Thoughts on risk management

Thoughts on risk management Pierre Pourquery (Partner)

May 2009

Agenda

Lessons learned from the crisis Risk management diagnostic Possible solutions

Caesarea Center Annual Summit PP presentation.ppt

1

1. Lessons from the crisis Excessive focus on growth

Implementation of new regulation

Rapid volume growth Protection

Growth

• Basel II: Credit risk

•OTC Derivatives •Mortgages •MBS

• Basel II :Operational risk

Increased complexity

• MFID • SOX • Etc..

Record profits and bonus

Lesson 1: uncontrollable growth? Caesarea Center Annual Summit PP presentation.ppt

2

Most banks targeted top spot Syndication (2008)

IR derivatives € (2008) 9%

JPMorgan 7%

BoA - ML 5%

Citi

Deutsche Bank

FX derivatives (2008) Deutsche Bank

16%

JP Morgan

22%

UBS

16%

Barclays

13%

9%

RBS

4%

Citi

7%

BNP Paribas - Fortis

4%

RBS

7%

3%

Sumitomo Mitsui

BNP Paribas

3%

Mitsubishi

Barclays

3%

Mizuho

3%

Wells - Wach Deutsche Bank

2%

Barclays

2%

9% 8%

SG CIB

7%

Calyon

RBC

2%

HSBC

2%

Goldman

1%

SG CIB

1%

ING

1%

Morgan Stanley

1%

UBS

1% 0

2

4%

HSBC

4%

Lehman

4%

Goldman

3%

Morgan Stanley

3%

BofA

2%

Dresdner

2%

BNP Paribas - Fortis

2%

6%

2%

Calyon

JP Morgan

Natixis

6%

Credit Suisse HSBC

5%

RBS

5%

Citi 4

6

8

10

4% 0

5

10

15

20

2%

Merrill Lynch

1%

ABN

1%

Calyon

1%

SG CIB

1%

RBC

1%

0 10 Banks that have suffered during the crisis

20

30

Source: Dealogic, Euromoney; BCG Caesarea Center Annual Summit PP presentation.ppt

3

The Volume of OTC Derivatives Has Soared Outstanding OTC derivatives ($trillions) 700

Other 525

CDS Commodity

350

IR 175

Equity FX

0 98 H2

99 H1

99 H2

00 H1

00 H2

01 H1

01 H2

02 H1

02 H2

03 H1

03 H2

04 H1

04 H2

05 H1

05 H2

06 H1

06 H2

07 H1

07 H2

Source: OTC Derivatives Market Activity reports, Monetary and Economic Department, BIS


4

Rapid growth of the US subprime mortgage market In 2005 & 2006, more than $1,200bn subprime mortgages issued in the US

And subprime mortgages have grown as a % total US mortgage market

Subprime originations $bn

Subprime share total originations, %

800

25

625 600

+421%

605

470

20

+320%

15

400 310

10

180

200

5

120

0

0

2001

2002

2003

2004

2005

2006

2001

2002

2003

2004

2005

2006

Source: Inside Mortgage Financial figures, Wall Street Journal, 12 March 2007; Broker Reports Caesarea Center Annual Summit PP presentation.ppt

5

Significant increase of MBS issuance in the last 10 years

Volume of subprime MBS issued has increased over 400% since 2001 Subprime MBS issued $bn 600 508

483

401

400

+431%

203

200 96

122

0

2001

2002

2003

2004

2005

2006

Note: RMBS - Residential Mortgage Backed Securities; MBS - Mortgage Backed Securities; ABS - Asset Backed Securities Source: The 2007 Mortgage Market Statistical Annual, Inside Mortgage Finance, Bethesda, MD Caesarea Center Annual Summit PP presentation.ppt

6

Proportion of complex products has also increased significantly

OTC Derivative

2003

2007

Legend

10%

CDS

44%

Multi Name CDS Single Name CDS

14%

Equity

56% Vanilla

Vanilla

12%

Interest Rate

Non-Vanilla

19%

Non-Vanilla Swap FRA, IR Option & Vanilla Swap

Source: ISDA Operations Benchmark Survey, ISDA & OTC Derivatives Market Activity reports, Monetary and Economic Department, BIS


