Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Click here to view a
recording of this webinar
CREDIT UNION LEADERSHIP:
RISK GOVERNANCE
Steven Houle, CFA, FRM Vice President, Advisory Services
Traditional Perspective
•
•
•
More Recent Perspective
Exposing to danger or hazard
Probability of an event happening with the impact of that event
Risk management becomes an area of focus during or just after a crisis
•
•
•
Emphasis on the upside potential as well as downside risks
Where there is upside, there is downside, and the opposite is true
Risk should be actively managed in good times and in bad times
2
1
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Risk is not necessarily a negative term. In the financial world, it is a necessity. NCUA does not seek to eliminate risk in credit unions; rather, we want to ensure risks are managed at appropriate levels, given the structure and net worth of the institution.
Letter NO.: 02‐FCU‐09
3
Corporate Governance
•
•
•
Risk Governance
Structures and processes for the direction and control of a company
Concerns with the relationship between management, board of directors, shareholders and stakeholders
Contributes to sustainable economic development by enhancing the performance of companies
•
•
•
Relatively new term
The ways in which directors authorize, optimize and monitor risk taking in an organization
Provides clearly defined accountability, authority and communication/reporting mechanisms
4
2
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
• A list of risks or group of risks the credit union is potentially exposed to
• Don’t assume awareness, be clear and explicit about the risks you face
5
1. Financial Risk
3. Strategic Risk
• Credit • Interest rate • Liquidity • Reputational • Demographic and social trends • Regulatory and political 2. Operational Risk
4. Hazard Risk
• Business operations • Information technology • Property damage • Theft or personal injury 6
3
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Risk governance is a new term & concept that focuses on authorizing, optimizing and monitoring risk taking in an organization?
• True
•
False
7
• Spurs value‐added dialog.
• Enables an organization to capitalize on opportunities.
8
4
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Leading Challenges Identified By…
Management
Directors
Director/Management “overload” and competing priorities
2
1
Risk information is not linked to the organization’s strategic and operational objectives
4
4
An unclear understanding of goals of risk management process and structure
1
6
Poorly defined board risk reporting requirements
2
5
Risk information is not linked to causes of earnings volatility
5
2
Lack of clear ownership and organizational leadership for risk management
7
2
Insufficient organizational capacity to identify and assess risk
5
7
Source: Oliver Wyman
9
The four essentials for effective risk communication between board and senior management are: •
Defined risk governance roles
•
Shared view of risk
•
Concise risk appetite statements
•
Focused risk reporting and dialogue
10
5
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Which of the following is not a requirement for effective risk communication between board and senior management?
• Shared view of risk
•
Defined governance roles
•
Weekly dialog •
Focused reporting
11
Who needs to know what, and when do they need to act?
12
6
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Board
•
Senior Management
•
Provides oversight and ensures management identifies, assesses and responds to risk.
Develops and executes activities including managing enterprise risk.
13
Responsible for general direction and control
Carry out duties in good faith
Administer fairly and impartially
Working familiarity with finance and accounting practices
Must direct the operation with conformity
May rely on information prepared by employees or consultants.
Source: NCUA
14
7
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
•
There is no one “right” model.
•
Models range from highly centralized to decentralized.
•
Models should be based on the complexity of the business structure and the uniqueness of the business units.
•
Objective is to better integrate risk and strategy discussions and increase clarity around risk.
15
Board
Audit/Risk Committee
CEO, CFO or CRO
Functions…
•
CEO, CFO or CRO develops risk management framework and guidelines.
•
Applied by functions and business units.
•
Good mix of harmonization and use of local risk insight.
•
May be pushed to the “back burner” as significant coordination is required by one individual. Business unit…
16
8
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Board and management must have a shared understanding of risk. This can be defined as factors that: • Generate earnings volatility
• Create changes in growth expectations or earnings • Affect the valuation of the institution
17
Four ways to treat risk:
1. Avoidance – don’t do it
2. Transfer (hedge) – pass it along 3. Retention ‐ keep
4. Reduction – reduce or diversify 18
9
Risk Governance – How to Achieve Effective Risk Taking
Qualitative vs Quantitative
April 14, 2016
• A risk appetite statement should explicitly note the level and nature of risk that a credit union is willing and able to take in order to pursue its mission.
• It should include a mixture of qualitative and quantitative statements.
19
Overview of Considerations Affecting Risk Appetite
Existing Risk Profile
The current level and distribution of risks across the entity and across various risk categories
Risk Capacity
The amount of risk that the entity is able to support in pursuit of its objectives
Risk Tolerance
Acceptable level of variation an entity is willing to accept regarding the pursuit of its objectives
Attitude Towards Risk
The attitude towards growth, risk and return
Determination of Risk Appetite
20
10
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Links to Objectives
Operations and Decisions
Facilitates Risk Monitoring People, Process, Structure
Time Frames
Risk Appetite
Facilitates Alignment
State with Enough Precision
Determines Tolerances
Communicate, Monitor, Adjust
Specific Objectives
21
Amount vs Boundaries
• Risk appetite sets the amount of risk an organization is willing to seek.
• Risk tolerance sets the boundaries for which an organization is not prepared to exceed in pursuit of its long‐term objectives.
22
11
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Risk Appetite
•
Risk Tolerance
The credit union has a low risk appetite related to interest rate risk, but is willing to seek higher levels of credit risk within its loan portfolio as long as a higher net yield is achieved.
•
The credit union does not want its NEV calculation to exceed ‐
12% in a rising 300 bps scenario, but will accept 1.00% charge‐
offs as long as its net loan yield is 75 bps above peer.
23
Risk appetite has five key principles:
1.
2.
3.
4.
5.
Guidepost in strategy setting
Guides resource allocations Aligns organization, people, processes and infrastructure Reflects the entity’s risk management philosophy
Is considered in strategy setting so strategy and risk align 24
12
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Which of the following is not a consideration for determining a credit union’s risk appetite?
• Existing risk profile
•
Risk capacity
•
Competitor’s strategy •
Attitude towards risk
25
It’s not simply “paperwork” BUT information that supports effective dialogue!
26
13
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Addresses Key Risks • Addresses key risks and aligns information with directors’ risk oversight responsibilities.
Aligns Information
• Information should link with policies and tolerances and historical and forward looking trends. Evolves with Pace and Severity • Should be consistent but updated at a frequency consistent with the pace of risk evolution and severity of risk. 27
Here to Stay • Risk management is only going to be increasing in the future.
Outperform
• Good risk communication will help you outperform your competition.
28
14
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
Risk appetite and tolerance are different as one focuses on the amount of risk and the other on boundaries of risk?
• True
•
False
29
Steven Houle, CFA, FRM
VP Advisory Services
800.442.6427
[email protected]
30
15
Risk Governance – How to Achieve Effective Risk Taking
April 14, 2016
• Risk Taking: A Corporate Governance Perspective
International Finance Corporation
• Understanding and Communicating Risk Appetite
Dr. Larry Rittenberg and Frank Martens
• Risk Communication – Aligning the Board and C‐Suite
Lucy Nottingham
31
16