risk management presentation february 25 2013

8/22/2019 Risk Management Presentation February 25 2013

1/129

P a g e | 1

International Association of Risk and ComplianceProfessionals (IARCP)

1200 G Street NW Suite 800 Washington, DC 20005-6705 USATel: 202-449-9750www.risk-compliance-association.com

Top 10 risk and compliance management related news storiesand world events that (for better or for worse) shaped the

week's agenda, and what is nextDear Member,

The Financial Stability Board (FSB) published

today a thematic peer review on riskgovernance.

Risk governance collectively refers to the role and responsibilities of theboard, the firm-wide CRO and risk management function, and theindependent assessment of the risk governance framework.

International Association of Risk and Compliance Professionals (IARCP)www.risk-compliance-association.com
http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/


2/129

P a g e | 2

- Board responsibilities and practices: The board is responsible forensuring that the firm has an appropriate risk governance frameworkgiven the firmsbusiness model, complexity and size which isembedded into the firms risk culture.

How boards assume such responsibilities varies across jurisdictions.

- Firm-wide risk management function: The CRO and riskmanagement function are responsible for the firms risk managementacross the entire organisation, ensuring that the firms risk profileremains within the risk appetite statement (RAS) as approved by theboard.

The risk management function is responsible for identifying,measuring, monitoring, and recommending strategies to control ormitigate risks, and reporting on risk exposures on an aggregated anddisaggregated basis.

- Independent assessment of the risk governance framework: Theindependent assessment of the firms risk governance frameworkplays a crucial role in the ongoing maintenance of a firms internalcontrols, risk management and risk governance.

It helps a firm accomplish its objectives by bringing a disciplinedapproach to evaluate and improve the effectiveness of riskmanagement, control and governance processes.

This may involve internal parties, such as internal audit, or externalresources such as third-party reviewers (e.g., audit firms, consultants).

This is an excellent document for risk managers. Read more at Number 1of our list

http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/


3/129

P a g e | 3

Also

I like it. Nice and clear:

Principal risk is the risk that a bank pays away the currency being sold,but fails to receive the currency being bought. Principal risk can be themost serious risk because the amount at risk can be equal to the full valueof the trade.

Replacement cost risk is the risk that an FX counterparty will defaultbefore a trade has settled and that the bank must replace it with a newtrade and a different counterparty at current market prices (potentiallyless favourable exchange rate).

Liquidity risk is the risk that a counterparty will not settle an obligationfor full value when due.Liquidity risk does not imply that a counterpartyis insolvent since it may be able to settle the required debit obligations atsome unspecified later time.

Great, clear definitions, in the Supervisory guidance for managing risksassociated with the settlement of foreign exchange transactionsfrom theBank of International Settlements.

Read more at Number 4 below

Welcome to the Top 10 list.



4/129

P a g e | 4

FSB publishes peer review on risk

governance

The Financial Stability Board (FSB) published a thematic peer review onrisk governance.

The report takes stock ofrisk governance practicesat both nationalauthorities and firms, notes progress made since the financial crisis,identifies sound practices and offers recommendations to support furtherimprovements.

Governor Daniel K. Tarullo

Dodd-Frank Act

Before the Committee on Banking, Housing, and UrbanAffairs, U.S. Senate, Washington, D.C.

Interview with Carlos Montalvo, Executive Directorof EIOPA, conducted by Garry Booth, Reactionsmagazine (the UK)

Can you explain what the interim Solvency II measures,sometimes known as Solvency 1.5, encompass?



5/129

P a g e | 5

Supervisory guidance for managing risksassociated with the settlement of foreign

exchange transactions

The purpose of this guidance is to provide updatedguidance to supervisors and the banks they supervise onapproaches to managing the risks associated with the settlement of FXtransactions.

Financial Services Sector

Draft recommendations to the Chartered Institute of InternalAuditors

Following the crisis in the financial system over the past few years a widespread review of governance in financial institutionshas been takingplace.

It was inevitable that the role of Internal Audit would be brought into that

process.

The Financial Transaction Tax (FTT)

On 14 February 2013 the EuropeanCommission adopted a proposal for aCouncil Directive implementing enhanced cooperation in the area of

financial transaction tax, which mirrors the scope and objectives of itsoriginal FTT proposal of September 2011.



6/129

P a g e | 6

Speech by Andrew BaileyManaging Director, Prudential Business

Unit at the Chartered InstitutesNicholasBarbon Lectures, London

Suitability of members of the ManagementBody and Key Function H olders

EMIR: Frequently Asked Questions

Note: The Regulation (EU) No 648/ 2012 of the European Parliament andof the Council of 4 July 2012 on OTC derivatives, central counterparties(CCPs) and trade repositories (TRs) (EM IR) entered into force on 16August 2012.

However, many provisions require technical standards to be developed byESMA and the actual date of application of these provisions will dependon the date of entry into force of the technical standards (see section ontiming for more details)

Corporate and Risk Governance:

The IAISSelf-Assessment and Peer Review onICPs 4, 5, 7 and 8The IAIS has launched the Self-Assessment and Peer Review (SAPR) onCorporate and Risk Governance.



7/129

P a g e | 7

FSB publishes peer review on riskgovernance

The Financial Stability Board (FSB) published today a thematic peerreview on risk governance.

