INTELLIGENT RISK knowledge for the PRMIA community
February 2021 ©2021 - All Rights Reserved Professional Risk Managers’ International Association
PROFESSIONAL RISK MANAGERS’ INTERNATIONAL ASSOCIATION CONTENT EDITORS
INSIDE THIS ISSUE
Steve Lindo
003
Editor introduction
Principal, SRL Advisory Services and Lecturer at Columbia University
005
PRM spotlight - Fatema AlSaad
Dr. David Veen
006
Automation process challenges in a highly regulated environment by Visweash Subramanian & Anthony Harris
012
Managing the COVID created economic crisis: is it different this time? by Rajinder (Raj) Singh
014
Global data standards implementation evoked in the name of better risk management but missing is the voice of the risk management community by Allan Grody
017
Operational resilience and restructuring: a bridge too close? by Thibaud de Barmon
021
Risk leadership: a critical adhesive to risk culture by Katlego Majola
024
The risks of rising rates - by Kishore K. Yalamanchili
027
Risk perspectives on sustainable finance for infrastructure development by Prasanta Kumar Praharaj
030
How do you prepare for a risk that you don’t know? by Alexander Marinov
034
Model risk in financial crime by Steve Lindo, Vesna McCreery & Raj Shah
040
The hazard of nostalgia – risk management after the pandemic - by Cosimo Pacciani
044
PRMIA volunteer profile - Doug Cronk
046
PRMIA 2020 fall events summary
048
Chapter spotlight: PRMIA Ireland
051
Calendar of events
Director, Evaluation Services - IT at Western Governors University
Nagaraja Kumar Deevi Managing Partner | Senior Advisor DEEVI | Advisory | Research Studies Finance | Risk | Regulations | Digital
SPECIAL THANKS Thanks to our sponsors, the exclusive content of Intelligent Risk is freely distributed worldwide. If you would like more information about sponsorship opportunities contact sponsorship@prmia.org.
FIND US ON
prmia.org/irisk
002
@prmia
Intelligent Risk - February 2021
editor introduction
Steve Lindo Editor, PRMIA
Dr. David Veen Editor, PRMIA
Nagaraja Kumar Deevi Editor, PRMIA
The February 2021 issue of Intelligent Risk is quite challenging and unique, compared to the first issue of 2020. Starting from February 2020, communities across the globe, including PRMIA professionals, have been in a continuous struggle with the COVID-19 pandemic. According to recent WHO reports, there have been 2 million deaths out of 94 million confirmed cases of COVID-19, and the numbers are still growing. The impact of COVID-19 is widespread and has disrupted the overall global economy, which has shrunk by more than 5% of GDP, while geopolitical and cyber-risk issues are on the rise. Conversely, there is some good news to celebrate during the crisis, including an acceleration in technology innovation, successful vaccine development, and distribution and completion of the US election process. Against this backdrop, the broad range of articles which PRMIA received from its Sustaining Members for the current issue evidenced a focus on COVID-19 perspectives, including: managing the COVID-created economic crisis, automation process challenges, the hazard of nostalgia, operational resilience and restructuring, the risks of rising rates, and preparing for the unexpected. At the same time, our February selections also cover a variety of other topical subjects such as risk leadership, global data standards, model risk in financial crime, and risk perspectives on sustainable finance for infrastructure development. PRMIA acknowledges and appreciates the valuable contributions from our authors for taking time during these challenging times to share their experiences and thoughts. We thank this issue’s authors for their thoughtful contributions and extend our wishes for all to be cautious and follow all health safety guidelines. We hope that PRMIA’s members will find the articles published in this issue interesting and enjoy reading them as much as we did reviewing and editing them.
Intelligent Risk - February 2021
003
our sponsor
Risk never sleeps. And risk management has never been more crucial than it is in today’s complex, interconnected markets. Market risk, credit and counterparty risk, liquidity or operational risk, and portfolio risk management; whether on the buy side or sell side, firms need a comprehensive solution with broad asset class coverage. Bloomberg enables you to gauge end-of-day and intraday risk levels with precision. Our unrivalled data and analytics confer an edge, and our best-in-class Bloomberg service ensures seamless integration into your firm’s workflows. Learn more
004
Intelligent Risk - February 2021
PRM spotlight - Fatema AlSaad Achieving the Professional Risk Manager (PRM™) Designation from the Professional Risk Managers’ International Association wasn’t on Fatema AlSaad’s list of things to do after achieving her Masters in Risk Management in London. “My previous manager recommended the PRM to me, and I knew I wanted training with more practical application to the risk role, so I decided to look into it.” Like many, Ms. AlSaad didn’t jump into the PRM, but rather began with the Associate PRM certificate first. “The Associate PRM gave me some insight into the PRM and also an idea of what I would learn, so for me it was a great introduction and impetus to enroll in the PRM.” She was surprised that, with dedication, she was able to complete the PRM in half the time. “The most difficult part was balancing workload, family, and studying, but with the support of my family members I was able to set a firm plan and a clear schedule, and I stuck to it.” The completion of the designation has allowed Fatema to accelerate her career. A promotion when she was halfway to completing the exams demonstrated to her that she was on the right path. “While reading the textbooks and articles, I was able to relate to a lot of aspects of my current workplace risk management practices.” It also opened her eyes to other areas of risk that are an interest for the future. “I found I was drawn to Operational Risk and the impact it has. It is not an area of focus in my current role, but I can see the opportunities and challenges it presents, and I see myself moving that way in the future.” “I realized that my degree was the thing that opened a door, but the PRM gives me credibility to demonstrate skills and abilities and achieve more in the industry,” she smiles. With the PRM, she sees the opportunity to grow in her career as she desires.
PRM™ Designation Holder Fatema AlSaad
Intelligent Risk - February 2021
005
automation process challenges in a highly regulated environment
by Visweash Subramanian & Anthony Harris Financial Institutions are aiming to drive transformation across their businesses leveraging digital capabilities such as Robotics Process Automation (RPA), Machine Learning (ML), and Artificial Intelligence (AI). It is no longer a fad to use these terms as cutting-edge transformation levers, given the current healthcare crisis and the projected contraction of global GDP by 7- 9%, signaling the possibility of one of the deepest global recessions in decades raising the need for higher productivity, reduced cost and better security. Automation solutions are gaining in acceptance and prominence, especially in the financial services sector. This is partly due to the cultural shift where “I want it now, anywhere and at any time” has become embedded in our psyche. This created the need for a 24/7 operational model for processes that were never thought to be in-scope, couple that with increased regulations halting the offshoring of some key processes, you can see why automation is the only way to achieve the “now.” There are a number of benefits, such as custom tailored oversight, instantly available reporting, the elimination of human error, such as keyboard input error or mouse mis-clicks, and the leveraging of multiple systems of records to produce a report. However, among stakeholders from executives to process owners, there remains a significant disparity between the Perception of Impact and the Real Impact of these solutions. Perception: “Technology” is a panacea; simply bringing in more tech will provide a magic wand for all problems. Marketing departments have done a superior job of promoting automation platforms as if they have a solution to all the challenges we face currently, and they drive sales by promoting this concept of “technology” as a magic wand to be waved and everything is fixed. This may not be entirely true, given that most out of the box solutions will need moderate to significant customization to fit an organization, which would increase cost and complexity of the process. Point to note: As per platform providers, the Financial Services industry is the biggest market to drive transformation through automation over the next few years. The revenue for service providers is expected to grow by 20% YOY. This in most cases will be achieved by reducing the human element and removing tacit knowledge, automating transactional tasks, and removing vintage technology. This all comes with a cost that will be seen through third-party resources for implementation and maintenance, licensing, patches, and upgrades.
006
Intelligent Risk - February 2021
Reality: Based on industry estimates, over 75% of automation initiatives do not provide the desired results on day 1 and realization of benefits takes almost 3 years1. According to a leading industry analyst, over 65% of CXOs realized that their processes were broken when remote working had begun around March 20202. Testing and oversight should have exposed problems in systems and automation processes long before the systems were stressed in the COVID-generated business continuity environment. However, the unfortunate reality is that, because of several reasons, (such as an overconfidence in technology), many of the largest companies were left scrambling to address broken processes and critical failures. Even in a business as usual environment with no stress placed on the system, the value of technology upgrades is limited in the ability to extract meaningful results or data. Based on a Public Company Governance Survey, nearly 50% of CXOs say that they are not able to make informed decisions using the risk data they receive.
“
“Expectations do not produce the desired results at initial deployment, I thought I was getting a Lamborghini but what I received was a Pinto without an engine”
Is automation really mature in banking and how successful has it been? The maturity of automation in Financial Institutions, including Insurance, is far behind other industries when compared to Consumer Goods, Manufacturing, Automobile, and Healthcare to name a few. Take for instance the advent of self-driving cars or the ability to map a protein strand using AI and 3D printing used in manufacturing. Considering future Regulatory changes, such as the US Financial Stability Oversight Council and its enhanced monitoring, global regulatory & jurisdiction-specific laws, the oversight approach they mandate, and expected regulations such as Fintech, RegTech and InsuranceTech, the approach to transformation needs to be more robust to achieve scale and success at a faster pace. The current approach of “technology first,” coupled with the assumption that technology will instantly provide solutions will increase the inherent risk to an over-reliance on misunderstood technological solutions.
“
Ruminations: Finance and the movement of money is the bloodline for all industries globally. Why does Financial Services lag other industries in automation maturity?
Automation is mature in certain pockets of banking. The advent of Fintechs has changed the game in the payments space, and the rise of technology companies front ending in Consumer Lending has significantly improved the Interaction Layers and Experience for the Consumers. Look no further than Venmo, Zelle, or Apple Card to see the impact technology solutions have. Intelligent Risk - February 2021
007
But, largely across the industry, while the front-end processes are getting slicker, the back end is still largely managed by monolithic technology platforms and processes built on high tacit knowledge and compounding manual workarounds. The below chart shows the concentration of factors that drive the erosion of benefits from automation in the Financial Services industry. Figure 1- Drivers eroding benefits
Source: Industry analyst survey conducted across ~ 50 CXOs.
According to a Risk survey conducted by RSA, over 70% of CXOs believe that the Digital Risk Profile will either somewhat or significantly increase over the next few year.
entry barriers and dependency levers to large scale transformation through automation in financial services Entry barriers that are clearly visible across industries include: The below illustration depicts the Entry barriers.
