Date post: | 21-Mar-2017 |
Category: |
Documents |
Upload: | robert-serena-risk-management-executive |
View: | 37 times |
Download: | 0 times |
OpRisk North America Spring 2012 conference
Operational Risk in Commodity Trading
Robert Serena
March 2012
About the author
Bob has over 25 years of Risk Management experience across the Insurance (P&C, Health, Life and Annuity, Reinsurance, and Consulting),Banking (Commercial and Investment), Energy (Independent Power Producers, Regulated Utilities, Integrated Oil & Gas, and Consulting), andManufacturing industries (Military Contractor).
Additionally, he has broad experience across a range of functional areas, including Quality Assurance, Software Engineering, System Design andImplementation, Claims, Financial and Medical Underwriting, Financial Reporting and Valuation, Pricing and Product Development, Asset LiabilityManagement, Retirement Planning, and Risk Management – Enterprise Risk, Strategic Risk, Market Risk, Credit Risk, Insurable Risk,Regulatory/Compliance Risk, and Operational Risk.
Bob is a native of Connecticut, and holds a BS degree in Electrical Engineering from Rice University and a MS degree in Operations Research fromthe University of New Haven. He also holds several professional designations, including Fellow in the Society of Actuaries (FSA), CharteredFinancial Analyst (CFA), Financial Risk Manager (FRM), and Chartered Property Casualty Underwriter (CPCU).
Bob is a resident of Boerne, Texas with his wife and two children.
2
Robert Serena, FSA, CFA, FRM, CPCU
3
Operational risk in a trading business
Definition
Process
People
Systems
External Events
Arrange & Confirm Deal
Generate or confirm contract
Exposure & Profit and Loss
Schedule Price Deal Process InvoiceProcess
Receipt/paymentManage accts. &
cash flowReport Results
4
How is operational risk defined in a trading business?
The risk of loss resulting from inadequate or failed internalprocesses, people and systems or from external events that havea direct impact on front-to-back transaction administration.
It represents the risk profile of the front to back businessprocesses from origination to execution and delivery.
5
Operational risk - Processes and people
Risks associated with processes
Inadequate procedure
Inadequate standard/control process
Erroneous reporting
Process change/implementation
Risks associated with people
Training/competence/knowledge
Inappropriate or fraudulent behavior
Insufficient resources to manage workflow requirements
5
Operational risk - Systems and external events
Risks associated with systems
System degradation/capability
Interface issues
Inadequate support
System access
Project delivery
Risks associated with external events
Third-party relationships
Regulatory/political
Exchange failure
Malicious damage
Disaster recovery
7
Operational risk failuresExamples from the past 20 years
Year Financial Scandals Loss
2008 Madoff Investment Securities $18B loss to investors due to a Ponzi scheme
2007-8 The Credit Crunch Mispricing of the risk involved with subprime mortgages led to a lack ofcredit supply felt worldwide
2007 Societe Generale $7.2B loss due a trader creating fraudulent trading positions throughunauthorized trades
2002 Allied Irish Banks $750M loss on foreign exchange trading operations
2001 Enron and AA Accounting fraud led to the fall of both companies
1998 Long-Term Capital Management $4B loss after debt default by Russia
1996 Sumitomo Corp $2.6B loss on unauthorized copper trades
1995 Daiwa Bank $1.1B loss from unauthorized trades
1995 Barings Bank $1.4B loss due to a rogue trader caused its collapse
8
Operational risk
Changes
• Technology
• New product offerings
• Industry consolidation
• New/ emerging markets
• Outsourcing
Regulatory expectations
• Basel II
• Local regulatory developments
• Dodd-Frank Act
Industry events
• Accounting frauds
• AIB
• Barings
• Soc Gen
Market expectations
• Rating agencies (e.g., S&P, Moody’s)
• Counterparts/ institutional clients
Why we manage operational risk?