7

2. Lessons from the crisis Significant investments in risk management could do very little to prevent the losses

A very "controlled" environment... Oversight External auditors

Enterprise risk data

Internal control

Risk

Risk control self-assessment

MO

Oversight

Tools and data

Regulators

Internal auditors

...that masks critical weaknesses

Risk culture

Tools and data

Detection tools Integrated view across controls and risks

Trading surveillance Overview of controls in place VAR

Compliance

Management

Relevant and accurate reporting

Monthly reporting

Organisation and people

Governance

Central OpRisk department

Risk Committees

"Local" OpRisk managers

Vast set of controls

Independent control functions

Organisation and people

Governance

Compensation

Effective "governance model"

Competence

Strong role of Risk in innovation and growth related decision

"Real" independence

Stress testing of controls

Adequate allocation of control staff

Clear formalisation of roles and accountability

Lesson 2: ineffective risk management?


8

How would you feel ?

Head of Nuclear Power Plant Incentive KPIs Revenues Profit Assets availability Security

Anything familiar with banks? Caesarea Center Annual Summit PP presentation.ppt

9

Agenda

Lessons learned from the crisis Risk regime diagnostic Possible solutions


10

Ineffective risk management regime? Analysis of the current system Growth

Protection

Shareholders

Growth Protection Protection

Regulators

Protection

Risk Caesarea Center Annual Summit PP presentation.ppt

Growth

Top management

Business 11

Ineffective risk management regime? The regulators "Wrong regulatory incentives" Growth

Protection

1.

Over abundance of controls – create duplications, confusions and unnecessary complexity -

2.

Focus on micro regulation that does not prevent systemic risks – does not capture sustainability and Shareholders risks of business models-

3.

Assumption that high level of capital sufficient to protect the bank – no consideration for extreme situations and operating model of risk management –

4.

Protection Costly and complex implementation – distract critical and scarce resources from more "effective" risk management -

Growth Protection

1 Regulators

Protection


Growth

Top management

Business 12

Increasing the number of controls is not the solution Risk controls are vulnerable under extreme stress

While traditional audits revealed limited weakness …

… large losses occurred when “acceptable” controls failed under stress

Strong

31%

41%

65%

Control adequacy1

41%

Strong Acceptable

41%

Acceptable

28%

Deficient

7% Currencies (Europe)

41% 4%

7%

Currencies (U.S.)

24%

24%

4%

13%

17%

4%

4%

33%

4%

11%

7%

Deficient Low

48%

Medium High

Control vulnerability 2

45%

High Yield (Europe) 18%

21%

Currencies (U.S.)

High Yield (Europe)

14% MBS (U.S.)

Control adequacy1

Control adequacy1

Currencies (Europe)

Strong Acceptable

13% 4%

18% 7%

MBS (U.S.) 17%

37% 21%

Deficient Low

4%

20%

4%

41% 14%

Medium High

Control vulnerability 2 Strong Controls

Adequate Controls

Deficient Controls

Vulnerability Quadrant

Failure Point

Disguised Client Example (1) Control Adequacy: Ability of risk controls, if faithfully executed, to mitigate risk and hold up well under everyday stress (2) Control Vulnerability: Degree to which the risk control can be subverted by application of extraordinary stress

Focus should be on better controls, no more controls


13

Ineffective risk management regime? The business "Poor risk culture"

Growth

Protection

Shareholders


Regulators

Protection


1.

Incentives designed to focus on growth, not on protection – not based on " real" profitability and long-term view -

2.

Limited participation in Risk Committee – no desire to engage -

3.

Limited understanding of growth/protection trade-offs

4.

Rapid increase of staff dilutes original risk culture

5.