008
Intelligent Risk - February 2021
1. Disjointed and Low to Moderate Maturity Tech stack: The Financial Services industry goes through phases of organic growth during economic cycles. Large banks and financial institutions have also grown, often times through mergers and acquisitions. When banks have merged or grown, the impulse is generally to amalgamate technology platforms that are dramatically different in composition, intent, and output. This creates a complex pool held together with figurative duct tape, rather than rationalizing the stack to create high-performance technology solutions. 2. Low to moderate process maturity: The rapid-response (E.g.: Agile, Scrum) used to drive technology transformations, which has become the norm in recent years and with 85% of organizations adopting agile3, is probably the leading reason for increase in manual and nonstandard processes in the middle and back office. An average process would comprise about 20-30% manual work-arounds which are neither documented nor standardized.
it’s important to get to the truth of the current state, to effectively transform in the future state
“
“Data will replace cash as King in the near future”
Almost 60-70% of processes in the middle and back office of a bank are performed in a multi-platform manner. For example, an operator receives a case through a workflow, accesses the System of Record to obtain account information, works on an excel worksheet to capture/update financials, and then updates information through a workflow to a System of Record. This is presumed to be the happy path with no variation. Considering the variations in a process and the potential idiosyncrasies of each different person who handles information on the path, one can safely assume that just 30-40% of the processing happens in the Systems of Record or the Workflow. Even when things occur ideally, the best-case is data that is potentially disparate and difficult to manage. Considering data is on track to replace cash as king in the near future there is a need to streamline a process and drive standardization. This requires an understanding of the process at a granular level, understanding every step and sub-step. Currently, the data acquired to analyze the process or measure its performance is so often nothing more than a directional indicator in most scenarios. Where is the truth? Most solutions are constructed upon processes that lack up-to-date documentation, have limited to no standardization, require manual work-arounds, and are owned / performed by individuals that have a high to moderate amount of operational tacit knowledge. Building solutions on technology platforms that are so divergent in composition, intent, and data output is not the path to understanding any underlying truth. Intelligent Risk - February 2021
009
Like the protein strands in a living being, data is the most fundamental and important footprint of any solution. It encourages accurate and holistic processing, provides focus on ensuring documentation is adequate and correct, enables standardization by producing results driven by the desired outcome and comprises the building blocks for a technology solution’s functional and technical requirement. An approach to tie all the process steps at the most granular level as a String of data is where the truth resides. At the end of the day the goal is simply stated - to automate data. Prime examples of this are the moving of a widget or the processing of a transaction. These are examples of data enrichment, movement, and/or decoding. Why not take a data-led and domain-aided approach to increase the success rate of automation in Financial Services.
introduction to the 6th dimension approach The entire universe works on a set of laws that makes every matter within it very intricately connected. Humanity has long endeavored to understand the vastness of our observable Universe by building an understanding of unimaginably small fundamental particles and the way they behave. Our Quantum approach mirrors this methodological framework and aims to build a strategy which understands the process is a subset of the universe and data is the building blocks of the same. The question is, how can we understand the most Lilliputian data in the process to help us develop and transform it. This below approach will help us get to the most granular part of the process and data to help us understand the working of the complex business:
The above approach will help with successful transformation; however, Automation Risk Propensity must be incorporated as a lever to mitigate the risks inherent to automation. 010
Intelligent Risk - February 2021
your opinion matters Should Automation initiatives be led by Risk and Data organizations in Financial Institutions? Should the Technology organization be answerable to the Risk organization for technology risk propensity? Disclaimer: This paper is the personal view of the author(s) and does not reflect or contain data, information, or practices that are bound to their current employer.
references (1) https://www.mckinsey.com/industries/financial-services/our-insights/the-value-of-robotic-process-automation (2) https://go.forrester.com/blogs/covid-19-automation-and-you/ (3) https://www.gartner.com/en/newsroom/press-releases/2019-02-19-gartner-survey-finds-85-percent-of-organizations-favor-a-product • https://research.aimultiple.com/rpa-stats/ • https://go.forrester.com/blogs/category/robotic-process-automation-rpa • https://go.forrester.com/blogs/what-it-means/ep173-scaling-rpa/
authors Visweash Subramanian Robotics and Digital Transformation Leader Vishy is a Banking and Financial Services Transformation expert with over 25 years of Global Banking experience. He has been a Consultant to various Banks globally, supporting their transformation initiatives ranging from Setting up Enterprise Transformation Office, End to End Product Transformation and Strategy design to name a few. His vast experience of working in several strategic initiatives across geographies and business lines has enabled him to devise unique approaches to driving transformation utilizing RPA, AI and ML.
Anthony Harris Business Process Engineer Leader for Corporate Risk Anthony Harris is a Transformation, Strategy, Change-master and consummate leader with more than 16 years’ experience in a variety of industries including the Global Consulting, Banking and Financial Services, GSE’s, Mortgage, Healthcare, Retail, and Technology. He is a Lean Six Sigma Black Belt and SAFe Practitioner and has led large scale Operational excellence improvement programs with some of the largest fortune 500 institutions. His career has focused on the identification and deployment of RPA, AI, and ML capabilities and industry leading methodologies for designing and improving Business Processes. Intelligent Risk - February 2021
011
managing the COVID created economic crisis: is it different this time?
by Rajinder (Raj) Singh Ten months into the economic downturn created by the worldwide pandemic, it is natural to compare with the last global financial crisis (GFC). While both the cause and effects are quite different this time around, there are plenty of clues about how to recover. CROs across the financial services industry were well prepared with a toolkit built during the safe years to respond quickly and effectively in case of an unexpected downturn. This article focuses on the many public-private home retention strategies developed and employed in the aftermath of the GFC. Some of these will need to be recalibrated and deployed to nurse the borrowers and the housing industry back to strength. The 2020-21 economy is indeed exhibiting a K-shaped divergence – elevated levels of unemployment rate in the non-college degree population and people on pandemic assistance programs while home prices keep appreciating throughout the nation. The generous mortgage forbearance (payment deferral) programs are masking the significant percentage of unemployed or under-employed borrowers who are actually delinquent in their mortgage payments and will face serious liquidity problems as these programs expire. The loss mitigation programs needed to deal with this scenario are where there will be similarities with the GFC, albeit the borrowers are in a much better equity position this time around. First, a bit of a recap of U.S. mortgage history. Serious delinquency rates (three or more payments missed) for conventional mortgages peaked at around 7% in 2010. Lax underwriting standards, layered risk products, and significant equity extraction through cash-out refinancings exacerbated the impact of recession. Foreclosure rates peaked at 2.3% around the same time. This translates to approximately 1 in 10 mortgage borrowers either evicted or facing serious consequences during 2008-10. Fast forward to early 2020, this statistic had improved to under 1 in 3000 properties with a serious delinquency or foreclosure filing. It took almost a decade to return to pre-GFC levels. A variety of programs were developed and deployed to get the massive mortgage default problem under control. These programs sought solutions across myriad borrower situations -- borrowers with temporary hardship, permanent job loss, or sharp drop in home value causing negative equity and a disincentive to continue with mortgage payments. Home Affordable Refinance Program (HARP) targeted borrowers who, despite their good payment behavior, were “trapped” in their mortgages. They could not refinance at the prevailing lower interest rates since the drop in home prices made their current loan to value ratios too high, or current credit scores had deteriorated, or current debt-to-income was too high under the new mortgage underwriting standards of the lenders. This program ran for a decade and helped three and a half million borrowers transfer their balances and existing mortgage insurance cover to a new mortgage with lower monthly payments as long as they were current on their existing mortgage for the previous six months and no more than one late payment in the previous twelve months. This program was arguably one of the best home retention initiatives that worked effectively and did not create any moral hazard, since home retention was in the best interest of all stakeholders involved and nobody could game the criteria. 012
Intelligent Risk - February 2021
Home Affordable Modification Program (HAMP) was another very successful home retention initiative where there was active government subsidy to encourage lenders and borrowers to work together. This was targeted towards borrowers who experienced reduction in household income or temporary hardship. The loan was restructured to ensure the new monthly payments were affordable. The program was divided into a trial payments period and permanent loan modification period. The lender/servicer was paid scheduled cash incentives based upon borrower repayments. One and a half million borrowers opted for this program over a decade with more than half of them remaining current on their modified mortgage or having paid off their loan, quite an impressive statistic. Home Affordable Foreclosure Alternatives (HAFA) program was targeted at borrowers who re-defaulted on or did not qualify for HAMP and were willing to settle without the expensive and time-consuming foreclosure process through short sales (selling the house for a lower price than the loan balance) or deeds-in-lieu. Foreclosure is the least desirable outcome for a mortgage; it is in the best interest of the lender, guarantor, and the society to find alternate solutions when borrowers get into financial trouble. It is especially imperative during a recession when you do not want the entire housing industry to endure an avalanche of foreclosures at the same time, creating a downward spiral for home prices. The programs delineated above helped soften an even deeper hit to the housing economy by spreading out the pain over many years and also provided the borrowers the wherewithal through lower monthly payments, etc. to restore their financial health. The cost was shared among the various stakeholders – the government (subsidies for HAMP), mortgage insurers (first loss claim payments), lenders (residual losses), and of course borrowers who lost their homes or significant equity in their homes. The key learning in post-GFC housing recovery is that you need a suite of tools to deal with the various nuances; there is no one-size-fits-all solution. All these solutions require close cooperation and transparency between all the stakeholders: borrower, lender, mortgage insurer, and the regulator.