The report takes stock of risk governance practices at both nationalauthorities and firms, notes progress made since the financial crisis,identifies sound practices and offers recommendations to support furtherimprovements.

The recent global financial crisis exposed a number of risk governance

weaknesses in major financial institutions, relating to the roles andresponsibilities ofcorporate boards of directors (the board), thefirm-wide risk management function, and the independent assessment ofrisk governance.

Without the appropriate checks and balances provided by the board andthese functions, a culture of excessive risk-taking and leverage wasallowed to permeate in many of these firms.

The peer review found that, since the crisis, national authorities havetaken several measures toimprove regulatory and supervisory oversight ofrisk governance at financial institutions.

These measures include developing or strengthening existing regulationor guidance, raising supervisory expectations for the risk managementfunction, engaging more frequently with the board and management, andassessing the accuracy and usefulness of the information provided to theboard to enable effective discharge of their responsibilities.

Nonetheless, more work is necessary.

In particular, national authorities need to better assess the effectivenessofa firms risk governance framework, and more specifically its risk culture,



8/129

P a g e | 8

to help ensure the sound management of risk through the economiccycle.

Supervisors will need to strengthen their assessment of risk governanceframeworks to encompass an integrated view across all aspects of theframework.

The peer review also surveyed 36 banks and broker-dealers that FSBmembers deemed as significant for the purpose of the review.

The evaluation of their responses indicates that many of the best riskgovernance practices at surveyed firms are now more advanced thannational supervisory guidance, an outcome that may have been motivatedby firmsneed to regain market confidence.

Despite these considerable strides,significant gaps remain in a numberof areas, particularly in the risk management function.

At the core of strong risk management is an effective risk appetiteframework, and firmsprogress to date is uneven in its development,comprehensiveness and implementation.

Very few firms were able to identify clear examples of how they used theirrisk appetite framework in strategic decision-making processes.

Drawing from the findings of the review, the report identifies a list ofsound risk governance practices that would help firms continue toimprove their risk governance and national authorities to assess itseffectiveness.

The review also sets out several recommendations targeting areas wheremore substantial work is needed, in particular:

1.National authorities should strengthen their regulatory and supervisoryguidance for financial institutions and devote adequate resources to assessthe effectiveness of risk governance frameworks.



9/129

P a g e | 9

2.Standard setting bodies should review their principles for governance,taking into consideration the sound risk governance practices set out inthe report.

3.The FSB should explore ways to formally assess risk culture at financialinstitutions.

4.The FSB should provide general guidance on the key elements thatshould be included in risk appetite frameworks and establish a commonnomenclature for terms used in risk appetite statements.

Tiff Macklem, Chairman of the FSBsStanding Committee on StandardsImplementation (SCSI), said:

The review usefullypulls together good risk governance practices andidentifies follow-up work that needs to be done by national authorities tostrengthen their ability to assess the effectiveness of firmsriskgovernance frameworks.

Recent headline events surrounding activities at some large financialinstitutions underscore the importance of promoting and implementing asound risk culture.

Swee Lian Teo, Chair of the peer review team on risk governance, said:

While measures have been taken to improve risk governance, the review

showed that there are still gaps that need to be addressed by both firmsand supervisors.

The report sets out recommendations that will help supervisorseverywhere raise the bar on their expectations for risk governance so thatfirmspractices continue to improve through changing environments.

Notes

The FSB has been established to coordinate at the international level thework of national financial authorities and international standard settingbodies and to develop and promote the implementation of effective



10/129

P a g e | 10

regulatory, supervisory and other financial sector policies in the interest offinancial stability.

It brings together national authorities responsible for financial stability in24 countries and jurisdictions, international financial institutions,sector-specific international groupings of regulators and supervisors, and

committees of central bank experts.

The FSB also conducts outreach with 65 other jurisdictions through itssix regional consultative groups.

The peer review on risk governance is the the sixth thematic peer reviewconducted by the FSB and the first thematic review using the revisedobjectives and guidelinesfor the conduct of peer reviews set forth in the

December 2011 Handbook for FSB Peer Reviews.

Thematic reviews focus on the implementation and effectiveness acrossthe FSB membership of international financial standards developed bystandard-setting bodies and policies agreed within the FSB in a particulararea important for global financial stability.

Thematic reviews may alsoanalyse other areas important for globalfinancial stability where international standards or policies do not yetexist.

The objectives of the reviews are to encourage consistent cross-countryand cross-sector implementation; to evaluate (where possible) the extentto which standards and policies have had their intended results; and toidentify gaps and weaknesses in reviewed areas and to makerecommendations for potential follow-up (including via the developmentof new standards) by FSB members.



11/129

P a g e | 11

Thematic Review on Risk GovernancePeer Review Report

Foreword

Financial Stability Board (FSB) member jurisdictions have committed,under the FSB Charter and in the FSB Framework forStrengtheningAdherence to International Standards, to undergo periodic peer reviews.

To fulfil this responsibility, the FSB has established a regular programmeof country and thematic peer reviews of its member jurisdictions.

Thematic reviewsfocus on the implementation and effectiveness acrossthe FSB membership of international financial standards developed bystandard-setting bodies and policies agreed within the FSB in a particulararea important for global financial stability.

Thematic reviews may alsoanalyse other areas important for globalfinancial stability where international standards or policies do not yetexist.

