Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | cornelius-rich |
View: | 232 times |
Download: | 0 times |
Chapter 15: Operational and Enterprise Risk Management
Outline: General Risk Management Operational Risk Management Payment System Risk (PSR) Enterprise Risk Management (ERM) Disaster Recovery and Business
Continuity Insurance Risk Management
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 1
Discussion Question
What is the purpose of risk management?
Answer: Helps managers identify future events that
create uncertainty Responds to negative possibilities by
balancing the negative economic/ regulatory effects of these possibilities with costs that can be incurred to mitigate or eliminate them
Provides direction to guide recovery actions when serious, negative events occur
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 2
Risk Management Process
Determining organization’s risk tolerance
Identifying impact/level of exposures
Measuring impact/level of exposures
Developing/implementing appropriate risk management strategy
Reporting/monitoring exposure to evaluate and measure strategy
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 3
Step 1
Step 2
Step 3
Step 4
Step 5
Risk Appetite Examples
Three different attitudes toward risk: A new company in a rapidly evolving industry
may be more aggressive in taking significant risks in order to gain a competitive advantage.
An established company in a mature industry may be more cautious about taking risks to protect an existing competitive advantage.
Government entities and not-for-profit organizations may be completely averse to risk.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 4
Risk Management Policy
The policy should: Contain a concise
statement of risk management goals
Identify the types of exposures to be managed
Delineate the mitigation techniques and products that may be used
Outline the process for determining specific strategies to be employed and exposures to be hedged
Summarize the process for monitoring performance
Outline contingency plans Define authorities and
responsibilities Require periodic review
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 5
Discussion QuestionA qualitative assessment of risk exposure should do all of the following EXCEPTa) find where hedges may be useful in operating
procedures.b) determine how business processes contribute
to risk and find solutions.c) assess the materiality or level of exposure
(i.e., high, medium, low).d) ensure that financial risk derivatives
are structured, sized and accounted for properly.
Answer: c. This is a quantitative assessment.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 6
Developing and Implementing an Appropriate Risk Management Strategy
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 7
Avoid
TransferMitigate
Keep
Not entering a line of business
Choosing a particular process
Insurance Contractual
transfer
Derivatives Balance sheet
hedges
Inherent risks, opt to selectively bear
Disaster recovery and contingency
Risk Profile
A risk profile analysis needs to:
Identify risks.
Classify each risk into clearly defined categories.
Quantify the risks with respect to probability of occurrence and cash flow impact.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 8
The risk profile refers to how the company’s overall value changes as the price of financial variables change.
Operational Risk Management
Internal risks Employee Process Technology
External risks Financial institution Counterparty Legal and regulatory/
compliance Supplier External theft/fraud Physical and
electronic security Natural disaster Terrorism
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 9
Discussion Question
Which of the following employee risks is a more significant source of risk than the others?a) Defalcation riskb) Fidelity riskc) Employee errors in data entry/
reentry, including transposition or deletion of numbers
Answer: c
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 10
Process Risk
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 11
Lack of controls/failure to follow procedures in any functional area
Accounting/financial reporting errors
Lack of timely bank account reconciliation
Manual process data entry errors
Products unsuitable for intended use (unsupported claims)
Inability to meet terms of contracts
Excess/insufficient capacity
Clearing/ settlement errors
Technology RisksRisks associated with: Choice of a particular
technological platform or vendor—issues such as after-sale installation and support or that a vendor may go out of business
Potential failure of vendor-acquired hardware, software and/or communications devices
Capabilities, capacity, compatibility
Security breaches from either internal sources or external hackers
Computer-based spreadsheet use
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 12
Legal and Regulatory Compliance Risks
Lawsuits or other legal actions Compliance requirements with
federal, state and local regulatory agency regulations (e.g., USA PATRIOT Act)
Foreign assets—expropriation, loss of foreign asset value and/or tax risks
Operational risk component to tax risk
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 13
External Theft/Fraud RiskRisk Response
Payment process (e.g., false invoices)
A/P controls: positive pay, debit blocks/filters, authorization process, segregation of duties
Check fraud Replacing paper-based payments with electronic payments
ACH network fraud Debit blocks/filters, daily ACH reconciliation, timely ACH returns
Breach or compromise of databases
Physical and electronic security
Malfeasance (e.g., embezzlement, falsifying accounting data)
Corporate culture, ethical directives, strict code of conduct
Robbery or theft Armored car services, automated safes
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 14
Discussion Question
What sort of organizational culture do most risk management experts feel will help control operational risk?Answer: Culture that promotes individual responsibility
and is supportive of educated risk taking Questioning approach to decision making Willingness of senior management to
admit a lack of sufficient information where applicable
Written policies for ethics at every organizational level
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 15
Fundamental Factors for Operational Risk Management Strategy
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 16
Organizational culture
TechnologyGuidelines for board of directors
Necessary to gather and analyze information
Monitor operational controls and procedures
Travel restrictions Conflicts of interest Number of internal board
members Personal responsibility Conflict resolution Clear lines of reporting Board behavior procedures
Payment System Risk
Systemic risk—risk of collapse of an entire financial system or entire market, as opposed to risk associated with a single entity.