author Rajinder (Raj) Singh Raj Singh is Chief Risk Officer of Global Mortgage Insurance division of Genworth Financial. He serves as director on the boards of Genworth Australia, India Mortgage Guarantee Corporation (joint venture with National Housing Bank, IFC, and ADB), and Genworth Seguros de Credito a la Vivienda, Mexico. He also serves on the Board of Appalachian Trail Conservancy. Raj has held senior executive roles in the global financial services sector, including Citigroup, GMAC Financial Services, GE Capital), and U.S. Bancorp. He has served on the boards of Genworth Canada and Banco de America Central (BAC) International Bank. Raj holds an MBA in Finance from the University of Rochester’s Simon Business School, an MS in Mechanical and Aerospace Engineering from Rutgers University, and a B.Tech. in Mechanical Engineering from the Indian Institute of Technology Kanpur. Intelligent Risk - February 2021
013
global data standards implementation evoked in the name of better risk management but missing is the voice of the risk management community
by Allan Grody A US regulator, the Commodities Futures Trading Commission, was the first to recognize the impact of non-standard counterparty identification in financial transactions. Lehman’s bankruptcy exposed this regulator’s inability to determine the risk exposures Lehman was progressively incurring. It was an awakening by regulators across the world to the importance of legal entity identity standards in knowing what risks were building up in the 6000 entities that collectively made up Lehman. As more regulators interacted with market participants, it soon became apparent that financial data standards, more broadly, were missing. Only a global data standard’s effort could create the ability to aggregate multi-sourced, multi-identified transactions in order to provide timely regulatory transparency into risk. Errant financial transactions, each containing different identifiers and variably defined data elements, each purporting to be identical which they are not, was at the root of preventing regulators from observing risk. The US congress responded with the Dodd-Frank Financial Reform Act. At the same time as US regulators were identifying these fundamental and long festering data problems, the G-20’s Financial Stability Board was focused on reforms in the global OTC Derivative market. They came to the same conclusions as US regulators concerning the fundamental problem of data quality and lack of global data standards for counterparties and the OTC derivative products they trade in. With the G-20’s interest and the mandate to guide financial stability globally given to the FSB, we now have a set of global data standards for financial market participants and the products and contracts they trade in: the Legal Entity Identifier (LEI); the LEIs hierarchical organizational structures (intermediary and ultimate parent) for each registered LEI; the Unique Transaction Identifier (UTI); the Unique Product Identifier (UPI); the Common Data Elements (CDEs) for OTC derivatives, and the latest, the establishment of the Derivatives Service Bureau to extend the ISIN (International Securities Identification Number) financial instrument identification system from its origins in stocks and bonds to a vast array of derivatives. The consequences of the lack of universal data standards are enormous - huge additional cost and risk brought about by the need to reconcile multiple identifiers across hundreds of trading markets – equities, bonds, futures, option, foreign exchange, commodities, swaps and, most recently, crypto markets. Different identifiers are found in hundreds of payments, clearing and settlement systems; in hundreds of securities depositories; and in hundreds of financial data intermediaries operating with hundreds of data formats and identifiers. 014
Intelligent Risk - February 2021
Add to this the thousands of financial institutions that operate with proprietary business process systems using proprietary data formats and identifiers sent to hundreds of regulators and hundreds of financial market infrastructure operators. Then imagine the high cost, high risk of data mapping exercises that are duplicated across the financial supply chain to reconcile one system’s output to another’s. We and others have estimated this global data duplication cost at $US 250 billion. The LEI’s Regulatory Oversight Committee (ROC), initially established to oversee the LEI implementation, was just appointed as the Governance Body for all FSB initiated standards. The ROC consists of 71 regulators from around the world. Like the FSB they report to, they have no power to regulate, just the global megaphone of the G-20 that the FSB answers to. The ROC is a needed central point for regulators to concentrate efforts so that the promised benefits of better risk management and lower costs from global data standards can actually be achieved. Much has already been achieved - the organization of a global government/private sector partnership, its operating principles and its operating structures are all in place now. The definition at the granular level of these data standards and the operating entities to assign them are also in place. What is needed to accelerate regulators’ ability to achieve more complete and timely risk management and for the financial industry to achieve the promised benefits of lower costs? Perhaps it can be achieved by active participation with the ROC by a significant group that has not yet been heard from on this issue -- the Risk Management trade associations. The ROC has been given oversight of all of the global data standards initiatives fostered by the FSB. The intent is to engage more fully with the US financial industry on a voluntary basis and, more specifically, with large financial entities, many of which are designated as systemically important. Financial institutions will be asked to use their own Know Your Customer (KYC) validation routines to perform the validation functions for the LEI. It is hoped that by getting the larger, global systemically important financial institutions (G-SIFIs) to voluntarily adopt the LEI and other FSB inspired data standards, this will showcase significant cost savings for them. It should also show a path to data aggregation for risk analysis through registering the complete set of parent LEIs for themselves and their clients. Further, it will accelerate registering more LEIs, now totaling 1.7 million. The FSB in their LEI Peer Review in 2019 had stated that the LEI has only been partially adopted in the G-20 member countries. The FSB estimates that global adoption will require registering 20 million LEIs. Short of global adoption, I have long advocated for completing the mission of registering LEIs and their hierarchies starting with the Global Systemically Important Financial Institutions (G-SIFIs). These institutions have had a unique status among regulators since the financial crisis. These are the ones that can spread the contagion of systemic risk. There are thirty-three (33) G-SIFI banks. These banks are also the early test cases for implementing the global Principles for Effective Risk Data Aggregation and Risk Reporting framework laid out by the Basel Committee on Banking Supervision in 2013, commonly referred to as BCBS 239. Intelligent Risk - February 2021
015
BCBS239 has generated new and significant demands for data standards and technology, However, it is still a work-in-progress according to the latest updated progress report of the implementation of the BCBS 239 principles reported on as of April 2020. None of the banks are fully compliant with the BCBS 239 principles for attaining the necessary data architecture and IT infrastructure. Data aggregation remains a key to effective risk analysis and the LEI and its hierarchical parent relationship structures is an essential pillar of such aggregation. What is needed is for a concerted effort by the risk management community, led perhaps by PRMIA, to enlist the FSB’s ROC, which oversees global data standards, and the BCBS, which oversees capital standards, to mandate adherence to the FSB’s data standards for these G-SIFIs. Incentives can be provided through operational risk capital reductions rather than fines and disciplinary action, as was the recent situation with three US based G-SIFIs - JPMorgan, Morgan Stanley and Citibank. Collectively they were fined $US 1.4 billion for inadequate and faulty risk management and data management systems.
author Allan Grody President of Financial InterGroup Advisors, a financial industry consultancy. In his early career he worked in various technical and management capacities in multiple segments of the financial industry. In a later career he was a partner and the founder of Coopers & Lybrand’s (now PwC’s) Financial Services Consulting Practice. At NYU’s Stern Graduate School of Business he founded and taught their risk management systems course. He is an Editorial Board Member of the Journal of Risk Management in Financial Institutions; has been an expert witness on trading patent infringement and shareholder class action litigation; was an expert panel member to the Financial Stability Board on their Global Legal Entity Identifier (LEI), Unique Product Identifier (UPI) and Unique Transaction Identifier (UTI); an expert panel member to the International Organization of Securities Commissions/Committee on Payments and Markets Infrastructure (IOSCO/CPMI) in their Data Harmonization and Over-the-Counter Derivatives trade repository aggregation initiatives; a Blue Ribbon Panel Member of the Professional Risk Managers’ International Association (PRMIA); Advisory Chairman of the Financial Industry Ontology for Risk and Data (FIORD) Consortium; and is a contributing opinion editor for The Hill. He has authored numerous academic papers and trade articles focused on risk adjusting the financial system and reengineering financial institutions.
016
Intelligent Risk - February 2021
operational resilience and restructuring: a bridge too close?
by Thibaud de Barmon Operational resilience is often described by regulators and practitioners as the ability to deliver financial services in both good and bad times. For regulators, bad times are temporary disruptions such as natural events, civil unrests, terrorist attacks, cyber attacks or system outages. In these bad times, delivery is achieved through business continuity management, incident management, information security management, or third-party management. This prevailing consensus excludes disruptions leading to sudden but lasting changes of operational environments such as those incurred by political shifts or international crisis. It also excludes businesscentric capabilities such as change management or restructuring. In light of the most recent developments, and not least of the ongoing pandemic, are such exclusions still for purpose? If not, how should firms adapt both the types of threats and the types of capabilities underpinning their operational resilience?
the new resilience threats The commonly accepted threats to operational resilience (natural events, civil unrests, terrorist attacks, cyber attacks or system outages) lead to disruptions that are abrupt and most likely temporary. Resilience disruptions do not durably change firms’ operational environments; instead, they are followed by a return to business-as-usual. This is supported by the prevailing assumption that structural changes in operational environments are always gradual. In the past few decades, this assumption has held true. Lasting changes in operational environments are typically driven by changes in competition, technology, legislation, and/or geopolitical conditions and in the recent past, these four elements have either remained stable or evolved slowly. Even the 2008 financial crisis didn’t fundamentally change the competitive landscape. As for the regulatory and legislative ones, even the most radical reforms such as Dodd-Frank, UK Ring Fencing, and the clearing of derivatives have been developed and implemented over a period of 5-10 years. Is such relative stability here to stay? Three recent developments indicate that it is not. First, the pandemic has shown that even natural events can lead to sudden and lasting structural changes in firms’ operational environments.
Intelligent Risk - February 2021
017
Secondly, the economic stress induced by the pandemic, combined with changing behaviors and rapid adoptions of new technologies, are bound to lead to abrupt changes in business models and impact competitive landscapes. Lastly, new ranges of geopolitical risks could also lead to abrupt legislative changes that may have profound negative impacts on a firm’s operational structures. In some aspects, Brexit and the Euro crisis gave us a foretaste of this emerging threat. Had the UK left the EU without a deal when the transition period first expired in March 2019, most cross-border arrangements between the UK and the EU financial entities would have been permanently discontinued. This would have led to abrupt legal, physical, and logical separations of operating structures that would have required a very different level of resilience. Similarly, had some countries been excluded from the Eurozone in 2013, the operational challenges of the inevitable currency re-denominations which would have followed would have been beyond the capacity of most European financial firms. In both cases cliff edges were avoided, but at a time of less predictable politics and escalating international tensions, one cannot assume such cliff edges will always be avoided. The emergence of abrupt, but lasting, structural changes will probably be a significant departure from the operational condition firms have enjoyed, which have developed their current resilience strategies. These strategies will need to be renewed, and the range of capabilities that support them will need to be extended.
restructuring as a resilience capability Firms’ responses to lasting structural changes are usually delivered through restructuring, be they reorganizations, wind-downs, divestments, acquisitions, or mergers, of some or whole, of their services. As explained in “the Principles for Operational Resilience,” published by the Basel Committee for Banking Supervision in August 2020, operational resilience is achieved through the effective delivery of four other capabilities: business continuity management, incident management, information security management, and third-party management. Restructuring capabilities are rarely part of this resilience equation. Most firms view them as supporting the management of strategic risks rather than operational risks. This separation means that these two sets of capabilities have developed independently from each other with limited day-to-day interactions. Yet there is growing evidence of a negative relationship between restructuring capabilities and operational resilience outcomes. Restructuring inevitably requires realignments of skills, experience, systems, and process. This realignment often weakens both existing and future controls even when the restructuring itself has been executed successfully.
