyranny. Conformists create an even bigger power vacuum - as they do not want to even rule themselves. They mostly want peace and quiet and are prepared to trade some of their freedom for a reduction in their responsibility. They need a leader, or indeed leaders. They create, at a minimum, a leadership vacuum, but typically a vacuum of greater size, and the more conformists the bigger the vacuum. Brutes create not only an even bigger power vacuum but also create problems to be managed as they want to gratify their desires, and are willing to take any brutal, destructive or pretentious route to try to do so. Their logic and reasoning is usually distorted due to their nonsense so they can also see a brutish leader as mostly likely to further their aims. This means that not only is there a bigger vacuum to fill with brutes, but there’s also opposition to citizen leadership. They are also most attracted to most ‘virtuous’ institutions as these give them the best pretense for their brutal actions.4 The key to adequately managing toxic leadership is to not just see it as a problem of a ‘horrible boss’ (which is the conformist perspective). Instead it’s about seeing how power has arisen, seeing the toxic leadership as being mostly about the environment that facilitates the behavior. Dealing with the toxic behavior is not just about dealing with the brute, it’s about dealing with egotism, conformity and other brutish behavior in the organization in general. Just as people are considered to get the politicians they collectively deserve, so employees often get the managers that they collectively deserve. Without an adequate number of individuals behaving like citizens to fill the power vacuums (and manage the brutes) in an organization or even an adequate number of egotists, necessity and expedience requires that they are filled by brutes, who will brutally keep things moving, albeit at a substantial cost to the underlying culture of the organization. As Antoine de Saint-Exupery put it, “It is the duty of the ship’s captain to make port, cost what it may”, so in the absence of a citizen captain to take the ship to port, a brute can be employed, for reasons of expediency to keep the plan of action on track.
managing brutish behavior Ideally an organization will fill its ranks with citizens and egotists, have good leadership for the conformists and spot the brutes before they are hired. It will invest time in agreeing a set of progressive values and effective methods of taking remedial action when boundaries are breached.
4 / Theoretically, democracies are only fully sound when they are amongst people who behave like citizens. When people do not behave this way, any ‘democracy’ usually has some pretentiousness to it, and is really mostly a democracy in name only.
Intelligent Risk - April 2018
019
But even still, brutes are always a risk and all organizations needs to know what to do to manage them. Understanding the human condition is necessary to adequately identify and create solutions to the problems of brutish behavior - as is strong and courageous (citizen) leadership. Laughter is also an important tool this is the only method to defeat authority. If you cannot laugh at somebody they have authority over you. In classical Athens, the comedy festival was considered an essential institution in maintaining the democratic nature of the city. Humor is essential to combat a toxic leader. Comedy can help to create a culture that welcomes and encourages challenge that encourages progressive disobedience – the obedient are by behavior conformists. Valuing cognitive diversity helps here – something the ancient Athenians well understood as they made their city the first open city in the world. Encouraging curiosity can help - the word comes from the Greek word Kurios, meaning self-sovereignty – only those who are curious are ruling themselves, those who are not are behaving like conformists. Another tool for managing brutes, again originating in Ancient Athens was ostracism – shunning the brute. However, it must be highlighted that half-hearted methods to deal with brutes are likely to be unsuccessful and often counterproductive – so either letting the brutish behavior continue or soundly eradicating it can sometimes be the only prudent options. If a decision is made to go to war with the brute, strategy is essential - battles are won before they are fought. Chiron the Centaur, the mythological teacher of Achilles, the greatest warrior in ancient Greece, was said to have taught him not just the ways of man to be the best that we could be, but also the ways of the beast so that he could defend himself and beat the barbarians. Similarly, a risk manager should be versed in the use of principles in, for example, the Art of War and The Prince, so that they can take on brutes. Egotists and conformists know that adequately dealing with a brute often means going to war, so they usually shy away from taking on the brute. This is because it’s too costly, or upsets their peace and quiet too much. So really the best method to deal with a brute is the cooperation amongst citizens in an organization. These are the only individuals who are willing to realistically challenge a brute – and this unity can bring great strength. Without this action and cooperation, brutish behavior will flourish, as Burke said, “All that is necessary for the triumph of evil is that good men do nothing”. Every HR manager knows the importance of a good, healthy and sound work environment. Environments which lead individuals to be brutalized result in a greater necessity for them to react, adopt and behave in brutal ways. If the work environment becomes full of brutes, it can become too costly to behave like a citizen due to the toxicity of the environment. Brutes will desire only to be ruled by another brute - which they will likely achieve as they become the dominant cohort. What a HR manager knows also applies at a macroeconomic level. Take the example of Quantitative Easing which ripples through asset markets, increasing asset prices and ultimately inequality – as it makes people better off in proportion to how better off they were in the first place. The less well-off majority of society have seen no gains from it as they have minimal assets and net worth. Consequently, they’ve become fodder for demagogues around the world. Similarly in our organizations, brutalizing the workforce, often necessitates the introduction of a brutish and toxic leadership.
020
Intelligent Risk - April 2018
objective and quantitative assessments of brutish behavior There’s an obvious problem with the analysis above in that it necessitates making judgments that might be considered subjective. We know that trusting your own judgment and having trusted others to use as sounding boards is critical to deal with toxic behavior – as is collaboration between risk managers and HR managers. But such subjectivity can be seen as providing an imprudent basis for taking action to deal with brutish behavior and toxic leadership. In a future article, we plan to outline two new tests that can be used to objectively quantify the healthiness or otherwise of the behavior of an individual or a team of individuals, along with the theoretical basis for the tests – known as the Know Yourself Test and the Know Your Team Test. The tests can be used to screen potential brutes before they join an organization and can be used to help generally improve the existing culture in an organization.
authors Dr. Monika Smatralova Dr Monika Smatralova is a senior risk practitioner currently leading the Supervisory Review and Evaluation Process within Group Risk, Permanent TSB Bank, Ireland. Her academic background is in ‘Financial Management’. She has been working in risk functions of major high street and captive banks for the last 10 years focusing mainly on credit and operational risk management and measurement, and Enterprise risk management. Monika is also actively involved in the senior leadership at PRMIA, successfully leading the Irish Chapter since 2013.
Colm Fitzgerald Colm Fitzgerald is the Director of the Actuarial & Financial Studies program in University College Dublin (UCD). Before academia he had a successful career in financial markets, where he was Head of Quantitative Trading in Bank of Ireland Global Markets. He is an active volunteer in the actuarial profession. He is a member of Education Board and the Board of Examiners in the Institute & Faculty of Actuaries amongst other roles. In UCD, he teaches classical ethics, workplace skills, actuarial risk management, investment psychology and trading, economics and finance.
Monica Smith Monica Smith is a Partner and Head of Coaching and Development at Hymans Robertson. She is an Executive Coach, Fellow of the CIPD and holds degrees in Business and Psychology. Believing that growth is good for business and people, she is committed to ensuring that Hymans Robertson’s learning is leading edge and adds value for clients, colleagues and our firm.
Dr. Jonathan Allenby Dr Jonathan Allenby is an actuary in EY’s GI practice, with a special interest in developing analytics for assessing organisational culture, risk and performance. Jonathan’s Cultural Studies PhD thesis focussed on the role of culture in knowledge production within scientific and technical domains
Intelligent Risk - April 2018
021
President Trump’s New Executive Order on Defense Industry Sourcing:
quantifying the scope and reach of federal mandates on manufacturing and supply chain risk
by Jim Elder On July 21st, the White House announced that “a healthy manufacturing and defense industrial base and resilient supply chains are essential to the economic strength and national security of the United States.1” Furthermore, it mandates a review and assessment of this industrial base and supply chain, including specific weaknesses such as “supply chains with single points of failure or limited resiliency.”2 In 2016, US Aerospace and Defense (A&D) companies were responsible for $146.4 billion in exports and represented 10.1% of total exports for the US3. Recognizing that the A&D supply chain is “a matter of national security” (and an important source of jobs), President Trump likely hopes to reduce the role of foreign A&D suppliers in order to reduce the risk ingrained in this industry. As a result, we have investigated the US A&D supply chain to quantify the industry’s reliance on foreign suppliers and, specifically, those at risk.
there is a significant amount of credit risk concentration in the industry Our analysis shows that both specific and country/industry credit risk play a significant role in the US Aerospace & Defense supply chain, displaying risky Probability of Defaults (PDs) considerably below investment grade standards. The risk could be further increased by protectionist measures and the potential for serious trade repercussions caused by tariff reciprocation, amongst other things. In addition, since most of these firms operate in a strong market, it is reasonable to also consider the potential impact of eventual market decline.
1 / Source: Presidential Executive Order on Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States as of August 9, 2017. 2 / Source: Presidential Executive Order on Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States as of August 9, 2017. 3 / Source: Deloitte. 2017 US aerospace and defense sector export and labor market study.
