430 likes | 661 Views
Dr Chris Stalvies Director Cognitix Limited. The Regulatory Time Bomb redefining how people work with risk. Contents. Introduction The problem – examples Why it has become a regulatory hotspot Who is affected How they are affected When they will be affected What customers need to do
E N D
Dr Chris StalviesDirector Cognitix Limited
The Regulatory Time Bombredefining how people work with risk
Contents • Introduction • The problem – examples • Why it has become a regulatory hotspot • Who is affected • How they are affected • When they will be affected • What customers need to do • Problems – data modelling • Opportunities
About Cognitix • What we do • Cognitix is a risk management and corporate governance company that helps organisations identify rapidly factors that can help predict success or failure. • We supply Cognitix Quadrant the most powerful and flexible solution available to help financial services companies satisfy FSA and Basel II operational risk regulatory requirements
About Cognitix • Where we come from • The background of the founders is operational risk management in the financial services sectors combined with very strong in-house development capabilities. We work with companies of all sizes • Where we are going • We will become the standard for operational risk management
About Cognitix Quadrant • Web technology based • Multi tiered databases fits any hierarchy • End to end risk management process • XML output • Rules based fuzzy logic engine incorporated • Validates collaborative input to assess and predict high impact low frequency events • Very low integration costs
Cognitix philosophy • Cognitix Quadrant takes a Bayesian approach to the assessment of High Impact Events. • This is reinforced by standard statistical analysis so that reliable data is available for further manipulation or for input to risk management processes. • Application of rules based analysis and fuzzy logic profoundly augments the capabilities of the system in an uncertain environment.
What is Operational Risk • Risk Management Process • The proactive identification, analysis and control of those risks which threaten the assets or earning capacity of an enterprise (Institute of Risk Management) • Operational Risk – a relatively new classification • The risk of direct of indirect loss resulting from inadequate or failed internal processes, people and systems or from external events • Traditional banking risks such as Credit and Trading risks do not form part of this Framework. Strategic risk and reputational risk are specifically excluded. • Measurement or Assessment?
What is happening? • Regulators all around the world are imposing new regulations on banks and insurance firms to make sure they • Can demonstrate they know how to manage operational risks • Put aside enough capital to cope with operational risks • Deadlines have been set • Many firms have not woken up to this need • Many thousands of companies are affected • Thousands of small intermediaries are not going to make it
Why is it happening • Major losses and failure in the corporate world over the past years have forced regulators globally to take action to protect the financial system
Polly Peck Schneider Tyco Atlantic Computers World Com Maxwell BCCI Standard Chartered Bombay Bankers Trust/PG ABN-AMRO Chiasso NatWest Markets Kidder Peabody Daiwa Bank Metallgesellschhaft Barings Barlow Clowes Pensions mis-selling Lloyds re-insurance spiral Morgan Grenfell Jardine Fleming Levitt A few examples
The Vicious Circle Failure of controls Individual idiosyncrasies Unsustainable product Fraud False accounting Overstated security values
The Vicious Circle - 2 Failure of controls Bankers Trust/PG Kidder Pensionsmis-selling Barlow Clowes Metallgesellschaft Individual idiosyncrasies Unsustainable product Daiwa Barings Lloyds Maxwell Levitt Facia Polly Peck JardineFleming AtlanticComputers MorganGrenfell Standard Chartered ABN-AMRO Fraud False accounting Wallace Smith Schneider NatWest Markets Overstated security values
What is being done about it • Across the world regulators have intervened e.g. • Basel Committee on Banking Supervision • FSA • CAD 3 • Higgs • Turnbull • Sarbane Oxley • MAS • King Report
Operational Risk Basel II requires all financial institutions to be able to demonstrate that they are maintaining adequate capital to support their operational risks CP3 CAD3 FSA CP142 – applies to both banks and insurance firms equally CP178 – Lloyds Corporate Governance Higgs Turnbull Sarbanes-Oxley Institutional Investors The pressure is from…….
Why is it a hot topic now? • Regulators globally have been forced to take action to protect the financial system • The most common cause of loss has been “ Operational” (reminder - people, processes and systemsandexternal events) • Territorial regulators give this the force of law e.g. CAD3, FSA • Companies must: • Have adequate systems in place to be able to manage the risks • Have sufficient capital put aside to cover them in the event of these types of loss happening
When is it going to happen • Global • 2007 but with 3 or 4 years data • European • Expected Oct 03 for enforcement • UK – FSA regulated Banks and Insurance Firms • 2003 FSA publishes final policy for operational risk management systems and controls • 2003/4 One year for firms to prepare for implementation of operational risk management systems and controls policy • 2004 Operational risk management systems and controls policy takes effect • Insurance registration must be completed by15/1/2005 or drop dead
What needs to be done • Guidance from Basel • Guidance from the FSA
Guidance from BaselLikely to become best practice in all sectors Sound Practices paper - Basel Committee Feb. 2003 • The Board exercises oversight responsibility • The Board ensures a complete internal audit of ORM but the internal audit function should not be directly responsible for operational risk management • Senior management implements the programme • Management identifies and assesses OR inherent in all activities • Management monitors OR profiles
Basel Sound practices • Management creates control policies, processes and procedures • Management creates contingency and business continuity plans • Bank supervisors require all banks to have an effective framework • Supervisors independently evaluate bank practices • Banks should make sufficient public disclosure of OR approaches
Guidance from FSA • The firm will need to document its policy for managing operational risk – its strategy and objectives and the processes that it adopts to achieve; • Analysis of the firm’s risk profile • Which risks are to be accepted • How it intends to identify, assess, monitor and control the risks, with an overview of the people, processes and systems to be used • Where information is used internally for capital allocation purposes, how that exercise is undertaken.
