maximizing value through enterprise risk management james lam president phone: 781.772.1961 email:...
TRANSCRIPT
Maximizing Value Through Enterprise Risk Management
James LamPresidentphone: 781.772.1961Email: [email protected]: www.jameslam.com
ERM CourseMay 3, 2005
2
Our president, James Lam, has spent 20 years in risk management
Professional President, James Lam &
Associates Founder and President, ERisk Partner, Oliver, Wyman &
Company CRO, Fidelity Investments CRO, Capital Markets Services
Inc., a GE Capital company
Industry Activities PRMIA Blue Ribbon Panel Member GARP Inaugural Financial Risk
Manager of the Year (1997) Published over 50 articles and
book chapters Quoted in Wall Street Journal,
Financial Times, Risk Magazine, and CFO Magazine
Academic Senior Research Fellow, Beijing
University Adjunct Professor, Babson College Lectured at Harvard Business
School as the subject of a HBS case study
MBA, UCLA School of Business BBA, Baruch College
Client Solutions
Consulting – ERM, strategic risk, financial risk, and operational risk
Software – Operational risk (with OpenPages) and ERM Dashboard (CXO Systems)
Training – board and management workshops
3
We are singularly focused on risk management
Areas of Expertise Enterprise risk management Market risk management Credit risk management Operational risk management KRIs and risk reporting
Client Solutions
Consulting services Software products
• CXO Systems• OpenPages
Training programs
4
As discussed in James’ recent book, we define ERM as a value added function
“An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value.”
Definition of ERM:
5
Key trends and requirements
Best practices and practical applications
ERM in the future
Discussion outline
6
ERM is useful because the risks faced by companies are highly interdependent
Business Risk
OperationalRisk
FinancialRisk
IT and business process
outsourcing
Derivatives documentation and counterparty risk
FX risk in a new foreign market
Enterprise-Wide Risks Financial Risks
MarketRisk
LiquidityRisk
CreditRisk
Credit Risk Associated with
Investments
Credit Risk Associated with Borrowers and Counterparties
Funding Liquidity
Asset Liquidity
7
Traditionally, risks were managed within organizational “silos”
StrategicRisk
BusinessRisk
FinancialRisk
OperationalRisk
Who
How
• Board of Directors
• CEO
• CFO
• Treasurer
• Business Managers
• Project Managers
• Internal Audit
• Compliance
• IT
• Strategic planning
• EVA
• Balanced scorecard
• Country and credit limits
• Trading and ALM Limits
• Financial derivatives
• Controls
• Audits
• Contingency planning
• Insurance
• Product plans
• Business reviews
• Project management
8
Benefits
ERM is widely recognized as the best practice approach
Financial InstitutionsBarclays
GE CapitalJP Morgan Chase
Fidelity Investments
Non-Financial CorporationsMicrosoft
BoeingDuke Energy
Ford
Enterprise Risk Management
Chief Executive Officer/Chief Fisk Officer
Strategic Risk
Board
CEO
Business Risk
Line managers
Project Managers
Financial Risk
CFO
Treasurer
Operational Risk
Internal Audit
Compliance
IT
Broadens risk
awareness
Aligns risk profile and strategy
Minimizes surprises
and losses
Rationalizes capital
requirements
Assures regulatory
compliance
Improves ROE and
shareholder value
9
The growing acceptance of ERM is driven by four key forces
Corporate Disasters
• Enron• WorldCom• Adelphia• Mutual Funds
IndustryInitiatives
• Treadway Report, US• Turnbull Report, UK• Dey Report, Canada
Best Practices
• Banks• Asset Managers• Energy Firms• Corporations
RegulatoryActions
• S.E.C.• Sarbanes-Oxley• Basel II
EnterpriseRisk
Management
10
A proactive approach to ERM is based on best practices, not regulations
Reactive Approach Proactive Approach
Current state
New industry
standards
Sarbanes- Oxley
Basel II
Governance Requirements
Desired state (best practices or best-in-class
practices)
• Benchmarking • Gap analysis• Recommendations
• Common themes• Unique standards
Sarbanes- Oxley Basel II
New industry
standardsGovernance
Requirements
?
?? ?
?