022
Intelligent Risk - April 2018
a comprehensive analysis of credit risk needs to include the supply chain of the A&D firms and cannot be limited to rated entities In order to quantify the potential impact on the largest public Aerospace & Defense firms, we analyzed all 27 companies within the Aerospace & Defense industry across the S&P 500, S&P 400 and S&P 600 equity indices. We then aggregated all of their suppliers tracked by S&P Global Market Intelligence and analyzed their geographic distributions and credit risk profiles. Of these companies, only 19 of the 27 A&D firms and 50 out of their 307 foreign suppliers are rated. Furthermore, 97% of the companies in the riskiest pool of foreign suppliers are not rated. To have a comprehensive view of the risk of this industry, we used the Probability of Default (PD) Model Fundamentals, which is a quantitative credit risk model that is part of the S&P Global Market Intelligence’s Credit Analytics suite. PD Model Fundamentals assesses the risk of a firm leveraging company specific financial information, as well as systemic risk factors that take into account the firm’s industry and country. Over the past five years, the PDs of these 27 US A&D companies have on average improved, but generally ranged from 0.6% to 1.0% -- this would equate to an implied credit score range of ‘bb+’ to ‘bb.’ [Lowercase nomenclature is used to differentiate S&P Global Market Intelligence PD scores from the credit ratings used by S&P Global Ratings. S&P Global Ratings does not contribute to or participate in the creation of credit scores generated by S&P Global Market Intelligence.]
Figure 1:
Intelligent Risk - April 2018
023
These 27 firms had 307 foreign suppliers that were also scored utilizing our PD Model Fundamentals - only 16% (50 out of 307) were rated by S&P Global Ratings. Amongst these firms, we identified 35 foreign A&D suppliers that we believe are most at risk of default. We considered “at-risk” firms as those having ‘ccc+’ or lower implied credit scores (approximating to a 9.637% or higher one year PD). Only one company in our pool of 35 “at-risk” suppliers is rated, further stressing the need for tools that allow for a globally consistent and generally applicable assessment of credit risk across the rated and unrated universe. These suppliers could be particularly vulnerable if the US A&D supply market is domesticated by President Trump’s policies. Leveraging PD Model Fundamentals has allowed us to assess the risk of a much broader range of suppliers, but also uncover more potential weak links in these supply chains. Given the technological nature of the A&D industry, most suppliers are based in developed countries with established technology sectors (i.e. France, Canada, Australia and England). We also found that most atrisk suppliers are in developed countries. We have broken down the highest concentrations of at-risk suppliers by country in Figure 2. Figure 2:
With five of 21 suppliers deemed at-risk, Canada has the largest number of US A&D suppliers identified out of all of the countries we analyzed. While companies like Boeing have requested tariffs on Canadian A&D imports, President Trump seems unlikely to execute such protectionist measures, particularly in light of Canadian Prime Minister Trudeau’s recent threats to reciprocate A&D sanctions. 024
Intelligent Risk - April 2018
In India, 30.8% (4/13) of suppliers are at-risk, three quarters of which provide industrial and commodities goods. Firms based in India are particularly interesting because India’s sovereign rating from S&P Global Ratings is ‘BBB-‘. However, its country risk score, which S&P Global Market Intelligence determines based upon the risk of doing business in a country, is two notches lower at ‘bb‘ -- second lowest only below Russia, which is scored as ‘b+’ relative to a sovereign rating of ‘BB+’. This negatively impacts firms operating within India as this systemic risk factor is considered by the model when assessing a firm’s credit risk. Other notable countries include the United Kingdom, which has three at-risk suppliers (7% of its suppliers), but it is worth noting that the creditworthiness of British exporting companies could potentially decrease in the event of a “Hard Brexit” due to a decline in exports. For example, as illustrated in Figure 3, before Brexit was in play (preceding the Conservative Party win in the May 2015 UK General Election, with the commitment to holding a referendum on leaving the EU), British A&D firms were less risky than their industry peers by about 0.5%, but in the past two years their relationship has reversed with an increase in relative riskiness of up to 1%. Figure 3:
One third (4/12) of Israeli suppliers are at-risk, all of which specialize in the Technology or A&D sectors. Finally, Australia has three at-risk suppliers, amounting to 23% (3/13) of its total. Interestingly, none of the 12 Chinese A&D suppliers in our sample have risky PDs. Each Chinese supplier is also better than its particular “Industry and Country Benchmark” (the median PD for an industry in a particular country). This is potentially reflective of the growing Chinese Aerospace/Defense market, driven by increased militarization and commercial air travel in the region.
Intelligent Risk - April 2018
025
As shown in Figure 4, among all foreign suppliers (every industry that we analyzed included), we observe a relatively normal distribution of credit scores. Figure 4: Overall Credit Quality of Foreign Suppliers (All Industries):
Source: S&P Capital IQ platform as of August 9, 2017. For Illustrative Purposes Only. Lowercase nomenclature is used to differentiate S&P Global Market Intelligence PD scores from the credit ratings used by S&P Global Ratings.
In investigating industry-specific concentrations of risk, the most at-risk foreign suppliers (10) are found in the A&D sector itself. These at-risk A&D suppliers cause a notable spike in the credit scores of at-risk companies, as seen in Figure 5 below. Figure 5: Credit Quality of Foreign Aerospace & Defense Suppliers:
Source: S&P Capital IQ platform as of August 9, 2017. For Illustrative Purposes Only. Lowercase nomenclature is used to differentiate S&P Global Market Intelligence PD scores from the credit ratings used by S&P Global Ratings.
026
Intelligent Risk - April 2018
Protectionist measures to revamp the US Aerospace & Defense supply chain could carry serious trade repercussions of tariff reciprocation, amongst other things. But even if the supply chain remains unaltered, the aforementioned firms, nonetheless, display risky PDs considerably below investment grade standards. Because these firms are operating in a strong market, it is reasonable to consider the potential impact of eventual market decline. In such a case, these supplier firms will then also be at particular risk if they do not improve their creditworthiness. We have focused on concentrations of at-risk suppliers among different industries and countries. However, it is worth noting our general observation that such risky firms often stand in stark contrast to their more successful peers. The ability to differentiate between healthy and risky firms is paramount in assessing the risk of the Aerospace & Defense industry, or any other industry, and their supply chains. Content including credit-related and other analyses are statements of opinion as of the date they are expressed and are not statements of fact, investment recommendations or investment advice. S&P Global Market Intelligence and its affiliates assume no obligation to update the content following publication in any form or format.
author Jim Elder Director, Risk Services / S&P Global Market Intelligence Jim Elder is a Director in the Risk Services Business at S&P Global Market Intelligence. Jim’s role includes leading product strategy and thought leadership the Credit Analytics business, with a focus on credit risk management. He has presented on topics ranging from corporate credit analysis, transfer pricing and risk management to municipal finance and valuation methodologies at numerous industry conferences and webinars. Jim’s research has been cited across major media in news outlets such as the Wall Street Journal, CNBC and MarketWatch. Jim’s fifteen years of industry experience include positions in asset management, financial guaranty and structured finance. Prior to joining Standard & Poor’s in 2007, he worked at J.P. Morgan and XL Capital Assurance. Jim holds an M.B.A in finance from New York University’s Stern School of Management. Jim graduated with bachelor degrees in Computer Science and Management from Rensselaer Polytechnic Institute.
Intelligent Risk - April 2018
027
the emergence of enterprise model risk management
by Peter Plochan introduction Financial institutions have been using models to support their decision making already for decades; therefore, model risk management (MRM) is already a well-known topic. In recent times, however, the MRM discipline has become more formalized and rigorous as regulatory activities such as FED’s model risk management guidelines1 or the recent EBA’s TRIM2 require banks to put extra compliance efforts into management of their models. In parallel, on trends such as Big Data, IoT but also new regulations such as IFRS 9, FRTB are pushing banks to develop additional models which will have to be properly managed as well. In order to address the above, financial institutions around the world are increasingly looking for skilled MRM professionals and new supporting systems which will help to tackle these challenges in the most efficient manner. Managing model risk requires a broader perspective and should not rely solely on model validation activities focusing on individual models, which is the more traditional approach, but rather focus on enterprise-wide level exposure to model risk and manage it as any other financial risk.
model risk, scope and impact
‘‘
For the purpose of this article let’s adopt the EBA’s definition of Model Risk3: Model risk comprises of two distinct forms of risk: • Risk relating to the underestimation of own funds requirements by regulatory approved models; and • Risk of losses relating to the development, implementation or improper use of any other models by the institution for decision-making”
1 / Federal Rererve System: Supervisory Guidelines on Model Risk managent (SR 11-7), 2011 2 / Targeted Review of Internal Models by European Banking Authority, 2016 3 / EBA’s Supervisory Review and Evaluation Process guidelines, 2014.
