RISK MANAGEMENT

FRAMEWORKS &
OPERATIONAL RISK
MANAGEMENT
Mario A. Mosse
PRMIA Operational Risk Certificate Webinar Series
Session 1 – February 11, 2016
 2

Note
This Presentation is based on The Professional Risk
Managers’ International Association (PRMIA) Handbook
“Risk Management Frameworks and Operational Risk
Management.”
It is comprised of excerpts from all the chapters of the
handbook edited by Jonathan Howitt, and authored by
William Maison (Chapter 1), Michael Mainelli (Chapter
2), David Coleman (Chapter 3), Penny Cagan
(Chapter 4), Julian Fisher and Jonathan Howitt
(Chapter 5), and Barham Mizair and Mikhail Marakov
(Chapters 6 and 7.)
 3

Operational Risk Manager (ORM) Certificate

• What is the ORM Certificate
• Attaining the ORM Certificate
• ORM Exam Preparation Resources
• Fees and Registration
• Frequently Asked Questions
 4

Webinar Series Agenda

Part One: Implementing an Effective Risk Framework
1. Foreword
1. Regulatory Context Since 2008
2. Embedding Risk Best Practices
2. Risk Governance
1. Governance
2. People/Roles and Responsibilities
3. Process
4. Result
5. Horizons of Risk Governance
3. The Risk Management Framework
1. Risk Capacity
2. Risk Appetite
3. Risk Policy
4. Risk Pricing
5. Risk Culture
 5

Agenda
Part 2: Operational Risk
4. Risk Assessment
1. Risk Assessment
2. Risk Scenarios (Top Down)
3. Process Models (Bottom up)
4. Operational Risk Issues
5. Additional Risk Assessment Topics
5. Risk Information
1. Introduction
2. Risk Appetite
3. Loss Data and Investigations
4. Key Risk Indicators (KRIs)
5. Toolsets and Reporting
 6

Agenda
Operational Risk (cont.)
6. Risk Modelling
1. From Basic to Advance Approach
2. Operational Risk Data
3. Frequency and Severity
4. Scenario Based Models
5. Combining Approaches
6. Capital Allocation
7. Insurance Mitigation
1. Risk Taxonomy and Mapping
2. Qualification Criteria of Insurance Mitigation
3. Calculation of Capital Relief
IMPLEMENTING AN EFFECTIVE
RISK FRAMEWORK
1. FOREWORD
 9

1. Regulatory Context Since 2008

• During the twenty year period of almost unparalleled
economic growth which preceded 2008, hundreds of
millions of people around the globe were lifted out of
absolute poverty.
• However, many average earners were weighed down by a
debt burden which had grown disproportionately relative
to both overall economic growth and median incomes in
many Western countries. Debts started to sour and as this
happened, confidence failed and, as confidence failed,
markets failed.
 10

1. Regulatory Context Since 2008

• Over the past few years the Basel Committee has
produced not just the Basel III capital rules for banks, but
also, in September 2012, the heavily revised Core
Principles for Effective Banking Supervision. The
International Organization of Securities Commissions
produced its revised Objectives and Principles of
Securities Regulation in September 2011 while the
International Association of Insurance Supervisors
produced the revised insurance core principles one month
later. Not to be left out, the Financial Action Task Force
produced its revised International Standards on
Combating Money Laundering and the Financing of
Terrorism & Proliferation in February 2012.
 11

1. Regulatory Context Since 2008

Bank for Financial
International Stability Board
Settlements (FSB)
(BIS)

Basel Committee International International

on Banking Association of Association of
Supervision Insurance Deposit Insurers
(BCBS) Supervisors (IAIS) (IADI)

Joint Forum

International
Association of
Securities
Commissions (IOSCO)
 12

2. Embedding Risk Best Practices

• How to operate a risk system or framework
• How to fit strategy, business models and organizational
elements into this framework
• The value of good governance, reporting and controls
2. RISK GOVERNANCE
 14