The objectives of the reviews are to encourage consistent cross-countryand cross-sector implementation; to evaluate (where possible) the extent

to which standards and policies have had their intended results; and toidentify gaps and weaknesses in reviewed areas and to makerecommendations for potential follow-up (including via the developmentof new standards) by FSB members.

This report describes the findings of the thematic peer review on riskgovernance, including the key elements of the discussion in the FSBStanding Committee on Standards Implementation (SCSI).

Executive summary

The recent global financial crisis exposed a number of governanceweaknessesthat resulted in firmsfailure to understand the risks theywere taking.



12/129

P a g e | 12

In the wake of the crisis, numerous reports painted a fairly bleak pictureof risk governance frameworks at financial institutions, which consists ofthe three key functions: the board, the firm-wide risk managementfunction, and the independent assessment of risk governance.

The crisis highlighted that many boards had directors with little financialindustry experience and limited understanding of the rapidly increasingcomplexity of the institutions they were leading.

Too often, directors were unable to dedicate sufficient time to understandthe firmsbusiness model and too deferential to senior management.

In addition, many boards did not pay sufficient attention to riskmanagement or set up effective structures, such as a dedicated risk

committee, to facilitate meaningful analysis of the firms risk exposuresand to constructively challenge managementsproposals and decisions.

Therisk committees that did exist were often staffed by directors short onboth experience and independence from management.

The information provided to the board was voluminous and not easilyunderstood which hampered the ability of directors to fulfil theirresponsibilities.

Moreover, most firmslacked a formal process to independently assessthepropriety of their risk governance frameworks.

Without the appropriate checks and balancesprovided by the board, therisk management function, and independent assessment functions, aculture of excessive risk-taking and leverage was allowed to permeate inthese weakly governed firms.

Further,with the risk management function lacking the authority, statureand independenceto rein in the firms risk-taking, the ability to addressany weaknesses in risk governance identified by internal controlassessment and testing processes was obstructed.



13/129

P a g e | 13

The peer review found that, since the crisis, national authorities havetaken several measuresto improve regulatory and supervisory oversight ofrisk governance at financial institutions.

These measures include developing or strengthening existing regulationor guidance, raising supervisory expectations for the risk managementfunction, engaging more frequently with the board and management, andassessing the accuracy and usefulness of the information provided to theboard to enable effective discharge of their responsibilities.

Nonetheless, more work remains; national authorities need to strengthentheir ability to assess the effectiveness of a firms risk governance, andmore specifically its risk culture to help ensure sound risk governancethrough changing environments.

Supervisors will need to undergo a substantial change in approach sinceassessing risk governance frameworks entails forming an integrated viewacross all aspects of the framework.

The peer review also asked supervisors toevaluate progress made by theirsurveyed firm(s) toward enhanced risk governance in seven areas.

To provide some consistency to this exercise, the review team developedhigh-level criteria to assist supervisory evaluations of firmsprogress,drawing from a compilation of relevant principles, recommendations andsupervisory guidance.

The high-level criteria were viewed as fundamental prerequisites for riskgovernance frameworks.

This evaluation found that many of the best risk governance practices atsurveyed firms are now more advanced than national guidance.

This outcome may have been motivated by firmsneed to regain marketconfidence rather than regulatory requirements.

Firms have made particular progress in:



14/129

P a g e | 14

assessing the collective skills and qualificationsof the board as well asthe boardseffectiveness either through self-evaluations or through theuse of third parties;

instituting a stand-alone risk committee that is composed only ofindependent directors and having a clear definition of independence;

establishing a group-wide chief risk officer (CRO) and risk managementfunction that is independent from revenue-generating responsibilities andhas the stature, authority and independence to challenge decisions on riskmade by management and business lines; and

integrating the discussions among the risk and audit committeesthrough joint meetings or cross-membership.

Although many surveyed firms have made progress in the last few years,significant gaps remain, relative to the criteria developed, particularly inrisk management.

There were alsodifferences in progressacross regions with firms inadvanced economies having adopted more of the desirable riskgovernance practices.

The results of the supervisory evaluations were grouped by:

(i)all surveyed firms;

(ii)firms identified by the FSB and Basel Committee on BankingSupervision (BCBS) as global systemically important financialinstitutions, or G-SIFIs; and

(iii)firms that reside in advanced economies (AEs) or emerging marketand developing economies (EMDEs).

In summary, across the seven areasevaluated, firms have made the mostprogress in defining the boards role and responsibilities, and reasonableprogress in their approach to risk governance and the independentassessment of risk governance.



15/129

P a g e | 15

The supervisory evaluations, however, indicate that surveyed firms shouldcontinue to work toward defining the responsibilities of the riskcommittee and strengthening their risk management functions as nearly50 per cent of surveyed firms did not meet all of the evaluation criteria inthese areas.

By type of institution, surveyed G-SIFIs are more advanced than otherfinancial institutions in defining the responsibilitiesof the board and riskcommittee, conducting independent assessments of risk governance,providing relevant information to the board and risk committee, and tosome extent more advanced in the risk management function.

These results support the finding that the firms in the regions hardest hitby the financial crisis have made the most progress.

Meanwhile, supervisory evaluations of firms that reside in EMDEs showthat nearly 65 per cent did not meet all of the criteria for the riskmanagement function.