018
Intelligent Risk - February 2021
In the UK, the RBS outage took place two years after the start of the bank’s downsizing and the TSB outage took place three years after the start of its integration into the Sabadell Group. TP ICAP encountered the largest money-broking outage recorded to date, just 18 months after the merger between Tullett Prebon and ICAP. Operational resilience and restructuring also deliver several key outcomes: both require perfectly documented and transparent mapping of operational processes that would stand the scrutiny of potential acquirers; both require well drafted third-party contracts and effective monitoring framework and processes of these third-party relationships; and both require clear and transparent tested contingency options. As such, firms that fail to deliver these key resilience outcomes are unlikely to deliver successful restructuring. For larger firms, which tend to restructure regularly, restructuring and resilience capabilities inevitably go hand in hand. Restructuring therefore needs to be a key capability within their operational resilience strategy.
resilience restructuring in practice What could this interaction of resilience and restructuring mean to firms in practice? Here the extension of the impact or risk tolerance frameworks, present in most resilience policies, is particularly pertinent. For each of their services or group of services, firms would set several risk or impact tolerances which when breached would trigger different types of restructuring: the lowest tolerance level would, when breached, allocate additional resources and investments to the relevant services so that the risk or impact levels are reduced. Then for every pre-defined restructuring that the firm may have included as a viable recovery option for this service or group of services, then another tolerance level will be set. The least desirable the option, the higher the tolerance level. For instance, the second-lowest tolerance could just be a freeze of the onboarding of new clients and the highest a wind-down or the divestment of the related services. Let us take a large, internationally focused clearing bank as an example. As CHAPS clearer, this bank may set their first impact tolerance at one extension request per year and allocate additional resources when it concludes that it operates beyond that level. If it concludes it operates beyond two extension requests per year other options could be considered, for instance, client onboarding could be put on hold. At three requests and above, the firm may go further and conclude that it has not the right capabilities to operate this service and decide to scale or wind it down altogether.
conclusion There is growing evidence that financial services’ operational environments are becoming less predictable. Be they pandemics, erratic politics or geopolitical crises, structural changes in operational environments are bound to increasingly crystallize in abrupt manners. Intelligent Risk - February 2021
019
This means that operational resilience will not only require firms to prevent and recover from temporary disruptions, but also to adapt to unexpected “new normals.” Financial services firms are not well-equipped for this development. Their operational structures are rigid, and restructuring capabilities are often weak. Firms should be mindful of this emerging vulnerability and put their restructuring capabilities at the center of their resilience strategies. Thus, they will ensure that simple operational rigidity doesn’t become one of the first hurdles they fall at and that it doesn’t become “their bridge too close.”
author Thibaud de Barmon Thibaud de Barmon has been working in financial services’ operations for the past 25 years, first as a practitioner, running large investment banking programmes and back-offices and as a UK regulator. From 2008 to 2020 at the FSA and the Bank of England he ran the department of risk specialists dedicated to change, IT and operational risks. He was particularly involved in the supervision and policy developments of operational risk and resilience, banking restructuring, structural reform, Brexit and Fintech. He now runs Milton House, an advisory consultancy dedicated to operational effectiveness and operational resilience in financial services.
Thibaud de Barmon was a co-author for the recent publication of PRMIA Institute’s paper Operational Resilience - A New Age of Reason.
020
Intelligent Risk - February 2021
risk leadership: a critical adhesive to risk culture
by Katlego Majola Various risk culture models have surfaced over time; these include those from the Institute of Risk Management (IRM) and the Financial Stability Board (FSB), as well as consulting firms. Some models are quite similar and others somewhat different from one another. Power, M, Ashby, S and Palermo, T (2013) compare similarities and variances between the models, which indicates that there is currently no conclusive model for risk culture. Primarily because each model offers a new perspective, hence improvements and adjustments will continue to be made as researchers study the concept further. The concept of risk culture seems simple enough, yet many still struggle to establish measurement and monitoring mechanisms. Risk culture is a breathing and living element within the organizational context, where changes are easily recognizable if baseline information is in place. Organizations have over time collected enormous amounts of data that can be used for this purpose but may not even recognize it as such. A systematic and well-designed approach provides insights, which can be used to construct an overview of attitudes and behaviors that drive risk culture.
This somewhat elusive risk management element is attributed to human attitudes and behaviors, which are not always easy to measure and monitor. It, therefore, becomes critical for those in leadership to have an in-depth understanding of risk culture and their fingers on the pulse at all times. We have in recent days observed how abrupt change can throw even the most stable of organizations into an array of reactive risk management, where changes adversely/positively affect various areas.
Intelligent Risk - February 2021
021
Changes can be as a result of internal or external influences, which if not adequately prepared for may have dire results on performance and sustainability. The current landscape where companies have appointed new leaders, underwent restructuring, and introduced new systems have presented a plethora of risks and opportunities. Equally, this has contributed to risk culture changes, and such should be assessed, managed, and reported on. Who then takes the lead? Risk leadership is the anchor of risk culture where those expected to set the tone from the top by giving overall strategic direction and vision embrace the concept of risk management. These include the board of directors, executive management, senior management, and the Chief Risk Officer. These critical players as outlined individually and collectively play a pivotal role in challenging issues and making choices using a risk lens. Effective risk leadership enhances the ability to manage uncertainty by placing a demand on mature risk culture. Leaders have a broader responsibility to make more informed and inevitably wiser decisions through critical testing of assumptions and their associated impacts. They should carefully and prudently be aware of their limitations and guard against overconfidence. Leaders should seek out a diversity of opinions and perspectives before making decisions. Figure 2.
022
Intelligent Risk - February 2021
Navigating the changing risk landscape effectively and increasing value proposition requires boards and executives to ask the right questions and reflect risks in all decision-making. This, considering how damaging consequences will always rest solely with leadership. Thus, risks should not be limited to major programs or projects but all decisions within the organization. The roles of the board, executive, and senior management cannot be trivialized, as these critical actors are deemed risk influencers who can encourage and embed risk discussions. Making it easier to identify emerging risks and opportunities proactively but most important changes that may affect culture. The necessity to build risk leadership competencies is proving to be critical, especially at a time where many corporate governance and risk assurance failures are observed. These competencies should translate to leaders who will challenge assumptions, reports and promote robust discussions. Training interventions and risk competencies required at the leadership level differ a great deal from those of operational staff. Tailor-made interventions are therefore pivotal for an effective “tone at the top.” Investment in credible risk leaders will ultimately determine the success of risk management efforts.
references 1.
Domańska-Szaruga, B. (2020, 03 / 01 /). Maturity of risk management culture [Article]. Entrepreneurship and Sustainability Issues, 7(3), 2060-2078. https://doi.org/10.9770/jesi.2020.7.3(41)
2.
Ruchi, A., & Sanjay, K. (2018, 08/20/). Cognitive risk culture and advanced roles of actors in risk governance: a case study [JOURNAL]. The Journal of Risk Finance, 19(4), 327-342. https://doi.org/10.1108/JRF-11-2017-0189
3.
Yihui, P., Siegel, S., & Tracy Yue, W. (2017). Corporate Risk Culture [Article]. Journal of Financial & Quantitative Analysis, 52(6), 2327-2367. https://doi.org/10.1017/S0022109017000771
authors Katlego Majola Chief Risk Officer for a government regulatory institution in South Africa Katlego Majola is a Chief Risk Officer for a government regulatory institution in South Africa. She has experience in governance-related fields, specialising in enterprise wide risk management. She holds a Certified Risk Management Professional CRM Prof (SA) designation and facilitates training programs for risk professionals on various aspects of risk management. Katlego is a technical specialist in risk culture and develops innovative as well as effective risk management solutions to strengthen the ability to measure and manage different risk portfolios and areas. She has been recognised in several platforms and organizations for her fresh approach in risk culture building as well as strategy and risk integration.
Intelligent Risk - February 2021
023
the risks of rising rates
by Kishore K. Yalamanchili introduction The COVID-19 pandemic led to a major market dislocation in March 2020. While the S&P 500 dropped 33.9% from its peak in February to the trough in March, the 10-year yield fell to an intra-day low of 0.32%. Since then, rates have started to move higher with 10-year yield rising to 0.92%, and 2s-10s steepening to 80 bp (as of 12/31/20). This article examines the ramifications of rates normalizing in 2021 on some important sectors as the economy likely recovers with the availability of several vaccines for COVID-19 and possible additional fiscal stimulus.
rates to normalize First, a quick glance back at what we witnessed in 2020, an eventful year in many ways. At the start of 2020, the 10-year yield was at 1.92%, while the 2s-10s curve spread was at 35 bp. The March rates rally, or sudden dislocation, was seen across the world, with global bond yields also dropping in tandem with Treasuries. Rates will be normalizing in 2021 if any of the vaccines under trials are successfully deployed and succeed in stopping the COVID-19 pandemic, reviving the economic activity. Further fiscal stimulus is also possible under a new administration. Supply of Treasuries net of Fed purchases is expected to increase in 2021, which will put upward pressure on yields as well. It is likely that any rise in rates will be limited due to muted inflation as economic activity returns slowly to prepandemic levels. 024
Intelligent Risk - February 2020
Moreover, the Federal Reserve will be continuing its dovish monetary policy for a long period of time. And, for buyers seeking yield in developed markets, the US market is still attractive in a world of low and negative rates. To be clear, we are not talking about the economy breaking rate rises that were seen in 1980s, or even during Greenspan’s early tenure at the Fed, in this article. One can envisage three possible scenarios for rates: • Rates fully normalize to pre-pandemic levels as the economy recovers substantially due to successful vaccines and/or more fiscal stimulus. This is an optimistic scenario. • Rates recover partially as economic recovery is capped by a smaller fiscal stimulus, lingering effects of the pandemic, any logistic issues in distributing vaccines, and a dovish Fed. This may be the most likely scenario. • The pandemic continues with vaccines proving to be less effective than initially thought, and/or no further fiscal stimulus, which may be the least likely scenario. In such a scenario, rates may start falling again.
