Beruflich Dokumente
Kultur Dokumente
Seminar
Geographic Mix
(2009 Revenues including Fortis broken down pro-forma
Investment solutions
Asset & Wealth Management Insurance Securities services Real Estate Services
Context
Regulations
RISKS
CONTROLS GOVERNANCE
COMPLIANCE
Environment ..
FEBRABAN Operational risk conference | 13th May 2010| 4
An appropriate organization
An integrated framework
An enhanced governance
An appropriate organization
From 2002 Emergence of an Operational Risk function within Risk 2005 Widening of Compliance scope from Ethics to Compliance to
rules and procedures 2005 Emergence of a coordination function on Permanent Controls,
further to a new French regulation, placed under the Compliance scope organizing the overall control framework whatever the risk
An appropriate organization
A three line of defense model Internal Control Charter Business managers are the primary accountable of the risk they generate
Operational Permanent Control
1
Permanent
Operational entities
2
Periodic
Internal Audit
An appropriate organization
An integrated framework
An enhanced governance
A global framework
Reporting M o n i t o r i n g
Risk
quantification
Procedures Organization
Verifications
define where and at which level measures should be taken in order to monitor and prevent risks A formal approach through risks characteristics analysis, assessments, key indicators, controls, .
Taking into account key regulatory requirements, as pointed out by Legal and/or Compliance Methodically and with tracking documentation
Which participates to the definition of the risk tolerance And allows to justify, organize and prioritize the set up that is (or to be)
implemented,
Risk quantifications (scenarios) Organization (and specifically segregation of duties) Procedures Controls Specific anti fraud programs Actions plan
A common minimum framework at group level A specific care for new activity / new product / new process validation committee
FEBRABAN Operational risk conference | 13th May 2010| 10
Calculation engine
Reporting
Distributions Simulations
Potential Incidents
Procedures Organization
Historical Incidents
Scenario analysis
Controls
M o n i t o r i n g
11
Risk Quantification: a key element to better understand what is at stake: comprehensive collection of historical incidents and, for the most significant entities, quantification of potential incidents (forward looking analysis) Mixed model: Use of both Potential and Historical Incidents Priority given to Potential Incidents Potential Incidents (PI): 2 cases: Likely Case (LC) and Worst Case (WC) Encompass scenarios, Business Environment and Internal Control Factors and external data Methodology :
PI identification and selection / risk map PI analysis and quantification
Bottom up Top down
Historical Incidents: Lower and most frequent risks are represented by Historical Incident rather than Potential Incident Exclusion of risks already and consistently represented by Potential Incident Exclusion of no longer relevant risks, on the condition of justification Replacement of outliers historical incidents by Potential Incidents Capital quantification aimed at management decisions, through feed back on risk identification and assessment process Should triger controls and action plans
12
Verifications: A systematic approach, controls stem from the own risk assessment carried out by the entities and analysis of risks causes Verifications/controls have to be commensurated to the risks, depending on the risk appetite of the management : the greater the risk, the greater the intensity of the control definition of generic control plans per process at group or business line level, to be then customized / enriched at local entity level
13
An appropriate organization
An integrated framework
An enhanced governance
14
An enhanced governance
Management involvement should be: Top down: top management should set the tone Bottom up: issues should be dealt with locally and only concerns or
anomalies should be escalated as necessary
Top management has to be alerted whenever required
15
An enhanced governance
16
An enhanced governance
A half yearly group wide reporting Guided by a standard dashboard and some key topics Aimed at pointing out key risks or weaknesses
And mitigation plans
17
An enhanced governance
A more stringent oversight A shared referential of guidelines against which to benchmark entities A formalized supervision process
On every element of the framework On compliance with guidelines On risk identification and assessments performed by businesses
Relying on
Group teams
Critical risks or entities Entities rolling out AMA or newly joining the group
18
19