9
Tools used to manage operational risk
Operational incident management
New activity integration
Enterprise risk management framework
Key risk indicators
Process reviews
10
Scenario Analysis
Process Reviews
New Activity Integration
Operational Incident Management
Forward-Looking
• Impact x likelihood• Evaluating ability to
control risks• Trend analysis• Identifying new
business risks
Accept
Mitigate
Identify Respond Control Assess
Backward-Looking
• Financial Exposure• Trend Analysis• Root Cause analysis
Forward-Looking
Backward-Looking
Key Risk Indicators
Enterprise Level Controls
• Policies and procedures• Risk committees• New activity integration/post
implementation reviews• Incident escalation and action item
audits• Mandatory training Requirements• Delegation of authority• Segregation of duties
Process Level Controls
• Desk procedures and process documentation
• Reconciliations• KRI and KPI metrics
How do we manage operational risk? Our toolkit
11
Operational incident management
Operational losses resulting from inadequate or failed internal processes, systems, human error, or from external events:
Direct or indirect losses/gains Potential gains/losses Misstatements of income or cash flow Actual or potential breaches of legal or regulatory requirements Significant redirecting of resources or exposure to reputational issues
Examples Front, middle or back office systems, processes or controls Trading/credit exposures, positions or risk limits Compliance with applicable legal and regulatory requirements
Objectives of reporting incidents Identify and take action to address root causes Share the lessons learned Minimize re-occurrence Sustainable continuous improvement
12
New activity integration (NAI) process
Rigorous due diligence and review process that is applied to all new commercial opportunities to ensure that the best commercial opportunities are selected.
A structured NAI process allows for human and economic resources to be allocated to the opportunities that deliver the highest value.
Examples of new commercial activities that fall under the NAI framework:
Commodities
Instruments
Geography
Exchange
Activity set/process or system requirements
The NAI process determines:
Operational impact
Economics
Risk
Compliance with relevant regulatory, legal and tax requirements
13
NAI process (cont.)
• All functional groups are required to opine and assign a risk rating on the specific incremental risks to their area arising from the new activity.
• Risk rating values:
No material issues or risks incremental to core business
Material issues or risks, which can be mitigated or resolved
Material issues or risks, with no mitigation or resolution identified
Recommendation to not proceed, based on area of functional expertise (e.g., high probability, high impact, no control by project team, risks are unacceptable, alternative approach is necessary)
• This rating system enables the commercial sponsor and the decision maker to focus on highest risk items.
New activity integration processSample risk radar
Accounting
& Reporting
Compliance
Credit Risk
GIAAP
HSSE
Internal Control
IT&S
Legal
Market Risk
Operational
Risk
Operations
Product
Control
Regulatory
Tax &
Indirect Tax
Trade
Completion
Treasury
14
15
Enterprise risk management (ERM)
Includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress.
By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.
How does it work?
Identification: Strategic, operational and financial risks that can potentially impact profitability and the firm’s reputation.
Assessment: A look at the likelihood that a risk could happen and the impact of that risk, should it happen.
Response: Develop an appropriate risk response which includes: (1) risk acceptance; or (2) risk mitigation.
Monitoring and control: Risk Managers, in partnership with Risk Owners, work to monitor the firm’s enterprise risks on an ongoing basis, and further embed the management/monitoring of these risks into each impacted business unit and the relevant governance meetings and committees.
16
Key Risk Indicators
Reportable metrics (e.g., late/amended/cancelled deal entry data, trends)
Risk indicators, not performance indicators
Forward-looking but not predictive
Thresholds need to be established
Support qualitative risk assessments and align to areas of risk (related to processes, people, systems)
Highlight areas of growing concern to management
One KRI alone may not trigger a concern, but a combination of KRI signals may (e.g., new activity growth coupled with high staff turnover in key areas could be a sign of workload pressure due to resource constraints)
Process Reviews – Strategic and Tactical
17
Periodic, risk-based reviews of critical business activities with the objective of decomposing a given activity into its constituent operational risk elements (people, processes, systems and external events).
Once this activity decomposition is completed, the inventory of controls deployed to manage the operational risk elements is compiled.
The relative effectiveness of each control is assessed, and an overall gap profile is developed.
Alternatives to closing each gap with business impact profiles are reviewed, and the alternative which reduces the residual operational risk exposure below the acceptable threshold is implemented.
18
Enterprise risks confronting the industry
Strategic
Operational
Regulatory
Insurable
Financial (market and credit)
Environmental
Strategic risk
19
The risk associated with future business plans and strategies, including plans for entering new business lines, expanding existing services through mergers and acquisitions, enhancing infrastructure, etc.
Examples1. E&P firms are confronted with increased operating costs and higher operational risk
profiles to extract reserves due to the relative inaccessibility of marginal supply (e.g., Canadian Oil Sands, Deepwater, Arctic).
2. All energy firms are confronted with potential lower margins due to increasing trends in operating costs (e.g., technology, taxes, labor).
3. Any firm that is an end-user of commodity products is confronted with increased feedstock costs when supply shocks occur due to political and civil unrest in resource-rich countries (e.g., Middle East), or disruptions caused by terrorist attacks on transportation infrastructure, etc.