CEO
11
Early adopters of ERM have reported significant and tangible benefits
Benefit Company Actual Results
Market value improvement Top money center bank Outperformed S&P 500 banks by 58%
Early warning of risks Large investment bank Global risk limits cut by 1/3 prior to Russian crisis
Loss reduction Top asset management company
Loss-to-revenue ratio declined by 30%
Regulatory capital relief Large commercial bank $1 billion regulatory capital relief
Insurance cost reduction Large manufacturing company
20-25% reduction in insurance premium
12
Annualized total shareholder returns (1998-2003) for differing degrees of risk model sophistication and business application
Source: PA Consulting Survey of Global Banks
13
Key trends and requirements
Best practices and practical applications
ERM in the future
Discussion outline
14
Establish an ERM framework – policies, processes, and systems
Manage risk interdependencies and aggregations
Provide risk transparency to key stakeholders
Ensure company practices meet or exceed regulatory requirements
Balance business and risk requirements, and avoid “irrational exuberance”
Optimize risk/return by integrating ERM into strategic planning and day-to-day business processes
Attract, retain, and develop talented risk professionals
The role of a chief risk officer
15
An ERM framework should encompass seven key building blocks
2. Line Management
Business strategy alignment
3. Portfolio Management
Think and act like a “fund manager”
4. Risk TransferTransfer out
concentrated or inefficient risks
5. Risk Analytics
Develop advanced analytical tools
6. Data and Technology Resources
Integrate data and system capabilities
7. Stakeholders ManagementImprove risk transparency for key stakeholders
1. Corporate Governance
Establish top-down risk management
16
The enterprise risk management process
ERM Foundations
Risk Identification and
Assessment
Risk Measurement and Reporting
Risk Mitigation and Management
• Senior management and board participation (“tone from the top”)
• Governance structure
• Resource allocation
• Culture, principles, and values
• ERM framework and policies
• Linkage to strategy, performance measurement and incentives
• Organizational learning
• Top-down assessments– Barriers to strategic and
financial goals– Executive team CSAs
Bottom-up assessments– Barriers to business,
customer, and product goals
– Business unit CSAs– Functional unit CSAs
Independent assessments– Internal audit– External audit– Regulators– Customers– Other stakeholders
• ERM dashboard– Earnings volatility– Key risk metrics– Policy compliance– Real-time event
escalation– Drill-down
capabilities
• Scenario analysis– Historical– Managerial– Simulation-based
• Disclosure– Board reporting– External reporting
• Policy enforcement
• Value-based growth and restructuring strategies
• Risk transfer strategies
• Contingency planning and testing
• Event and crisis management
17
1
Characteristics and sources of effective key risk indicators
Key Risk Indicators
Strategies/Objectives
Regulations & Policies
Losses & Incidents
Stakeholder Requirements
• Business plans• Management goals• Performance metrics
• Legal requirements• Regulatory standards• Policy limits
• Actual losses• Incidents• Industry data
• Customers• Vendors• Other
Reflect objective measurement
2Incorporate risk drivers:• Exposure• Probability• Severity• Correlation
3 Be quantifiable – $, %, #
4 Track in time
series against standards or limits
5 Tie to objectives, risk owners, and risk categories
6Balance of leading
and lagging indicators 7
Be useful – support business decisions and actions
8Can be benchmarked
internally or externally
9Timely and
cost effective
10Simplify risk without being simplistic
18
Data Mining
CREDIT RISK
MARKET RISK
BUSINESS RISK
OPERA-TIONAL
RISK
ERM Dashboard
RISK “PILLARS”
Internal and External Data
Basic ERM applications:
• Executive reporting
• Key risk indicators
• Loss/incident tracking
• Control self assessments
• Early warning indicators
• Risk mitigation projects tracking
• ERM content management
Advanced ERM applications:
• Risk transfer
• Economic capital
• Scenario analysis
• Shareholder value management
An ERM dashboard provides an integrated view of all risks, with drill-down capabilities
