230 likes | 446 Views
E N D
Asset Managers have been subjected to significant changes in the way that they are required to manage risk within their business. Some of these relate to Basel 2, but there is a responsibility to implement and evidence an enterprise wide risk framework that supports ICAAP. This can be complicated by the evolving approach to regulation of complex groups resulting in changing regulatory relationships for asset managers. This talk will address the issues involved in achieving this wider risk framework. Neil Brown Managing Director NoteWell Associates Ltd. NoteWellMail@aol.com
Mitigating Risk by Evidencing Risk Control “ …..we will scrutinise proposals for new UCITS III funds and conversions of existing funds and will engage in a thematic review of the risk management of firms that are proposing to operate or are operating UCITS III funds.” Hector Sants, 19th September 2005
Mitigating Risk by Evidencing Risk Control • ….financial services regulators around the world are rightly concerned that the business and affairs of financial services firms are responsibly and effectively organised and controlled at senior management level and that firms’ senior management take responsibility for this • a firm is required to establish, implement and maintain adequate risk management policies and procedures which identify and set the tolerable level of risk relating to its activities and effectively manage those risks. • A firm also has to have a separate risk control function, where this is proportionate depending on the nature, scale and complexity of its business. This function will be responsible for assessing the risks that the firm faces and for advising the firm's governing body and senior managers on these risks. Christine Sinclair 15th May 2006
Generic Risk Process • Define Risks the firm is prepared to take (Risk Appetite) • Identify risks the firm owns (to capital, reputation, earnings, brand….) • Categorise and identify the drivers of these risks (investment performance, market, credit, operational, event….) • Agree measurement techniques (attribution, VaR, stress testing, scenarios, other…) • Agree limitations of these techniques (Correlations, Fat Tails, model validity under stress…) • Design / Build / Implement systems and processes to capture this information • Set and operate appropriate controls (limits, delegated authorities, escalation processes • Apportion responsibility for managing these risks • Business management to own them • Risk management to provide oversight
Objective of the ICAAP • How much and what composition of internal capital the firm considers it should hold as compared with the capital resource requirement (CRR) ‘pillar 1’ calculation , and • the adequacy of the firm’s risk management processes …with respect to capital adequacy….
Risk Framework What are the risks? • Strategy • Earnings • Reputation (Brand?) • Investment Performance • Failure to deliver mandated product • Includes TCF, Advertising… • Operational Risks • Legal & Compliance Risks
Other issues? • Group Structures – strengths and weaknesses…. • Outsourcing (and insourcing!) • Where applicable, details of any other business-unit-specific or business plan stress tests selected • Differentiation between ICAAP requirements and good business management….
ICAAP • Annual? • Risk types considered to justify “exclusion”? • Capital required to mitigate worst case occurrence • Not a process to manage the business….
An Appropriate Risk Management Infrastructure Who owns this and why will it happen? • Senior Management • CEO/SEO / Apportionment Officer • SIAPs • If you don’t understand it, you shouldn’t be responsible! • Others • Line Management • All staff
What Is Involved? Company Risk Framework TABLE OF CONTENTS • Overview • Governance • Roles and responsibilities • Definition of risks and risk appetite • Risk Management Framework • Risk and Control Assessment processes • Incident Management processes • Reporting and Monitoring
Example: Roles and Responsibilities • Senior Management are responsible for implementing • An effective and appropriate operating structure that has transparent and formal responsibilities including: • implementing risk management frameworks within their part of business. • developing and implementing processes and procedures for measuring and managing risk in all of the material products, activities, processes and systems of their part of the business. • understanding and evaluating the risk profile and ensuring appropriate risk mitigation within their part of the business. • producing reporting to demonstrate the effectiveness of the risk mitigation they have applied
What Does This Mean? • Much of this will exist, some is documented…. • Document from the top down, pull all existing frameworks together…… • Quality not Quantity (substance not form) • Ensure that Management Information produced by all areas can support the risk framework (evidences management control)
Board of Directors Management / Board / Risk Committee Chief Executive Officer Business area Heads / Senior Management Monthly / Quarterly Reporting Line Management Monthly / Quarterly Reporting Reporting Structure Risk Management Monthly / Quarterly reporting Business Activity Daily/ Weekly/Monthly /Quarterly Reporting
Example - New Product Process Risks? • Strategy • Earnings • Reputation • Investment Performance • Failure to deliver mandated product • Includes mis-selling,TCF, advertising… • Operational Risks • Legal & Compliance Risks
Example - New Product Process • Initial idea - (Marketing?) • product, marketplace, competition, asset target, costs, profitability.... • Management support • Front Office design (Portfolio Management?) • Middle/Back Office ability to support proposal • Legal/Compliance/Risk review • Is the proposal legal and are we allowed to build/distribute? • Do all areas of the business understand what is required of them?
Product – Marketing Responsibilities Internal External • Compliant marketing materials • Brochures / Applications • IFA materials • Advertising • TCF considerations • Place in market • Place in portfolio • Family/friends….. • Clearly defined product characteristics • objectives, • sources of alpha / absolute return • risk controls & characteristics • fees and commissions • Clearly defined target marketplace • Clearly defined target sales and timescales • Clearly defined product review process
Product Investment Management Responsibilities • Through what clearly defined investment process and risk controls & characteristics will they capture the alpha / absolute return to deliver the clearly defined fund objectives .......... • Credibility of how they will deliver consistent product/performance…. • Ability to explain/demonstrate sources of absolute and relative performance (Attribution) • Ability to explain demonstrate current portfolio positioning/”bets” (risk analysis)
Middle/Back Office Responsibilities • What new systems or people are required? • On what platform / how will you • price • account • risk measure • report • What processes change as a result of this? • What manual processes are introduced? • What processes are special/different for this product? • Ensure continuity and disaster recovery
Risk Management Process Investment Risk • Review proposed product characteristics versus proposed objectives / market / clients for “goodness of fit” • Ongoing review of the performance, attribution and risk analysis of product using appropriately designed statistics and techniques – still “true to label”? Operational Risk • Ensure • specific accountability, policies & controls, reporting at launch & ongoing • segregation of duties at launch & ongoing • Key Risks, Key Controls, Control Enhancements identified and addressed… • Integrate into ongoing OpRisk reporting – enhance where necessary
Additional/Enhanced Processes.…? • Instrument / portfolio pricing • Instrument / portfolio risk analysis • Risk Management oversight • Management oversight • Board reporting
Who Owns What? • Product design • Investment delivery • Product support • Product launch • Oversight • Ongoing product life • Marketing / Distribution (/ Investment Management) • Investment Management • Middle/Back Office • CEO • Senior Management/CEO • Legal/Compliance/Risk Management • All of above but ultimately, CEO………..
Conclusions • Senior Management resolve is key • Don’t build the Bugatti Veryon * • Model Bugatti Veyron 16.4 Engine type 7993cc, 16 cylinders in a WPower/Torque 1001bhp @ 6000rpm / 922 lb ft @ 2200rpmPerformance 0-62mph: 2.5sec / Top speed: 253mphPrice £810,345Verdict Blows away all the other supercars • Set senior responsibilities and deliverables to drive framework down through the business • Ensure reporting is appropriate and evidenced • Having created this framework, be ready for internal/external review… * Source: Times Online