420 likes | 574 Views
Risk & Compliance – The Impact of Regulatory Reform Johannesburg October 2011 Keith Saxton Director Global Banking &Financial Markets. Agenda. Risk in the current market environment Smarter Risk Management Addressing Compliance to gain Competitive Advantage Q&A. 2.
E N D
Risk & Compliance – The Impact of Regulatory ReformJohannesburg October 2011Keith Saxton Director Global Banking &Financial Markets
Agenda Risk in the current market environment Smarter Risk Management Addressing Compliance to gain Competitive Advantage Q&A 2 Confidential - Anchor Client Core Banking & Payments Education
Agenda Risk in the current market environment Smarter Risk Management Addressing Compliance to gain Competitive Advantage Q&A 3 Confidential - Anchor Client Core Banking & Payments Education
No one entity can address the problem Academia - the market - regulatory/oversight entities - technology Technology is at an inflection point Exponential growth in supercomputing power Dense/Fast new storage Real-time analysis now feasible Big Focus Too Big to Fail – Capital, Liquidity, Leverage, Interconnectivity Stress Testing BASEL III OTC/Central Clearing Data is the fuel Data semantics/standards/taxonomies Data ‘processes’ / Reference Data Comprehensive, transparent reporting for improved oversight Financial institutions Regulators Supervisors Surveillance and monitoring Compliance Soundness Stability Policy makers Laws and rules Standards The global financial system is highly complex with many stakeholdersRegulatory reform is forcing change - Systemic Risk considerations driving much of the debate Global financial system Interconnected network Complex adaptive system Constantly evolving
Dramatic changes across the industry require new approaches to help maximize profitability and returns, while reducing risk exposure TRUST Rebuilding trust and confidence across the system is critical to future growth and stability ECONOMY Weak conditions affect investment decisions and are reducing the need for financial services COMPETITION Competition is intensifying with increased mergers and acquisitions, divestitures, and new entrants REGULATION Radically increased oversight is ushering in a new era of regulatory requirements $ CLIENTS Clients have rapidly evolving expectations for offerings and services, unbiased advice, and convenience CAPITALIZATION Mature market segments and emerging market segments alike focus on rebuilding their capital reserves
The status quo is unsustainable in the new environment; regulation is forcing change… Largest Areas of Regulatory Impact (Percentage of Survey Respondents, Rank Ordered by Total)1 “Some regulations will require money. All will require a mindset shift.” – Government official, central bank Acting in client’s interest Capital / liquidity provisions Transparency Incentives Forced separation of activities “I am trying to be agile while being under heavy regulatory scrutiny – how do I keep the rigor of control in tact while transforming within this regulatory environment?” – CRO, large investment bank, North America Financial education Global harmonization Don’t know Security Climate change Others n= 1471 Note: 1Question asked: Which of the following regulations do you expect to have the most profound effect on your firm over the next ten years? Please select two Source: IBM / CFA Institute Survey; Primary interviews; IBM Institute for Business Value analysis
7 The dynamics of the global banking industry are changing - driven by regulation – structural rather than cyclical change Structural Reforms enacted by political, legislative bodies Focus on size, scope, societal costs and “too big to fail” institutions • Separation of utility banking from risky activities • Caps on size and concentration to limit bank size concentration • Recovery and resolution for orderly winding down of failed institutions • Consumer Protection Agency • Clearing House for derivatives trading Non Structural Reformsenacted by regulators and statutory organizations Focus on risk, liquidity, capital, leverage • Increased capital requirements • Increased liquidity requirements • New accounting requirements for calculating capital, write downs • Taxation and stability fees to discourage speculation • Compensation edicts and guidelines 7