which areas will be impacted? Higher rates will impact the Fixed Income sector the most. Bond funds’ returns will be lower with any rate normalization. The long duration of recently issued bonds may exacerbate the situation. Mortgage bonds face extension risk as rates rise, leading to a price drop. However, barring a sudden shock, MBS may still perform well with support from Fed purchases in a range-bound rates scenario. Corporate credit spreads may see some tightening as rates rise, but any positive impact will be negated by the move in rates. Refinancing corporate borrowers may be seeing higher rates, but to the extent they already refinanced debt, there may be less need to borrow at higher rates. Weaker high yield borrowers who need to issue will be facing higher cost of funding. Municipal issuers may see an increase in income as the economy normalizes, and they may get assistance from a fiscal stimulus package, but their borrowing costs are likely to increase as well. Stocks staged a rally after the drop in March, with S&P 500 rising 16.26% in 2020, reaching all-time highs. The rally was led by technology stocks, and a rotation to cyclical stocks has started. With high P/E ratios, stocks are poised for a pull back from all-time highs when rates rise. The technology sector looks vulnerable for a correction, while other sectors like airlines, industrials, and retail sectors may rally as the economy normalizes. Unlike what happened in the previous crisis, the housing market has been the prime beneficiary of low rates. Demand for homes increased with buyers taking advantage of low rates and relocating to suburban areas from cities. Borrowers also got quick relief with forbearance plans and other assistance from lenders. Intelligent Risk - February 2021
025
The sector may be impacted negatively in 2021 if rates rise, but secular demand from household formation and a move towards single family suburban homes may persist. Commercial Real Estate is one of the areas that was significantly impacted by the COVID-19 pandemic. The sector is undergoing significant stress as employees started working remotely, hotel occupancy fell as travel declined, multi-family properties also saw a decline in rents, while retail sector is restructuring, resulting in significant stress in the sector. Borrowers refinancing maturing debt are likely to see higher rates, but the bigger challenge for the sector is how to restructure in a post-pandemic world.
who are the beneficiaries of a rate normalization? Banks, insurance, and other financial companies will be the main beneficiaries of any higher rates. Pension funds and retirees living on fixed income will also benefit from higher yields on new investments.
implications for risk management While VaR models were likely recalibrated after the March dislocation in markets, risk managers should consider the potential impact on different sectors from rising rates. They should be attuned to the dynamics of rate and curve movements. If rates normalize gradually, it will be less stressful for markets than if they normalize quickly. Mortgage portfolio hedging strategies will be particularly challenged if there is a sudden rise in rates.
implications for risk management While crises do not come announced, the anticipated normalization of rates is probably an event risk managers can prepare for in advance. The path of normalization may be less predictable, however; therein lies the challenge for practitioners.
author Kishore K. Yalamanchili Kishore Yalamanchili is currently a Managing Director at NewOak Capital, developing an alternative asset management business, and providing advisory services. Before NewOak, he held senior portfolio management positions at BlackRock, Karya Capital and Prudential. Kishore has a Ph.D. in Engineering from Clemson University, and an MBA from the University of Chicago, and he holds the Chartered Financial Analyst designation.
026
Intelligent Risk - February 2021
risk perspectives on sustainable finance for infrastructure development
by Prasanta Kumar Praharaj background Infrastructure development is the key determinant of economic growth. Developing countries need to invest $1.0 trillion annually and around 5% of GDP on infrastructure. Notwithstanding the importance, there is sluggishness in the sector as infrastructure projects are characterized by high level of capital investment coupled with a myriad of risks; construction risk, sponsor risk, concessionaire risk, policy risk, financial risk, business risk, operation and maintenance risk, technology risk, socioenvironmental risk, and climate risk are notable. As a result, funding infrastructure takes place on no-recourse or limited recourse basis and the physical and financial structuring happens in such a manner that risks are shared among all the stake holders. Infrastructure is predominantly a public good and meant to serve the public for a very long period of time satisfactorily from both economic and serviceability point of view. The sufficiency of project cash flow in the face of all the impending risks and uncertainties to meet the need for return on investment, debt serviceability and surplus fund for operation and maintenance during the project life is of paramount consideration at the time of capital budgeting. While robust mathematical and stochastic models incorporating many such quantitative and qualitative risk factors for predicting risks and consequently for deciding on investment are available, predicting the effect of climate change related risks and designing the risk mitigation measures have not evolved in the field of finance as compared to its technology counterpart. The Paris accord on climate change necessitates financial flows to development projects so that global warming is limited within 2° C. This is in conformity with UN adopted 2030 Agenda for 17 Sustainable Development Goals too. In addition to using credit risk models, all stake holders, especially lenders and investors, need to develop and use models for evaluating climate risk and its impact on infrastructure. Financial institutions should strive to a transition towards a low carbon, low GHG emission and high social inclusion based “Green Financing” for sustainability and climate resilient economy. It is pertinent to emphasize that climate change shocks may precipitate asset loss, non-usability, and finally futility of investment decisions and equilibrium of financial stability of a country.
Intelligent Risk - February 2021
027
climate risk and impact assessment The major difficulty in aligning climate risks predicted by scientific analysis and financial players in the economy such as Creditors, Investors, Insurers, Traders and Companies is the lag time in assessment horizon where the time range for forecast is 50 years and above for the former and a graded term varying between short term to 10-25 years for the latter. However, there are broadly three types of risks that affect the financial players due to climate risks. They are: i. Physical Risk: It constitutes direct losses caused to economic players by climate risk events. It amounts to measuring uncertain impact of exposure, vulnerabilities, and adaptive capacity of assets subject to climate risks based on their physical location and climate scenarios. It further entails gathering and analyzing information on potential hazard, its magnitude, severity, likelihood, analysis of qualitative data on impact of such hazard on financial assets, assessment of physical impact score and likelihood of occurrence, and above all the assessment of the ability to recover from these hazards. ii. Transition Risk: It constitutes measuring the unknown impact of transition towards low carbonbased development on financial assets. The objective is to minimize any loss in value of asset and converting it to economic opportunities. iii. Liability Risk: It constitutes liability or economic compensation a company may have to pay if found responsible for the climate change related hazards. In some cases, sovereign governments may be liable to compensate for the loss.
assessment models on climate change Development of probable future climate change scenarios are based on mathematical models using multitudes of variables. The model which is of importance to financial players evaluates economic impact of climate change making use of inputs such as energy mix, climate, and available natural resources, global economic data, financial structure, etc. In the energy sector, TIMES (The Integrated MARKAL-EFOM System) is an economic model generator for local, national, trans regional, global energy system which represents energy dynamics over a multi period time horizon. In addition to addressing energy related issues, it represents environmental emissions too. The Inter-Governmental Panel on Climate Change (IPCC) identifies around thirty climate models that generate over a thousand different scenarios which in turn develop five narratives on social impacts of climate change. The shortcomings of such models are that they are biased towards optimistic public policy, carbon pricing efficiency, etc. which may block taking adequate mitigation measures.
028
Intelligent Risk - February 2021
evaluation of climate risks Financial services sectors analyze, evaluate, and manage climate risk with the help of risk indicators. Modes of evaluation are: i. Risk Exposure Scores; ii. Green/Brown Share of revenue distribution; iii. Financial impact indicators- EL method for Credit and VaR for investment.
conclusion At a national and global level there are strategic action plans on sustainable finance. There are regulatory prescriptions on disclosures on sustainability for the financial sector too. The notable examples are the effects of severe flooding in the transportation and water resources sector, inadequate wind speed and solar radiation in the renewable energy sector arising out of climate change where the possible risk factors owing to which reduction of asset value and its poor serviceability can happen. While making project finance decisions, adequate steps must be taken to minimize climate change related risks and hazard at all steps of project life cycle to protect the value of the asset and its quality of serviceability. This can be achieved by adopting both superior technical due diligence and design and financial structuring involving long term insurers.
author Prasanta Kumar Praharaj CRO in a Govt of India owned NBFC Prasanta Kumar Praharaj has more than 33 years of managerial and leadership experience spanning across Banks, NBFC, IT consulting, Education, Infrastructure, and Oil Sectors. His current role is CRO in a Govt of India owned NBFC in Infrastructure finance segment. He heads the risk department handling all areas of risks such as credit, operational, market, liquidity, ERM, IT and Cyber security, and ALM and contributes to 15 board and executive level committees for his organization. His areas of interest are risk analytics, data analytics, BI, AI, ML, IT program management, and ERP.
Intelligent Risk - February 2021
029
how do you prepare for a risk that you don’t know?
by Alexander Marinov financial risks – largely known Financial risks have always been at the top of senior executives’ minds in terms of trying to limit their exposure. Anything from a supplier not being able to deliver in time, great trading losses or how to operate in a disrupted market. Some companies have plans in place in order to tackle these eventualities. However, how can one prepare against unforeseen risks -- risks that no one expected, predicted, or could even prepare for? If 2020 has shown us anything, it is that events that have far-reaching, devastating and global impact are becoming more and more common, and their financial effects can be devastating. Not only that, but climate risk changes are also creating a very dynamic and ever-changing environment, where risk managers struggle to define the best possible answer. Typically, catastrophic events used to fall under the purview of insurance companies; however, some of the risks that we have seen emerging in recent years have been excluded from traditional policy models as they are too risky and difficult to manage.
what would classify as a catastrophic event? Catastrophic events have been happening throughout human history. They can be man-made or natural in nature. They range from: • Famine
• IT system failures
• Manufacturing failures
• Drought
• Terrorism
• Power failures
• Supplier issues
• Severe reduction to business operations
• Diseases
• War
• Sudden loss of key clients
Some companies can experience one or many of these that, when brought together, can bring down even the largest of enterprises. If any company believes that their operations won’t be impacted in a global environment, where countries trade with one another on the world’s stage, they should probably check their supply chain. Believing that things would be fine in a crisis is even more dangerous than believing that nothing would happen. Ignoring these risks can be extremely costly, as recent history has shown us. 030
Intelligent Risk - February 2021
what are the costs if you neglect these risks? Costs can run in the billions. It is estimated that the latest SARS COV 2 pandemic could reach figures as high as trillions of dollars. Just in the UK, it is estimated that the amount the government has dedicated to fight the pandemic runs in the 394bn GBP - a staggering sum. That is just the amount the government had to allocate to combat the pandemic. The costs for small businesses in the UK are to the tune of 69bn GBP. Now, if these are the figures in just one country, can you imagine if we try to calculate the total amount on a global scale? The cost would be tremendous. Even if we take insurance losses, they would run in the hundreds of billions and are going to exceed the largest losses in history to date. What the current crisis has shown is how little businesses were prepared for it, especially in supporting vast numbers of their workforce being required to work from home, thereby creating a myriad of issues such as cyber security, enough bandwidth to support everyone’s remote access, as well as adjusting to a new working style, where all the meetings are done via video conference. Ignoring unexpected risks in today’s globalized markets is going to cost not just business but also governments dearly, and this has become a key theme during the pandemic. Not only that, but considering that such risks could have detrimental results not just on one company but on the whole economy, what can be done about it?
how can we prepare for these risks? The best course of action is to have senior executives and stakeholders involved in the creation of a company-wide crisis plan. Unlike normal business conditions, this plan should be implemented only when things don’t operate in a normal environment. This is a plan that would discuss unlikely and catastrophic scenarios which would have a severe and detrimental impact on the normal business operations of the company. This plan should be robust, realistic, and executable within a given time frame. It would also require enterprises to have a forward-thinking and proactive strategy in dealing with such risks. Establishing such a team would take time, effort, dedication, and resources; however, not doing so could be even more costly, as the current pandemic has shown. For example, a supplier company might assess how its operations could be compromised in given countries should there be riots, storms, political uncertainty, or other situations, and devise a strategy of how to tackle each challenge in a structured and meaningful manner. It might require the company to invest more in having robust IT services and systems to allow for a more dynamic response. It could also potentially require a plan on how to prioritize orders for various clients if the company’s capacity is severely impacted and implement robust working schedules that optimize performance and limit potential losses from not enough work being done to ensure the viability of the business.