Deficient business ethic

Growth

Top management

2 Business 14

FO/business lines not incentivised to care about the "risks" Front office

Controlling

£800,000

£600,000

£400,000

£200,000

Bonus Base salary Min Max

Min Max

Min Max

Min Max

Min Max

M&A corporate finance

Min Max

Min Max

£0

Debt and structured finance

Product control

Financial control

Market risk

Operational risk

Credit risk

Personal risk-return balance versus enterprise risk-return balance Caesarea Center Annual Summit PP presentation.ppt

15

Wages in the financial industry likely to decrease Relative fin. industry wages Regulatory legislation Deregulatory legislation

Relative financial wage 1.7

1999: Gramm-Leach-Bliley Act (repealed GlassSteagall & parts of Bank Holding Co. Act)

1933: Glass-Steagall Act 1933: Securities Act

Most likely? 1.6

1996: Investment Advisor Act Amended

1.5

1994: Riegle-Neal Interstate Banking & Branching Efficiency Act (repeals parts of Bank Holding Co. Act)

1.4

1956: Bank Holding Company Act

1934: Securities Exchange Act 1939: Trust Indenture Act

1.2

1940: Investment Advisors Act

1.1

1940: Investment Company Act

1920

1930

2008: Housing and Economic Recovery Act

1980-84: Removed interest rate ceilings (from Glass-Steagall)

1.3

1.0 1910 1909

2008: Economic Stimulus Act

1940

2008: Emergency Economic Stabilization Act (TARP)

2002: SarbanesOxley Act

1950

1960

1970

1980

1990

2000

2009: American Recovery and Reinvestment Act

2010 2020 2006 2010

After the 1929 crisis, wages in the financial industry collapsed and stagnated for almost 5 decades! Note: Relative wage = the ratio of the actual wages in the Financial Sector to the Non Farm Private Sector Source: "Wages & Human capital in the US Financial Industry: 1909-2006" by Thomas Philippon and Ariell Reshef, December 2008 Caesarea Center Annual Summit PP presentation.ppt

16

Ineffective risk management regime? The IT Growth

Protection

"Incomplete risk information" 1.

Poor quality of risk information – significant effort in reconciliation -

2.

Limited connectivity of information – only strong signals captured not weak signals –

3.

Qualitative information not captured – mostly quantitative information collected -

4.

Costly and complex risk infrastructure – trend to centralise transactions not risk information -

Shareholders


Regulators

Protection


Growth

Top management

3

1 Business 17

In spite of significant investments in Risk IT infrastructure...

Implementing Basel II has cost banks 50-100€m on average

Basel II Implementation costs (€m)

> € 100m

20 %

€ 50m - € 100m.

< € 50m

12 %

88 %

100 bn Total assets in €

18

...risk information is still of poor quality

Proportion of institutions rating their risk data quality as 'High' 92

Market risk

62

Liquidity risk

Clear improve-ment opportunity

40

AML

8

Operational risk 0

75

Lack of proper data architecture

75

Lack of consistency and trust in underlying data

67

42

Lack of systems functionality

15

Credit risk

Lack of integration between different systems

Lack of resources to manage production and validation of risk data

31

Fraud

Main obstacles faced in producing risk data for use by business management

25

17

Poor system performance 20

40

60

80

100

Responses (%)


0

20

40

60

80

100

Responses (%)

19

Ineffective risk management regime? Risk reporting "Failure to communicate well"

Growth

Protection

1.

No holistic view of risks and contagion effects – only captured through unrealistic correlations -

2.

No clear and concise risk reports with limited link to business impact – too risk centric and not linked to business metrics and strategy -

3.

Overly complex risk metrics - VAR metrics difficult to explain and use for hedging -

4.

Shareholders

Growth Protection

No timely information – not enough focus on detection and real time information Growth

Protection

Top management 4


Business 20

Ineffective risk management regime? The risk function "No real counter powers" Growth

1.

No real ability to enforce mitigations and say "No" - poor status and limited independence -

2.

Ineffective organisation – fragmented risk and control functions with unclear accountabilities and poor collaboration -

3.

4.