4. Electric utilities are confronted with the potential loss of revenue from industrial and retail customers due to technological advancements allowing the deployment of more cost effective distributed generation (e.g., small industrial firm installs an onsite natural gas generator).
Operational risk
20
The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
Examples
1. Energy firms are confronted with:
A decreased range of investment opportunities and ability to compete in the market for profitable projects due to declines in the number of students majoring in engineering, mathematics, and the hard sciences. Also, the imminent retirement of experienced engineers and other professionals over the next 5-10 years without suitably trained replacements.
Potential legal fines and data management/data remediation costs resulting from increased frequency of security breaches and cyber threats.
Potentially increased disability and workers compensation claims due to improperly designed workstations and inadequate control-of-work procedures.
2. Pipelines companies, electric utilities, and nuclear plant owners are confronted with increased maintenance costs and increased likelihood of catastrophic failure due to the aging of the energy infrastructure in the U.S.
Regulatory risk
21
The risk that a change in laws and regulations will materially impact a security, business, sector or market. A change in laws or regulations made by the government or a regulatory body can increase the costs of operating a business, reduce the attractiveness of investment and/or change the competitive landscape.
Examples
1. All firms in the energy supply chain are confronted with a reduced commercial opportunity set due to uncertainty in the direction of U.S. energy policy.
2. Exploration and Production firms are confronted with increased operating costs and potential legal fines due to more stringent regulation imposed on natural gas fracturing activities.
3. Trading firms are confronted with increased technology and labor costs to assure compliance with Dodd-Frank and related regulation that impact trading firms.
Insurable risk
22
A risk that meets the ideal criteria for efficient insurance. The concept underlies nearly all insurance decisions. To be insurable, several things must be true:
The insurer must be able to charge a premium high enough to cover not only claims expenses, but also to cover the insurer's expenses. In other words, the risk cannot be catastrophic, or so large that no insurer could hope to pay for the loss.
The nature of the loss must be definite and financially measurable. That is, there should not be room for argument as to whether or not payment is due, nor as to what amount the payment should be.
The loss should be random in nature, else the insured may engage in adverse selection (anti-selection).
Examples
1. An electric utility suffers a loss of revenue due to a flood knocking out several generators at a power plant (business interruption).
2. A manufacturer of electric turbines has to pay product liability claims when several of its turbines fail to operate within specified parameters due to metal fatigue.
3. A refiner suffers property damage and loss of revenue when a hurricane knocks one of its plant out of commission for several weeks.
Financial risk: Market
23
The risk that the value of a portfolio, either an investment portfolio or a trading portfolio,will decrease due to the change in value of the market risk factors. The four standard market riskfactors are stock prices, interest rates, foreign exchange rates, and commodity prices.
Examples
1. Refiners are confronted with increased feedstock costs and less cash flow certainty due to increased price levels and volatility in crude oil supplies.
2. Retailers are confronted with increased delivered prices of consumer goods due to the increased price of gasoline and other refined products that are used as transportation fuels.
3. Any energy firm that makes use of floating-rate debt financing is confronted with increased interest service costs and less cash flow certainty in an increasing interest environment.
Financial risk: Credit
24
The risk of loss when a counterparty fails to meet a payment obligation, or the risk associated with any single exposure or group of exposures with the potential to produce large enough losses to threaten the firm’s operations, or the risk of loss arising when a sovereign state freezes foreign currency payments (transfer/conversion risk), or when it defaults on its obligations (sovereign risk).
Examples
1. A trading firm suffers the loss of outstanding A/R amounts and unrealized forward MTM when a counterparty defaults.
2. A pension plan suffers a loss on capital invested in bonds issued by a solar panel manufacturer when that firm becomes insolvent.
3. An airline suffers a loss of unrealized forward MTM when an OTC counterparty with whom it had financial hedges against increasing jet fuel prices defaults.
Environmental risk
25
A variety of risks resulting from an organization’s activities, including release of toxic materials and other waste products into the environment, resource depletion, and adverse impact on the climate.
Examples
1. Electric utilities are confronted with lower expected returns and higher CAPEX costs due to caps on Greenhouse Gas emissions (GHG).
2. Refiners and nuclear plant owners are confronted with remediation and clean-up costs when closing or selling technologically obsolete assets.
3. Nuclear plant owners are confronted with catastrophic failure of spent fuel rod containment facilities and subsequent release of radioactivity into the atmosphere due to natural disasters.