Intelligent Risk - February 2021
031
Also, companies should consider having special hedging strategies for their business in given scenarios. For example, a large airline manufacturer has created a specialist company that allows airline travel companies to hedge against the risk of not having enough passengers under certain conditions. This is exactly the issue airlines across the globe are facing when it comes to tackling a severe reduction in passengers on a global scale.
conclusion Having a robust operational plan in times of crisis is vital for any business, as the current situation in 2020 has shown us. Ignoring these risks, even though they were considered obscure and unlikely, has taught us that it can be dangerous, reckless, and even ignorant to the point that even the most robust of businesses can crumble in mere months. Having a viable crisis management plan is a good strategy and, though not perfect, is better than leaving things to chance.
author Alexander Marinov Alexander Marinov has been working in the financial services industry since 2013. He has worked at Deloitte, Barclays Investment Bank, and BNY Mellon. Mr. Marinov has a MSc in Economics and Inter-national Financial Economics from the University of Warwick and Bachelor’s in Economic and Social Studies from the University of Manchester. He has been a PRM holder since 2015.
032
Intelligent Risk - February 2021
How do I lead in these turbulent times?
How can remote work help me and my business? How do I communicate business plans amid uncertainty? How should I handle difficult remote conversations with my customers and employees?
Uncertain Times Call for Trusted Facts. PRMIA Sustaining Members have complimentary access to The Wall Street Journal. Become a member today at www.prmia.org
© 2020 Dow Jones & Co., Inc. All rights reserved.
model risk in financial crime
by Steve Lindo, Vesna McCreery & Raj Shah
“
a sophisticated industry
“Money laundering is a very sophisticated crime and we must be equally sophisticated” Janet Reno, U.S. Attorney General, 1993-2001
Financial crime is an industry. Like many other industries, the forces that shape its evolution include supply and demand, technology, competition, regulatory hurdles, return on investment, and risk management. Financial crime has grown exponentially in both volume and sophistication in the past 20 years. As a result, banks, the primary conduit for global transactions and, therefore, a necessary ingredient for laundering criminal proceeds, have been forced to increase the scale and sophistication of their financial crime detection and prevention methods. The UK’s National Criminal Agency (NCA) states in its 2020 Serious and Organized Crime Assessment that “advancing technology gives offenders new tools to communicate and to commit and hide their crimes. Today’s criminals can sell firearms, livestream the abuse of children, or commit cybercrime or fraud from anywhere in the world, communicating covertly through encrypted services and moving illicit finances at speed”. The only way to fight back is with increasingly sophisticated technology, and as such ‘models’ are prevalent. The levels of complexity and automation in today’s financial crime prevention methods and models justify the kind of Model Risk Management practices that have become standard in other banking activities.
model risk as a whole Banks use models for a broad range of activities that include underwriting credit, valuing exposures, instruments and positions, measuring risk, managing and safeguarding client assets, determining capital and reserve adequacy.
034
Intelligent Risk - February 2021
In order to manage the costs of dealing with the increasing volumes of data and reaching previously untouched or non-existent types of customer activity, banks have been increasing their use of data-driven, quantitative decision-making tools. With such developments, the question inevitably comes up: do financial crime compliance IT systems and solutions fall under the definition of models? If so, why are they not tested and validated like all other models? While some may still debate the answer, for practical purposes financial crime systems such as transaction monitoring, sanctions screening and others are models, and therefore need to be tested and validated.
model risk in financial crime Industry-wide Model Risk Management (MRM) standards and practices adopted since 2008 (OCC 11-12 MRM supervisory guidance) apply to most risks but have only been applied to Financial Crime (FC) in the last few years and not across all institutions. Definitions of what constitutes a model in financial crime vary, and the systems being used are not necessarily quantitative methods, so treating them as models can seem problematic. A more pertinent question to ask, regardless of whether you see FC systems as models or not, is: if the principles/ practices used in Model Risk Management (MRM) are sound, why not apply them to FC if it helps Money Laundering Reporting Officers (MLROs) discharge their duties and make their models effective at detection? The following list outlines the model characteristics that have to be tested under OCC 11-12 and mirror the characteristics of principal FC tools. • Data integrity from both internal and external sources • Mathematical correctness of model formulae • Rationale for calibration of model variables • Model governance • Model documentation • Model fitness for purpose Models are complicated, and the principles of model governance, implementation and use are there to make sense of them, make them explainable, and confirm that they work.
the banks’ fc model scorecard so far The processes used by private institutions to prevent crime have changed dramatically over the years. From the basic collection of client information to complex gathering and triangulation of external and internal static and transactional data, banks are getting better at using tools and processes to detect and prevent financial crime. Intelligent Risk - February 2021
035
Two forces drive their heightened focus on, and investment in, these tools and processes. The first is a concern for reputational damage caused by public perceptions that an institution might be enabling such noxious crimes as dealing narcotics, child slavery, organ and endangered species trafficking, or transmission of the proceeds of corruption and terrorism. The second is the extremely high cost of legal and regulatory penalties for lax or non-enforcement of anti-money laundering laws and regulations. Governments are now focusing on regulating financial institutions as the way to reduce the cost of crime prevention to the public purse and prevent money flows that support crime. This is at once cost-efficient for the public purse and beneficial to the reputation of institutions that can link their business to moral causes, plus a real and effective means of disrupting crime. As a result of pressure from regulators and the public and rising costs, more advanced methods and technology have gradually been employed to achieve better results, moving away from “tick-the-box” exercises to an outcomes-based approach. However, the tick-the-box mindset continues to survive as a way of defending a bank’s compliance with the (sometimes) onerous expectations of regulators, prosecutors and boards. Events such as the FinCen Files and the considerable interest they’re causing amongst politicians are only likely to exacerbate box-ticking, with further detailed regulation and de-emphasizing of a risk-based approach. More sophisticated, high-tech approaches include transaction monitoring scenarios as well as pattern recognition. These approaches are used to detect post-event money laundering or fraud in real-time and utilize sanctions-screening tools to detect any affiliation with any individual, entity, or country deemed to be prohibited or undesirable, as well as detecting adverse media which could indicate links to other financial crimes. There is also an increasing use of models in risk assessment to understand the portfolio of risk at an institutional or customer level. Furthermore, due to the high incidence of ineffective alerts generated by automated crime-detection tools, additional ‘sub-models’ are being created to manage this output. For example, sub-models are capable of automatically discounting alerts that are not risk-relevant. Models are used in automated decision-making, entity resolution, and customer risk assessment, with new use cases being created as we speak.
what are the shortcomings? However, for many banks, the processes which surround financial crime models remain cumbersome, with a lack of transparency and understanding of the complexity involved. These often involve grafts of new, and perhaps not fully compatible systems onto legacy systems whose original purpose had nothing to do with financial crime prevention, with patches, workarounds and manual processes fitted in to adapt as well as possible. Banco Santander’s statement in response to its 2019 fine from the Norwegian FSA for not controlling some 1.6 million transactions for money laundering, affecting around 300,000 customers between October 2014 and December 2018, perfectly illustrates this point: “The IT error was connected to the integration of old and new IT systems. Santander Consumer Bank has made several improvements to our IT systems and routines.”
036
Intelligent Risk - February 2021
The UK’s Senior Manager Regime Function 17, among other global requirements, usually pinpoints a person in the second line of defense as responsible for financial crime risk across the whole institution. Unfortunately, models are often run and maintained by Operations in the first line of defense. This can lead to questions from regulators which are challenging to answer, since there are silos in building and maintaining these highly technical IT solutions. Money Laundering Risk Officers and Financial Crime Heads prescribing the requirements and carrying this responsibility often lack budgets and full control over what is implemented and how. Additionally, they also lack full insight into the system testing and future outcomes and also lack influence and insight over the completion of any audit points raised against shortcomings. At the same time, Operations do not always have sufficient support, time and information to fully understand the FC expectations and ensure that their requirements are completely satisfied.
our recommended model practices for robust financial crime prevention, detection, and reporting However, for many banks, the processes which surround financial crime models remain cumbersome, with a lack of transparency and understanding of the complexity involved. These often involve grafts of new, and perhaps not fully compatible systems onto legacy systems whose original purpose had nothing to do with financial crime prevention, with patches, workarounds and manual processes fitted in to adapt as well as possible. Banco Santander’s statement in response to its 2019 fine from the Norwegian FSA for not controlling some 1.6 million transactions for money laundering, affecting around 300,000 customers between October 2014 and December 2018, perfectly illustrates this point: “The IT error was connected to the integration of old and new IT systems. Santander Consumer Bank has made several improvements to our IT systems and routines.” 1. Define the model and govern it appropriately – Are appropriate people involved? What risks and business areas are being managed? Are any risks or business areas excluded appropriately? ››
Example: Naming an owner to take accountability for the overall model, naming owners to take responsibility for specific areas of the model, e.g. the data feeds, development of the model, etc. Have a set of defined requirements of what risk you’re managing and how this ‘model’ mitigates that risk.
2. Understand your data and its lineage – Does the data meet the risk being managed? Does it include the correct data at the right frequency? Does it align with the regulation/policy? Do you have all the original sources, or do you have a book of customers left out? Is that correct, or do you need to include them? Do the customers you include have the right quality needed to use them for the model? These are perennial issues of audit and may not be specific to Model Risk validation. Often the problem is that banks do not have a single tidy list of all their systems and that very few of those systems were built to manage financial crime in the first place. So, it is easy to omit the less obvious and less used pathways at times. Intelligent Risk - February 2021
037
››
Example: Fax machines may still be used to receive some customer instructions for transactions; however, this channel is rarely included in sanctions screening, so how can this be remedied?