What the FSA expects to see • Monthly Operational Risk Pack • A Risk Map that assesses high frequency losses and low frequency/high impact exposures • Analysis of the effectiveness of existing controls with action plans for risk reduction • Improvements made to risk positions through activation of risk controls or improved effectiveness of existing controls • Aggregate risk accumulations – by actual costs of risk or expected low frequency/high impact exposures
The ability to: create risk profiles, not just loss data modelling document the controls capture loss data create action plans with responsibilities and accountability clearly shown manipulate data into reports flag alerts to the Board by email self certification procedures and scenario planning capability develop key risk indicators Sarbanes Oxley capability (corporate governance) Integrate validated external loss databases. Solutions typical definition of requirements
Problems • Data • Quality • Availability • Data Models • Based on traditional requirements • People • Don’t always tell what they know • Culture/Corporate Governance • Senior management responsibility • Organisational Change • Need to start with a framework
Opportunities • Huge new market, wider than just financial services • Regulatory pressure to buy • Risk management solutions can be added to any other service • Genuinely new market with regulatory drivers • Cognitix Quadrant is different • risk analytic models adapted from credit or trading environments are not adequate to deal with the totally different requirements of operational risk assessments. • The real value is that it is able to help to predict what might happen, where data is too limited to be statistically modelled by traditional stochastic methods. • We provide full support ranging - framework design to technical implementation
“Cognitix is the most radical, high impact and cost effective approach available for risk and governance”
© Cognitix Limited 2003 To share opportunities with us please contact chris.stalvies@cognitixglobal.com +44 (0)7980 734875
D E M O N S T R A T I O N Overview of Quadrant
Notes • This slideshow features Quadrant, showing how the entire risk management process is addressed including: • Identification • Assessment/Measurement • Control • Only selected parts of the full functionality of Quadrant are shown in the interests of brevity
Contents • This is a Bank example, for illustration only. • Access - Sign on screen for multilevel access • Responding - Respondent screens with and without costing • Viewing • Client view – hierarchical – select data to view • Viewing risk factors – apply weightings – hide non relevant • Viewing data outputs – Boston chart example • Viewing data outputs – Bar chart example • Viewing details – sorting – raising Issues • Managing Issues • Event logging • Applying Risk Appetites
Access to all functions is through this sign on screen The top bar can be changed to reflect Partners own branding • From this single screen you • have seven levels of access • Super Administrator • Administrator • Consultant • Client • Respondent • Manager • Resource
There is no limit on the number or location of respondents This is the first and only screen most users see – they just choose a category and select the appropriate radio button on the range Scales are non numeric here, and can be tailored Instructions can be provided at any level of detail Include qualitative data for richness
Users with more in depth knowledge are asked to provide more information about the maximum cost of the risk if it happens, the cost of countermeasures and frequency The first run produces a risk map, the second one is for controls assessment using “Implementation” and “Effectiveness” as measures
The data can be analysed at any level by clicking this button Risk assessment questions are structured by Client, and can be viewed hierarchically Questions can be analysed at several levels including scorecards View risks weighted and un-weighted For each Client the risk questions are organised into Categories
Each question and/or category can be weighted on each scale and can be hidden from selected users if desired Respondents only answer questions relevant to themselves
The Boston chart is a simple but effective display of risks ranked by priority. Data can be viewed in other formats Hover the mouse over a star and details appear – click to drill down for more detail Resize for a better view Increasing levels of granularity can be displayed x2 to x64
Another display is the Bar Chart Risk scores for individual criteria Colour coding for instant impact Risk scores combined
In this view data can be displayed in a number of ways, including the standard deviation of responses, raise Issues and Actions and sort the columns Sort by risk colour code Drill down
Risks can be easily escalated to Issues with action plans, and managers and resources set tasks to mitigate the risks. Tasks are monitored for completion status
Events can be logged and actions assigned This one button produces a consolidated report for FSA Operational Risk compliance Any number of risks can be related to an event
Formulae can be applied to each scale to reflect the risk appetite Risks can be viewed as “appetised” or “un-appetised”
© Cognitix Limited 2003 chris.stalvies@cognitixglobal.com “Cognitix is the most radical, high impact and cost effective approach available for risk and governance”