Focus on "normal" conditions and knowable risks - no time for in-depth risk analysis and understanding of "realistic" worst case scenario -

Protection

Shareholders

Growth Protection

Excessive belief on models - limited use of judgement and business experience -

Protection

5 Risk Caesarea Center Annual Summit PP presentation.ppt

Growth

Top management

Business 21

Too much focus on quantitative analysis This drives down efficiency and makes the risk function less effective Activity overview (average across 5 Invt. banks) Market Market risk unit unit risk

Total Total (1) FTE(1) FTE

Methodology and policy

% Global banking

9

1

Equity products

15

1

Market risk management

Market risk measurement

Data cleaning

28

11

20

23

Limit controlling

33

16

17

Report production

5

12

IT support

3

9

20

FICC 16

14 PTCM & global reporting

10

4

20

8

6

9

30

18

8

3

16

12

40

9

Local risk 13

6

17

6

21

13

12

22

10

15

F&SM 28

16

10

12

8

21

Global analytics 3

15

25

1

40

18

Total FTE 81

5

18

10

11

17

10

12

22%

Critical to re-establish the importance of judgement Caesarea Center Annual Summit PP presentation.ppt

22

Ineffective risk management regime? Top management "Sub-optimal decisions" Growth

Protection

1.

Focus on short-term growth

2.

High degree of separations and incomplete information – difficult to understand real nature of risks and material impacts leading to sub-optimal decision making -

3.

No explicit risk appetite and understanding of trade-offs – understandings of business and operating model risks not well understood -

4.

No active role in risk management – no systematic participation in Bank Risk Committee -

5.

Risk function not always part of the decisions – often ignored or not at the table -

Shareholders


6 Regulators

Protection


Growth

Top management

Business 23

Ineffective risk management regime? Shareholders "Insufficient oversight" Growth

Protection

7 Shareholders

1.

Incomplete information on bank's risks

2.

No right to nominate directors – difficult to hold directors accountable


Regulators

Protection


Growth

Top management

Business 24

Agenda

Lessons learned from the crisis Risk management diagnostic Possible solutions


25

Creating a new risk regime Key success factors 1. Reliability, connectivity and timeliness of risk information better than accuracy –

Simpler but more robust risk metrics needed

–

Focus on connectivity of information

2. Put business sense and judgement back at the centre of risk management –

"Model" based risk management killed business judgement and made banks insensitive to weak signals

3. Reinforcement of risk culture –

The crisis has proven that strong risk culture is the best protection

–

Changing bonus structure unlikely to work

–

Active role of the risk function in fostering a strong risk culture

4. Integrate, don't segregate –

Integrate risk and control activities/functions: no need for multiple line of controls

5. Be innovative, integrate new dimensions in risk management –

Traditional risk management relies too much on historical data and models, and does not consider human behaviour and organisational dimensions

6. Adapt risk regime to business strategy –

Different risk regime depending on growth and profitability strategy

7. Be realistic and adapt –

Don't design a risk regime that you cannot finance (FTE, IT, etc..)

–

Don't over-rely on risk models or expensive IT: use judgement and tactical solutions


26

What matters most in the new risk regime 1. Restoring trust "Emphasis on valuation, growth risks & culture" 1. Control of the "Stock" – – – – –

Production of daily P&L with detailed explanation and risk profile Tight control on utilisation of scarce resources Integration of risk and product control functions Creation of Extreme Risk team

1. Ensure robustness of asset valuations and P&L

Qualitative & quantitative risk analysis (from 10/90 to 50/50)

2. Control of the growth –

Lead stronger New Product Committee

–

Operational risk limits

Growth Protection

Protection 3. Risk culture and business enablement

– –

Support actively business on management of trade-offs (e.g. operating model risks) Business experience required

Growth

Protection

Top management

Growth

Protection


Business 27

What matters most in the new risk regime 2. Detection and quicker reaction "Emphasis on valuation, growth risks & culture" 1. Control of the "Stock" – – – – –