3. Understand your other inputs – Does the input meet the risk being managed? Does it include the correct data with the right frequency of updates? Does it align to the regulation/policy? ››
Example: Screening lists. Do they have the right quality and completeness? Do they have controls to verify daily/weekly/monthly, and is that within risk appetite? Are the lists updated in time? Does that meet company policy?
4. Calibrate and align the model to a policy – Have you selected the correct settings to align with regulation/policy? Has adequate rationale been provided for the selected settings? Did the calibration process follow internal policy? ››
Example: Screening lists. Do they have the right quality and completeness? Do they have controls to verify daily/weekly/monthly, and is that within risk appetite? Are the lists updated in time? Does that meet company policy?
5. Deal with the output appropriately – Does the model output mitigate the risk? Can we verify model effectiveness and efficiency (model monitoring) to improve it? ››
Example: If you have 30 alerts, are they being dispositioned using signed-off procedures that align to policy? What process do you follow to escalate potential true matches? Are you missing alerts you should be receiving, or are you getting too many erroneous alerts, which means you should tune your system?
6. Implement the right controls across the process and ensure validation – can you prove it all works? Do the model inputs/outputs meet expectations? ››
Example: having a quality control and/or assurance process in place in all areas above. Include an implementation and testing program that aligns to the financial institutions’ process e.g. testing to ensure that all of the above is correct and does what the requirements say it should.
dealing with the new normal Models of all kinds have been disrupted by the pandemic, financial crime included. Models with robust risk management have been better able to adapt and improve under these unprecedented conditions. The complexity of today’s financial crime prevention methods and models suggest the value of applying the same level of Model Risk Management best practice that applies to a bank or financial institutions’ other activities.
038
Intelligent Risk - February 2021
Model validation is a valuable step in this process, despite the inherent difficulties involved. It can uncover underlying flaws in a system that can ultimately reduce the effectiveness of crime prevention. However, it is important to tailor the level of model validation commensurate to the risk involved and aim for effective results rather than a tick-box approach. It should be approached with a non-quantitative perspective in mind if it is to be useful in the more nuanced and qualitative world of financial crime prevention.
authors Steve Lindo Steve is a financial risk manager with over 30 years’ experience managing risks in ALM, funding, banking and trading portfolios. His current role is Lecturer and Course Designer at Columbia University’s School of Professional Studies, teaching Financial Risk Management to graduate students in Columbia’s MS in Enterprise Risk Management program. He is principal of SRL Advisory Services, an independent consulting firm specializing in risk governance, education and strategy, financial technology innovation, risk data management, regulatory expertise, information risk management and financial litigation support. Since 2019, he is also co-Principal of Intelligent Risk Management LLC, an executive education partnership that shows organizations how to test their high-stakes decisions using methods pioneered by the CIA.
Vesna McCreery Vesna is a Senior Advisor to Evalueserve. Following a career of over 20 years in financial services, Vesna now provides financial services firms (FIs) and fintechs with financial crime advisory services and works extensively with regulatory technology firms on product development, and matching FIs to regtechs. Vesna started her financial crime career at Goldman Sachs and continued on through Merrill Lynch to Deutsche Bank. She has led global financial crime functions at institutions such as RBS and Barclays, contributing to the lifting of the Deferred Prosecution Agreements by the US Department of Justice (DOJ) in both, and also served as the financial crime advisor to the Monitor of HSBC, working closely with the DOJ, FCA and the FED.
Raj Shah With over 15 years of Financial Crime experience, Raj has worked across consulting and a multitude of banks and insurers. He has developed teams and approaches covering screening, risk assessments and transaction monitoring efficacy, analytical tooling to assess and conclude on policy and regulatory alignment, bank-wide risk assessments, operating models, regulatory lookback exercises, assurance, investigations, and intelligence gathering.
Intelligent Risk - February 2021
039
the hazard of nostalgia – risk management after the pandemic
by Cosimo Pacciani normality no longer exists We are half-way (and this is perhaps wishing thinking) through a crisis like no other. The COVID-19 pandemic ‘occurrence’ has been compared to the financial crisis of 2008, which represented the benchmark for any future crisis. Until now, that is. Looking at the past usually offers risk managers some level of intellectual comfort: building our own historic series and defining trends provides a template to rebuild a sense of normality. This comparison with past events allows institutions and risk experts to define in normative terms a recovery plan, and lessons learned allow adjustment of risk appetites and frameworks. Going back to ‘normal’ is a current and recurring mantra in discussions among practitioners: a ‘normal’ defined as a return to financial parameters and behaviours that can be mapped through personal and collective experience and track records of a past loosely defined as ‘before the pandemic’. But this is precisely the risk I would like to flag up in this article: this sense of a return to a normality, or a past set-up of financial relations and engagement of public sphere, financial institutions and individuals as clients, entrepreneurs and citizens, which has quite simply ceased to exist.
a deep and systemic shock This mindset is what I mean by ‘nostalgia’, or the sense of ‘longing for a place or a time that doesn’t exist anymore’ (Svetlana Boym, 2001, The Future of Nostalgia, Basic Books). And nostalgia creates a risk of distortion. The pandemic crisis has had the impact of a singular event, as opposed to most of the recent financial and economic cycles. The current health crisis has not been about endogenous factors creating recessive economic trends, bursting financial assets bubbles, or disruptive geopolitical events. These are all risks that we have learned to manage or to limit (and it is thanks to the lesson learned from other recent financial crises that international financial safety nets kicked in to stop the spill-over of the current health and social crisis into the financial markets). 040
Intelligent Risk - February 2020
The current pandemic can best be described as a deep and systemic shock, exogenous in nature and the cause of other important shocks, not only in the context of our financial framework but of our very own existential sphere. This is the singularity that distinguishes the current crisis from earlier ones. The current pandemic is also aggravated by some extraordinary concurring macrotrends: climate change, the mechanisation of labour, the polarization of political debate, both in terms of internal and international politics. Not to mention Brexit and the adjustment to a post-Trump scenario in the US.
what to expect in 2021 The world of 2021, or the Vaccine-Year, will be the result of a dramatic reshaping of our society, following a period when the lockdown has led to evolutionary changes in working relationships (e.g. teleworking) and a deep recession that will only start to take its toll after public support to families and small and medium enterprises is reduced and then taken away, and countries will be reaching their own desired levels of debt. Just as crucial is the increasing use of algorithms and the development of machine learning systems which are increasingly used to manage more and more complex tasks, including decision-making, from mortgage approvals to life-and-death decisions for patients. Let alone the heightened risk of other flash crashes, like the ones we have experienced in recent years. In short, we shall not go back to the world as we knew it in 2019, when we were all still dealing with the long tail of the 2008 crisis and its attendant lack of ‘good’ credit growth, and the abundance of monetary tools used to compensate for the lack of initiative by the political sphere to use fiscal tools to boost growth and investments. This sense of nostalgia, as of today, is one of the most foreseeable and dangerous hazards we are facing. As risk practitioners, our mandate for the next few years (and each one of us is tasked to think in terms of the next 3 to 5, or perhaps 10 years), will be to come to terms with a future made of a singularity of singularities. We will need to start looking at different risk classes with new eyes and to look at some characteristics of this new evolving and liquid ‘normality’, while not letting ourselves fall back into a nostalgia for a pre-pandemic world that has now gone.
conclusion To conclude, here are some areas I believe we should be focusing on over the coming period: ››
The resilience of entire segments of our economy has been tested. Each institution will have to map customers to see where there was an acceleration of decline, where it is possible to rescue ailing businesses or where some businesses will have outperformed, because of the nature of their activity, but they will risk overheating.
Intelligent Risk - February 2021
041
››
Algorithmic decision-making will generate systems that will become, over time, more and more reliant on, but also independent from, human decision-making. Machines will become ‘economic agents’ to be regulated and, in this aspect, information and cybersecurity risks will remain at the top of our respective risk assessments.
››
Climate change is now no longer a scenario but a reality, and the environment will not only have to feature in our own ESG assessments, but it will also become another independent ‘economic agent’ for us to consider. The traditional credit risk analysis for loans will have to incorporate a series of environmental and social factors and this will require a new type of risk analyst.
››
The rapid increase of our own personal and institutional technological footprint will lead to the development of virtual realities of higher complexity. And, as it is already the case for gaming and entertainment platforms, virtual and physical realities will also become more complex and potentially confusing, in relation to shopping, financial decisions, and regular interaction among co-workers.
››
Diversity will need to be fostered more consistently, and not only in the context of race, gender, and sexuality, as it is the case now, but in the context of other forms of diversity too. We live at a time when younger generations are better at understanding new risk trends and when experience of the past does not necessarily bring insight into the future. And the voices of younger generations will need to be recognized as consultants on key institutional boards and their careers fast-tracked.
››
The pandemic crisis will leave behind a more polarized world, where, according to the economists such as Piketty, income and wealth disparity will have increased and where the dire conditions of consecutive lockdowns will also have taken their toll in terms of physical and mental health.
As a parting shot, I would argue that abandoning nostalgic ideas about a return to a past world will be a key priority and that the challenge for senior risk practitioners will be to understand and map out risk as if we were entering a completely new reality, a parallel universe to the world as we knew it in 2019. Risk management has a key role to play, even greater than it did in 2008, by becoming an advocate for assessing the impact of a brave new world – and society, nature, and technology within it – on the value proposition of a financial institution, from banks to asset managers and public institutions. Risk management can and should be an agent of change, aimed at rebuilding renewed trust between clients/citizens and institutions and between us and the next generation(s).
042
Intelligent Risk - February 2021
author Cosimo Pacciani Cosimo Pacciani is a risk management executive with a long career in different sectors. He has been the Group Chief Operating Officer for Algebris, a London-based asset manager, until March 2020. Previously, he covered the role of Chief Risk Officer for the European Stability Mechanism since 2015. He has joined this key European institution as Senior Credit Officer and Deputy Head of Risk in 2014. Previously, he spent 20 working in the City of London. He has been for eleven years at Royal Bank of Scotland, where he has been Chief Operating Officer for the Group Credit Risk function and Head of Risk and Compliance for the Asset Protection Scheme, the mechanism established to rescue the British banking system. Previously, at RBS he was Head of Credit Risk for Corporate and Public Institutions in Europe. He has worked previously as Associate Vice President in the portfolio management function of Credit Suisse First Boston and for the London branch of Monte dei Paschi di Siena in London, dealing with derivative products and portfolio management. He holds a Ph.D. from the Faculty of Economic Sciences of the University of Siena and a Master Degree from the Faculty of Economics of the University of Florence.
