Upload
api-3717615
View
428
Download
1
Embed Size (px)
Citation preview
Risk Management
Calendar Program for FY2006/07
VRBM Part II
Building the Risk Adjusted Capital Model
2
Risk Management Mission & Goal
MISSION
To apply a consistent, best practise framework for the management of risk group wide.
STRATEGY
To instill risk management awareness through continuous learning
To facilitate integration of risk management culture and process into the business operations
To facilitate the learning process with the aim of building risk management capability group wide
To inculcate the ownership and accountability for both risks and controls
To integrate “risk return consideration” into business decisions
GOALS
•To avoid value destruction & reduce threats to value creation
•To improve chances of meeting an objective
•To maximize value creation opportunities.
3
Risk Adjusted Capital Model-Economic Capital
IntroductionTo VRBM
PART I
FRM
Investment Mandate/ALM
IRM
Cost of Capital
Product Guidelines
Embedded Value
ORM- Foundation
Self Risk Assessment (RCSA)
KRI Reporting
Loss data collection (IMDC)
BCP
PART II
FRM
Financial Modeling & Scenario
KRI linkage
IRM
Cost of Capital by business line (CoC)
Risk Based Capital (RBC)
Risk Adjusted Return on Capital (RAROC)
KRI linkage
ORM
OP risk analytics, OpVaR ,ORM capital charge, MIS, Risk adjusted performance
Basic Measurements to
Advanced Measurements
4
VALUE & RISK BASED MANAGEMENT (VRBM-PART 1)
Shareholder
Invested capital
Free Surplus
Tied surplus
ALM
ACTIVA
LIABILITIES
"RISKSLIABILITIES"
ASSETS
"RISKSASSETS"
FREECASH FLOW
LM
AM
EVAR R
BC
Cost of capital
FREE CASH FLOW
P&L*
RM
RAROC
EV
BasicComponentsVRBM
5
VALUE & RISK BASED MANAGEMENT (VRBM)
MIS, Risk AdjustedPerformance Management
KRI Linkages and Integration
IRM Phase IIRBC, RAROC
Risk SelfAssessment (RSA)
2003 20052004
Policies, Procedures Guidelines, Operating Structure, Communication, Harmonization
Gap Analysis, Foundation, Governance Structure, Awareness, Capacity
FRM Phase IIFinancial Modeling & Scenarios
FRM Phase I Investment Mandates & ALCO
Integrated Group-wideORM Solutions Project
BRCP, BCP, Compliance,Group-wide ORM, Basel II ORM Programme
ORM Blueprint & Foundation
IRM Phase I Product Guidelines, Cost of Capital, Embedded Value, Actuarial Reporting
KRI Analysis and Reporting
IT Solutions for Loss Data Management
Operational Loss Data Collection & Categorization
Value & Risk Based Management (VRBM) Building Blocks
6
The Risk-Value LinkagesPART 2
Risk, Capital, Risk Adjusted Returns On Capital (RAROC), Value at Risk (VaR) and Value of the business
Risk Adjusted Capital Model-
Economic Capital
Earning at Risk
RAROC
Dividend Policy
Embedded Value
Capital Allocation
Cost of Capital
7
OVERVIEW OF RISK CHARACTERISTICS
Risk Management = Knowledge Management
Shareholder Results = Business Results - Risk Results
Managing Risk = Managing the Business = Managing the Knowledge of the Elements
The better the knowledge, the better the management of risk
8
Highlights of FY2006/07 Program
• Integration/harmonization of risk management framework, governance & practices
• Common risk language for the enlarged group
• Review & standardization of product approval process, investment agreements & portfolio mandates
• ORM Solution rollout (RCSA/scorecard, loss data collection & database/IMDC and KRI)
• RBC rollout (parallel run 2006/07, compliance 2007/08) and RBC workshops
• BCP/CMT/CMST for enlarged Mayban Fortis and Dataran Maybank
• Establishment of Dataran disaster/crisis scenario command & recovery centre
• Live testing of pre-merger MFHB entities’ BCP/CMT/CMST/DRP
• Dashboard of total risk health check
• Embedded Value reporting, analysis and EV workshop
• Risk assessment/due diligence for outsourcing & shared service arrangements
9
FY2006/07 Risk Management
Summarize CalendarFinancial Risk Mgt
No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Financial Risk Management (FRM)
2
Review of Investment Management Guidelines
3 Review of IIM Audit Report
4
Guidelines on Investment Income for Investment Linked Funds
5
Revision of Capital Management guideline
6 Derivatives
7
Adoption of Financial Risk Management framework & guidelines for MNI & TN
8
Revision and harmonisation of Key Risk Indicators (KRI) Report for FRM
9
ALM for MLA, MGAB, MTB, MNI & TN as at 30/06/2006
10 ALM - next steps
11
