Beruflich Dokumente
Kultur Dokumente
Priam Kasturiratna
kasturi@sampath.lk
4th Annual Conference on Information Technology Governance 18th & 19th September 2008, Colombo Sri Lanka
Worldwide
Basel II Anti Money Laundering (AML) and Know Your Customer (KYC) Sarbanes Oxley Act
Sri Lanka
Prevention of Money Laundering Act, No. 5 of 2006 Financial Transactions Reporting Act, No. 6 of 2006 Companies Act, No. 07 of 2007 Directions, circulars and guidelines issued by Central Bank of Sri Lanka, including Basel II compliance directives.
Technology
Technology has been at the foundation of the rapid growth and innovations in Financial Services since 1980s Dr John Lee identifies six major drivers behind Technology Investments in Banking and Financial Services industry. Dynamic IT Transformation Support Organic Growth Developing new and IT enabled revenues Defend Revenue sources Cost Optimisation Industrialised Banking
Introduction of Technology Changes Processes, Opens up new risk exposures inherent with the technologies adopted
2.
3.
Regulatory cooperation among Governments, Professional bodies, and International organisations. Cross border Laws and regulations like Basel II, AML Compliance, Know Your Customer regulations, Laws on Electronic Commerce, Sarbanes Oxley etc. Banks/Financial Service providers adapting to systems (software/hardware) offered by major global systems service providers.
Changing customer needs/wants Changing technologies Thinning market share and profitability
Ability to adapt to changing needs of its clientele, and continuous innovation have become core competencies of the industry. Bankers have emulated many non traditional concepts into the business, and accept higher risk levels to generate returns that keep their stakeholders happy.
E-commerce/Mobile technologies
Propelled by Changing lifestyles Most aggressively promoted retail product group Rising number of high net worth clients Increasing savings levels of middle/upper middle income earners Ageing population investing retirement benefits/savings.
Islamic Banking
Singaporean and Malaysian initiatives in progress to establish Islamic Banking Islamic Financial Services Board of Malaysia has developed a framework for capital treatment of Islamic products & regulatory convergence with Basel II The swift pace of economic development of Middle Eastern and other predominantly Muslim countries, combined with strong commodity exports from many of these nations, has fuelled demand for the development of a raft of funding instruments and investment products that comply with Islamic Sharia law. Monetary Authority of Singapore estimates that global Islamic Financing market is worth USD 300 billion, and growing at a rate of 15% every year
Pamela Tang
Telecommunications Retailing Real Estate Automotive Plantation sector companies have come out with many alternative financial service products with appeal.
Not bound by regulations applicable to banks Usually gives more benefits to clients Higher margins compared to Banks
Competition has affected Profitability of the industry Outsourcing has reduced this burden a little bit, but at the same time exposing the banks to higher levels of operational risk. Locally operating Banks are threatened Market entry by Global Banks Global players in the market offer branded products across the geographical boundaries More demand cross border services from growing financial needs beyond local boundaries
With respect to increasing globalisation, what weve seen here in Australia with the recent arrival of private equity into Australia is the way the market can be changed by a global rather than a local trend. Australian banks arent very big in global terms. So what is not a challenge for risk professionals worldwide is a challenge for risk professionals in Australian banks
Michael Hamar, Group chief risk officer, National Australia Bank
increasing operational expenses of banks will directly affect bottom lines increased credit risk due to contraction of borrowers repaying power
The UK Financial Services Authority has cited climate change as presenting a considerable risk to the financial services sector in its annual Financial Risk Outlook report
Higher Market Risk - Volatility of interest and exchange rates Inflation Rates over 20% Unstable political situation in the north and east
restricts healthy business growth poses security threats to every type of venture Could affect Credit, Operational and Market Risk of banks Need for strong Business Continuity Plans has become more critical Higher Anti Money Laundering & Terrorist Financing Risk (Foreign Remittances, top earner for the country) GSP plus Rising cost of living Issues in transportation, power etc. Stagnating land & housing markets Changes in educational system Restrictions in some of the overseas job markets
Response to a criminal or terrorist activity Bank authorising a transaction on the strength of an email. PC to PC free calls to a foreign country
Home Office balanced stress-less job Busy Executive with six figure income
Epidemics, hunger and poverty loosing their place as major threats to human life
Food and water contamination - a silent killer Stress, Mental and physical health issues are common mans topics
Hackers White Collar Crimes Bribery, Corruption Email, Chat
Human trafficking
Bribery and corruption
Reputation Management
Sustainability Risk
Organisations are trying to minimize negative environmental impacts in order to ensure long term profitability and growth potential. Sustainable Investment Research Analyst Network (SIRAN), a nonprofit organization made up of analysts whose firms are devoted to sustainability issues, reported that 86 of the 100 largest publicly traded U.S. companies now note their sustainability efforts in their annual reports. Sarah Varney
If, as many believe, CSR is moving to the centre of banking activities in the US as in Europe, then increasing investor and media focus on corporate responsibility should probably be a concern for risk managers.