028
Intelligent Risk - April 2018
The implications of the second bullet above are quite broad; suddenly the regulators are shifting their focus from only regulatory models to any important models applied by banks to ensure that their important business decisions are backed by sound analytical processes. With the number of models used by larger banks easily reaching hundreds or sometimes even thousands, and constantly increasing (according to Mckinsey’s recent MRM survey this could reach even 10-20% increase every year) the financial institutions are also realizing that they need to start addressing model risk more holistically and cover the entire spectrum of models used across their whole organization. Model risk can arise from deficiencies in any of the processes within the modelling ecosystem (Figure 1 below). Whether it is bad data quality, wrong model development assumptions, incorrect recoding of the model from development into the production environment or just lack of proper approvals, the result is the same, a model that should not be used for decision making. Figure 1: Model Risk Management at the heart of the modelling ecosystem
Therefore, it is important to realize that the maturity level of the underlying processes in the modelling ecosystem will heavily influence the effectiveness and efficiency of the MRM activities. And there are good reasons to ensure your models are in good shape. For example, Mckinsey in its Future of Bank Risk Management refers to a large US bank case that had losses of $6 billion, which were partially due to their value-at-risk model or a large Asia–Pacific bank that lost $4 billion when it falsely applied interest-rate models. On the regulatory side we have also seen banks that were forced by their regulator to take extra capital worth billions of EUR due to deficiencies in their regulatory models and the governance around them. Each bln EUR of extra capital, assuming average 10% ROI can translate into additional annual costs of roughly 100 mln EUR. A great motivation to make sure that your MRM processes are in good shape.
4 / The evolution of Model Risk Management, 2017 5 / Mckinsey, The Future of Bank Risk Management
Intelligent Risk - April 2018
029
embedding an effective and efficient enterprise model risk management I believe the 4 key principles below are vital for a successful design & embedding of an MRM framework: Figure 2: Components of Model Risk Management framework
MODEL RISK MANAGEMENT FRAMEWORK
1. Cover the entire modeling spectrum, but make sure you prioritize Make this truly an enterprise-wide activity, make sure that all models are included in your inventory and that you cover all processes in the Model Lifecycle with exposure to model risk. Then use this holistic view to identify the focus areas and apply model governance in order to embed controls and checks according to materiality of each model. This will allow you to deploy your limited resources efficiently to improve models in the areas where your institution is exposed the most, and monitor the areas that do not require immediate attention. 2. Automate & standardize where you can All activities within the modeling ecosystem are heavily interrelated (Figure 3 below) and any manual handover between them (e.g. data exports and imports between various system or manual recoding of developed models when brought into validation / deployment environment) creates a potential for “something going wrong�. Figure 3: Interdependencies within the modelling ecosystem
030
Intelligent Risk - April 2018
A number of institutions also use a variety of different tools for development, validation and the deployment of models. All this requires maintenance of parallel skill sets which is expensive but also creates inefficiencies when models are moved from one environment to another one. 3. Quantify & Report on MRM What gets measured, gets managed and gets done. Being able to quantify model risk, report on model risk exposure, concentrations on model portfolio level and aggregate it up to model risk profile & appetite and monitor it on an enterprise level will help to increase awareness and will ensure that the problematic areas get the right attention they deserve. 4. Focus on business benefits achieved MRM should not only be seen as a “loss preventing” initiative, it can actually generate a lot of business value as well. Large institutions can easily have 500+ people involved with various activities within the modeling ecosystem. MRM processes and systems can improve their ability to share and reuse information, data, modeling concepts & scripts, reports and thus increase their efficiency. Combined with MRM triggered digitalization & standardization, this can not only significantly reduce the operational costs but also vastly speed up the entire modeling process and ultimately improve the time-to-decision which is very much needed in today’s agile world. According to Mckinsey6, institutions can save up to 20%-30% of their modelling costs in the modelling area thanks to the improvements introduced by an efficient end-to-end MRM framework. Pointing out / highlighting these benefits will you help you secure the needed buy-in for the initial investments and to counter the resistance to change within your organization. Recognizing the increasing importance of Model Risk, PRMIA has launched a dedicated Model Risk Management training to enable the institutions to manage this risk in a robust and efficient manner. Learn more or register.
author Peter Plochan Peter Plochan is Senior Risk & Finance Specialist at SAS Institute assisting institutions in dealing with their challenges around finance and risk regulations, enterprise risk management, risk governance, risk analysis and modelling. Peter has a finance background (Master’s degree in Banking) and is a certified Financial Risk Manager (FRM) with 10 years of experience in risk management in the financial sector. He has assisted various banking and insurance institutions with large-scale risk management implementations (Basel II, Solvency II) while working internally and also externally as a risk management advisor (PwC). 6 / The evolution of Model Risk Management, 2017
Intelligent Risk - April 2018
031
women in risk - spotlight
with Aileen Gillan, Chief Risk Officer, Metro Bank Aileen was a panelist in the Women in Risk event featured in this issue of Intelligent Risk.
Kristin
How did you get into the field of Risk Management?
Aileen By accident! I started my career as a barrister, and practiced and taught civil and commercial law for five years before I took my MBA. Following business school I fell into risk management consulting, back in the day when Enterprise Risk Management was emerging as a new risk discipline. It just went from there. I have chosen every role since then deliberately to help me broaden my risk management experience. I even turned down roles I didn’t think would help me continue on my chosen path. The longer I worked in risk, the more I knew I wanted to be a Chief Risk Officer. It’s an amazing role: CRO is one of the few jobs that gives you a bird’s eye view right across the business.
Kristin
What do you enjoy most about what you do?
Aileen I’m so proud to be part of the team that has built Metro Bank – almost from the start – into a force to be reckoned with in UK banking. When we opened for business in July 2010, we were the first de novo high street bank in the UK in over 100 years. What we do is really simple: we’re a disruptive, high growth retailing model that just happens to be a bank. I remember vividly when I joined people said, “it’ll never work” – yet we keep on proving that our model works; and that UK consumers and businesses are crying out for a bank that focuses on service and convenience, and offers them genuine choice. Our unique culture sits at the heart of everything we do and, as a senior leader in the Bank, it’s my job to champion the behaviours that underpin that culture. I love the challenge of building a business that has a very simple goal: creating FANS!
Kristin
What do you see as future trends in the field?
Aileen Right now, I think everyone’s focused on automation of core processes (like customer due diligence, credit underwriting), machine learning and AI. I’m also really interested in how blockchain technology will develop, and what that could mean for back-office optimization. Finally, open banking also brings lots of opportunities and risks – as a disruptor, we’re really excited by the opportunities it creates for us to offer even more innovative services to our customers.
032
Intelligent Risk - April 2018
Kristin
What are the biggest challenges faced by someone in your role?
Aileen You’re probably expecting me to respond with something about managing balance-sheet growth or regulation….However, my biggest challenge is fundamental to Metro Bank’s continued success: sustaining our culture. Making sure all Metro Bank colleagues stay true to our culture and the behaviours that support it, and that all colleagues have line of sight to the customer, whatever their role, gets even more important the bigger we grow. Our customer-focused culture is unique and, we believe, a source of competitive advantage. It is the one thing no one can replicate. We will only continue to deliver our vision if we keep all colleagues focused on growing the bank safely and sustainably, delivering consistently great customer outcomes, by living our values every day. It is our number one strategic risk.
Kristin
How do you feel about the opportunities for women in risk management?
Aileen There are lots of opportunities to build a fantastic career in risk management. Just under half of my senior team is made up of amazing women and I always recruit from the broadest possible talent pool, including talented women. From my perspective, attitude and potential are every bit as important as functional experience. Give me a smart, tenacious, hard-working woman with a growth mind-set, who doesn’t take herself too seriously, but takes what she does very seriously, and I’ll show you someone who will go far!
Kristin
What is your advice for women just entering risk management careers?
Aileen The same advice I give to any colleague thinking about their career journey: understand your strengths, and leverage them to the best of your ability. Surround yourself with amazing people you can turn to for advice and feedback. Develop resilience to help you bounce back from any set-backs along the way. Be prepared to make side-ways moves to build up your experience and skills if there is an obvious gap that is holding you back. Your career doesn’t have to be a straight line – believe in yourself, stay focused on your “true north” and you’ll be fine.
interviewee
interviewer Aileen Gillan
Kristin Lucas
Chief Risk Officer, Metro Bank
PRMIA Managing Director of Operations
Intelligent Risk - April 2018
033
confidence is the key…
by Saadia Mujeeb & Sarah Nowell Efforts to advance women in the workplace appear to be is everywhere: whether it be the ‘Women in Finance’ charter, continued articles on gender wage gaps, or the sudden appearance of specialist female candidate recruitment agents for hiring women into senior positions, it almost feels like it should be easy to be a woman and get somewhere nowadays. Somehow in practice though, it still doesn’t feel that easy. Over the years opinion has alternated between placing the blame for this on the status quo (patriarchal men hiring in their own image), society’s pressures (the judgement of other mothers at the school gates and the grumbles of men having to cook their own dinner) to something inherent in women that holds them back (‘Lean in!’). So it was with interest that I attended the Women in Risk panel discussion hosted by PRMIA at the HSBC Tower, Canary Wharf, last fall. The panelists shared how they have risen to the challenge of being senior women in risk, with a key focus on how to establish and exert influence. In summary, though, my main takeaway was that the critical success factor for rising to a senior position is confidence. That’s confidence to overcome the negative voices in our heads which tell us that we shouldn’t have got the job and certainly shouldn’t go for the promotion; confidence to deal with confrontation or bad behaviour head-on rather than retreating into the wildlands of passive aggressive emails; confidence to leave our desks for a few minutes to network without feeling that someone is judging us for not having our heads down all day; and confidence to listen to someone else’s point of view rather than drown them in pre-emptive facts in the hope that this will suffice.