Briefing on Financial Risk Management framework (with IIM) to IC members
2006 2007
= deliverables
10
FY2006/07 Risk Management Calendar
Insurance Risk Management
No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Insurance Risk Management (IRM)2 RBC Analysis
3 RBC Workshop
4EV for MNI, MLA, TN and MTB (FYE 05/06)
5 EV Reporting for MIG (quarterly)
6 Product Approval Guideline
7 Revision of Cost of Capital Guidelines
8
IRM KRI revision and discussion with Risk Owners & Result Producers
9
Monitoring Of Existing Products Profitability (Life)
2006 2007
= deliverables
11
FY2006/07 Risk Management CalendarRisk Policy and Standard
No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Policy & Standards (P&S)
2Harmonization of MFHB Framework
3 Common Risk Language Booklet
4Risk Management Awareness Program
5 Top KRIs
6Benchmarking and statistical compilation
7Updates of Regulation of BNM, PIAM and LIAM
8 Knowledge Management System
2006 2007
= deliverables
12
FY2006/07 Risk Management Calendar
Operational Risk Management – ORM Solution
No.
Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
1 Operational Risk Management (ORM)2 ORM Solution / OpVantage System - Phase 1 (IMDC)3 ORM Solution / OpVantage System - Phase 2 (RCSA & KRI)
4KRI, LED & Contingent Liability revision, update & assessment
5 Harmonisation & consolidation of existing RCSA & KRIAcross all
entities6 Risk Scorecard Half Yearly Review at Operating Entities MLAB MGAB TN/MTB MNI
7 Post Merger Risk Review (Quarterly)
2006 2007
= deliverables
13
FY2006/07 Risk Management Calendar
Operational Risk Management – Outsourcing & BCP
No. Activity Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun1 Operational Risk Management (ORM)2 Outsourcing
3 Adoption of MF Outsourcing Policy
4 MNIB
5 TN
6
Define scope & reponsibilities on outsourcing with Performance Mgt and Compliance
7 Distribution of OS Risk Survey
8
Quarterly reporting to RMM and RMCmapped to Maybank Group format to focus on:i. Audit Issuesii. Service Performanceiii. Customer Complaintsiv. Disputes vi. Risk Issues
9 ORM - Business Continuity Planning10 BCP Integration 11 Formation of BCP Structure12 Establishment of Dataran BCP CMT13 Establishment of Dataran BCP Secretariat14 Establishment of Dataran CMST15 BCP Test16 IT Disaster Recovery17 IT Disaster Recovery (MF)18 IT Disaster Recovery (Dataran)19 Checklist and Integrated table top testing20 Communication tree testing21 BCP Crisis Simulation at Dataran22 Awareness Program
23 Wallet Card Distribution
24 Talk & Campaign (Quarterly Basis)
25 Digest (Bi-monthly basis)
26 Survey (Half yearly basis)
2006 2007
Completed
= deliverables
14
Risk Management FunctionRoles & Responsibilities
CFO
Head, Risk Management
• Develop and maintain comprehensive risk management policy,
governance, framework and guidelines• Together with operating heads, drive identification,
measurement, mitigation and control of group-wide risks• Facilitate development and improvement of risk management
know-how, tools, methodologies and systems• Independent risk review and assessment on products, projects,
assets, capital, investment and group-wide business activities• Apply global best-practices in the area of risk management• Supervise and develop risk management personnel in line with
immediate objectives and long-term plans
Job:
Identify, measure, mitigate and control group-wide risks to
assure the achievement of goals and objectives through
effective risk management
Role:
Second line of defense, promoting good corporate governance
and providing reasonable assurance on integrity and validity of
risk measurement and reporting
• Independent check-and-balance mechanism• Provide second opinion• Offer perspective on potential downsides• Risk reviewer for business/insurance risk• Central aggregator for financial risk• Frontline and organizational support for operational risk• Make risk a management agenda and risk awareness happen
throughout the organization• Strengthen business cases and plans• Give assurance on the integrity and validity of self-assessment,
measurements and KRIs
15
Success Factors & Qualifiers
Key Success Factors
- Top management ownership and buy-in- Transparency and integrity of data- Consistency of approach throughout Mayban Fortis Group- Capability of the risk management function & systems- Meet (Basel II) AMA Qualifiers (below)
10-Point Basel II AMA (Advanced Measurement Approach) Qualifiers