Production of daily P&L with detailed explanation and risk profile Tight control on utilisation of scarce resources Integration of risk and product control functions Creation of Extreme Risk team

2. Quicker and better response through better connectivity of all types of information




–

Operational risk limits

Growth Protection

Protection 3. Risk culture and business enablement

– –


Growth

Protection

Top management

Growth

Protection


Business 28

Change the organisation to detect better Key for transmitting signals

Key for detecting and understanding signals

High degree of separation, i.e. large geodesic distance

Poor connectivity, i.e. low density

Low degree of separation, i.e. short geodesic distance

Rich connectivity, i.e. high density with path redundancy

Lower attenuation of signals

Better triangulation of signals

Signal/Noise ~ Attenuation L

Signal/Noise ~ √k ; ~ √P


29

Detection, not measurement is what matters most

Access

Deal booking

Limit check

Confirmation

Reconciliation

Payments

P&L

FO

Strong signal

MO

BO

RISK

IT

Finance

Weak signals

Critical to build a data infrastructure capable of “connecting the dots” and yielding insights into the state of operations and identifying strong signals Caesarea Center Annual Summit PP presentation.ppt

30

Human behavior matters Leverage of cognitive model

Icosystem Cognitive bias library

ision r dec e d a r t ach ate e odel. m i t lm Es viora beha

Attitudes Motivations Cognitive biases

tive redic p h t el wi mod

Risk perception biases Risk decision biases Hyperbolic discounting Information overload biases

Extraction of cognitive biases for one trader by type of market conditions.

Definition of context-relevant (e.g., trading) decision strategies/biases.

YTD performance Trading history Market conditions

Cognitive model (virtual trader)

Trading actions Reporting Performance 100% 90%


80% 70% amb none lex eqw eba wad

60% 50% 40% 30% 20% 10% 4 att r 7 att r 7 att r tru etr ue tru efa ls e fa lse tru tru fa e etr ls efa u ls tru e 4 etr alt e 4 u att tru e 7 r etr alt 4 ue att tru 4 r etr alt 7 ue att tru r efa 7alt 7 ls e att tru 4 r efa alt 4 ls att e tru r efa 7alt 4 ls att e tru r efa 4alt 7 ls att e fa 7a r lse tru lt 7 att e fa 4a r lse tru lt 4 att e fa 7 r lse a tru lt 4 att e fa 4 ls r etr alt 7 ue fa att lse 7a r lt fa 7 ls fa att e ls r efa 4alt 4 ls fa att e ls r efa 7alt 4 ls fa att e ls r efa 4alt 7 ls att e 7a r lt 7 att r alt

alt

alt

7

4

alt

att r 4 7

alt

att r

att r 7

4

4

alt

7

all

0% 4

r range er unde d a tr r areas fo tify risk n e id to er tual trad tors. • Use vir conditions. k indica havioral model. s ri le t b e a e of mark e with measur g into b onitorin cil m n o e c c e fa R r • su educed • Build r

Main decision biases for one trader by type of market conditions.

31

What matters most in the new risk regime 3. Control the growth "Emphasis on valuation, growth risks & culture" 1. Control of the "Stock" – – – – –

Production of daily P&L with detailed explanation and risk profile Tight control on utilisation of scarce resources Integration of risk and product control functions

3. Active management of growth risks

Creation of Extreme Risk team Qualitative & quantitative risk analysis (from 10/90 to 50/50)



–

Operational Protection risk limits

Growth Protection

3. Risk culture and business enablement – –


Growth

Protection

Top management

Growth

Protection


Business 32

alt

att r

att r

7

0% 7

4

7

4

7

4

alt

alt

alt

10% 7

4

4

7

att r

att r

att r

att r 7 7

7 att r

att r

att r

att r

att r

tru etr ue tru efa ls e fa

alt

alt

att r

60%

50% 80%

70% amb none lex eqw eba wad

60%

50%

Workshop-based risk factor superset definition and analysis.