These gaps need immediate attention by both supervisors and firms.

Other significant findings coming out of the review include the following:

National authorities do not engageon a sufficiently regular and frequent

basis with the board, risk committee and audit committee. Severaljurisdictions hold such meetings only once a year or on an as-neededbasis.

Good progress has been made toward elevating the CROs stature,authority, and independence.

In many firms, the CRO has a direct reporting line to the chief executiveofficer (CEO) and a role that is distinct from other executive functionsand business line responsibilities (e.g., no dual-hatting).

This elevation, however, needs to be supported by the involvement of therisk committee in reviewing the performance and setting the objectives ofthe CRO, ensuring that the CRO has access to the board and risk



16/129

P a g e | 16

committee without impediment (including reporting directly to theboard/ risk committee), and facilitating periodic meetings with directorswithout the presence of executive directors or other management.

More work is needed on the part ofboth national authorities and firmson establishing an effective risk appetite framework (RAF). Assessing afirmsRAF is a challenging task that requires greater clarity and anelevated level of consistency among national authorities.

Supervisory expectationsfor the independent assessment of internalcontrol systems by internal audit or other independent function werewell-established prior to the crisis.

As such, this is an area that demonstrated relatively sound practices

across the FSB membership at both national authorities and firms.

However, no jurisdiction had specific expectations for internal audit toperiodically provide a firm-wide assessment of risk management or riskgovernance processes.

Nearly all firms have an independent chief audit executive (CAE) whoreports administratively to the CEO and the audit committee chair andwho directly reports audit findings to a permanent audit committee.

However, there is still room for improving the CAEs access to directorsbeyond those on the audit committee.

Drawing from the findings of the review, including discussions withindustry organisations as well asrisk committee directors and CROs ofseveral firmsthat participated in the review, the report identifies some ofthe better practicesexemplified by national authorities and firms tocollectively form a list of sound risk governance practices (see Section V).

It also draws on some of the relevant principles and recommendations forrisk governance published by other organisations and standard settingbodies.



17/129

P a g e | 17

No one single authority or firm, however, demonstrated all of these soundpractices.

This integrated and coherent list of sound practices aims to help nationalauthorities take a more holistic approach to risk governance, rather thanlooking at each facet in isolation, and may provide a basis forconsideration by authorities and standard setting bodies as they reviewtheir guidance and standards for strengthening risk governance practices.

The review sets out several recommendations to ensure the effectivenessof risk governance frameworks continue to improve by targeting areaswhere more substantial work is needed.

While the review focused on banks and broker-dealers that are

systemically important, these recommendations apply to other types offinancial institutions, including insurers and financial conglomerates.

Recommendations:

1.To ensure that firmsrisk governance practices continue to improve,FSB member jurisdictions should strengthen their regulatory andsupervisory guidance for financial institutions, in particular for SIFIs, anddevote adequate resources (both in skills and quantity) to assess theeffectiveness of risk governance frameworks.

In particular, national authorities should consider the following soundrisk governance practices:

i.Set requirements on the independence and composition of boards,including requirements on relevant types of skills that the board,collectively, should have (e.g., risk management, financial industryexpertise) as well as the time commitment expected.

i i .Hold the board accountablefor its oversight of the firms riskgovernance and assess if the level and types of risk information providedto the board enable effective discharge of board responsibilities.



18/129

P a g e | 18

Boards should satisfy themselves that the information they receive frommanagement and the control functions iscomprehensive, accurate,complete and timely to enable effective decision-making on the firmsstrategy, risk profile and emerging risks.

This includes establishing communication procedures between the riskcommittee and the board and across other board committees, mostimportantly the audit and finance committees.

iii.Set requirements to elevate the CROs stature, authority, andindependence in the firm.

This includes requiring the risk committee to review the performance andobjectives of the CRO, ensuring the CRO has unfettered access to the

board and risk committee (including a direct reporting line to the boardand/ or risk committee), and expecting the CRO to meet periodically withdirectors without executive directors and management present.

The CRO should have a direct reporting line to the CEO and a distinctrole from other executive functions and business line responsibilities(e.g., no dual-hatting).

Further, the CRO should be involved in activities and decisions (from arisk perspective) that may affect the firmsprospective risk profile (e.g.,

strategic business plans, new products, mergers and acquisitions, internalcapital adequacy assessment process, or ICAAP).

iv.Require the board (or audit committee) to obtain an independentassessment of the design and effectiveness of the risk governanceframework on an annual basis.

v.Engage more frequently with the board, risk committee, auditcommittee, CEO, CRO, and other relevant functions, such as the CFO, toassess the firms risk culture (e.g., the tone at the top), whetherdirectors provide effective challenge to managementsproposals anddecisions, and whether the risk management function has the appropriateauthority to influence decisions that affect the firms risk exposures.



19/129

P a g e | 19

2.The relevant standard setting bodies (e.g., BCBS, IAIS, IO SCO,OECD) should review their principles for governance, taking intoconsideration the sound risk governance practices listed in Section V.

3.Risk culture plays a critical role in ensuring effective risk governanceendures through changing environments.

The FSB Supervisory Intensity and Effectiveness group has agreed toimplement the recommendation from the 2012 FSB progress report onenhanced supervision to explore ways to formally assess risk culture,particularly at G-SIFIs.