“Tapping into informal power networks is something many women ignore and think that sitting at our desks and giving good ideas to our bosses is good enough” - Catherine Brett
‘‘
Where will all this confidence take us? One area discussed by the panel was getting noticed by the right people, which of course begs the question of who the ‘right people’ are (hint: it’s not our line management). Marrying confidence with a proactive determination to tap into the informal power networks which underpin all organisations is vital.
034
Intelligent Risk - April 2018
Catherine Brett (CRO at Santander UK Corporate and Commercial) summed it up powerfully: “This is the part many women ignore, thinking that sitting at our desks and giving good ideas to our bosses is good enough.” Tapping into these power networks isn’t always easy as they are often tied together by shared experiences (for example, sport, schooling), which many women may feel excluded from, but it’s worth the effort. Bruce Fletcher (CRO, Global Retail Banking and Wealth Management at HSBC) brought the audience’s attention to a new book, ‘The Square and the Tower’, by well-known historian Neil Ferguson, on the influence such informal power networks have had on the development of democracy and the structure of our modern world. This demonstrates the power of these networks and the importance of having the confidence to spend time accessing them.
“Influence is linked to inspiration and to inspire people you need to be good at what you do and confident about it” - Roselyne Renel
‘‘
It is one thing, however, to access a powerful network and another matter entirely to use this network effectively to influence people in a desired direction. As Roselyne Renel (Global Head, Enterprise Risk Management, Standard Chartered Bank) pointed out: “As you get more senior, you work through people: these include your subordinates, your peers and your bosses. Influence is linked to inspiration and to inspire people you need to be good at what you do and confident about it.” Perhaps counterintuitively, especially as many of us are regularly in meetings where the stereotypical ‘confident’ male dominates the conversation, true confidence should allow us to take the time to listen, truly listen, to others’ points of view. This is a skill more stereotypically associated with women and one which we should harness. “Listening to others is very important. Don’t think about yourself; think about them. Who are they? What do they want?” advised Bruce Flecther. “There is a danger of relying too much on the intellectual brilliance of your pitch”, agreed Aileen Gillan (CRO at Metro Bank). “It often works better to get people to influence on your behalf, to achieve the desired outcome.
“There is a danger of relying on the intellectual brilliance of your pitch…get people to influence on your behalf” - Aileen Gillan
‘‘
Another area where added confidence could help us be more successful, is in establishing and exerting authority. As Catherine Brett pointed out, we should keep telling ourselves that people who knew the job picked us and that we have something unique to offer them. This can both help us have more confidence and inspire others to have confidence in us.
Intelligent Risk - April 2018
035
“It helps to be passionate. If some parts of the job don’t inspire you, change the job!” - Tara Foley
‘‘
The other ingredient which can act as the spice to the confidence soup is passion: “If some of the job doesn’t inspire you, change the job!” advised Tara Foley (Customer, Change and Innovation, Risk Division at Lloyds Bank). It’s true though, that confidence comes easier as we get older and more experienced. So a young woman just starting out in her risk career may find all this advice harder to implement. On top of this, younger women often need thicker skins to deal with not-necessarily-badly-intentioned comments and judgements: if a woman is small, blonde, smiley and polite, she may be pre-judged as weak.
“Self-awareness helps to avoid others; pre-conceptions being borne out in reality.” ….” - Clare Beale
‘‘
Unfair though this is, some tricks and tools work whatever our age, as Clare Beale (Global Head of Independent Model Review at HSBC) noted: “Speaking slowly and clearly for example, does work! Keen self-awareness also helps here, to avoid others’ pre-conceptions being borne out in reality. Being too loyal or being so indispensable as to be un-promotable are classic ‘woman traps’ that are very easy for a young woman, trying to make a good impression, to fall into. At the other end of spectrum, effective conflict management requires a woman to confidently tread the fine line between being perceived as aggressive or being ignored – the desired space of ‘assertive’ being so much harder to occupy for a woman than a man, as numerous studies show. Nonetheless, succeeding in climbing the ladder in a fast-paced world makes confidently wielding conflict management tools essential. As Tara Foley commented: “Conflict never resolves itself. Disengaging emotion from the situation is key, since a small seed of conflict can become an all-out war. The instinct to win or to prove ourselves right can be overwhelming, but if one party is mortally wounded then it’s no good.” It also helps to view conflict as a natural part of change. In fact, if we are not all facing conflict, we should ask ourselves why. That doesn’t mean, however, that we just let conflict fester. “The biggest conflicts get to be that way because people fire out their opinions and emotions on messaging mediums”, Bruce Fletcher opined. “As an alternative, if we reach out and actually talk to someone, whether face-to-face or by video, it’s hard for people to remain aggressive.” Roselyne Renel agreed, “it’s important not to take things personally – we are all trying to find a solution. Don’t try to be popular, stay confident.” Conflict resolution though, can be trickier if there are undertows in play that we do not understand: “Try to find out what the ‘word on the street’ is,” recommended Clare Beale, “then you can get in and try to diffuse the situation.”
036
Intelligent Risk - April 2018
We do need to, however, quickly recognize when a dialogue moves from conflict to something worse, as Catherine Brett noted: “It’s important to recognize when good conflict moves to bullying and call it out – we all have the absolute right to be treated professionally.” Clare Beale agreed: “Some people raise their voices, but I’ve found it works well if I say, calmly, “I seem to have caught you at a bad time, shall I reschedule?” It is easy to be intimidated if they are senior and no one else is calling them out.”
“The biggest conflicts get that way because people vomit up their emotions and opinions on messaging mediums” - Bruce Fletcher
‘‘
So much for what we can do as individuals, but how can the organisation support women rising to senior positions? Unfortunately not all organisations are born equal – the first step to success is finding the right culture, an issue which isn’t necessarily gender specific. As Roselyne Renel commented: “Women don’t need to be tied to their desks to work and nor do men!” If a culture prioritizes working late for no reason, it’s unproductive for the whole firm. In fact, as the majority at the top are men, they can be even more influential here than the infrequent woman role model. In the end, we all have a role to play – “The next generation of women are our daughters!” Tara Foley observed. They need to be confident, to speak up, to call out bad behaviour, to stand up for their rights, to be confident in technical roles and to think creatively to balance their work and personal lives. To that end, we all, male and female, have a responsibility that goes over and above sympathizing; we should be advocates for ‘good people’ whatever their gender, and be keenly aware of the differences in style which may make true talent harder to spot in some than others. We owe that to ourselves, to our organizations and to our children.
authors Saadia Mujeeb Global Head of Hedge Funds, Asset Managers & CCPs Risk, NatWest Markets
Sarah Nowell Head of Risk Management at Alcentra
Intelligent Risk - April 2018
037
the enterprise risk culture framework
by Debashis Banerjee Enterprise risk culture can be defined as the enterprise risk norms, values, and policies (stated and otherwise) that shape the decisions and execution across an organization. The RERC is critical to the execution of the enterprise risk program and thereby the strategy of an organization. We are suggesting that the Mission, Objective, and Strategy should be analyzed within the ambit of enterprise risk culture in an organization. This top down approach will help to embed the risk culture into the strategy and execution. The framework given below is a top down model and it helps in defining and implementing the enterprise risk culture (ERC hereinafter) framework across an organization. The proposed enterprise risk culture framework is part of an enterprise risk management program of an organization. Enterprise risk culture (RERC framework is defined by the author) framework: For an organization, the risk management is one of the lenses to evaluate the mission, strategy, decisions, and execution. The four critical components of the risk management are ‘Risk control,’ ‘Risk sustenance,’ ‘Risk goal and direction,’ and ‘Risk appetite,’ and all the four components revolve around the ‘Risk culture.’ The RERC framework depicted in the below graph is the conceptualized practical hands-on model of the Enterprise risk culture leading to defining and implementing the risk appetite across the breadth and depth of an Organization/ all business units. Defining and implementing the risk culture is the key to achieve the desired implementation of risk management framework in an organization. We believe that the only way an organization achieves robust and updated risk management framework is when the ‘Risk culture’ is implemented effectively. The ‘Risk culture’ must be pervasive across an organization and all the employees, vendors, suppliers etc. are communicated, trained, and assessed periodically on the ERC.