+

Caesarea Center Annual Summit PP presentation.ppt amb none lex eqw eba wad

20% 40%

Behavioral clustering of traders.

amb none lex eqw eba wad

Main decision biases by type of market conditions for all traders.

x x xx x x

Syn thet ic in

x x x x xxx

dica tor 1

Qualitative research workshop

x xx

ne Mo

s Pre

in d

y

to

x

r2

x x x xxx ica

90%

ic

100%

et

90%

Sy nt h

att r

att r

att r

att r

100%

amb none lex eqw eba wad

Attitudes and motivations

alt

20%

alt

0% 4

30%

lse tru tru fa e alt etr ls 4 att 7 ue efa 7 att tr r alt 4a lse r ue 4 lt tru tru 4 att etr 4 att e r alt ue tru 7 r tru etr alt 7 4 e u a fa ttr 7 e att ls tru alt 4 r e fa etr alt 7 lse 7 att ue att tru tru r tr r tru e efa 7alt ue fa etr tru lse 7 ls ue e att fa tru 4a ls true tru e 4 r e lt efa fa etr alt 4 ls 4 ls ue att e att tru e tr fa 7 r 7a alt r efa ue lse lt tru 4 ls tru 4 att tru e e att tru fa e tr 4a r 4a etr ls r efa ue lt efa lt u tr 7 ls 7 ls tr ue att tru e 4 e att fa 7a r 7a etr alt e ue r lse 4 fa lt u tru lt 7 att 7 ls att tru e 7 e e att fa r tru 4a r etr alt r lse efa 4alt lt 4 ue tru 4 att 4 ls att tru e 4 att fa e r tru 7a 7a etr alt r ls r e etr 7 lt lt fa ue 4 att 4 ls tru ue att att fa e r tr efa 7alt 4a 4a r ue r lse 7 ls lt fa tru lt 7 e att 7 ls tru att att fals e e r fa efa 4alt 7a 7a r r e lse 4 ls lt lt fa att tr 7 e 7 ls tru att e att fals r fa ue efa 7alt 4a 4a r r e lse 4 ls lt lt fa a tr e 4 ls 4 tru ttr ue att e att fals fa efa 4alt 7a 7a r r e ls 7 ls lt e lt fa att tr e 4 ls 4 fa 7a att e att fals r fa ue lse 4a 4a r r e ls tru lt 7 lt etr lt fa att e 7 ls 7 fa ue 4a att e att r fa lse 7 ls lt 7 r r alt alt tru efa 4 att e 7 7 fa ls 7a att att r fa ls e ls etr lt r r efa 4alt 4 ue att 4 ls fa 4 att r fa ls e ls etr alt r efa 7alt 7 ue att fa 4 ls ls att e r fa efa 7alt ls r efa 4alt 7 ls att fa e 7 ls ls att e r efa 4alt 7a r 4 ls lt att fa e 7 ls att r efa 7alt r 4 ls att fa e ls r efa 4alt 7 ls att e 7a r lt 7 att r 4

4

all

att r

10% 4

30%

4

0% 7

10%

alt

alt

alt

att r

40%

alt

30%

4

0% 70%

7

40%

4

50%

10%

alt

20% 80%

alt

60%

7

all

7

30%

alt

alt

7

70%

alt

20%

7

alt

80%

40%

4

4

4

4

7

4

50%

all 4

. alt

alt

90%

7

4

. 7

4

100%

60%

all

70%

att r tru etr ue tru efa ls e fa lse tr u tru fa e etr ls efa u ls tru e 4 etr alt e 4 u att tru e 7 r etr alt 4 ue att tru 4 r etr alt 7 ue att tru r efa 7alt 7 ls e att tru r efa 4alt 4 ls att e tru r efa 7alt 4 ls att e tru r efa 4alt 7 ls att e fa 7a r lse tru lt 7 att e fa 4a r lse tru lt 4 att e fa 7 r ls etr alt 4 ue att fa 4 r ls etr alt 7 ue att fa ls r efa 7alt 7 ls att fa e ls r efa 4alt 4 ls att fa e ls r efa 7alt 4 ls att fa e ls 4 r alt efa 7 ls att e 7a r lt 7 att r

. 7

4

Mesoscopic approach applied to security of operations

Signals and alerts extraction

100%

90%

Translating quantitative and qualitative research into meaningful, monitorable signals.