This work should be completed by September 2013.

4.To improve their ability to assess firmsprogress toward more effectiverisk management, national authorities should provide guidance on the keyelements that are incorporated in effective risk appetite frameworks.

Toenable firms to define frameworks with a minimum amount ofcomparability despite their firm-specific nature, a common nomenclaturefor terms used in risk appetite statements (e.g., risk appetite,riskcapacity,risk limits) should be established.

The FSB Supervisory Intensity and Effectiveness group, in collaboration

with relevant standard setters, has agreed to finalise this work by the endof 2013.

5.The FSB should consider launching a follow-up review on riskgovernance after 2016 (i.e., after the G-SIFI policy measures begin to bephased in), to assess national authoritiesimplementation of therecommendations to strengthen their supervisory guidance and oversightof risk governance.

The review also should include the G-SIFIs identified in 2014 by the FSBin collaboration with the BCBS and IAIS.



20/129

P a g e | 20

(I mportant Part)

Increasing the intensity and effectiveness of supervision to reduce themoral hazard posed by SIFIs is a key component of the FSBs policy

measures, endorsed by G20 Leaders.

Since the onset of the global crisis, supervisors have intensified theiroversight of financial institutions, particularly SIFIs, so as to reduce theprobability of their failure.

Specifically, supervisory expectations ofrisk management functions andoverall risk governance frameworkshave increased, as this was an areathat exhibited significant weaknesses in many financial institutionsduring the global financial crisis.

While supervisors are responsible for assessing whether a firms riskgovernance framework and processes are adequate, appropriate andeffective for managing the firms risk profile, the firmsmanagement isresponsible for identifying and managing the firms risk.

In October 2011, the FSB agreed to conduct a thematic peer review on riskgovernance to assess progress toward enhancing practices at nationalauthorities and firms (banks and broker-dealers).

For purposes of this review, risk governance collectively refers to the roleand responsibilities of the board, the firm-wide CRO and riskmanagement function, and the independent assessment of the riskgovernance framework (see Chart 2).



21/129

P a g e | 21

- Board responsibilities and practices: The board is responsible forensuring that the firm has an appropriate risk governance frameworkgiven the firmsbusiness model, complexity and size which is

embedded into the firms risk culture.How boards assume such responsibilities varies across jurisdictions.

- Firm-wide risk management function: The CRO and riskmanagement function are responsible for the firms risk managementacross the entire organisation, ensuring that the firms risk profileremains within the risk appetite statement (RAS) as approved by theboard.

The risk management function is responsible for identifying,measuring, monitoring, and recommending strategies to control ormitigate risks, and reporting on risk exposures on an aggregated anddisaggregated basis.



22/129

P a g e | 22

- Independent assessment of the risk governance framework: Theindependent assessment of the firms risk governance frameworkplays a crucial role in the ongoing maintenance of a firms internalcontrols, risk management and risk governance.

It helps a firm accomplish its objectives by bringing a disciplinedapproach to evaluate and improve the effectiveness of riskmanagement, control and governance processes.

This may involve internal parties, such as internal audit, or externalresources such as third-party reviewers (e.g., audit firms, consultants).



23/129

P a g e | 23

Governor Daniel K. Tarullo

Dodd-Frank Act

Before the Committee on Banking, Housing, andUrban Affairs, U.S. Senate, Washington, D.C.

Chairman Johnson, Ranking Member Crapo, andother members of the committee, thank you forthe opportunity to testify on implementation of the Dodd-Frank WallStreet Reform and Consumer Protection Act of 2010 (Dodd-Frank Act).

In today's testimony, I willprovide an update on theFederal Reserve's recentactivitiespertinent to theDodd-Frank Act and describeour regulatory and supervisorypriorities for 2013.

The Federal Reserve, in manycases jointly with otherregulatory agencies, has madesteady and considerableprogress in implementing the Congressional mandates in theDodd-Frank Act, though obviously some work remains.

Throughout this effort, the Federal Reserve has maintained a focus onfinancial stability.

In the process of rule development, we have placed particular emphasis

on mitigating systemic risks.

Thus, among other things, we have proposed varying the application ofthe Dodd-Frank Act's special prudential rules based on the relative sizeand complexity of regulated financial firms.



24/129

P a g e | 24

This focus on systemic risk is also reflected in our increasingly systematicsupervision of the largest banking firms.

Recent Regulatory Reform Milestones

Strong bank capital requirements, while not alone sufficient to guaranteethe safety and soundness of our banking system, are central to promotingthe resiliency of banking firms and the financial sector as a whole.

Capital provides a cushion to absorb a firm's expected and unexpectedlosses,helping to ensure that those losses are borne by shareholdersrather than taxpayers.

The financial crisis revealed, however, that the regulatory capital

requirements for banking firms were not sufficiently robust.

It also confirmed that no single capital measure adequately captures abanking firm's risks of credit and trading losses.

A good bit of progress has now been made in strengthening and updatingtraditional capital requirements, as well as devising some complementarymeasures for larger firms.

As you know, in December 2010 the Basel Committee on Banking

Supervision (Basel Committee) issued the Basel I I I packageof reforms toits framework for minimum capital requirements, supplementing anearlier set of changes that increased requirements for important classes oftraded assets.