19
An ERM dashboard should address five key questions for senior management
1. Are any of our strategic, business, and financial objectives at risk?
2. Are we in compliance with policies, limits, laws, and regulations?
3. What risk incidents have been escalated by our risk functions and business units?
4. What key risk indicators and trends that require immediate attention?
5. What are the risk assessments that we should review?
20
Case study:
• $1 trillion of assets under management
• Private company
• Decentralized business culture
Background 3-Year ERM Program• Organized Global Risk Forum
• Implemented annual Global Risk Review
• Automated loss accounting
• Developed ERM framework
• Implemented intranet-based Global Risk MIS
• Experienced significant reduction in loss ratio
21
Risk Metrics
Risk Event Log
Event LossRoot
CausesControlsNeeded
Education
0%
20%
40%
60%
80%
100%
1995 1996 1997 1998
• New associates• Management• Business/Operational processes• Best practices• Lessons learned
Goal
MAP
Actual Loss Experience
85% Decline
Basic risk management processes can lead to significant improvements
22
Expenses
-
Revenue
Equity
-
Losses
M&A
New Business
ERM provides linkage between risk management and key value drivers
Shareholder Value
Growth
ROE
Risk Management by Silos (5, 6)
4. Risk oversight costs5. Insurance/hedging expense
6. Credit, market operational write-offs
7. Capital management8. Risk transparency
9. New business development
10. M&A/Diversification strategy
1. Risk-based pricing2. Target customer selection3. Relationship management
Risk Management Impact
Enterprise risk management (1-10)
Integrated risk management (4–7)
23
Economic capital represents a common currency for risk
Credit RiskEarnings volatility due to variation in credit losses
Market RiskEarnings volatility due to market price movements
Operational RiskEarnings volatility due to changes in operating economics (e.g. volume, margins or costs) or one-off events
Credit Risk
MarketRisk
OperationalRisk
Probability
Change in Value
Enterprise-wide Risk
24
Calculate ROE Calculate Pricing
Exposure $100 mm $100 mm
Margin 2.50%
Revenue $2.5 mm $2.2 mm
Risk Losses <0.5 mm> <0.5 mm>
Expense <1.0 mm> <1.0 mm>
Pre-Tax Net Income $1.0 mm $0.7 mm
Tax <0.4 mm> <0.3 mm>
Net Income $0.6 mm $0.4 mm
Economic Capital $2.0 mm $2.0 mm
RAROC 20%
Economic capital underpins risk-based profitability measurement and pricing
2.20%
30%
25
Companies without risk-based pricing suffer adverse selection
Risk Rating
Price
Will lose competitors who use risk-adjusted
price
Risk-Adjusted Price
Non-Risk-Adjusted Price
AAA AAA BBB
Will win business from competitors but earn below
hurdle rate return
26
Business/risk reviews of major investments and projects
Key Business Assumptions
Monitoring Systems
Trigger PointsManagement Decision or
Action
Volume Margin Losses
What?
By Whom?
+Expected-
Accelerate Maintain Exit
27
ERM requires balancing the hard and soft side of risk management
Hard Side
Measures and reporting
Risk oversight committees
Policies & procedures
Risk assessments
Risk limits
Audit processes
Systems
Soft Side
Risk awareness
People
Skills
Integrity
Incentives
Culture & values
Trust & communication
28
Case study:
New capital markets business
Traders hired from foreign bank
Aggressive business and growth targets
Background 2-Year ERM Program Established risk policies and
systems
Instilled risk culture
Survived “Kidder” disaster
Captured 25% market share with zero policy violations
Recognized as best practice
29
Engaged senior management and board of directors
Established policies, systems, and processes, supported by a strong risk culture
Clearly defined risk appetite with respect to risk limits and business boundaries
Robust risk analytics for intra- and inter-risk measurement, summarized in an “ERM dashboard”
Risk-return management via integration of ERM into strategic planning, business processes, performance measurement, and incentive compensation
Hallmarks of success in ERM
30
Key trends and requirements
Best practices and practical applications
ERM in the future
Discussion outline
31
1. ERM will become the industry standard
2. CROs prevalent in risk-intensive companies
3. Audit committees will evolve into risk committees
4. Economic capital in; VaR out
5. Risk transfer executed at enterprise level
6. Advanced technologies key to advancement
7. A measurement standard will emerge for operational risk
8. Risk-based or economic reporting becomes standard
9. Risk becomes part of corporate and college programs
10. Salary gap among risk professionals continues to widen
Ten predictions on the future of enterprise risk management