038
Intelligent Risk - April 2018
RERC Implementation: The strategy and goals with various scenarios causing risks to an organization need to be identified and those scenarios must undergo stress testing along with the review of the possible financial/non-financial impact. These risk factors must be defined and documented. The organization’s risk factors need to be assessed and those risks should be classified in respective buckets such as ‘Financial risk,’ ‘Reputational risk,’ ‘Operational risk,’ ‘Strategy risk,’ ‘External risk,’ and ‘Compliance risk.’ The organization needs to perform ‘Risk CDA’ (C-Classify, D-Define, A-Assess/Measure) of all risk factors to arrive at the respective buckets. We are now aware that the four critical components of the risk management are ‘Risk control,’ ‘Risk sustenance,’ Risk goal and direction, and ‘Risk appetite’ (please see the diagram above). To achieve the implementation of the framework, the risk goal and direction of an organization need to be defined and documented before moving to other risk components in the implementation. The next critical part in the implementation chain is to assess the aggregate risk capital and the organization’s ability to sustain the risk decisions. We suggest performing a stress test that requires building multiple scenarios with probability and correlation and running a simulation test. A stress test helps an organization to move toward capital planning, expected loss and unexpected loss, risk objectives, economic/regulatory capital requirements, and the risk appetite. Once the two critical risk components are done with, the organizational appetite (not in part or unit but the entire organization) to take risk should be clearly defined and understood with respect to risk capital and sustenance. The risk appetite helps achieve the strategy of an organization. Risk control is a tool to effectively implement the three critical risk components discussed above by either eliminating risks or managing risks.
implementation processes The comprehensive processes and guidelines to implement enterprise risk culture in an organization are given below. The processes and guidelines can be used in both financial and non-financial companies. We will elaborate the processes at the high level, level I, to help an organization to perform all the implementation activities. The objective here is to cover, in-detail, the implementation processes of various business teams and business units. There are numerous tasks and activities that are part of the comprehensive swim lane processes and those must be performed by all stakeholders of an organization simultaneously to have effective implementation.
Intelligent Risk - April 2018
039
040
Intelligent Risk - April 2018
As we are aware that there are many stakeholders in the ERC program evaluation-its development, and approval, the need of the hour would be to make the ERC program robust and dynamic to have successful implementation. One of the necessary pre-requisite items is to have the involvement of all stakeholders for discussion, feedback, agreement, and review.
challenges in RERC implementation Our experience in implementing the framework made us aware that an organization must be prepared to deal effectively with the challenges for successful implementation. We observed that some challenges can be addressed before the implementation of RERC plan and some challenges may be later at implementation as and when challenges surfaces while implementing. From our experience, below are the key challenges of the RERC implementation. • Availability of multiple benchmarks to define the roles, responsibilities, and ownership • The right people to perform this job in an organization • The simultaneous involvement of all business teams and units over long duration project • Conceptual understanding of the various risks and the subject matter • Allocation, Retention, and focus of stakeholders as many of them would be carrying out the exercise as their 2nd role and responsibility The better way to overcome the challenges is to have the consultant team working with internal team.
author Debashis Banerjee Debashis has more than 17 years of global experience in his professional career. He has worked across financial services, consulting, enterprise risk, and information technology sectors in the fortune 500 companies, and he effectively led large multicultural teams at multiple locations. He is presently leading the company as President and CEO and he provides leadership and strategy to global business units and alliances. The company have three business units: management consulting, enterprise risk products and risk consulting (financial and non-financial risks both), and cloud remote service. He is regularly presenting to global audiences on topics such as strategy and execution, financial services, enterprise risk, and leadership. He has several innovative papers and publications to his credit in the last few years and helped the global financial services players in their approach to handle the challenges effectively. He has graduated from Harvard Business School in general management with focus on strategy, leadership, execution, and innovation and has achieved the PRM™ designation from PRMIA.
Intelligent Risk - April 2018
041
financial services industry disruption and risk management
by Andy Zhulenev & Alexandru Voicu The disruption of the financial services industry is already underway. This paper outlines how the ongoing technological transformation may impact risk management at banks and lending institutions.
introduction Country-specific open banking initiatives are accelerating the ongoing transformations in the financial services industry. Banks’ consumer and commercial customers are also changing the way they operate in the digital age, and are now expecting different types of value-added services from their banking providers. Competitive threats are coming from FinTechs —which obtained about $15 billion of funding globally in 20171— and from leading technology players who are now expanding into banking. Many of the latter have shown their ability to quickly scale their financial offerings and capacity. Banks’ internal IT systems, processes, operations and capital markets infrastructures are on the way to complete automation using artificial intelligence (AI). Let us now examine specific developments underway within three main dimensions of banking risk management: credit, strategic, and operational risk.
credit risk Credit risk primarily relates to the ability or willingness of banking customers to repay a loan. Typically, loans are linked to the market value of an underlying asset, such as a home or car. Below we provide several industry examples where changes are already visibly underway. Oil & Gas: In developed countries, the cost of electricity from solar panels is already on par with the cost of energy from fossil fuels.2 The cost of wind-generated electricity has significantly decreased as well. These trends will very soon result in a transition toward electric vehicles in the fleet of cars and trucks on the road.
1 / Federal Rererve System: Supervisory Guidelines on Model Risk managent (SR 11-7), 2011 2 / Targeted Review of Internal Models by European Banking Authority, 2016
042
Intelligent Risk - April 2018
Gas stations will be replaced with electric charging stations, and gasoline consumption will decline. In the industrial sector, more efficient production techniques will tamper a demand for energy overall, and the transition to electricity will reduce demand for fossil fuels even more. Power generation is now moving toward renewable sources as they become more economically viable and sustainable. Along with oil and gas, coal saw a massive depreciation of assets at the beginning of 2016, putting the banking sector under severe stress due to exposure to these industries. Automotive: The automotive industry is at the dawn of a major transformation driven by autonomous driving technologies and electric vehicles. Traditional gasoline and diesel vehicles will see much faster depreciation than forecasted in the Blue Book, which can result in many more non-performing loans (NPLs) in the sector than expected. Real Estate: Technological change affecting real estate may also greatly impact banks. A productive commute, where drivers don’t need to focus on driving or can experience less traffic because of carpooling, could potentially change the entire landscape for real estate prices in dense urban areas. This is a major exposure of many retail banks’ balance sheets.
strategic risk The ability to retain and acquire new customers can be a good measure of success to a financial institution. We provide here some industry examples where change is clearly expected in the area of strategic risk. Digital Data Access: Commercial customers across various industries are applying the latest technologies to production and supply chains, leading to changed payment flows and credit taking. Blockchain offers a secure platform for the automation of inter-company transactions including contract-to-purchase order, invoice and payment transactions. Participants in blockchain industry consortia will have access to digital transaction data that can be used for credit scoring and automated credit issuing. Banks that are not connected to these platforms may find themselves at a disadvantage. Competitive Landscape: Large internet-era technology companies such as Amazon, Facebook, Apple and Google are now expanding into traditional financial services. The top five cash-rich technology companies hold over $600 billion in cash, which translates into tens of trillions of dollars of lending power. These companies may also have better insight into clients’ business transactions and leading indicators than they could obtain through traditional quarterly balance sheet and income statements.
operational risk Ultimately, banking is about numbers; IT systems and applications in banking are as important as assembly lines in manufacturing. Below are several examples of important changes coming in the area of operational risk. Intelligent Risk - April 2018
043
Security: Cybersecurity has increasing importance as clients require online access and open architecture. Digital banks are champions of running new lean infrastructures, but they are also budget-constrained. Larger banks have challenges in integrating and securing existing legacy systems. Multiple public cases of increased penetration risk from cyber-attacks have made headlines in recent years, yet only a small percentage of data breaches are even discovered by IT departments. Regulation: RegTech is helping large and small players stay compliant with regulations while reducing their staffing costs. If technology supporting this shift is not adopted quickly, it will lead to competitive disadvantages; compliance costs today are almost 20% of most banks’ overall cost structure. Banks paid $321 billion in fines in the last ten years globally for failing in the areas of money laundering, market manipulation, etc. – so, improving compliance will hopefully reduce that burden.
To deep dive into the ongoing revolution in the financial services industry, join us September 1213, 2018 in Silicon Valley for the Banking Disrupted conference organized in partnership between Professional Risk Managers’ International Association (PRMIA) and Silicon Valley Innovation Center (SVIC). SIGN UP to get more details about the event as they become available.
authors Andy Zhulenev Andy Zhulenev is vice president at Silicon Valley Innovation Center, responsible for corporate innovation services. He has a unique 360-degree view of innovation both from the enterprise and startup perspective. Andy has over 20 years of experience in strategy consulting, private equity, information technology and business process outsourcing. He has worked with customers in banking and financial services, manufacturing, retail, aerospace, software, hardware and other industries.
Alexandru Voicu Alex Voicu is a technical advisor for PRMIA. He has worked in portfolio management where his interests covered many industries including banking, technology and their intersection.
044
Intelligent Risk - April 2018
why risk managers need a crash course in organizational behavior
by Ketan Kapoor Setting capitalistic corporate values of ambition, innovation, efficiency, productivity and most importantly, profitability next to the tenets of control and caution prescribed by risk management illuminates a fundamental tension around the place of risk management in an organization. This tension within decision makers is the choice between what “should we do” and what we “want to do.” Often carrying a label of bureaucrats, risk managers face the daunting task of regulating human behavior. Formal risk management training should be supplemented by an insight into the human psyche – especially as newer styles of doing business emerge, leading to newer and more disruptive risk creation. Once we understand the motivations behind risk creation, we can establish new ways for risk mitigation. Organizational behavior presents some interesting ideas to glean this understanding.
power of authority In the aftermath of World War II, Stanley Milgram performed the infamous “Milgram Experiments.” Volunteers were made “Teachers,” who administered a shock to “Learners” each time a “Learner” answered a question incorrectly. The shocks ranged from a mild 15 volts to a lethal 450 volts. Under the presence of white coat wearing experimenters, 65% of the “Teachers” administered the lethal 450 volts1. The majority of the “Teachers” shocked the “Learner” repeatedly, despite the “Learners’” increasingly desperate pleas to stop and the “Teachers” being fully aware of the deadly implications of a 450 volt shock. Many “Teachers” dissented from time to time but continued under orders from the experimenters, who insisted that the experiment must “go on.” The experiment was repeated (albeit with some moderation) recently in Poland, with similar grim results2. The studies show the people can be pushed to extremes, in the pursuit of obeying authority, regardless of what they believe are their moral thresholds.
bounded ethicality People see themselves as rational, ethical, competent and, best/worst of all, capable of objective decision making. People create an inner “blind spot” that conceals conflicts of interest or unconscious biases. This is “Bounded Ethicality” - even the most ethical people can, unknowingly, behave unethically3.