Last summer, the Federal Reserve, the Office of the Comptroller of theCurrency (OCC), and the Federal Deposit Insurance Corporation (FDIC)issued forcomment a set of proposals to implement the Basel II I capitalstandards for all large, internationally active U.S. banking firms.

In addition, the proposals would apply risk-based and leverage capitalrequirements to savings and loan holding companies for the first time.



25/129

P a g e | 25

The proposals also would modernize and harmonize the existingregulatory capital standards for all U.S. banking firms, which have notbeen comprehensively updated since their introduction twenty-five yearsago, and incorporate certain new legislative provisions, includingelements of sections 171 and 939A of the Dodd-Frank Act.

To help ensure that all U.S. banking firms maintain strong capitalpositions, the Basel I I I proposals would introduce a new common equitycapital requirement, raise the existing tier 1 capital minimumrequirement, implement a capital conservation bufferon top of theregulatory minimums, and introduce a more risk-sensitivestandardizedapproach for calculating risk-weighted assets.

Large, internationally active banking firms also would be subject to a

supplementary leverage ratio and a countercyclical capital bufferandwould face higher capital requirements for derivatives and certain othercapital markets exposures they hold.

Taken together, these proposals should materially reduce the probabilityof failure of U.S. banking firms--particularly the probability of failure ofthe largest, most complex U.S. banking firms.

In October 2012, the Federal Reserve finalized rules implementing stresstesting requirements under section 165 of the Dodd-Frank Act.

Consistent with the statute, the rules require annual supervisory stresstests for bank holding companies with $50 billion or more in assets andany nonbank financial companies designated by the Financial StabilityOversight Council (Council).

The rules also require company-run stress tests for a broader set ofregulated financial firms that have $10 billion or more in assets.

The new Dodd-Frank Act supervisory stress test requirements aregenerally consistent with the stress tests that the Federal Reserve hasbeen conducting on the largest U.S. bank holding companies since theSupervisory Capital Assessment Program in the spring of 2009.



26/129

P a g e | 26

The stress tests allow supervisors to assess whether firms have enoughcapital to weather a severe economic downturn and contribute to theFederal Reserve's ability to make assessments of the resilience of the U.S.banking system under adverse economic scenarios.

The stress tests are an integral part of our capital plan requirement, whichprovides a structured way to make horizontal evaluations of the capitalplanning abilities of large banking firms.

The Federal Reserve also issued in December of last year a proposal toimplement enhanced prudential standards and early remediationrequirements for foreign banks undersections 165 and 166 of theDodd-Frank Act.

The proposal is generally consistent with the set of standards previouslyproposed for large U.S. bank holding companies.

The proposal generally would require foreign banks with a large U.S.presence to organize their U.S. subsidiaries under a single intermediateholding company that would serve as a platform for consistentsupervision and regulation.

The U.S. intermediate holding companies of foreign banks would besubject to the same risk-based capital and leverage requirements as U.S.

bank holding companies.

In addition, U.S. intermediate holding companies and the U.S. branchesand agencies of foreign banks with a large U.S. presence would berequired to meet liquidity requirementssimilar to those applicable tolarge U.S. bank holding companies.

The proposals respond to fundamental changes in the scope and scale offoreign bank activities in the United States in the last fifteen years.

They would increase the resiliencyand resolvability of the U.S. operationsof foreign banks, help protect U.S. financial stability, and promotecompetitive equity for all large banking firms operating in the UnitedStates.



27/129

P a g e | 27

The comment period for this proposal closes at the end of March.

Priorities for 2013

The Federal Reserve's supervisory and regulatory program in 2013 willconcentrate on four tasks:

(1)Continuing key Dodd-Frank Act and Basel I I I regulatoryimplementation work;

(2) Further developing systematic supervision of large banking firms;

(3) Improving the resolvability of large banking firms; and

(4) Reducing systemic risk in the shadow banking system.

Carrying Forward the Key Dodd-Frank Act and Basel I I IRegulatory Implementation Work

Capital, Liquidity, and Other Prudential Requirements for Large BankingFirms.

Given the centrality of strong capital standards, a top priority this year will

be to update the bank regulatory capital framework with a final ruleimplementing Basel I I I and the updated rules for standardizedrisk-weighted capital requirements.

The banking agencies have receivedmore than 2,000 comments on theBasel I I I capital proposal.

Many of the comments have been directed at certain features of theproposed rule considered especially troubling by community and smallerregional banks, such as the new standardized risk weights for mortgages

and the treatment of unrealized gains and losses on certain debtsecurities.



28/129

P a g e | 28

These criticisms underscore the difficulty in fashioning standardizedrequirements applicable to all banks that balance risk sensitivity with theneed to avoid excessive complexity.

Here, though, I think there is a widespread view that the proposed ruleerred on the side of too much complexity.

The three banking agencies are carefully considering these and allcomments received on the proposal and hope to finalize the rulemakingthis spring.

The Federal Reserve also intends to work this year toward finalization ofits proposals to implement the enhanced prudential standards and earlyremediation requirements for large banking firms under sections 165 and

166 of the Dodd-Frank Act.

As part of this process, we intend to conduct shortly a quantitative impactstudy of the single-counterparty credit limits element of the proposal.

Once finalized, these comprehensive standards will represent a core partof the new regulatory framework that mitigates risks posed bysystemically important financial firms and offsets any benefits that thesefirms may gain from being perceived as"too big to fail."

