1
Importance of
Creating an Effective
Governance Risk
Framework
Presented to
AsiaRisk
Chief Risk Officers’ Club
By
Andrew S. KerrChief Risk Officer
AmBank Group
30th & 31st May 2012
Singapore
AmBank Group
2
2
Board of Directors
Board Committees
Risk Committee
Audit Committee
Group CEO Committee
Group
Traded
Market Risk
Committee
Group
Assets &
Liabilities
Committee
Group
Portfolio
Management
&
Credit Policy
Committee
Group
Operational
Risk &
Legal
Committee
Credit Risk
Committee
Group
Projects
&
IT
Committee
Group New
Products
Committee
Group Risk Management Department
Governance Structures
Remuneration Committee
Shariah Committee
3
3
Board of Directors
Board Committees
Risk Committee
Audit Committee
Group CEO Committee
Head Retail
Banking &
Wealth
Management
Head
Corporate &
Institutional
Banking
CRO
CEO
CFOHead of
Markets
Head Human
Resources
Management Structures
Remuneration Committee
Shariah Committee
Head of
Markets
* Non-Exhaustive List of
CEO Direct Reports
Importance of CRO
reporting directly to CEO
- Ranking Equally (at
least) equally with other
CEO direct Reports
4
Business Units, Product Heads, Customer
Facing
1. Risk Functions - Credit Risk, Market Risk
(traded & Non-Traded), Operational Risk,
Portfolio Management, Models & Model
Validation
2. Compliance Function*
Governance Structures
Audit
First Line
Second Line
Third Line
THREE LINES OF DEFENCE
Reporting ultimately to CEO
Reporting ultimately to CEO
Reporting to Board Audit
Committee
* May not be part of Risk Function – Could report separately to CEO
Maybe partly imbedded in First Line – BUT – hard
line reporting back to Second Line
5
Governance – Definition/Structure
The set of relationships between a company’s management, its
board, its shareholders and other stakeholders (“OECD”)
The system by which companies are directed & controlled
(“Cadbury”)
Structure – No one size fits all
• Mix of executives non-executive
• Mix of independent & Non-Independent
• Differing role of CEO/Chairman
• Stakeholder focus
6
Governance – Post GFC Reviews
Boards did not exercise sufficient control over
management
Boards lacked expertise and confidence needed to
challenge
Boards didn’t conduct proper performance appraisals
Unwilling or Unable to ensure risk management and risk
appetite were appropriate
F
A
I
L
U
R
E
S
7
Governance – Post GFC Reviews
Existing principles generally sound…..BUT:
Not well executed
Lack of clear allocation of roles & responsibilities
Board Reporting too full of detail / numbers –
versus the “so what” – what does it all mean /
what is the impact (on risk appetite settings) / what
options & recommended solution
C
O
N
C
L
U
S
I
O
N
S
Businesses didn’t fully understand risk
More independence & authority for the Risk
Function
* European Union
8
Governance – Post GFC Reviews
BCBS 2006 Guidance on Bank Governance
Boards should be appropriately involved in strategy
There should be clear lines of responsibility
throughout the banking organisation
Compensation should be consistent with long term
objectives/Strategy
B
C
B
S
G
U
I
D
A
N
C
E
Risks should be well understood & managed
* “BCBS” - Basil Committee on Banking Supervision
9
Governance – Post GFC Reviews
BCBS changes to Guidance on Bank Governance post
GFC in 2010
Boards should be active in strategy, organisation,
financial soundness & governance
Boards should have appropriate qualifications and
competence for the risks to be taken
Boards should be supported by competent, robust
& independent risk and control functions
B
C
B
S
G
U
I
D
A
N
C
E
* “BCBS” - Basil Committee on Banking Supervision
10
Governance – Post GFC Reviews
NEW BCBS PRINCIPLES post GFC in 2010
Board has the ultimate responsibility for the Bank
• Approve & oversee corporate values/culture & governance
B
C
B
S
P
R
I
N
C
I
P
L
E
S
1
* “BCBS” - Basil Committee on Banking Supervision
• Approve & oversee risk strategy
• Appoint, oversee and replace senior management
• Approve & oversee compensation
• Set / Approve risk appetite
• Approve & oversee key risk & compliance policies
• Approve & oversee internal controls
• Approve & oversee business strategy
11
Governance – Post GFC Reviews
NEW BCBS PRINCIPLES post GFC in 2010
Board Qualifications
• Individually & collectively should possess appropriate
experience, competence and personal qualities
B
C
B
S
P
R
I
N
C
I
P
L
E
S
2
* “BCBS” - Basil Committee on Banking Supervision
• Independence, commitment, diversity & training
• Have appropriate board sub-committees and conflict
resolution
• Document governance practices
• Hold regular reviews
Board Practices3
12
Governance – Board Challenges
1. Board is responsible to the stakeholders for the behaviour (culture) &
performance of the bank
iv. Ensuring the Board has the right skills & balance together with the
right information to make decisions
iv. Establishing an assurance process around delegations
i. Ensuring the agreed culture is engrained throughout the
organisation
iii. Where delegations are made there is clarity of responsibility &
accountability at management level
2. The Board cannot and should not run the bank on a day to day basis.
3. The challenge for any Board is:
v. Establishing appropriate risk appetite settings
ii. Determining responsibilities that can’t be delegated
13
Governance – Keys to Success
1. Effective risk management
oversight by boards
2. A risk centric culture
3. Strong governance
14
Does the
organisation
have an
appropriate
risk culture?
Are risk exposures
consistent
(individually & at a
portfolio level) with
the institutions
business
strategy/risk
appetite settings?
Does the
organisation have
an appropriate
governance
structure
(incorporating an
independent risk
function)?
Does the institution
have an integrated
firm wide approach
to risk (including
across geographic
borders)
Do you fully
understand your
institutions risk
exposures? – is the
approach sufficiently
forward looking? -
how do risk and
uncertainty factor
into decision
making?
Seven key questions:
Are they
consistent
(individually & at
a portfolio level)
with the
institutions
business
strategy/risk
appetite settings?
Governance – Keys to Success
Does the risk function have
sufficient authority to ensure
disputed decisions are
elevated within the
organisation?
15
Risk Management Structure
Head of Market
Risk
Head of Retail Risk
Head of Credit Risk
Head of Group Risk
Infrastructure
Chief Risk Officer
Head of Operational
Risk
Head of Risk
Projects
CRO’s Insurance/Assurance Affiliates
Portfolio Management & Policy
Risk Reporting
Provisioning
Risk Appetite Management
Stress Testing
Risk Models
Model Validation*
Basel II & III
ICAAP
16
Risk Management Objectives
• Strong Governance
C
O
N
S
C
I
O
U
S
D
E
C
I
S
I
O
N
S
• Strong Risk Appetite Framework
• Understanding Customer profitability & capital allocation
• Understanding Risk / Reward Dynamics – risk adjusted returns
• Strong Risk Recognition Capacity
• Conscious Decision Making
• Strong Portfolio Management Understanding / Management
• Customer Centric / Customer Focused
• Risk Centric Culture
• Strong Stress Testing Capability & Link to Risk Appetite
• Strong Liability , Capital & Liquidity Management
17
• Top Down (Risk Appetite Statement) AND Bottom Up (Detailed
Business Unit Asset Writing / Business Strategies) Approach
C
O
N
S
C
I
O
U
S
D
E
C
I
S
I
O
N
S
• Understanding risk adjusted returns on capital from diverse
business divisions
• Understanding risk adjusted returns
• How strong is your earnings base
• How strong is your capital base
• Understand your starting point – where are you today in
term’s of riskiness of portfolio’s
• Keep it Simple as possible matching your level of
sophistication
• What is the organisation’s capacity to absorb unexpected
losses?
• Strong Liability
Risk Appetite Framework
18
Risk Appetite Framework
As at
31/3/2012
REWARDRISK
• Present Rating: BBB+ (S&P) ; BBB
(Fitch) ; Baa2 (Moody's); AA3 (RAM)
• Common Equity (CET 1) ratio : 8.4%
• Tier 1 capital ratio : 10.5%
• Total RWCA ratio: 15.0%
• ROE : 14.1%
• ROA : 1.43%
• Dividend : 40% of PATMI
FYE Mar
2013
• Maintain Ratings at BBB+
• Common Equity (CET 1) ratio : 8.7%
• Tier 1 capital ratio : 10.6%
• Total RWCA ratio : 14.3%
• ROE : 14.2%
• ROA : 1.41%
• Dividend : 45% of PATMI
FYE Mar
2015
• Maintain Ratings at BBB+
• Common Equity (CET 1) ratio : 8.9%
• Tier 1 capital ratio : 10.4%
• Total RWCA ratio : 13.8%
• ROE : 15.6%
• ROA : 1.55%
• Dividend : 50% of PATMI
19
• Need to ensure that the Bank has sufficient Capital in place for the inherent risks
of their present and future business profile – to cover “Unexpected Losses” - and
that adequate return is generated from its invested capital (ROE & Risk Adjusted
Returns on Capital).
• Expected Loss is covered within the bank’s P&L.
• Unexpected Loss necessitates the holding of capital – the potential for actual
loss to exceed Expected Loss.