Intelligent Risk - April 2018
045
ethical fading People also tend to predict they will act in accordance with their values and as they “should” act. At the time of the decision, however, the ethical considerations may have faded away and the “want” often prevails: a phenomenon called “Ethical Fading”4. Let’s look at some practical considerations. Programs on disclosures, self-certification, self-assessments, self-audits etc. assume that if you hire people with integrity, communicate expectations and set goals, people will act in pursuit of those goals. The success of these programs require transparent and honest disclosure/discussion around risk, control and governance failures, whether accidental or deliberate by omission/commission. At the same time, ethical blind spots and fading limit their efficacy. Over time these programs are relegated to the “check the box” pile – yet another compliance/risk initiative that talks a lot but says very little. The important assessment for us is the level of peripheral vision that we, as risk managers, bring to the implementation of the risk frameworks and controls. Peripheral vision in this context implies: • How do our peers (and we) react under the stern scrutiny of authority figures in our organizations? • How much of our dissent translates from expression to application? • What views do we and our colleagues have of our own ethical values and behavior? How close are these views to our actions? • What “blind spots” can we objectively identify in our behavior and that of others? • How often does the “want” win over the “should” self? • How do actions defeat the purpose and values that we aim to propagate? Asking these questions can be an uncomfortable personal and professional experience, but the insights gained can be valuable – these questions act as an acid test regarding the risk culture maturity in our organizations. This is especially true in certain cultures, for example, where the discussion on risks is limited, simply because it is not the appropriate thing to talk about or where deference to age & seniority is the de-facto delegation of authority protocol. Although regulators continue to upgrade risk management standards across various parts of the world, the implementation can be rendered futile through overrides or plain and simple neglect, if behavior is not considered during implementation. Understanding the “nature of human nature” should not just be a byproduct of our natural human experience but also a core focus of our professional experience.
046
Intelligent Risk - April 2018
The core guiding principle should be to perform the root cause analysis of not just the risk creation but also the risk creators and their thought framework – which should lend itself to the application of a risk framework. This endeavor that can benefit from the application of organizational behavior. The words of Cassius from Julius Caesar succinctly reflect the tension built into modern risk management: “The fault, dear Brutus, is not in our stars but in ourselves…”
references 1. http://archives.yalealumnimagazine.com/issues/2007_01/milgram.html 2. https://digest.bps.org.uk/2017/05/05/new-milgram-replication-finds-90-per-cent-of-polishparticipants-willing-to-deliver-highest-shock/ 3. http://www.ethicalsystems.org/sites/default/files/BoundedEthicalityFlyer_FINAL.pdf 4. http://www.ethicalsystems.org/sites/default/files/files/EthicalFadingFlyer_FINAL.pdf 5. http://archives.yalealumnimagazine.com/issues/2007_01/milgram.html 6. https://digest.bps.org.uk/2017/05/05/new-milgram-replication-finds-90-per-cent-of-polishparticipants-willing-to-deliver-highest-shock/ 7. http://www.ethicalsystems.org/sites/default/files/BoundedEthicalityFlyer_FINAL.pdf 8. http://www.ethicalsystems.org/sites/default/files/files/EthicalFadingFlyer_FINAL.pdf
author Ketan Kapoor Ketan Kapoor is the Head of Risk Management at Global Investment House, a leading investment management firm headquartered in Kuwait. This article is the inception of the author’s literary journey. His professional experience has been dedicated to the risk and financial services space. He attained his undergraduate degree in Economics from the University of Delhi in 2009; completed his Post Graduate Program in Management in 2013, from the Indian School of Business, Hyderabad with concentrations in Strategy & Leadership and Marketing and has been a certified PRM since September 2017.
Intelligent Risk - April 2018
047
overview & implementation issues - Large exposure Framework (LEF) This article is mainly based on the outline given in Basel regulations. However, readers need to follow their local regulatory requirements depending on their jurisdictions.
by Asad Khan & Nagaraja Kumar Deevi introduction Timely identification of key dependencies is a key for the going concern of any business. One major type of dependency is concentration. It could be concentration of customers, suppliers, assets classes, or funding sources, for example. Accordingly, concentration risk management is critical to the banking industry. Black’s Law Dictionary defines concentration risk as - the risk of loss arising from a large position in a single asset or market exposure. An excessive concentration can give rise to liquidity risk or market risk losses. There are many types of concentration risk that could undermine a bank’s resilience, such as: 1. Large exposures to single counterparties or groups of connected counterparties 2. Sectoral and geographical concentrations of asset exposures 3. Reliance on concentrated funding sources 4. Significant net short positions in securities 5. Intra-group exposures The risk of default of a single counterparty or a group of connected counterparties is always a critical issue for banks. The impact of default risk is assessed upfront for asset pricing and measured periodically for loss impairment and regulatory/economic capital purposes. Managing concentration risk has always been a key part of bank risk management best practices, mostly through the imposition of credit limits. Banking regulators such as the Basel Committee on Banking Supervision (“Basel”) have also taken concentration risk seriously. The latest regulation to cover this issue is called ‘Supervisory framework for measuring and controlling large exposures (SFLE)’.
048
Intelligent Risk - April 2018
Similarly, the Federal Reserve Board (FRB) rules, on ‘Single-Counterparty Credit Exposure Limits (SCCL) for Large Banking Organizations’ under Dodd-Frank - Section 165(e), also cover large exposures. Regulation B-2 implemented by OSFI in Canada has the same purpose. These are examples of how each major local regulator addresses the issue of large credit risk exposures of banks and establishes a policy with respect to limits on these exposures. Large exposures are subject to limits, notwithstanding the quality of security that underlies individual transactions. It is extremely difficult to establish, in all cases, with certainty and over time, the availability and value of security that underlies an exposure until the need to call upon it arises. The key objective of Large Exposure Framework (LEF) is to consistently measure, aggregate and control exposures to single counterparties or to groups of connected counterparties across a bank’s books and operations. It requires banks to have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis.
strategic risk • Large Exposures and Banks’ Capital: The large exposure requirements complement riskbased capital requirements and operate to measure and limit large exposures in relation to a bank’s capital. • The existing risk-based capital standards are not explicitly designed to consider concentration risk in calculating capital requirements. There is no harmonized process designed to protect a bank against very large losses from a single counterparty default. Therefore, LEF will complement risk-based capital framework, to protect banks from the sudden default of an individual counterparty or group of connected counterparties. • Identifying Large Exposures: The definition of a large exposure is based on Tier-1 Capital, with specific exclusions for exposures to certain sovereigns, intra-day interbank exposures, and qualifying central counterparties relating to clearing activities. Criteria for identifying a group of connected counterparties are based on specific control and economic interdependence. • Large Exposure Limits: The large exposure limit is 25% (15% for GSIB) of Tier-1 Capital for exposures to a counterparty or a group of connected counterparties, with national discretion to impose smaller limits for certain types of exposures. • Large exposure defined: It is exposure to an individual counterparty, or a group of connected counterparties, which is greater than, or equal to, 10 percent of bank’s Tier-1 Capital. • Scope: The Basel framework applies to risk from losses arising due to the default of an individual counterparty or a group of connected counterparties. Other forms of concentration risks are excluded from the Basel large exposure framework.
Intelligent Risk - April 2018
049
• Excluded exposures: ›› Exposures to Sovereigns ›› Exposures deducted from a bank’s regulatory capital ›› Intra-day interbank exposures, and ›› Exposures to qualifying central counterparties (QCCPs) relating to clearing activities • Measuring Large Exposures: This requires clear and consistent measurement of large exposure values, including specific treatments to be applied for credit risk mitigation, trading book positions, covered bonds, structured vehicles, non-qualifying central counterparties and clearing activities • Scope: It includes all on-balance sheet exposures and off-balance-sheet exposures in both the banking book and trading book, as well as instruments with counterparty credit risk (CCR) • Key measurement areas: These include credit risk mitigation, trading book positions, covered bonds, structured vehicles, non-qualifying central counterparties and clearing activities. • Reporting of Large Exposures: Reporting covers the largest 20 exposures and all large exposures (with and without credit risk mitigation), and separate reporting for certain excluded exposures. • The reporting should include exposures to individual counterparties and groups of connected counterparties for: ›› All large exposures (i.e. exposures greater than or equal to 10 per cent of a bank’s Tier 1 Capital). ›› All exposures without the effect of credit risk mitigation being considered which are => to 10 per cent of Tier 1 Capital.
conclusions Key issues to be considered when implementing large exposure framework: • Identification of large exposures, including connected counterparties, in the context of large multi-asset class portfolios and complex operations spanning multiple jurisdictions, may require considerable professional judgment in Implementing qualitative criteria to identify connected counterparties. • Measurement of exposures can become complex due to mismatch in methods and frequency of exposure measurement between risk capital standards and LEF. • Maintaining quality of granular data and mapping is extremely important to implement LEF. • Effective use of technology will assist in efficient implementation of LEF.