As the system reforms Banks face varying dimensions of risk and multiple tiers of compliance needs across the different regulatory jurisdictions Financial Risk Financial Crime Operational Risk Governance & Compliance • Systemic risk is on the rise • TheTop 30 banksare bigger post crisis • In many countriesbank assets are ~200% their national GDP • Fraud attempts have grown exponentially • 90%of organizations have experienced a rise in fraud attempts • Turnover in global foreign exchange markets alone has grown toUS$3 trillion/day • 6 timeslarger than trading in US treasury bonds • 240new rule making processes underway in the US • 80%of financial services firm state that their platforms are not integrated across the business
Banking Industry is Under Tremendous Pressure Profitability has degraded significantly and will continue to do so • Average post-crisis ROE expected to drop from 20% to 7% • Estimated financial impact of just Dodd-Frank is $20B/year on top institutions Adverse Impact of Regulation will continue to increase • Only approx. 15% of 400 rulemaking requirements for Dodd-Frank have been completed • Basel III doesn’t begin measurement until 1/1/2015 Regulatory scrutiny and penalties have intensified • Fines increased significantly in 2010/2011 • New agencies, such as CFPB, have announced plans for intense scrutiny Operational models are not designed for compliance/enterprise risk management • 80% of FI’s do not have integrated governance, risk and compliance processes • Compliance will drive profitability; current model increases cost, complexity and uncertainty • Study estimates proper mitigation can increase expected ROE by 50%
Agenda Risk in the current market environment Smarter Risk Management Addressing Compliance to gain Competitive Advantage Q&A 10 Confidential - Anchor Client Core Banking & Payments Education
Smart is:Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time $ Custodyand agency services Commercial banking Retailbanking Corporatefinance Sales andtrading Assetmanagement Credit ratings Market rates Equityprices Economic indicators Correlation Volatility Activities Product classes Managing financial risk today requires more than knowing direct exposure through each line of business. A financial institution must also be able to continuously map critical relationships across activities, product classes and risk factors.
Smart is:Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time. $ Custodyand agency services Commercial banking Retailbanking Corporatefinance Sales andtrading Assetmanagement Activities Product classes This will enable the institution to know its true exposure to all relevant risk factors, regardless of the complexity of their relationships with individual products and activities.
Operational Risk: Smart is moving from measuring likelihood x impact based on limited loss event data to using IT as strategic weapon for risk mitigation LINES OF BUSINESS LOSS CATEGORIES Corporate finance Internal fraud Trading and sales External fraud Retail banking Employment practices Commercial banking Clients, products andbusiness practices Clearing Technology andinfrastructure Agency services Asset management Disasters andinfrastructure Retail brokerage Execution, delivery andprocess management Private banking Malicious damage Corporate items High frequency, low severity Low frequency, high severity High frequency and severity Identifying events that occur most often and that have the greatest impact, as well as the lines of business they primarily affect, is an effective way to manage risk—but the value of this approach ends there. Data source: Operational Riskdata eXchange (ORX.ORG)
Managing Risk Appetite Resource Mgt. Business Mgt. Financial Mgt. Risk Appetite Exposure Control Capital Mgt Solvency Analysis Cost of Risk Analysis Marketing Performance Mgt. Risk Exposure IBM Confidential |
Managing data enterprise-wide is crucial to gaining a single-source, aggregated view of risk exposure across the bank and aligning risk and performance. Risk-adjusted Value Management Finance Risk Risk Appetite Management Maximizing survival and earnings stability for a given level of target performance. Value-based Management Maximizing profitability for a given level of risk. Strategic Finance data is typically the most trusted data in the data supply chain Layering in business events for risk analysis adds additional dimensions to management information. BusinessDecisions Resource and Performance Management Optimizing resource allocation to maximize performance. Risk Exposure Control Containing risk levels within limits consistent with prudential objectives. Operational Single source of information aggregated across the bank