1. Governing and Governance

• Governance is a structure specifying the policies,
principles, and procedures for making decisions about
corporate direction
• Risk Governance and Strategic Planning
• Risk Governance Principles
 15

1. Governing and Governance

Origins of Corporate Governance:
• 1992 Cadbury Report – “The Financial Aspects of Corporate
Governance: Final Report”
• 1995 Greenbury Report, “Directors' Remuneration: Report of a
Study Group Chaired by Sir Richard Greenbury”
• 1998 Hampel Report – “Committee on Corporate Governance”
that initiated The Combined Code
• 1999 Turnbull Report – “Internal Control: Guidance for
Directors on the Combined Code”
• 2001 Myners Report - “Institutional Investment In The United
Kingdom: A Review On Institutional Investors”
• 2003 Higgs Report – “Review Of The Role And Effectiveness
Of Non-Executive Directors”
• 2009 Walker Review - “A Review Of Corporate Governance In
UK Banks And Other Financial Industry Entities”
 16

1. Governing and Governance

OECD Principles of Corporate Governance:
• Ensuring the Basis for an Effective Corporate Governance
Framework - The corporate governance framework should
promote transparent and efficient markets, be consistent with
the rule of law and clearly articulate the division of
responsibilities among different supervisory, regulatory and
enforcement authorities.
• The Rights of Shareholders and Key Ownership Functions -
The corporate governance framework should protect and
facilitate the exercise of shareholders’ rights.
• The Equitable Treatment of Shareholders - The corporate
governance framework should ensure the equitable treatment
of all shareholders, including minority and foreign shareholders.
All shareholders should have the opportunity to obtain effective
redress for violation of their rights.
 17

1. Governing and Governance

OECD Principles of Corporate Governance (cont.):
• The Role of Stakeholders in Corporate Governance - The
corporate governance framework should recognize the rights of
stakeholders established by law or through mutual agreements
and encourage active co-operation between corporations and
stakeholders in creating wealth, jobs, and the sustainability of
financially sound enterprises.
• Disclosure and Transparency - The corporate governance
framework should ensure that timely and accurate disclosure is
made on all material matters regarding the corporation,
including the financial situation, performance, ownership, and
governance of the company.
• The Responsibilities of the Board - The corporate governance
framework should ensure the strategic guidance of the
company, the effective monitoring of management by the
board, and the board’s accountability to the company and the
shareholders.”
 18

1. Governing and Governance

• Historically, corporate governance has been about codes of
practice. Enforcement has been that of persuasion, or requiring
“comply or explain” approaches to disclosure of compliance.
One clear trend is that governance requirements are being
incorporated in legislation and regulation, particularly for
financial firms.
• Responding to scandals and failures in finance, there have
been a number of USA initiatives. Most notable is the
Sarbanes-Oxley Act of 2002, informally referred to as Sarbox
or Sox, an attempt by the federal government in the United
States to legislate several of the principles recommended in the
UK and OECD reports in the wake of a host of auditing failures
during the dot.bomb boom and Enron scandal.
• Reacting to the financial crises since 2007, the Dodd-Frank
Wall Street Reform and Consumer Protection Act was signed in
2010, bringing in a host of regulations for financial firms.
 19

1. Governing and Governance

Additionally, a number of auditable standards contain strong
elements of risk governance and guidance:
• AS 3806 – compliance systems
• BS 10500 - anti-bribery management system
• BS 8453 - compliance framework for regulated financial services firm
• BS 8477 - customer service
• IFRS – accounting standards
• ISO 10002 - guidelines for complaints handling
• ISO 14000 - environmental management systems
• ISO 22222 – personal financial planners
• ISO 22301- business continuity management
• ISO 27000 – information security systems
• ISO 31000 - international risk management standard
• ISO 9001 - quality management systems
• SAS 70 – auditing of financial controls
• SWIFT – numerous information transmission standards
 20

Questions & Answers

Mario A. Mosse
MMosse Consulting, LLC
mmosse@aol.com

The Professional Risk Managers’ International Association

(PRMIA)
www.prmia.org