Peter Madigan
The Challenges
Top Management Commitment and Support
Increased Responsibilities & Involvement from Board of Directors
The Challenges
YES, Managing Risk is a key concern for us. BUT WHO WILL BEAR THE ADDITIONAL COST OF IT
From the day the board of directors and top management becomes seriously committed to Risk Management, Board of directors, Top management and everyone else will look forward to Risk Managers response, and assistance in performing their functions.
It takes two minutes more, to open an account under New Risk Control Procedure. Customers are not happy, it takes longer to finish days work !@#$%^&*(!
Risk Management affects all employees, all processes across the bank Therefore it is unlikely to be successful without sponsorship from the top
Starting
from commitment to high level of corporate governance, top management sponsorship shall extend to treating Risk Management as a serious aspect positively contributing to the organisation Demonstrating their commitment openly Working with Risk Manager to implement Risk Management within the bank Accepting the ultimate responsibility for Risk Management within the bank. Allocation of sufficient Resources
Receiving good level of sponsorship could take a number of months and sometimes years
Appoint a Board Level Sub Committee on Risk Management Develop Risk Management expertise within the board Ensure that Risk Management framework is on a sound footing All officers are updated with current changes in the banking industry worldwide.
Establishes joint & personal liability of directors for ensuing risk is managed in a sound manner
Directors will be responsible, and increasingly involved in directing top management to making sure that the organisation & directors themselves are protected against risks & liabilities.
Lines of Defence Reporting lines and procedures Proper Delegation of Risk Decision Making Authority Placement of Risk Managers at appropriate hierarchical level
Board of Directors Risk Management Committees Top Management Risk Management
Internal Audit External Audit
Business Units 2 3 1 Regulators are increasingly seeking formal internal control assurances from regulated entities. Organisations should formally assess their risk and controls on an ongoing basis. At least once a year, management within each of the three lines of defence should formally attest or provide assurance on the capability maturity of the enterprise risk management framework as it relates to risks within their scope of authority
Mario Micallef
Do we have sufficient number of competent Risk Managers to cater to all banks? Risk Managers may be reluctant to accept the standardised remuneration packages offered by traditional banks Not many banks are ready to offer premium pay levels to Risk Managers Risk Managers leaving for better prospects is common.
In much worst scenarios, some banks may find that the headhunted Risk Manager does not perform to the expectations
create
more risk bad documentation could misinterpret the risk end up in a trash bin with disrespect.
Problem analysis Good use of econometrics Technical Writing & Documentation skills Communication/public relations skills
Financial Risk Management Information Security Business Continuity Planning Project Management Undergraduate and Masters Level qualifications are some of the useful benchmarks.
Banking Auditing Information Technology Project Management Econometrics Statistical Data analysis Legal, Technical Writing Organisational Re-structuring
When it comes to selections, irrespective whether it is Credit, Market, Operational Risk, or Anti Money Laundering Compliance, banks use a combination of existing qualifications, career history, and a substantial amount of guesswork to assess suitability of an individual for a Risk Management position.