- Active oversight by the board and senior management- Sound risk management system implemented with integrity- Sufficient resources in major business lines, control and audit- Independent and capable risk management function- Integration of risk measurement into day-to-day risk management- Comprehensive, regular and timely risk reporting- Proper documentation of risk management system and processes- Regular review by internal and external auditors- Validation of risk measurement system by auditors and regulators- Sound AMA standards and risk model
Regulators will accept advanced measurements based on AMA approach only upon meeting the above qualifiers. Although Basel II place the emphasis on Operational Risk, the principle applies equally to other types of risk
16
Proposed StructureCentral Risk Management
CFO
Head, Risk Management
• Develop, implement and maintain comprehensive risk framework, guidelines and programmes
• Drive risk identification, profiling, reporting and mitigation processes• Independent review and assessment of risk control programs at
operating units• Participate in projects requiring risk management review & signoff• Facilitate development and improvement of risk matrices, tools,
methodologies and systems• Acquire/develop and maintain advanced risk measurement
analytics & systems• Risk reporting, analysis and compliance with internal and external
requirements• Program management for VRBM, BCP/CMT and other group-wide
risk initiatives• Secretariat to ALCO, RMM and other risk-related governance and
projects
Insurance Risk Management
Financial Risk Management
Risk Policy& Standards
Embedded Risk Managers/Units
• Policy & procedures on adoption of regulations, standards & best-practices
• Consolidate & integrate reports and returns
• Risk reporting MIS & data integrity
• Risk communication & change management programs
• Effectiveness feedback, surveys & improvements
• Risk benchmarking & knowledge management
• “Educating” the organization on risk management
• Risk management ownership at operating level
• Champion risk management programs at operating level
• KRI development, reporting and management
• Facilitate BCP programme at operating level
• Facilitate RCSA and loss database management and reporting
• Risk officer for respective entity/function
Operational Risk Management
17
Proposed StructureInsurance Risk Management
Embedded Risk Managers/Units
Head, Financial Risk
Management (4)
Head, Operational Risk Management (5)
Head,Risk Policy & Standards (4)
• Risk review of product portfolio• Participate in product development &
review activities• Review business case, profitability &
pricing assumptions• Risk compliance and signoff for new
products/business lines• Review reserve adequacy and
reserving assumptions• Review liability/valuation/modelling
assumptions and ensure compliance with guidelines
• Review capital adequacy/solvency/ embedded value/RBC levels
Head, Insurance Risk Management (3)
Life & Family Takaful Products Non-Life & General Takaful Products Embedded Risk Managers
• Risk review of product portfolio• Participate in product development &
review activities• Review business case, profitability &
pricing assumptions• Risk compliance and signoff for new
products/business lines• Review reserve adequacy and
reserving assumptions• Review liability/valuation/modelling
assumptions and ensure compliance with guidelines
• Review capital adequacy/solvency/ RBC levels
• Participate and coordinate the corresponding activities at the respective units
Head, Risk Management 17 FTEs exc. Administrator, Embedded Units
18
Proposed StructureFinancial Risk Management
Embedded Risk Managers/Units
Head, Financial Risk
Management (4)
Head, Operational Risk Management (5)
Head,Risk Policy & Standards (4)
• Develop asset management risk framework
• Formulate/update investment agreement & mandates
• Develop hedging & derivative framework and procedures
• Carry out portfolio risk-performance analysis
• Financial risk compliance and review of operational procedures & processes
Head, Insurance Risk Management (3)
Asset Management Market Risk Analysis ALM/Financial Modeling Embedded Risk Managers
• Scan global economic outlook and risk factors
• Carry out financial & market risk research
• Analyse market, credit & liquidity risks
• External benchmarking of portfolio performance
