PUBLIC
1
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the 5th Middle East Business & IT Resilience Summit
20 – 21 April 2016 – Palace Hotel DownTown Dubai
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033 Fax: ++91 11 41055535
Email: [email protected]
Continuity and Resilience
P. O. Box 127557 Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530 Tel: +971 2 8152831 Fax: +971 2 8152888
Email: [email protected]
Please write to us if you would like to get in touch with the Speaker
PUBLIC
5th Middle East Business and IT Resilience Summit, Dubai, UAE
Integration of ERM and BCM as an independent function
for an enhanced organisational resilience
Affeiz Bin Abdul Razak MBCI (UK), CFSA (US), CMIIA, CBCI (UK), BBA
Chief Risk Officer and General Manager, ERM Division
21 April 2016
2
PUBLIC
Contents
Introduction
The objective
The integration of ERM and BCM
The independent ERM and BCM function
Benefits and limitations
Some lessons learnt Key takeaways
PUBLIC
About PIDM: The Establishment
A statutory body established under the Malaysia Deposit Insurance Corporation Act
Established in September 2005 to administer the national deposit insurance system aimed at protecting depositors
Beginning 31 December 2010, PIDM’s mandate has been expanded by Parliament to administer TIPS
Complements prudential regulatory and supervisory role of Bank Negara Malaysia (BNM) by providing safety net for depositors and insurance policy owners
4
PUBLIC
PIDM’s Mandate
* In achieving these, PIDM shall act in a manner to Minimise Costs to the Financial System
Administer the deposit insurance system
and TIPS
Provide protection for depositors, and takaful certificate and insurance policy owners against
the loss of their deposits and takaful and insurance benefits in the event of a member
institution (MI) failure *
Provide incentives for sound risk management in the financial system
Vision of PIDM: Best practice financial
consumer protection authority
Tagline of PIDM: Protecting Your Insurance and
Deposits in Malaysia
Promotes
stability of the
financial system
5
Promote or contribute to the stability of the financial system *
PUBLIC
Governance of PIDM • A statutory body that reports to
Parliament through Minister of Finance
• Board of Directors structure – Chairman appointed by Minister of Finance – Governor of BNM (ex officio) – Secretary General of Treasury (ex officio) – 6 other members from the public and
private sectors appointed by Minister of Finance
• CEO – Appointed by Minister of Finance on the recommendation of the Board of Directors
6
PIDM reports to the
Parliament through
Minister of Finance
Parliament of Malaysia
6
PUBLIC
The Objective
Sharing real life Malaysian experiences where ERM and BCM are integrated as a single independent
function within an organisation.
PUBLIC
ERM +
BCM
Business Continuity Management
The Integration of ERM and BCM
ISO31000: 2009 Risk
Management – Practices and
Guidelines
Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM Framework - 2004
PUBLIC
Board of Directors
Internal Audit Function
Board Audit Committee
Integrated ERM and BCM Function*
Management ERM & BCM Committee
Risk Management & BCM
Working Group
Department 1
* The Head of Integrated ERM and BCM reports functionally to the Board via the AC and administratively to the CEO.
Department 2
Department 3
Department 4
Department 5
Board Risk Management
Committee
The Independent ERM and BCM Structure
PUBLIC
Pre-requisites for Integration and Independence
Pre-requisites of an effective independent ERM and BCM function in an organisation: Integrated ERM and BCM Charter
Strong knowledge of both Risk Management and BCM
Unbiased support from the Board and Management
Role as risk owners and BCM process owners
PUBLIC
Comparison of Traditional and Independent Roles
11
Parties / Reporting line
Traditional Roles (Non – Independent )
Independent Roles
Board of Directors Ultimate owners of risk Ultimate owners of risk
Board Audit Committee (AC) / Board Risk Management Committee (BRMC)
Assist the board to provide oversight on the risk management and BCM
Assist the board to provide oversight on the risk management and BCM
Management Day-to-day management of risk activities and BCM
Day-to-day management of risk activities and BCM
ERM and BCM Functions Part of management functions
Independent from executive functions and do not have any management or financial responsibility functions
Reporting CFO / CEO Administratively to the CEO Functionally to the Board via AC / BRMC
PUBLIC
Benefits and Limitations
Benefits Limitations
Independent assurance Encounter culture shock, resistance and lack of coordination at the initial stage
Advisory and consultant A challenge to recruit - disciplines/ professionals on both ERM and BCM
Streamline the work in ERM and BCM
PUBLIC
Some Lessons Learnt
Full support
Time saving
Access to Board of Directors
No duplication
Consistent terminology
BIA easier to be understood - Risk Parameter
A standardised Risk Map
Risk Treatments simultaneously for ERM and BCM
ERM Risk Action Plans for recovering critical business functions
Enhance the readiness for the BCM Exercise
BCM Exercise tests the effectiveness of both BCM and ERM Risk Action Plans
PUBLIC
Key Takeaways
Compare the lessons learnt from the Malaysian experience
Evaluate the importance of having an independent ERM and BCM Function for your respective organisations