Risk Manager not having sufficient authority and independency Being overruled by the superiors lacking understanding on risk principals or conflict of interest
Lack of Senior Management Sponsorship Risk Manager could be taken as a threat by peers/superiors Managing internal resistance. Feeling that they are underpaid in the local market Lack of training and development opportunities Career path problems
Decision makers understanding on the contribution from a Risk Manager towards business success General pay levels of the organisation Whether there is a strong lobby of Risk Managers in the market The bargaining power of the prospective individual
Increased demand for experienced (Risk and Compliance) staff has pushed up salaries significantly. There has been a year on year increase for compliance professionals, particularly at the junior end, which has seen a 25-30% increase in the basic salary. Temporary staff can earn upwards of 300 Sterling Pounds a day.
Victoria Pennington
Building long run Risk Expertise Core banking Lending Treasury Investments Econometrics Social sciences Technical Writing Information & Communication Technology Card Business ecommerce Legal Project Management Auditing Information Security Business Process ReEngineering
A banks board of directors and top management needs to display & act with their strategic vision, foresight, and long range planning capabilities for building a strong Risk Management Team over a number of years.
Historical data becomes a critical success factor once a bank completes setting up its basic Risk Management framework and wants to move up towards advanced Risk Management approaches with regulator approval. Banks need to recognise this early, and start data cleansing and collection without delay. Whether available data is usable for a particular model or system
evaluate what systems or mechanisms that they are going to use for data analysis Data requirements may vary according to the future plans
Data cleansing will also need taking important actions/decisions, model testing with available data, expertise to interpret the results and refine data collection process.
Therefore, it is necessary to recognise the challenges early, plan ahead, and act early.
Support of board of directors, top management, operations, human resources, and training
broad knowledge of the existing business processes knowledge of Risk Management substantial efforts in planning, documentation, and training
The initial years on this process will be more of managing a project than risk management. It would take a few years to complete the process, and to obtain organisation wide support for new way of conducting daily business functions.
Risk Management adds control tasks into the business process lifecycles.
Processes become longer and time consuming May need more resources Customer delays could occur Training may be needed
Success of the Risk Manager depends in getting buy-in from the other stakeholders Depends identifying thin margin between support & obstruction Clear communication of expected business benefits Public relations and communication are not just preferred skills, they are core competencies of any good Risk Manager.
Risk Managers true function would be to add business value by ensuring higher predictability of business outcomes. Both Risk Managers and Business Managers need to assist each other in a successful business.
Periodic Training is crucial for Risk Managers, Board of Directors and top management Constant update knowledge on worldwide developments in a number of fields
Banking industry Overall business environment Technical developments/ICT New risk types Financial, Economic, technical & Social, etc etc Trends
Theoretical knowledge development Exposure to the industry practices, counterparties Knowledge sharing and exposure among local and global counterparts
ICT is a vital factor that influences everything in banking The volume and nature of transaction monitoring and analysis needed cannot be done without ICT It is impossible to keep up with the worldwide developments in Risk Management without ICT support
From an organisational perspective, every bank must evaluate their IT system needs for Risk Management from early days of planning.
Many local banks have chosen not to become the first movers in investing on IT systems. Whilst there is some validity in this approach, it could be a mistake not to prepare, as one day every bank will find it impossible to move on to advanced approaches in Risk Management without IT systems.
Internal and Systems Auditors, as an independent line of defence could contribute immensely to identify loopholes not detected by Risk Managers. Audits, a Regulatory Requirement & a Best Practise.
Key Steps in formulation a Risk Audit Programme
1. Gaining a formal understanding of the key process & company objectives that may affect the operations of the process.
2. Brainstorming risk scenarios before identifying process risks 3. Identifying managements risk tolerance levels for various process risks 4. Assessing the risk infrastructure to evaluate the sustainability of the existing risk management activities. Paul J Sobel
2.
Auditing the banks Risk Framework is not to be taken lightly, it is urgent, and a must for true progress.
Technology
Standardisation
Setting-up Structures
Training
HR aspects
Competition
What drives Banking industry & Risk Management Underlying challenges in implementing Risk Management Frameworks The Objective
Understand & appreciate the ground realities in Risk Management & be prepared for expected challenges Realise the areas where involvement of the complete organisation, proactive action and top level vision is needed, Initiate a healthy discussion as to how Sri Lankan Banks could manage Risk in a better, structured manner
Thank you