• Interface with Group Market and Credit Risk units
• Gather & analyse historical financial data & info and make forward projections
• Carry out cash flow & asset modelling and VaR
• Facilitate/coordinate/review embedded value reporting
• Review/compute capital/ solvency/RBC charges
• Review or perform scenario & stress/sensitivity tests
• Establish risk acceptance limits and mandates based on ALM studies
• CoC/capital charge, RAROC & capital allocation
• Participate and coordinate the corresponding activities at the respective units
Head, Risk Management
19
Proposed StructureOperational Risk Management
Embedded Risk Managers/Units
Head, Financial Risk
Management (4)
Head, Operational Risk Management (5)
Head,Risk Policy & Standards (4)
• Facilitate & coordinate risk profiling/RCSA/scorecard
• Facilitate & coordinate rollout of ORM solutions
• ORM compliance reviews• Continuous review of
procedures and process for risk exposures
• Risk assessment & due diligence for outsourcing
• ORM mitigation, insurance & risk transfer
Head, Insurance Risk Management (3)
Integrated ORM Solutions BCP, Events & Projects (2) ORM Analytics Embedded Risk Managers
• Facilitate and coordinate establishment of BCP/CMT organization
• BCP/CMT secretariat• Coordinate establishment of
disaster recovery program• Organize BCP/CMT periodic
testing & reporting• Review BCP/DRP program
of outsourcing vendors• Implement BCP procedures
for threats & outbreaks
• Loss event data collection, database maintenance and data integrity
• ORM quantification, measurement & analysis
• Review of loss & near miss, trends & benchmarking
• Develop tools and data capture for Op Var analytics
• Develop requirements for advanced measurements and capital charge
• Champion and coordinate corresponding activities at the respective units
Head, Risk Management
20
Proposed StructureRisk Policy & Standards
Embedded Risk Managers
Head, Financial Risk
Management (4)
Head, Operational Risk Management (5)
Head,Risk Policy & Standards (4)
• Coordinate application of standards, best-practices & regulations
• Develop & implement risk language, policy & procedures
• Knowledge management & benchmarking for risk
• Develop & maintain internal risk ratings system
• Coordinate input/feedback for market/industry studies
Head, Insurance Risk Management (3)
Policy, Standards & Regulations
Risk MIS & ReportingProgram/Change
ManagementEmbedded Risk Managers
• Consolidate & integrate risk reporting and follow up on areas of concern
• Review/validate results & responses to low ratings
• Review adequacy of measurement systems & coordinate MIS acquisition
• Ensure integrity of data/ information
• Build risk management information assets
• Facilitate/coordinate risk communication and awareness programs
• Coordinate introduction of new risk procedures
• Conduct periodic surveys to gauge level of effectiveness for improvement
• Administer awareness programs such as whistle blowing, fraud hotline, risk education, etc
• Participate and coordinate the corresponding activities at the respective units
Head, Risk Management
21
Organisation StructureCentral Risk Management
Embedded Risk Managers
Head, Financial Risk Management
Rudie Erman Bahari
Head, Operational Risk
Management Abd Razak Sulaiman
Head,Risk Policy &
StandardsAzlan Md Alifiah
Head, Insurance Risk ManagementNoor Nashriq
Head, Risk ManagementRazin Murat
17 FTEs exc. Administrator, Embedded Units
Life & Family Takaful Products
Vacant
Non-Life & General Takaful Products
Vacant
Market Risk AnalysisVacant
Asset ManagementVacant
ALM/Financial Modeling
Vacant
BCP Events & Projects
Mohd Radzuan
Integrated ORM Solutions
Nik Mazli Mat Dalip
ORM AnalyticsNawal Ishak
BCP Events & ProjectsVacant
Risk MIS & ReportingVacant
Policy, Standards & RegulationsBadrul Izham
Program/Change Management
Vacant
CommercialGhulam Hussein
OperationsMs. Fong
& For Takaful
For Conventional
Insurance
Total Staff Required 17Current Available 10--------------------------------Staff Required 7--------------------------------
AdministratorNoriati
Headcount Assumptions:- Financial Risk Management excludes potential increase in headcount requirement for monitoring and oversight of derivatives trading activities- Operational Risk Management excludes potential increase in headcount requirement for full maintenance of Dataran Maybank Secretariat for BCP and Crisis Management Support
22
END