280 likes | 543 Views
Addressing Operational Risk in Pension Fund Management . Zagreb, Croatia May 2003 Jim Kernan (Warsaw) Philip Warland (London) +48-22-523-4326 james.kernan@pl.pwc.com. Agenda . The Incidence of Operational Risk How to manage Operational Risk The Regulatory Response
E N D
Addressing Operational Risk in Pension Fund Management Zagreb, Croatia May 2003 Jim Kernan (Warsaw) Philip Warland (London) +48-22-523-4326 james.kernan@pl.pwc.com
Agenda • The Incidence of Operational Risk • How to manage Operational Risk • The Regulatory Response • What it means in practice • Capital Adequacy Examples: Croatia and Poland Thank you to Hywel Dawes for Basel 2/CAD 3 slides.
Definition of Operational Risk • The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events • including legal risk • excluding strategic and reputation risk. • Management of operational risk can't be delegated on one department department tasks Risk measurement, monitoring, reporting, education, coordination, methodology, etc. Risk Management Verification and review of the model Internal Audit/Compliance Dept. Identification of the cases, proposal for remedy, reporting to risk management. Other Business departments & units
How Do Asset Managers Manage their Business? Cost of Errors Time • How does the business manage the cost of the errors?
Agenda • The Incidence of Operational Risk • How to manage Operational Risk • The Regulatory Response • What it means in practice • Capital Adequacy Examples: Croatia and Poland
Preventive measures for the elimination or limitation of the risk occurrence Limitation of the after-effects Conduct of business Improvement of internal controls Change of internal regulations Advancement from manual to automatic procedures Backup IT equipment etc • Conduct of business • Contingency and recovery plans • Capital for high frequency low cost events • Insurance • Suitable for low-frequent events with significant financial impact • Transfer of the operational risk on the counterparties Operational Risk Management: Controls and Financing Operational Risk Management Process Management + Activity Limits + Capital + Insurance Data Analysis
Agenda • The Incidence of Operational Risk • How to manage Operational Risk • The Regulatory Response • What it means in practice • Capital Adequacy Examples: Croatia and Poland
Linking best practice to EU Directives and then to national requirements EC Directives (CAD 3 and ISD) Basel II/ CESR National rules CAD 3 requirements translated into national requirements, which are likely to be implemented differently - ISD is a separate initiative for investment services Requirements converted into directives for EU credit institutions and securities firms
Basel II /CAD 3 and CESR/ISD- timeline to implementation Basel II/CAD3 Consultation paper 3 and final Accord CAD 3 Consultation document 3 Field testing CAD 3 “Structured dialogue” Final CAD 3 Implementation CAD 3 draft 2002 2006 2005 2003 2004 Implementation Final CAD 3 CESR Recommendations Adopt ISD ISD in reading at EP and Council CESR/ ISD
Basel II/CAD 3 Structure Pillar 1 Minimum Capital Firms’s internal view Refined Credit and new Operational Risk capital requirements Pillar 2 Supervisory Review Supervisor’s view Supervisor’s assessment of bank and any additional capital requirement External view Pillar 3 Market Discipline Disclosure to allow the markets to decide 3 Pillars mutually-reinforcing and interlinked
Investment Service Directive • Broad Objectives: • Protection of investors and market integrity • Promotion of fair, transparent, efficient and integrated financial markets • Structure: • Trade execution • Regulated markets & MTFs • Investment firms • Investor Protection and Investment Firm Regime • CESR Recommendations: Applied throughout the ISD, particularly focusing on protecting investor rights and market integrity through conuct of business
Agenda • The Incidence of Operational Risk • How to manage Operational Risk • The Regulatory Response • What it means in practice • Process management and activity limits • Capital Adequacy Examples: Croatia and Poland
CESR/ISD: Process management and activity limits • Process management and activity limits is about the manner in which a business conducts its business – or „conduct of business”. Conduct of business broadly includes: • Creating a „level playing field” for customers and clients. • The regulator has to ensure the soundness of the financial system, protect the rights of consumers and monitor firms’ behaviour. • Financial products are difficult for most people to understand – yet vital to their financial and personal health. • Consumers need to know who they are dealing with – and that they have recourse. • But not a problem ever solved 100% - in other words, there is always some operational risk.
CESR/ISD: Conduct of Business • Overriding Principle – Act honestly and fairly, in the best interests of clients and the integrity of the market • Ensure adequate information for investors • Ensure fact-finding takes place to ensure suitability of advice, information, services and investments • Ensure written contracts exist • Ensure firms act in best interests of clients and give best execution • Ensure that portfolios managed independently, in line with client objectives and with regular information on performance • Ensure conflicts of interest are managed fairly • Ensure that firms have code of conduct for management and staff, and that procedures exist to obtain compliance with code and rules of conduct generally.
CESR/ISD: Conduct of Business • Marketing Communication to be fair, clear, legally compliant • Timely disclosure about • firm, services and compensation to allow client to understand risks of firm and of investment • investments and markets to allow informed investment decisions and prompt reaction to losses • Warning about risks and of investments/strategies commensurate with experience of client • Fact-find to determine suitability • Record of agreement and terms and conditions • Execute business in best interests of client applying best execution, with procedures to demonstrate best execution • Provide reports on execution and on investment performance
CESR/ISD: Conduct of Business • All firms will have to have an independent compliance function (not internal audit) with adequate powers, monitoring adequate compliance policies and procedures and an internal code of conduct. • Must be independent of those being monitored • At least annual report to senior management, internal and external auditors • Must report serious breaches to authorities “without delay” • Compliance function must • Regularly verify adequacy of policies and procedures • Provide assistance to business areas on regulation and compliance • Records to be kept 5 years and tape recordings of orders 1 year
Compliance Function Structures For a larger discussion of this issue, see the PwC study entitled: „Regulatory Compliance: Adding Value” at www.pwc.com/pl/compliance.
Agenda • The Incidence of Operational Risk • How to manage Operational Risk • The Regulatory Response • What it means in practice: • capital and insurance • Capital Adequacy Examples: Croatia and Poland
Basel 2/CAD3: capital and insurance *Gross income figure used is average annual gross income for past 3 years
Operational Risk – Standardised Approach example Source: Basel Committee’s publication “QIS 3 Technical Guidance”
Operational Risk – Advance Measurement Approach and/or use of Insurance To reflect the full range of losses internal data must be supplemented with external data External data is necessary here Number of events Size of loss SMALL LOSSES • MANY INTERNAL • DATAPOINTS MEDIUM LOSSES • SOME INTERNAL • DATAPOINTS LARGE LOSSES - VERY FEW INTERNAL DATAPOINTS
Agenda • The Incidence of Operational Risk • How to manage Operational Risk • The Regulatory Response • What it means in practice • Capital Adequacy Examples: Croatia and Poland
Summary: Key Benefits of Operational Risk Management 1. Operational risk management =Strong Conduct of Business =Process management and activity limits 2. Operational risk management =Capital adequacy =Capital + insurance