*New from our IBM Center for Applied Insights – Smarter Value Proposition for Financial Risk Management Strategic Examples: • Speedier reaction and agility during crises and shocks • Increased competitive advantage (e.g. Identification of acquisition candidates) • Improved anticipation and avoidance of contagion risk • Operationalize risk appetite Operational Examples: • Improved capital efficiency • Improved productivity of risk management • Reduced liquidity risk • Improved governance and compliance: robust, efficient functional alignment (Risk, Finance, LoB) • Cost efficiencies: integrating supply chains, IT Savings Strategic Brand Examples: • Improved credit ratings • Improved reputation • More attractive to new customers • More attractive to top talent Types of Value Societal Operational Societal Examples: Brand • Improved anticipation/avoidance of contagion risk • More transparency in systemic risks • Improved financial stability
Smarter Risk Management http://www.ibm.com/smarter/banking/value 17
Realizing smarter financial risk management means converging business and financial management capabilities on a single data platform Instrumented Interconnected Intelligent Smarter Risk Know Your Risks Make Risk-informed Decisions Align Risk and Performance value Risk-adjusted Value Management Risk Appetite Management Business Decision-making Risk Intelligence Exposure Management Common Risk Platform progress over time Source: IBM Center for Applied Insights
Expected Annual Economic Benefit(Net income before taxation) $483 Million* Employee Productivity Net Interest Income Improvement Reduced Cost of Funds Excess Economic Capital 31% 30% *Financial Model, for purposes of illustration, based on: • typical medium-sized retail bank with $275 billion in assets • average financial risk management operations maturity • credit risk in the banking book for three lines of business: Retail, Corporate and Residential Mortgage • single country 16% 23% Significant annual economic benefits can be achieved through building the risk enablement capabilities. Smarter Risk Know Your Risks Make Risk-informed Decisions Align Risk and Performance
Integrated Risk Management Portfolio CIO CRO CRO CFO CCO Capabilities IBM Organic OpenPages Inorganic Integrated Risk Management Financial Risk Operational / IT Risk and Compliance Market Risk Credit Risk Liquidity Risk Other Risk Op Risk IT Risk / Security Risk* Compliance Risk* Financial Crimes - Fraud / AML • Financial reporting risk • Financial Controls • Business / reputational risk • etc. • Risk Control Assess-ments (RCSA) • Scenario Analysis • KRIs • Loss Event Databases • Information Security • Business Continuity • Privacy • Data Security • Industry compliance • eDiscovery • Policy Mgmt • Legal / regulatory risk • EFM Strategy and PMO • GBS and ACM SW • ISV Partners • Capital Calculations • Stress-Testing • Cycle-time for reporting • Treasury Forecasting • Cash Mgmt • Counterparty Credit Risk • Basel III • Capital Efficiency • Risk-based Pricing • Predictive Analytics • Asset / Liability Management • Exposure Management • Market Data • Portfolio Return Analytics *Includes recent acquisitions of Guardium, OpenPages, BigFix and PSS Systems
Agenda Risk in the current market environment Smarter Risk Management Addressing Compliance to gain Competitive Advantage Q&A 21 Confidential - Anchor Client Core Banking & Payments Education
22 Banks are facing some key challenges in their efforts to manage risk and compliance across the organization Complete, integrated view of risks across the enterprise Transparency and trustworthiness of data Managing liquidity and capital ratios Rate of change and latency of information Stress testing and what-if scenario modeling Risk- adjusted performance Regulatory compliance 22
Leading banks invest in making information more reliable to gain competitive data analytics and integrated risk management capabilities Turning risk control into competitive advantage Compliance delivers improved governance and more reliable data Risk models enable integrated financial performance management Every institution has 3 options to address Regulatory and Compliance Gaps: • Do nothing; continue on current path • Attempt incremental corrections • Create a profit-oriented organization with a risk-based culture Successful firms will leverage this opportunity for improvement and competitive advantage Achieve a better understanding of which businesses/products/services actually drive value and which are destroying value, considering both direct and indirect costs (capital charge, exposure, etc.) Gaining visibility into potential issues before they become real ones: 68% of severe market cap declines from 1998 to 2009 were due to strategic risks almost 70 percent of survey respondents failed to identify more than one-half of the risk events they ultimately faced