050
Intelligent Risk - April 2018
key regulatory sources • Basel BCBS-283 Supervisory framework for measuring and controlling large exposures, April 2014 • Dodd-Frank - Section 165(e): Federal Reserve Board (FRB) Rules (draft) on Single-Counterparty Credit Exposure Limits for Large Banking Organizations, March 2016 • OSFI Regulations (B-2): Large Exposure Limits., December 1994
authors Nagaraja Kumar Deevi NAGARAJA KUMAR DEEVI is a senior strategic executive with over two decades of Leadership experience in Finance, Risk, Regulatory, Analytics and Technology enabled solutions working with Global Banking & Financial Institutions. He is currently Managing Partner & Senior Advisor at DEEVI Advisory & Research Studies. NAG is specialized in Banking regulations, Regulatory Policy & Affairs and Enterprise wide Strategic Risk initiatives. Designed and developed Enterprise Risk Governance Framework aligned with firm-wide Corporate strategy, setting high level Regulatory Policy, Risk Appetite Statement, Recovery, and Resolution Planning (RRP)/Living Wills, Culture, Conduct & Reputational Risk. Effective utilization of Tools &Techniques addressing Risk Assessment, Risk Identification, Risk Measurement, Prioritize Risk & Risk Mitigation & Risk Response processes. NAG works closely with Academia and Research studies on Risk & Analytics and AI based startup companies through knowledge sharing, Solution Approach & Go-to Market strategy, and has advanced management studies from NYU, Kellogg & MIT.
Asad Khan Asad Khan is a Senior independent risk management practitioner working globally on the implementation of risk and finance regulatory and system initiatives with large banks. Asad has a distinguished academic and professional background including MSc in Risk Management from NYU Stern, CFA Charter, FRM, CQF, and CA.
Intelligent Risk - April 2018
051
intraday liquidity management – the role of risk controlling under BCBS 248
by Thomas Steiner & Heike Dengler From the beginning of the financial crisis in 2008 until central banks stepped in, liquidity in the interbank market was drastically reduced. This illustrates the importance of dealing with liquidity risks for the functioning of the entire banking sector. Risk controlling is currently often focused on ex-post reporting of indicators, when it comes to managing these risks. Because of regulatory requirements and current practice, a shift in emphasis of the role of risk controlling is necessary. Risk controlling can play a part in current ex-ante based process steps by developing and using forecasting and planning methods. Intraday liquidity risk refers to the risk that a bank is unable to meet its intraday payment obligations. An inability to pay occurs if the intraday liquidity requirement, resulting from cash in- and outflows, is higher than the liquidity reserves held. To manage intraday liquidity risks, the regulatory requirements stipulate compliance with various metrics that correspond to the complexity of the institution. This is being dealt with in BCBS 2481. Additional stress types (including own financial stress and counterparty stress) are defined to determine necessary further enhancements of qualifying liquidity sources. These are predominantly the liquidity buffer, consisting of High Quality Liquid Assets (HQLA). The regulator also demands institutions to appropriately project the time of intraday outgoing and incoming payments. The deadline for meeting the requirements was initially set at January 2015, but subsequently pushed out to allow banks to deal with this complex issue. Many banks are in the conception or implementation phase at this point, but more work needs to be done. In addition to the definition and establishment of a suitable data basis for ex-post reporting the operational role of risk controlling, alongside with treasury, in the process of intraday liquidity management needs to be considered. In this process, deterministic and non-deterministic payments are projected ex-ante during the following day (see Fig. 01). Based on these forecasts, a specific plan regarding refinancing and settlement is created, and settlement transactions are initiated. This plan is continuously adapted during the day like a control loop taking into account the actual payments made. In a final step, ex-post reports are generated that outline the liquidity development over the past period.
1 /
052
https://www.bis.org/publ/bcbs248.pdf
Intelligent Risk - April 2018
Fig. 01: Core intraday liquidity management process
The digital nature of the liquidity risk – i.e. the non-availability of a liquidity source that occurs suddenly and without prior warning in a stress situation – poses a new layer of challenges to be managed. Risk controlling is well suited for supportive interventions to benefit intraday liquidity management before ex-post monitoring and reporting using the familiar range of instruments around stress testing, scenario analysis and early warning indicators. Overall, it opens opportunities to optimise intraday liquidity management and funding and to develop early warning functions to identify and take action against risks at an early stage. The main emphasis of risk controlling instruments lies in the development of stress test scenarios, the performance of stress tests and the identification of early warning indicators. In addition, models are developed, back tested, limits allocated, and any violations are escalated. Of course, these instruments need to be refined and adapted for the usage in intraday liquidity management. This should be outlined by using the so-called Danger Zone Approach (DZA). The DZA is a special stress test method in structural liquidity risk management to appropriately face the sudden unavailability of a liquidity source. It provides a framework for defining and configuring consistent and transparent stress scenarios. At the same time, the ongoing early warning indicator and liquidity monitoring process is based on the DZA. Relevant liquidity sources are identified and the sequence of their (un)availability in a stress situation is defined. For each liquidity source, relevant and observable risk factors are identified, which have already proven relevant in association with historic liquidity stress events. Well-defined and relevant risk factors can also act as early warning indicators to identify potential bottlenecks at an early stage, for example a termination or reduction of intraday liquidity lines. The relevance and stability of the liquidity sources change. Fig. 02 illustrates an assessment of relevance and stability of liquidity sources under internal financial stress. For all intraday liquidity sources, the exact settlement must be analysed, to ensure that possible delays in availability are considered. Among the risk factors, special focus is given to those factors that can be observed on an intraday basis.
Intelligent Risk - April 2018
053
Fig. 02: Relevance and stability of liquidity sources in internal financial stress
As often, a major hurdle in this process is posed by data availability. As of such, alongside defining the appropriate stress scenarios and early indicators, investments into data quality, data collection, management and handling are necessary. Having completed that task successfully though, further collateral optimisation as an expression of resource efficiency is feasible. The DZA example shows how risk controlling can develop instruments to support intraday operational liquidity management and thus ensure that an institution can meet its payment obligations at all times. These developments are a specific expression of the required shift in emphasis of liquidity risk controlling towards operational intraday liquidity management. It can be observed that institutions’ risk controlling is increasingly taking on the new emphasis of their role. This shows that risk controlling is not limiting itself to the role of advocate of the regulatory minimum and a developer of reporting methods, but is seen as a driving force in internal control. This gets much closer to the central regulatory intention than a narrow focus on compliance with the minimum requirements of regulatory standards.
054
Intelligent Risk - April 2018
authors Thomas Steiner Partner, Financial Services Division, Head of Risk Management, BearingPoint Thomas is heading the Financial Services Risk Management division at BearingPoint since 2015. After having worked as a consultant with BearingPoint at the start of his career, before returning to consultancy, he has first worked as a risk controller at MEAG, Munich Ergo Asset Management GmbH, and eventually headed the Product and Requirement Engineering (risk management) there. Thomas holds a degree in Economics from the technical university in Regensburg.
Heike Dengler Senior Manager, Financial Services Division, Treasury Risk Management, BearingPoint Heike is responsible for the BearingPoint consulting effort in those areas related to treasury risk. Prior to joining BearingPoint in 2018, she has worked in Quantitative Risk Advisory with Ernst & Young. Her pre - consultancy professional experience has been in Trading, Research and Asset Management at Dresdner Bank and BNP Paribas. Heike holds a PhD in Mathematics from Cornell University and has been teaching Mathematics at the Frankfurt School of Management and Finance.