Settlement risk—the party funding a transaction defaults on its settlement obligation. Wire transfer credit—accountholder daylight
overdrafts. ACH origination—ODFI has credit exposure from ACH
file release until settlement. Return item—return items exceed funds in account.
Fraud risk—altered transactions or false items may cause a loss for the disbursing party.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 17
Discussion Question
What are some of the requirements set forth by FIs to reduce ACH origination credit risk?
Answer: Requiring financial information, credit
approval, limit monitoring and/or pre-funding for ACH originations.
Because the exposure related to ACH transactions may be as long as two days, large-value originations result in exposure that a bank may view as a short-term credit extension.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 18
Fraud Risk Related to Payments
Check fraud Counterfeit
checks Forged checks Altered checks
Kiting Electronic debit
risk
Payment card risk Address
verification service (AVS)
Card verification value or code (CVV/CVC)
Merchants can avoid liability by obtaining authorization, an authentic signature or an electronic imprint of the card.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 19
Enterprise Risk Management (ERM) Market risk
(including financial risk)
Credit risk Liquidity risk Operational risk Legal and
regulatory risk
Business risk Strategic risk Reputation risk
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 20
Discussion Question
Each of the following is generally considered to be a component of financial risk EXCEPTa) equity price risk.b) interest rate risk.c) FX risk.d) commodity price risk.
Answer: a. Another view of financial risk is its impact on the value of the firm or a portfolio of investment assets.
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 21
Credit Risk
Impact of a change in credit quality of a company on the value of a security or portfolio Default Downgrading
Amount of value recovered after default Recovery value or rate Loss given default (%)
Lack of portfolio diversification Industry Type of security
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 22
Disaster Recovery and Business Continuity
Contingency plans usually cover supply chain but not always cash and information flows.
Financial supply chain key parties: Internal resources: Treasury
staff, computer systems, policies, procedures, processes, office facilities
External financial counterparties: Financial institutions, market information providers, financial markets
Infrastructure: Computers, servers, telecommunications, utilities, vendor support services
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 23
Disaster recovery: Restoration of systems and communications after outage
Business continuity: Crisis management actions, alternative operating procedures, and communications to staff and customers
Insurance Risk Management Process Goals of insurance
risk management Insure against
catastrophic loss. Decide when and
what to insure. Manage the
purchase and use of insurance.
Obtain efficient pricing for insurance needs.
Insured losses may still result in lost profits.
Types of losses Property loss Business interruption or
net income loss Surety or breach of
contract loss Liability loss including
lawsuits from injured customers
Personnel loss Workers’ compensation
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 24
Basic Types of Business Insurance
Liability Difference in
conditions (DIC) Excess or umbrella Property Casualty Workers’
compensation Business
interruption
Directors’ and officers’
Fidelity and crime
Other types Ocean/marine Fiduciary
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 25
Criteria for Selecting an Insurer
Long-term solvency of the insurer Rating for the insurer
A.M. Best ratings Best’s Financial Strength Ratings Best’s Debt Ratings
Service provided Cost versus exposure
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 26
Discussion Question
Match each insurance option with its description.a) Way of setting what companies
can use to obtain a significantly lower premium when compared to first-dollar coverage
b) Must consider catastrophic event exposure, other catastrophic exposure, cost vs. limits and cost vs. exposure
c) Way insurance payouts can determine eligibility
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 27
Per-occurrence basis
Aggregate basis
Liability limit
Claims-made basis
Basic occurrence basis
Risk Financing Techniques: Risk Retention
Non-insurance Self-insurance Single parent
captive Group captive Risk retention
group Claims
managementv3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 28
Risk Financing Techniques: Risk Transfer
Contractual transfer (hold harmless) Guaranteed cost insurance program Retrospectively (retro) rated
insurance program
v3.0 © 2011 Association for Financial Professionals. All rights reserved. Session 11: Module 6, Chapter 15 - 29
A contract between transferor and transferee, who agrees to pay for certain losses in exchange for fee or business contract