Many Financial Institutions still struggle… Despite Significant investment to date in risk calculation and modelling methodologies Constant responses to regulatory mandates Operationalizing and automating risk and compliance processes and decisions remains a challenge. Manual creation of risk positions to senior management Difficult to answer the ad hoc, one off questions from Regulators during compliance exams Risk analysis difficult to share appropriately, consistently, accurately, automatically Risk and Finance reporting difficult to align LOB execs and Relationship Managers are disconnected from their risk bearing decision Often knowledge about risk exposures and concentrations are already ‘inside the walls’ but not easily identified. 24
Information Security AML / Fraud Compliance Operational Risk Business Continuity Vision Vision Vision Vision Vision Management Management Management Management Management Infrastructure Infrastructure Infrastructure Infrastructure Infrastructure Data Data Data Data Data Most of our FSS clients have centralized policy development with decentralized implementation by risk management discipline which creates overlapping technology solutions – increasing the cost and complexity of risk management Siloed Disciplines Challenges • Misalignment of ownership between Corporate Operational Risk and the IT organization • Varying methodologies and processes for complying with Corporate policies • Duplicate tools developed for similar processes • Disparity in the measurement outputs from multiple tools “Up to 30% of IT spending associated with compliance in the financial services industry consists of wasteful duplication….most of this waste is heavily skewed toward the very largest FSIs that are highly diversified and geographically dispersed, in effect siloed.” - TowerGroup
Making Regulatory Compliance Manageable The impact of regulatory compliance across an organization is enormous It must be centrally managed and coordinated to minimize risk, costs and time to implementation We suggest approaching Compliance via the 4impacted areas. PROCESS & GOVERNANCE MEASUREMENT, ANALYTICS & REPORTING Integration Optimization Analytics Collaboration Security Resiliency APPLICATIONS & ARCHITECTURE Integrated Risk Management Market, Credit, Liquidity Operational Regulatory DATA & ARCHITECTURE
Where to start? Enterprise Risk Health Check Do you have the necessary data foundation for information governance and quality? Do you have the right information and is it scaleable and flexible to meet the changing demands? How optimal are processes and organization for the pace of change? • Total Exposure Information • Credit Risk Reporting • Limits & Utilizations • Overdrafts & Netting • Collateral Management • Operational Risk Reporting • Stress Testing • Market Risk Reporting & Analytics • Trending and Predictive Capabilities Information Access Analytics Integrity and Business Insight • Quality & Completeness of Source Data • Linking Data to Common Client/Institution • Recognition of Risk Management Needs • Siloed Initiatives • Data Aggregation • Data Lineage Data Quality and Governance of Information • Key Risk Indicators • Credit Limit Approval Process • Credit Lending Process • New Business Acceptance • Client Investment Agreements • Multiple Risk Calculators • Duplicate Functional Systems • GL Reconciliations Process Improvement, Automation and Rationalization IBM has developed an Enterprise Risk Health Check A proven diagnostic approach for assessing a bank’s risk data environment and making recommendations for improvements
The IBM Enterprise Risk Health Check is rapid workshop-based diagnostic Documented Current State Architecture and Challenges Developed Target State Architecture and Potential Initiatives Finalized Roadmap to Implement the Future Vision Analyzed Interview Pain Points Initial Findings And Recommendations Target State Architecture Initiative Prioritization Interview Notes Client Artifacts Current State Architecture Potential Initiatives High-level Roadmap Interview Analysis Current State Challenges Value Case Initiative Overviews Enterprise Risk Management Health Check The high-level roadmap provides the transitions from current to future state as well as the required initiatives needed to fully realize the strategic vision
Transforming Enterprise Risk Management and Compliance Current State Proposed State How Do You Get There Value Proposition