Risk Appetite Framework
Credit
Risk
Traded
Market
Risk
Strategic
Risk
Reputational
Risk
Buffer
REQUIRED CAPITALFOR
UNEXPECTED LOSS
Non
Traded
Market
Risk
Insurance
Risk
Op.
Risk
Liquidity
Risk
ORCR TMR NTMR LR
20
Risk Appetite Framework
a) Strong Governance (including Independent Group Risk Function)
b) Well understood Risk Appetite of the AmBank Group supported by various
Portfolio Limits (credit & market risk) together with detailed Business Unit and
ultimate customer Asset Writing Strategies
c) Well Understood Policies
d) Strong Portfolio Management & Analytics
e) Dedicated Capital & Balance Sheet Management Function
f) Dedicated and automated Stress Testing (for Credit Risk portion)
g) Appropriately resourced & skilled staffing
h) Simple & Effective KRAs (tied to Risk / Reward)page 20
REQUIRED CAPITALFOR
UNEXPECTED LOSS
Credit
Risk
Traded
Market
Risk
Strategic
Risk
Reputational
Risk
BufferNon
Traded
Market
Risk
Insurance
Risk
Op.
Risk
Liquidity
Risk
21
• Grow portfolio
Grow (Buy)
• Maintain portfolio – minimal change to portfolio size
Maintain (Hold)
• Reduce Exposures and Exit Strategies
Reduce (Sell)
Risk Appetite Framework
22
AmBank Group’s Board Approved Risk Appetite Statement:
AmBank Group targets to maintain credit rating of BBB+ (from international rating agencies),
supported by continued improvement in overall asset quality and portfolio diversification, and
through conservative management of our capital, funding, liquidity, and interest rate risk in the
balance sheet.
The Group targets ROE of 14.2% for FYE 2013, and increasing to 15.6% by FYE 2015.
Growth will come via further diversification of the loan portfolio into less volatile earnings
streams whilst maintaining a Retail / Non-Retail NPAT split of 50:50.
The Group intends to maintain sufficient quantity and quality of capital in excess of Basel 3
requirement – target for FYE 2013 are 8.7% for Common Equity Tier 1, 10.6% for Tier 1
Capital, and 14.3% for Total Regulatory Capital. Our capital requirements are robustly tested
over a three year period .
We enforce conservative approach to liquidity management, maintaining stable and diverfisied
funding base consistent with Basel 3 liquidity matrix (Net Stable Funds Ratio, and Liquidity
Coverage Ratios). Our targeted Adjusted Loan Deposit Ratio is within 90% range with
continually improving CASA deposit composition and market share.
Risk Appetite Framework
23
• Economic Capital is a unique tool that enables the measurement and aggregation of different types of risk
across diverse businesses..
• Economic Capital is defined as the amount of capital to cover “Unexpected Losses” to protect against
insolvency over a one year time horizon at a predetermined confidence level – the amount of capital to
ensure solvency
• Unexpected Losses reflect real risks taken by an organisation due to volatility in the value of assets &
liabilities within the firm’s portfolio.
• Expected Loss may be viewed as a cost of doing business – this should result in the pricing of products
incorporating a margin for Expected Losses – therefore there is no need to hold capital for expected
losses.
• If Unexpected losses are large they may consume profit margin (i.e., exceed the Expected Loss) and erode
capital.
Required Economic Capital
Page 23
• Economic Capital
24
Economic Capital provides a common currency of risk that allows all risktypes to be expressed and aggregate on a common basis
• Economic Capital can be divided into three fundamental sources of risk,
each of which can be broken down further into sub-risk types:
Total Economic Risk
Volatility of economic earnings
(including changes in balance sheet
value)
CREDIT RISK
• Earnings volatility due
to variation in credit
loss
• Sub-risk types include:
• Default Risk
• Country & transfer risk
• Securitisation risk
Market Risk
• Earnings volatility due
to changes in market
prices or liquidity
• Sub-risks include:
• ALM risk
• Trading Risk
• Liquidity Risk
Operating Risk
• Earnings volatility due
to errors/omissions or
changes in operating
economics
• Sub-risks include:
• Operational risk
• Business risk
• Reputational Risk
Economic Capital
Page 24
25
Benefits of Economic Capital
Page 25
Economic Capital Enables:
• More accurate risk recognition
• More accurate pricing for risk
• Improved portfolio management
• The measurement and aggregation of different types of risk
(credit, market, liquidity & operational risk) across diverse
businesses
• Improved risk appetite settings
• Better capital allocation to business units
• Better allocation of human resources
• Better management of concentrations and correlations
• Better performance management (by individual, business unit
& legal entity)