We also anticipate issuing notices of some important proposedrulemakings this year.

The Federal Reserve will be working to propose a risk-based capitalsurcharge applicable to systemically important banking firms.

This rulemaking will implement forU.S. firms the approach to a systemicsurcharge developed by the Basel Committee, which varies in magnitudebased on the measure of each firm's systemic footprint.

Following the passage of the Dodd-Frank Act, which called for enhancedcapital standards for systemically important firms, the Federal Reserve

joined with some other key regulators from around the world in



29/129

P a g e | 29

successfully urging the Basel Committee to adopt a requirement of thissort for all firms of global systemic importance.

Another proposed rulemaking will cover implementation by the threefederal banking agencies of the recently completed Basel I I I quantitativeliquidity requirements for large global banks.

The financial crisis exposed defects in the liquidity risk management oflarge financial firms, especially those which relied heavily on short-termwholesale funding.

These new requirements include the liquidity coverage ratio (LCR),which is designed to ensure that a firm has a sufficient amount of highquality liquid assets to withstand a severe standardized liquidity shock

over a 30-day period.

The Federal Reserve expects that the U.S. banking agencies will issue aproposal in 2013 to implement the LCR for large U.S. banking firms.

The Basel I I I liquidity standards should materially improve the liquidityrisk profiles of internationally active banks and will serve as a key elementof the enhanced liquidity standards required under the Dodd-Frank Act.

Volcker Rule, Swaps Push-out, and Risk Retention.

Section 619 of the Dodd-Frank Act, known as the "Volcker rule,"generally prohibits a banking entity from engaging in proprietary tradingor acquiring an ownership interest in, sponsoring, orhaving certainrelationships with a hedge fund or private equity fund.

In October 2011, the federal banking agencies and the Securities andExchange Commission sought public comment on a proposal toimplement the Volcker rule.

The Commodity Futures Trading Commission subsequently issued asubstantially similar proposal.



30/129

P a g e | 30

The rulemaking agencies have spent the past year carefullyanalyzing thenearly 19,000 public commentson the proposal and have made significantprogress in crafting a final rule that is faithful to the language of thestatute and maximizes bank safety and soundness and financial stabilityat the least cost to the liquidity of the financial markets, credit availability,and economic growth.

Section 716 of the Dodd-Frank Act generally prohibits the provision offederal assistance, such as FDIC deposit insurance or Federal Reservediscount window credit, to swap dealers and major swap participants.

The Federal Reserve is currently working with the OCC and the FDIC todevelop a proposed rule that would provide clarity on how and when thesection 716 requirements would apply to U.S. insured depository

institutions and their affiliates and to U.S. branches of foreign banks.

We expect to issue guidance on the implementation of section 716 beforethe July 21, 2013, effective date of the provision.

To implement the risk retention requirements in section 941 of the Dodd-Frank Act, the Federal Reserve, along with other federal regulatoryagencies, issued in March 2011 a proposal that generally would forcesecuritization sponsors to retain at least 5 percent of the credit risk of theassets underlying a securitization.

The agencies have reviewed the substantial volume of comments on theproposal and the definition of a qualified mortgage in the recent final"ability-to-pay" rule of the Consumer Financial Protection Bureau(CFPB).

As you know, the CFPB's definition of qualified mortgage serves as thefloor for the definition of exempt qualified residential mortgages in therisk retention framework.

The agencies are working closely together to determine next steps in therisk retention rulemaking process, with a view toward crafting a definitionof a qualified residential mortgage that is consistent with the language



31/129

P a g e | 31

and purposes of the statute and helps ensure a resilient market forprivate-label mortgage-backed securities.

Improving Systematic Supervision of Large Banking Firms

Given the risks to financial stability exposed by the financial crisis, theFederal Reserve hasreoriented its supervisory focus to look more broadlyat systemic risks and has strengthened its micro-prudential supervision oflarge, complex banking firms.

Within the Federal Reserve, the Large Institution SupervisionCoordinating Committee (LISCC) was set up to centralize thesupervision of large banking firms and to facilitate the execution ofhorizontal, cross-firm analysis of such firms on a consistent basis.

The LISCC includessenior staff from various divisionsof the Board andfrom the Reserve Banks.

It fosters interdisciplinary coordination, using quantitative methods toevaluate each firm individually, relative to other large firms, and as part ofthe financial system as a whole.

One major supervisory exercise conducted by the L ISCC each year is aComprehensive Capital Analysis and Review (CCAR) of the largest U.S.

banking firms.

Building on supervisory work coming out of the crisis, CCAR wasestablished to ensure that each of the largest U.S. bank holdingcompanies

(1)Has rigorous, forward-looking capital planning processes thateffectively account for the unique risks of the firm and

(2)Maintainssufficient capital to continue operations throughout times ofeconomic and financial stress. CCAR, which uses the annual stress test asa key input, enables the Federal Reserve to make a coordinated,horizontal assessment of the resilience and capital planning abilities of



32/129

P a g e | 32

the largest banking firms and, in doing so, creates closer linkage betweenmicro-prudential and macro-prudential supervision.

Large bank supervision at the Federal Reserve will include more of thesesystematic, horizontal exercises.