Select the best reporting structure and roles of the ERM and BCM to create value
PUBLIC
Roles of PIDM as part of the Financial Safety Net Players
Commercial
Banks
15
1. Affin Islamic Bank Berhad
2. Alliance Islamic Bank Berhad
3. Al-Rajhi Banking and Investment Corporation (Malaysia) Berhad
4. AmIslamic Bank Berhad
5. Asian Finance Bank Berhad
6. Bank Islam Malaysia Berhad
7. Bank Muamalat Malaysia Berhad
8. CIMB Islamic Bank Berhad
9. EONCAP Islamic Bank Berhad
10. Hong Leong Islamic Bank Berhad
11. HSBC Amanah Malaysia Berhad
12. Kuwait Finance House (M) Berhad
13. Maybank Islamic Berhad
14. OCBC Al-Amin Bank Berhad
15. Public Islamic Bank Berhad
16. RHB Islamic Bank Berhad
17. Standard Chartered Saadiq Berhad
Islamic
Banks
Insurance
Companies
1. AIA AFG Takaful Berhad
2. CIMB Aviva Takaful Berhad
3. Etiqa Takaful Berhad
4. Great Eastern Takaful Sdn. Bhd.
5. Hong Leong Tokio Marine Takaful Berhad
6. HSBC Amanah Takaful (Malaysia) Sdn. Bhd.
7. MAA Takaful Berhad
8. Prudential BSN Takaful Berhad
9. Syarikat Takaful Malaysia Berhad
10. Takaful Ikhlas Sdn. Bhd.
Takaful
Operators
15
PUBLIC
Viable MIs
Triggers for intervention Intervention and Failure Resolution Actions by MDIC D
PIDM’s Activities
Legend
PIDM’s Risk Categories
PIDM’s Intervention
Stages
PIDM’s Intervention
and Failure Resolution
Actions
Our continual Risk Assessment System and Early Intervention
& Failure Resolution Non-Viability Notice by BNM
Non-Viable MIs
Failure Resolutions: •Restructuring •Agency Arrangement •Purchase & Assumption
Interventions:
MDIC Intervention and Failure Resolution Actions
•Due Diligence •Preparatory Examination
•Financial Assistance •Asset Carve-Out
•Bridge Institution
Mechanisms: •Assumption of Control •Receivership
Special Mention
Early Warning
Viability Risk
Resolution Going
Concern Early
Warning Viability Risk Resolution
Low Risk Moderate
Risk
Above Average
Risk
Watch List
•Closure & Liquidation
Early Intervention Trigger
D
Regular Risk Assessment & Monitoring
Differential Premium System and Premium Surcharge
Supervisory Oversights and Actions by BNM
16
PUBLIC
1. Identify Risk
2. Assess and Analyze the Risk
3. Evaluate and Treat the Risk
4. Monitor and Review the Risk
5. Report and Communicate Risk
Establish External & Internal Context
ERM Risk Assessment Framework PIDM’s Mandates and Objectives
ERM – identify what will impact the achievement of our objectives
a. Identify Risk
b. Assess and
Analyse the Risk
c. Evaluate and Treat
the Risk
e. Report and
Communicate Risk
d. Monitor and
Review the Risk
Australian/ New Zealand Standard for Risk Management
COSO ERM
ISO 31000 Risk Management
17
PUBLIC
18
ERM Process in PIDM
2. Corporate and Divisional Risk Assessment
4. Follow-up on the Implementation of Risk Action Plans
5. Monitor the Effectiveness of Risk Action Plans Implemented and Reassess the Impact on Risk Rating
1. Establish the Context (Objectives; Risk Impact; and Risk Appetite/ Tolerance)
3. Risk Treatment Option Selection and Preliminary Risk Action Plans Preparation
PIDM
PUBLIC
ERM Policy, Procedures, and Board Risk Policies & Reports
Board Risk Policy 1.0 Definition 2.0 Policy 2.1 Board of Directors’
Oversight 2.2 Board’s Expectations 3.0 Risk Policy Review
Board Risk Report 1.0 Definition 2.0 Risk Owner 3.0 Background of the Risk 4.0 Current Internal
Controls, Practices, and Oversight Over Risk Exposure
5.0 Overall Assessment of
the Risk
ERM Policy Statement
ERM Charter
ERM Procedures
Board Risk Policies and Reports: Strategic and Governance Risk Insurance Powers Risk Assessment and Monitoring Risk Intervention & Failure Resolution Risk Reputation Risk Market Risk Liquidity Risk Operational Risk
Corporate-wide Board Risk Report ERM Annual Risk Assessment Report
19
PUBLIC
Affeiz Bin Abdul Razak Chief Risk Officer and General Manager
Enterprise Risk Management Division Perbadanan Insurans Deposit Malaysia
(Malaysia Deposit Insurance Corporation)
THANK YOU
PUBLIC
21
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the 5th Middle East Business & IT Resilience Summit
20 – 21 April 2016 – Palace Hotel DownTown Dubai
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033 Fax: ++91 11 41055535
Email: [email protected]
Continuity and Resilience
P. O. Box 127557 Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530 Tel: +971 2 8152831 Fax: +971 2 8152888
Email: [email protected]
Please write to us if you would like to get in touch with the Speaker