Jean Marie Savin

7/28/2019 Jean Marie Savin

1/19


2/19

| 13th May 2010|FEBRABAN Operational risk conference 2

BNP Paribas Group


3/19


BNP Paribas Group

A diversified business mix with a strongfootprint in retail banking

Retail banking

Branch banking 4 domestic markets (F, I, Be, Lu)

Strong presence in many othercountries (West US, Po, Tu,Mediterrean .

Specialized retail banking activites Personal Finance

Leasing and fleet services

Corporate & Investment Banking Financing

Capital Markets

Investment solutions Asset & Wealth Management

Insurance

Securities services

Real Estate Services

Geographic Mix(2009 Revenues including Fortis broken down pro-forma

Business Mix(Alloc ated capital as at 31/12/2009

including Fortis Broken down pro-forma)


4/19


Context

RISKS COMPLIANCECONTROLS

GOVERNANCE

Regulations

Environment ..


5/19


6/19


An appropriate organization

From

2002 Emergence of an Operational Risk function within Risk

2005 Widening of Compliance scope from Ethics to Compliance torules and procedures

2005 Emergence of a coordination function on PermanentControls,

further to a new French regulation,

placed under the Compliance scope

organizing the overall control framework whatever the risk

To

2007 A grouping together of operational risk and controlsframework, under the umbrella of Compliance but also part of the

Risk stream


7/19



A three line of defense model Internal Control Charter

Business managers are the primary accountable of the risk they generateOperational Permanent Control

A second look / second line of defense oversees and challenges

the risk taken by the businesses the risk & control management framework

Dedicated funct ions Finance, Legal, Compliance, Risk.+ Oversight of Operational Permanent Control

A third and fully independant line performs audits

Operational entities

Group Functions

Type of cont rol

Line

of

defense

Controller

Permanent

Field

Line Management

Permanent Control functions

Internal Audi tPeriodic

1

2

3

Permanent Control functions


8/19



An integrated framework

An enhanced governance

Operational risk management at BNP Paribas


9/19


A global framework

Risks identification and assessment

Mo

n

i

t

o

r

i

n

g

Reporting

Risk

quantification

Procedures

Organization

Verifications


10/19


Risk identification & assessment

The cornerstone of an Operational Permanent Control framework which helps todefine where and at which level measures should be taken in order to monitor andprevent risks

A formal approach through risks characteristics analysis, assessments, keyindicators, controls, .

Taking into account key regulatory requirements, as pointed out by Legal and/orCompliance

Methodically and with tracking documentation

Which participates to the definition of the risk tolerance And allows to justify, organize and prioritize the set up that is (or to be)

implemented, Risk quantifications (scenarios)

Organization (and specifically segregation of duties)

Procedures

Controls

Specific anti fraud programs

Actions plan

A common minimum framework at group level

A specific care for new activity / new product / new process validation committee


11/19


M

o

n

i

t

o

r

i

ng

Reporting

Procedures

Organization Controls

Risks identification and assessment

Potential

IncidentsExtreme risks

Potential

Incidents

+

Historical

Incidents

Common risks

Calculation

engine

Distributions

Simulations

Annual

aggregated loss

distribution

Capital

Capital Allocation

Historical

Incidents

External

losses

Scenario analysis

Business Environment

and Internal Control

Factors

Risk Quantification: AMA model overview


12/19


Risk Quantification:

BNP Paribas AMA Model components

Risk Quantification: a key element to better understand what is at stake:

comprehensive collection of historical incidents and, for the most significant entities, quantification of potential incidents (forward looking analysis)

Mixed model:

Use of both Potential and Historical Incidents Priority given to Potential Incidents

Potential Incidents (PI):

2 cases: Likely Case (LC) and Worst Case (WC) Encompass scenarios, Business Environment and Internal Control Factors and external data Methodology :

PI identification and selection / risk map PI analysis and quantification Bottom up Top down

Consistency criteria between LC and WC

Historical Incidents:

Lower and most frequent risks are represented by Historical Incident rather than Potential Incident Exclusion of risks already and consistently represented by Potential Incident Exclusion of no longer relevant risks, on the condition of justification Replacement of outliers historical incidents by Potential Incidents

Capital quantification aimed at management decisions, through feed back on risk identification and assessment process

Should triger controls and action plans


13/19


Procedures, Organization and Controls

Procedures & organization :

Specific attention to organizational issues, such as segregation of duties and link with access right management

Check lists of procedures to be rolled out Dedicated follow up indicators

Verifications: A systematic approach,

controls stem from the own risk assessment carried out by the entities andanalysis of risks causes

Verifications/controls have to be commensurated to the risks, depending onthe risk appetite of the management : the greater the risk, the greater theintensity of the control

definition of generic control plans per process at group or business line

level, to be then customized / enriched at local entity level


14/19


15/19



Driving principle

Management is accountable for risk management

Risk tolerance should be formalized Risk mitigation action should be evidenced

Management involvement should be:

Top down: top management should set the tone

Bottom up: issues should be dealt with locally and only concerns oranomalies should be escalated as necessary

Top management has to be alerted whenever required

Transversal: The overall control process should be considered as a

whole and not only ones own scope of responsibility Link with other types of risk


16/19



A useful practice: Internal Control Committee

Designed for decision / action

Involving executive management With attendance of Risk / Compliance

With a standard agenda

Legal / Regulatory watch

Analysis of op. risks incidents: actual or potential

Analysis of risk indicators and verifications output

Risk mitigations actions follow up.


17/19


18/19



A more stringent oversight

A shared referential of guidelines against which to benchmark entities

A formalized supervision process On every element of the framework On compliance with guidelines

On risk identification and assessments performed by businesses

Relying on

Group teams

Critical risks or entities

Entities rolling out AMA or newly joining the group

Dedicated businesses teams

Scorings implying consequences on prudential reportings orcalculations


19/19


Some achievements

But still so more to do

Capture the changes in envirnoement, activities, processes, .

Strengthen buy in

Keep granularity relevant Manage transversally of risks & controls, especially with credit &market risks

Develop ability to think out of the box

Operational risk management at BNP Paribas

Date post:	03-Apr-2018
Category:	Documents
Upload:	jtnylson
View:	222 times
Download:	0 times

Jean Marie Savin

Documents