80%

Quantitative research consistency

Qualitative research reconciliation

Quant Qual Signal

Group 1 Volume pressure Risk averse Volume

Group 2 Exceeds limit Prestige Limits

Group 3 High variance Minimum perform Variance threshold

Group 4 Volume thriving Risk addict Volume

X Key risk signals

tige

n ctio ddi a k Ris rm erfo mp u im Min n rsio ave k Ris

Only focus signals need be monitored. Focus signals change over time as new indicators arise. 33

What matters most in the new risk regime 4. Enforcing a risk culture "Emphasis on valuation, growth risks & culture" 1. Control of the "Stock" – – – – –

4. Active support to the business on management of critical trade-offs

Production of daily P&L with detailed explanation and risk profile Tight control on utilisation of scarce resources Integration of risk and product control functions Creation of Extreme Risk team Qualitative & quantitative risk analysis (from 10/90 to 50/50)



–

Operational Protection risk limits

Growth Protection

3. Risk culture and business enablement – –


Growth

Protection

Top management

Growth

Protection


Business 34

Other key changes in the new risk regime "Emphasis on valuation, growth risks & culture" 1. Control of the "Stock" –

Production of daily P&L with detailed explanation and risk profile

–

Tight control on utilisation of scarce resources Integration of risk and product control functions Creation of Extreme Risk team

– – –

1. Simpler reporting with integrated view of business strategy, risks (Operations, key risk factors), performance (P&L, growth, cost), & constraints (liquidity, capital, resources)

"Stronger governance" 1. Risk committee at Board level 2. Clarification of risk appetite and decisions on key trade-offs (risk, cost, growth) 3. Integrate risk into business and operating model related decisions

"Focus on connectivity" 1. Centralisation of risk data, not transaction 2. Connectivity of information (Finance, Risk, Controls, Operations, HR, Market data)


2. Control of the growth – –

"Risk information in business context"

Growth

Lead stronger New Product Committee Protection risk limits Operational

Protection

3. Risk culture and business enablement –

Support actively business on management of trade-offs (e.g. operating model risks)

–

Business experience required

"Enforce risk culture" 1. Enforcement of tighter controls on optimisation of scarce resources Growth

Protection

Top management

Growth

2. New remuneration scheme

Protection

3. Compulsory participation in Risk Committees 4. Risk managers in the business


Business 35

Enforce a new risk culture Explicitly and boldly incorporate Business Principles in bonus calculation Firm newly adopted competency model Developing the business

• Results orientation • Client focus

Preparing the future

• Strategic ability • People development

Working together

• Change leadership • Cooperation • Team leadership

Business principles Acting responsibly

Client & bank long term interest Accountability Rigor & transparency Courage & discipline

(Ratio between 0 and 1) (Same process as 2007)

X M€ x 0 = .... 0€ ! Caesarea Center Annual Summit PP presentation.ppt

36

The role of the regulators in the new risk regime Imposing new minimum level of capital not really addressing the issue More active monitoring

Deploy new law

Growth

Protection

1. More frequent, qualitative and granular risk monitoring - on key risk factors, not only on capital measures 2. Assess robustness and effectiveness of risk management process

1.

Shareholders

Ensure proper governance

3. Manage systemic risk 4. Review competence of risk function 5. Reduce pro-cyclicality

1.

Enforce frequent meetings with top management to discuss business and operations risks

2.

Define accountabilities for each risks

3.

Define stringent rules on committees structures and roles

Growth Protection

Protection

Regulators

Protection

Shareholders to nominate Directors

Growth

Top management Act as policeman 1.


"FSA banned an oil trader for 2 years for hidden deals"

Business 37

Questions

Pierre Pourquery Partner and Managing Director THE BOSTON CONSULTING GROUP [email protected]


38