Intelligent Risk - April 2018
055
CCAR - beyond regulatory reporting
by Priyanka Pande The Federal Reserve Board (FRB) introduced the Comprehensive Capital Analysis and Review (CCAR) in the wake of the financial crisis of 2006-2008 to get the markets moving again, ensure that the banks have enough capital to resume their functions and to safeguard the interests of the investors. In its core, CCAR has the following guiding principles:
• ‘Sound foundational risk management’ that encompasses identification, measurement, assessment, and monitoring and control • Loss-estimation methodologies under various stress scenarios, efficient aggregation of these estimates from the business unit level all the way to the enterprise level. • Resource estimation strategies - A clear estimation of capital resources under stress scenarios • Sufficient capital adequacy impact assessment - Impact of the BHC’s goals on the total capital estimated. • Comprehensive capital planning - includes capital goals, composition, allocation and contingency plans • Robust internal controls - Encompasses policies and procedures, change control, model validation, documentation and internal audit • Effective governance - Effective Board of Directors and Senior Management. The guidelines by the FRB give the banks an incentive to plan all the activities that go into risk management planning with the intent of creating a process that is measurable, repeatable and scalable. The CCAR framework encourages banks to be continually aware of the risks they take on against the defined risk appetite. The reporting standard requires the development of estimation methodologies that represent the business at the line-of-business level as closely as possible, maintain adequate capital levels at all times to be able to absorb adverse market shocks. CCAR also calls for tighter audit controls for ensured integrity, along with efficient model management with more reliance on scientific models rather than expert judgment. Over the last few years, banks have been successful in raising their capital reserves and improving their capital planning processes. They have been more aware of their risk profile and mindful of their business strategies, bearing in mind, their risk appetite. This is evident in the CCAR results in years 2015, 2016 and 2017. With equal emphasis on the capital plan and the processes surrounding its formulation, banks have heard objections on grounds like risk management principles, assumptions in the methodology, data management and integrity, and audit controls. In the year 2015, two BHCs were deemed inadequate or ‘objectionable’ for the deficiencies in their capital planning processes, whereas one bank had to resubmit their capital plan after addressing FRB’s concerns. 1 / https://www.federalreserve.gov/bankinforeg/stress-tests/ccar/August-2013-Introduction.htm 2 / https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20150311a1.pdft
056
Intelligent Risk - April 2018
In the year 2015, two BHCs were deemed inadequate or ‘objectionable’ for the deficiencies in their capital planning processes, whereas one bank had to resubmit their capital plan after addressing FRB’s concerns. The following year, although the overall capital reserves increased, two banks received objections to their capital plans due to deficiencies in their risk management processes, audit controls and data management, with respect to the size, complexity and the impact of their operations. Significant improvements were observed in 2017 in the CCAR processes when all, but one bank, had their capital plans approved with no objections. These trends suggest the CCAR has been able to achieve its objectives so far. Fewer banks have their capital plan objected to, which shows a better understanding of the CCAR process and objectives on the BHC side. In the last three years, a steady increase was observed in their common equity tier 1 ratio. BHCs are required to maintain a minimum of 4.5% as their common equity tier 1 ratio. As reported by Ernst and Young, the industrywide average CET1 ratios for the years 2015, 2016 and 2017 were 6.6%, 7.1% and 7.2% respectively. While BHCs have benefited from the CCAR exam, there is still room for enhancement. At the least, banks need to keep these highly regulated processes in place, achieving economies of scale as they mature further in the process. Banks also need to build the capability to utilize this framework for their internal strategic planning purposes. Although CCAR is reported at the holding company level, the requirement for granular data inputs opens the door for potential drill-down capabilities to aid planning at the line-of-business level. CCAR can serve as more than a regulatory standard, if BHCs and regulators come together to align the regulatory requirements with the need of the business. To ensure that BHCs get a good return on the investment in building this wholesome infrastructure of processes and systems, it is important to establish a synergy between the requirements of the regulators with that of the business. Exploiting the full potential of this rigorous exercise will bring risk awareness in day-to-day business activities, instead of a once-a-year reporting mandate.
author Priyanka Pande Data Analyst, Santander Passionate about bringing numbers and technology together for business process assessment. I graduated from UMass Boston with MBA in International Management and MS in Information Technology in 2014 and have been working with Santander USA, as a data analyst, ever since. I live to learn and make an impact in whichever way I can. Connecting the dots and finding patterns in seemingly disparate things excite me. I look forward to a future where we move from risk control to risk intelligence, giving way to bigger growth opportunities.
3 / https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20160629a1.pdf 4 / https://www.federalreserve.gov/publications/files/2017-ccar-assessment-framework-results-20170628.pdf 5 / http://www.ey.com/Publication/vwLUAssets/EY-2016-CCAR-DFAST-results/$FILE/ey-2016-CCAR-DFAST-results.pdf 4 / http://www.ey.com/Publication/vwLUAssets/ey-2017-ccar-dfast-results-pdf/$FILE/ey-2017-ccar-dfast-results.pdf
Intelligent Risk - April 2018
057
prmia risk leader roundtable: deregulation and markets
by Joo-Yung Lee Top risk leaders from the New York area met Feb 8 to discuss the potential for U.S. financial institution deregulation and any resulting positives or negatives for the industry. Overall the group felt the trend in the U.S. appears to be loosening regulation, whereas the expectation is that Europe will see tightening. Many felt areas of loosening regulation in the US will include the Volcker Rule, the Supplementary and Enhanced Supplementary Leverage Ratio, and smaller bank regulation. The group kicked off the discussion on stress testing. Some believe that without regulation stresstesting wouldn’t have happened on its own. However, there was some push back that stress testing was present among many banks, but they didn’t have to act on the results of internal stress tests and, therefore, results could be overwritten. However, the introduction of regulatory stress testing has benefited the markets and financial system because there is now a mechanism for enforcement. It was also believed by some participants that the move away from the advanced approach is a move in the right direction. The current model reliance under the advanced approach provides a falsely scientific result, providing the feeling of control but can be a black box. Overall, many held the view that regulation was not always well thought out, but that it has been a net benefit for the system. Issues that were raised included a view that regulators often lack practical experience and that the harder issue with financial institutions is how to regulate culture and sound risk judgment. This behavioral element also brought up the fact that there is a herd mentality among financial institutions and there is always a party willing to engage in an activity and, therefore, firms participate to capture that profit. Because of this, many feel that a principled approach rather than a prescriptive approach to regulation is better. For example, some expressed the view that the leveraged lending guidance has created a “bright line” for banks and is resulting in deals that are below the 6x limit being done even if they are much worse than deals that might have slighter higher leverage, that are, in fact, better deals. The result is gaming the rules or misallocating capital. The group further discussed risk culture and how it could be measured: • The ratio of average compensation in the front office versus risk professionals • Ritual involved in the risk process – the example of the prominence of the front office at risk committees which was used as an example to demonstrate how ritual can drive behavior at a firm
058
Intelligent Risk - April 2018
The group also discussed the unintended consequences of regulation: • Shadow banking - the role of disintermediation away from banks growing • Banks are stronger but bigger – it is unclear how this will change • Positively – buy-side funds are buying assets that banks can no longer hold on their balance sheets • Risk is not fully pulled out of the banks because of their interconnectedness • Not enough liquidity is being provided because of banks’ reduced role in being able to as a result of regulation Finally, the group discussed the future cause of a downturn. Most agreed that it will not be an asset bubble. Someone noted this time it could be passive, investors causing the downturn because there won’t be as many participants on the active side or banks to step in to prevent a passive selloff. The potential for fewer liquidity providers and providers stepping in to provide a floor to prices may be an issue. Others believe more macroeconomic factors will lead to the downturn, such as tapering. There is a view that asset bubbles already exist, such as commercial real estate, particularly multifamily and some industries, such as the tech sector, as well as high-yield credits not because the fundamentals are worse but because the risk premium is too low. There was a belief that deregulation would accelerate a downturn. Someone also mentioned a piece by Jeremy Grantham of GMO where he posits a theory that a bubble is building and the bubble point will be reached by the end of 2018. China was also brought up as another potential source of global issues and that a corporate bond bubble could result from spread widening.
author Joo-Yung Lee Managing Director, Fitch Ratings
Intelligent Risk - April 2018
059
calendar of events Please join us for an upcoming training course, regional event, or chapter event, offered in locations around the world or virtually for your convenience.
PRM™ SCHEDULING WINDOW March 17 – June 22
WHAT HAPPENS WHEN INTEREST RATES GO UP? April 17 in Amsterdam
CONDUCT AND CULTURE: MEASUREMENT AND MANAGEMENT April 18 – Virtual Training
ESTABLISHING MODEL INVENTORY AND MODEL GOVERNANCE April 19 – Virtual Training
MIFID 2 2018 - MEGVALÓSÍTÁS A MAGYAR GYAKORLATBAN April 19 in Budapest
BIG DATA, MACHINE LEARNING & AI IN CREDIT SCORING April 19 in Warsaw
OPERATIONAL RISK AND DUE DILIGENCE April 24 in Boston
MEASURING THE MODEL RISK & MODEL VALIDATION April 26 – Virtual Training
060
Intelligent Risk - April 2018
CLIMATE CHANGE IN SCENARIO ANALYSIS April 26 in Montreal
SUCCESSFULLY ROLLING OUT & EMBEDDING THE MRM FRAMEWORK May 3 – Virtual Training
MACHINE LEARNING AND ITS APPLICATIONS IN INVESTMENT AND RISK May 9 in Edmonton
BANKS MOVING TO CLOUD May 10
HOW TO MANAGE REPUTATIONAL RISK May 10 – Virtual Training
5TH ANNUAL ATLANTA RISK LEADERSHIP CONFERENCE May 17 in Atlanta
I WANT A MENTOR AND I NEED A SPONSOR May 21-22 in London
PRM™ TESTING WINDOW May 28 – June 22
MARKET RISK MANAGEMENT UNDER BASEL III & FRTB VIRTUAL SERIES May 30 – August 8 Virtual Training
Intelligent Risk - April 2018
061
INTELLIGENT RISK knowledge for the PRMIA community ©2018 - All Rights Reserved Professional Risk Managers’ International Association