Comprehensively Assessing Required Governance ChangesIBM has developed a Capability Model summarizing key strategic domains and capabilities used to ensure comprehensiveness in your Compliance Program Governance & Oversight Development of Regulations, Standards & Guidelines Controls & Communications Analytics-Based Policy Consultation Systemic Financial Regulation and Compliance Bankruptcy & Liquidation Management Compensation & Employee Incentive Management State Law and Lawsuit Management Reporting Fulfillment Government Reporting & Registration Financial Compliance Audit & Reporting Process Compliance Audit & Reporting Public Communication Management Report Consolidation Hub Recordkeeping & Data Collection Information Gathering & Benchmarking Database Development, Maintenance and Control Transaction, Event, Customer and Account Information Capture Litigation Information Management Process Management Proactive & Pre-emptive Response Optimization Optimized Response to Swap Trading Restrictions Mergers, Acquisitions, Divestitures and Conversions Optimization Risk & Fraud Management Risk Detection & Analysis Fraud Detection & Analysis Stress Testing, Capital & Margin Optimization Business Development Business Model Transformation Marketing, Customer & Product Realignment
Process and Governance Challenges Regulatory Compliance requires process and governance changes. Not coordinated properly, these changes will introduce significant operational and compliance risk to the enterprise. Most organizations: • Lack a “Programmatic Compliance Regime” (as defined by the regulations) • Lack the ability to systemically identify and triage changing Compliance requirements. • Have not defined the policies, procedures, and processes necessary for stress testing; creating & capturing the newly required metrics, reporting and disclosures; living will requirements; registration requirements, etc. • Have not addressed the required changes to IT governance.
Measurements, Analytics & Reporting Challenges Regulatory compliance requires a large number of new external disclosures and reporting. It also requires management to be more aware of risks as they occur. This increases the need for timely and accurate internal metrics and reporting. Most organizations: • Have not defined what internal metrics are required, who must view them and how current the metrics must be (real-time, T+1, T+2, etc.). • Have not created a comprehensive listing of new external disclosure and reporting requirements, including the metrics required to prepare these. • Have financial and coverage information that is not structured for analytics (i.e., maintained over time, etc.).
Application & Architecture Challenges Regulatory Compliance changes are too sweeping and dynamic to be addressed tactically or passively. IT managers must proactively seek to understand current and likely needs and address changes strategically. Most IT organizations: • Are awaiting IT requirements versus proactively driving business process re-engineering. • May have received a listing of individual project or requirement needs but have little insight into what may be coming in short order. • Do not have a comprehensive tool for customer identification necessary to support current operational and compliance requirements. IT and business leaders that stand by waiting for further specifics [on Compliance requirements] will be paralyzed and constantly responding to changes in regulatory direction and interpretation. Gartner 2010
Data and Architecture Challenges Data can no longer be considered simply a subset of technology requirements. The accuracy, availability and consistency of data requires data governance and architecture. At a micro level, key challenges include: At a macro level, most organizations: • Do not have a formal data management or control framework. • Lack consistency in data definitions across products, functional areas and lines of business. • Have not identified the data needs to support Compliance analytics, reporting and disclosures or the Gold Sources to support them. • Have not considered Compliance implications in their data retention strategies.
We can assist you in determining priorities if they are not already defined Lean-based Process Reengineering benefits estimate
An Exclusive IBM tool is available to triage Compliance Requirements Example: Dodd-Frank Capability Assessment Tool with Maturation Benchmarks • Our Rational software-based ‘Compliance Accelerator’ provides the capability assessment tool, specially designed to provide requirements and maturation benchmarks for Dodd-Frank compliance based upon grouped capabilities. • The tool can permit project managers to craft project plans designed to meet very specific levels of maturation for each project capability.