Improving the Resolvability of Large Banking Firms

One important goal of post-crisis financial reform has been to countertoo-big-to-fail perceptions by reducing the anticipated damage to thefinancial system and economy from the failure of a major financial firm.

To this end, the Dodd-Frank Act created the Orderly LiquidationAuthority (OLA), a mechanism designed to improve the prospects for an

orderly resolution of a systemic financial firm, and required all large bankholding companies to develop, and submit to supervisors, resolutionplans.

Certain other countries that are home to large, globally active bankingfirms are working along roughly parallel lines.

The Basel Committee and the Financial Stability Board have devotedconsiderable attention to the orderly resolution objective by developingnew standards for statutory resolution frameworks, firm-specific

resolution planning, and cross-border cooperation.

Although much work remains to be done by all countries, theDodd-Frank Act reforms have generally put the United States ahead of itsglobal peers on the resolution front.

Since the passage of the Dodd-Frank Act, the FDIC has been developinga single-point-of-entry strategy for resolving systemic financial firmsunder the OLA.

As explained by the FDIC, this strategy is intended to effect acreditor-funded holding company recapitalization of the failed financialfirm, in which the critical operations of the firm continue, but



33/129

P a g e | 33

shareholders and unsecured creditors absorb the losses, culpablemanagement is removed, and taxpayers are protected.

Key to the ability of the FDIC to execute this approach is the availabilityof sufficient amounts of unsecured long-term debt to supplement equityin providing loss absorption in a failed firm.

In consultation with the FDIC, the Federal Reserve is considering themerits of a regulatory requirement that the largest, most complex U.S.banking firms maintain a minimum amount of long-term unsecured debt.

A minimum long-term debt requirement could lend greater confidencethat the combination of equity owners and long-term debt holders wouldbe sufficient to bear all losses at the consolidated firm, thereby

counteracting the moral hazard associated with taxpayer bailouts whileavoiding disorderly failures.

Reducing Systemic Risk in the Shadow Banking System

Most of the reforms I have discussed are aimed at addressing systemicrisk posed by regulated banking organizations, and all involve action theFederal Reserve can take under its current authorities.

Important as these measures are, however, it is worth recalling that the

trigger for the acute phase of the financial crisis was the rapid unwindingof large amounts of short-term funding that had been made available tofirms not subject to consolidated prudential supervision.

Today, although some of the most fragile investment vehicles andinstruments that were involved in the pre-crisis shadow banking systemhave disappeared, non-deposit short-term funding remains significant.

In some instances it involves prudentially regulated firms, directly or

indirectly.

In others it does not.



34/129

P a g e | 34

The key condition of the so-called"shadow banking system" that makesit of systemic concern is its susceptibility to destabilizing funding runs,something that is more likely when the recipients of the short-termfunding are highly leveraged, engage in substantial maturitytransformation, or both.

Many of the key issues related to shadow banking and their potentialsolutionsare still being debated domestically and internationally.

U.S. and global regulators need to take a hard, comprehensive look at thesystemic risks present in wholesale short-term funding markets.

Analysis of the appropriate ways to address these vulnerabilitiescontinues as a priority this year for the Federal Reserve.

In the short term, though, there are several key steps that should be takenwith respect to shadow banking to improve the resilience of our financialsystem.

First, the regulatory and public transparency of shadow banking markets,especially securities financing transactions, should be increased.

Second, additional measures should be taken to reduce the risk of runs onmoney market mutual funds.

The Council recently proposed a set of serious reform options to addressthe structural vulnerabilities in money market mutual funds.

Third, we should continue to push the private sector to reduce the risksin the settlement process for tri-party repurchase agreements.

Although an industry-led task force made some progress on these issues,the Federal Reserve concluded that important problems were not likely to

be successfully addressed in this process and has been using supervisoryauthority over the past year to press for further and faster action by theclearing banks and the dealer affiliates of bank holding companies.



35/129

P a g e | 35

The amount of intraday credit being provided by the clearing banks in thetri-party repo market has been reduced and is scheduled to be reducedmuch further in the coming years as a result of these efforts.

But vulnerabilities in this market remain a concern, and addressing thesevulnerabilities will require the cooperation of the broad array ofparticipants in this market and their federal regulators.

The Federal Reserve will continue to report to Congress and publicly onprogress made to address the risks in the tri-party repo market.

In addition to these concrete steps to address concrete problems,regulators must continue to closely monitor the shadow banking sectorand be wary of signs that excessive leverage and maturity transformation

are developing outside of the banking system.

Conclusion

The financial regulatory architecture is stronger today than it was in theyears leading up to the crisis, but considerable work remains to completeimplementation of the Dodd-Frank Act and the post-crisis global financialreform program.

Over the coming year, the Federal Reserve will be working with other U.S.

financial regulatory agencies, and with foreign central banks andregulators, to propose and finalize a number of ongoing initiatives.

In this endeavor, our goal is topreserve financial stability at the least costto credit availability and economic growth.

We are focused on the monitoring of emerging systemic risks, reducingthe probability of failure of systemic financial firms, improving theresolvability of systemic financial firms, and building up buffers

throughout the financial system to enable the system to absorb shocks.

As we take this work forward, it is important to remember that preventinga financial crisis is not an end in itself.

http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-association.com/http://www.risk-compliance-ass

risk management presentation february 25 2013

Documents