The IBM Rational Compliance Accelerator for Financial Services with Dodd-Frank Extensionenables innovative firms to understand and drive significant strategic benefits by capitalizing on the magnitude of the required investment Followers Achieve “Basic Dodd-Frank Compliance” Innovators Achieve “Strategic Value” The IBM Rational Compliance Accelerator for Financial Services with Dodd-Frank Extension helps unlock the strategic business value Strategic business value Strategic investment for business value Government compliance & cost savings Government compliance & cost savings Required investment for mandate Required investment for mandate Investment Business value Investment Business value • Identify and maximize opportunities to increase business value by using Dodd-Frank mandate as an opportunity to invest in innovation for cost savings and growth • Deploy minimal work-arounds and changes to comply with government mandate at the lowest possible cost
Key Concepts implemented in the IBM Rational Compliance Accelerator for Financial Services Compliance Driven Remediation Collaboration, visibility and status Team Concert Collaborative Application Lifecycle Management Business Driven Initiatives Focal Point
Understanding the scale of the changeIBM’s Target Operating Model (TOM) framework can address any or all aspects of a project, speeding delivery and reducing risk 7. Technology 1. Processes / Process Model • includes the application modelthat defines the target • based on the existing 1. Processes 1. Processes application landscapeby mapping modules to taxonomy, increase the level of process information capabilities as specified inthe processes model available for the core processes and conduct deep 7. Technology 7. Technology 2. Data 2. Data dive studies 5. People • focus on core processes and propose improvements with • outlines the people regard to the strategic implications in terms of imperatives organizational structure, skills, and behaviours 2. Data Strategy required, the expected • identifies data which is 3. Process 3. Process headcount distribution and 6. Sourcing & 6. Sourcing & required for applicable Control Control the change implications Location Location processes Framework Framework • describes the associated data governance model and assigns 6. Sourcing & Location ownership • defines key make or buy 3. Process Control options as well as near - Framework 4. Organization 4. Organization 5. People 5. People shore and off - shore & Governance & Governance • defines responsibilities and considerations ownership of core processes, • defines which activities are the corresponding resources executed where and the data those processes 4. Organization & work on Governance • aligns the organizational units to the processes • defines roles and Responsibilities decision making bodies
IBM’s Compliance TOM framework has a comprehensive set of real-world tested tools and templates to jumpstart the project Key Elements of IBM’s Compliance TOM Framework TOM toolkit Compliance Assessment Data • Partial list of artifacts: • Interview guides and summaries • Required business capabilities • Current environment inventory • Application architecture • Organization models • Process maps • Skills and job role templates • Governance models and processes • Candidate opportunities list • Transition roadmap • Financial analysis and activity-based costing • Business case • Leading practices in Compliance in Capital Markets • Compliance Component Business Model • Compliance process catalog with Level 2 process maps • Product level control and risk matrices • Roles and responsibilities matrices (RACI model) • Organization and governance models • Application architectures • Data governance models IBM project team can focus on value-added tasks as opposed to developing templates
Banks must drive up efficiencies and structural savings while retaining flexibility to address complexity and risks – Time to Data and Cost of IT the drivers Shared Services Optimization • Enterprise Data Management • Enterprise Content Management • Call Center • Human Resources • Finance IT Optimization • Application Portfolio Rationalization • Application Development & Maintenance • IT Resource Optimization Front-to-Back Office Integration • Collections & Recovery • Transaction Processing / Core Banking Systems Transformation • Lending Process • Account Opening/Client Data Management Short term • Staff Reductions • Management De-layering • Activity/Service Rationalization • Project Rationalization Impact and Timing of Cost Savings Programs Short Term Simple initiatives that drive near-term savings via reduced capacity High (>25%) Long-term Impact (Savings as % of spend) Long Term Transformation initiatives that drive longer-term savings, sustained growth, and greater agility Medium (10-25%) Low (5-10%) Source: IBV analysis; IBM client engagement experience Long (> 12 mos.) Medium (6-12 mos.) Short (3-6 mos.) Timing of Benefits Realization 41
Agenda Risk in the current market environment Smarter Risk Management Addressing Compliance to gain Competitive Advantage Q&A 42 Confidential - Anchor Client Core Banking & Payments Education