Intelligent Risk - February 2021
043
PRMIA volunteer profile - Doug Cronk
by Adam Lindquist PRMIA Director of Membership
Canada has produced many innovative leaders for PRMIA Chapters, and Doug Cronk is no exception. Doug shares his experience as a volunteer with PRMIA and some of his amazing accomplishments.
Adam
What is your professional role in risk?
Doug I was a Pension Investment & Risk Management Officer at AIMCo - Alberta Investment Management and previously the IWA-Forest Industry Pension Plan.
Adam
Tell us about your innovation in Canada
Doug There are a number of Chapters in Canada. We have one featured regional event per year, the Canadian Risk Forum that brings Chapters together. In conversations with Sarah Reppchen and Carl Densem with PRMIA Vancouver, we created the pan-Canadian PRMIA group. It’s proven to be a great way to brainstorm and service the PRMIA membership from coast-to-coast.
Adam
What are some of the benefits you have found with being active with PRMIA?
Doug In 2020, of course, risk managers have become rock stars. That’s kinda’ cool. I’ve always felt it is important to stay current and put new skills in the kitbag. That’s why I added the PRM™ Designation. Now, the menu of virtual risk education has expanded significantly. It’s important, indeed critical, to understand the most current thinking in risk management. Credit risk management has been around a long time in the banking industry, so we know a lot about it. Market risk management is more recent - the last 40 years say. But Operational and Enterprise risk management are in their infancy, and we are getting a crash course in those right now. In the pension industry, indeed the investment industry more broadly speaking, it’s been all about ‘risk management’ for the entire career of most everyone reading this. Think 1987, 1990, 1994, 2000/2001/2002, 2008, 2018 and now, 2020. Certainly, for the last 10-15 years, every paper written, every seminar, every client conversation has been and is about risk management.
044
Intelligent Risk - February 2021
Adam
What kind of professional benefits have you experienced by volunteering?
Doug
I’ve met some interesting people that I would not have otherwise met. And you never know what connections can be made or where they may lead. Before I moved to Calgary, I was a Steering Committee contributor with the PRMIA Edmonton chapter as well as a board Director for the Edmonton CFA society. I also did some ad-hoc volunteer work for CFA Vancouver. Currently, I am a YMCA foundation board Director and advisor to their investment committee. Adam
With life’s busy schedule, how do you squeeze in volunteering? What time management tips would you suggest to others to make it worth your time? Doug
Squeeze is the right word. One has to be brutally efficient with time. Then at 5pm shut it down because it’s time for family/spouse/relationship/exercise. Adam
Why would you recommend that people volunteer?
Doug
Anyone reading this is very fortunate. Volunteering is a way to give back. To contribute.
Adam
And your words of wisdom for those thinking of volunteering?
Doug
Once, while volunteering at the Food Bank, the staff there told me ‘one in every four people that come here have a degree.’ That had impact. Adam
Thank you, Doug for your great insights.
There are a variety of short- and long-term PRMIA volunteer opportunities available. VIEW VOLUNTEER OPPORTUNITIES
interviewee Doug Cronk Doug Cronk serves as Co-Regional Director, Calgary AB
Intelligent Risk - February 2021
045
PRMIA took its signature regional events virtual in 2020
As the pandemic forced lockdowns and digital adoption, this was the first year the PRMIA Risk Leader Summit went virtual. It was an experimental year for all of us, but there were pockets of strength and improvement that we can draw upon. In our case, this was the year where we had the most diverse participation in the Summit from a greater number of countries than ever before. John Kay provided a keynote lecture related to his and Mervyn King’s timely published book, Radical Uncertainty, as it applies to risk management, followed by a CRO panel about the practical implications to the risk office. We looked at the wild swings in pandemic macro and at the adaptive capacity of the consumer and tried to evaluate the largest fragilities in the economic sector. Panelists discussed adaptations to the stress testing and risk identification process that the pandemic has brought. The pandemic has proved to be a Sputnik moment for the regulatory community in financial services. The NGFS has strengthened to almost 80 members, and climate risk methodologies are advancing all over the world. Operational Resilience was another key area discussed, and new ways to think about resiliency and capacity were brought to the table. There is more emphasis on resiliency than on operational efficiency at this point in time. Cyber and credit risk were key concerns during the year, and both were excellently addressed by our panel. We would like to thank our strategic partner, Bloomberg, and Avantage Reply and CubeLogic for supporting this year’s event.
046
Intelligent Risk - February 2021
2020 presented many challenges for everyone worldwide. As PRMIA and our Canadian Chapters monitored the COVID pandemic, there was much discussion about how to approach our 8th annual Canadian Risk Forum. In the end, as with many other world events, it was decided to move the two-day forum online. With the dedication and assistance from our Pan Canadian Chapter volunteers and “all hands on deck” within PRMIA staff, along with continued trust and support from our sponsors, we were able to promote and present one of our most successful forums ever. Our theme in keeping with the times, “Exploring the Risk Professional’s Response to COVID-19,” PRMIA Pan Canada offered deep insight into the challenges, unseen forces, and effects the pandemic brought to the risk community. Participation in the event was engaging, and the number of attendees rose in response to our theme and virtual access. To recognize our success, PRMIA Canadian Chapters made a donation on behalf of the volunteers, speakers, moderators and participants to Food Bank Canada to assist with those struggling in these difficult times. A special thank you to PRMIA Toronto for spearheading the planning efforts, and to PRMIA Calgary, Edmonton, Montreal, and Vancouver for the additional support. Thank you to our Supporting Sponsor KPMG; our Executive Session Sponsor EY; and our Contributing Sponsors AxiomSL, MSCI, and Rotman School of Risk Management. We are grateful for everyone’s participation.
Intelligent Risk - February 2021
047
chapter spotlight: PRMIA Ireland
Ireland is the country of a hundred thousand welcomes (Céad Míle Fáilte), and in current times this is of course done virtually. Communities throughout Ireland are displaying and sharing online the very best of Irish culture, tradition, business, sport, fighting spirit, and the uniquely Irish sense of fun. Ireland is also a global centre for financial services. Companies located in Ireland provide financial services to every major economy in the world. International banks, fintech, investment and fund managers, insurers, aircraft leasing operators and an array of other financial services firms employ over 42,000 people. This role was further enhanced by Brexit where key international companies moved their European Headquarters to Dublin/Ireland. Against this backdrop, the PRMIA Ireland Steering Committee is planning some noteworthy events in the near future.
PRMIA continues to serve during a recent pandemic The Irish Chapter has recently been reorganised, with the regional directorship role split between Monika Smatralova and Alan Bluett. The focus of the co-regional directors has been to continue maintaining a strong steering committee with a clear focus on building awareness of the PRMIA brand in Ireland among risk management professionals and beyond. The steering committee is comprised of individuals from a broad range of backgrounds within the risk management sector across a financial services industry. This diversity brings new ideas and challenges to existing norms to ensure that PRMIA Ireland is innovative, ambitious, and delivers quality events to our members and facilitates the exchange of knowledge, ideas, and opinions on risk management. 048
Intelligent Risk - February 2021
PRMIA Ireland initiated a series of topical events that ran throughout 2020. These sessions featured presentations from risk management professionals who shared their vision of risk management within the Irish financial services and banking sectors, including the growing presence of Fintech companies that have opted to establish in Ireland. Events organised by the Irish chapter in 2020 • The Brexit clock is still ticking (Speakers included: Jim Power, Jim Power Economics Limited and Richard Pike, CEO of Governor Software) • Beanbags are Good, Trust is Better - My Journey into Fintech (Speaker included: Peter Rossiter, Chief Risk Officer of Starling International) • Revolution & Evolution – the Fintech Experience Unplugged (Speakers included: Peter Cripwell, Chief Executive Officer of Risk System and Mark Byrne, Associate Director of EquiLend) • The Evolution of the CRO (In collaboration with Broadgate Search, the panel included: Cameron Marr, Director and Chair at AIB Merchant Services; David Suetens, a Founder of Bridgebuilding and Ken Radigan, CEO of PRMIA) The majority of events were virtual, which has given the Irish chapter the opportunity to reach audiences beyond our borders and that was witnessed through the international attendance of our Chapter events.
risk agenda Consistent with PRMIA’s mission to promote, develop and share professional risk management practices, the PRMIA Ireland chapter has an ambitious programme. In common with other chapters around the world, we listen to our members and their concerns in relation to prudential and conduct risk topics, climate change and the associated green financing, operational resilience (which was highlighted as the result of a current Covid-19 experience), digitalisation and cyber risk as well as the business risk model transformation due to a prolonged low interest rate environment and Brexit. We are committed to bring together risk professionals and serve our risk community locally and globally to address the above-mentioned concern and more.
PRMIA is open to collaboration PRMIA Ireland has continued to build a good professional relationship with universities and other professional/ academic bodies across Ireland. Intelligent Risk - February 2021
049
Notable is the relationship with the Society of Actuaries Ireland where the Co-Regional director Monika Smatralova is frequently invited to speak at their professional summits/events and conventions to share the practitioner’s experience and new trends in a risk management arena.
PRMIA Risk Management Challenge PRMIA Ireland is also involved in the search for new talent via The Risk Management Challenge which is a case competition run by the PRMIA Institute looking to empower undergraduate and graduate students by taking them beyond the classroom and giving them exposure to real-world business situations. The Challenge offers students the opportunity to apply the concepts they have learned and showcase their knowledge, critical thinking skills, leadership, and presentation abilities. We are very proud of Justin McCarthy, Chairman of The Board of Directors at the PRMIA Institute who is driving this important work, creating a platform for developing and enhancing risk management expertise. The Irish chapter has been a long-standing supporter of the PRMIA Risk Management Challenge. Successful Irish teams supported by a local steering committee participated in the PRMIA regional finals where graduate and undergraduate students from all over Europe competed to solve business cases with a risk management focus. We would like to congratulate the Irish teams who participated in this challenging competition over the last couple years. PRMIA Ireland is committed to increasing the number of participating universities and teams in future PRMIA Risk Management Challenge competitions. Regional Directors PRMIA thanks its locally based volunteers for providing content leadership, industry promotion and organizational support. • Dr Monika Smatralova, Director BIA, Barclays Europe • Alan Bluett, Partner, The Panel Regional Directors • Justin McCarthy, Chairman of The Board of Directors at the PRMIA Institute • Elmarie van Breda, Director at FinRisk • Conor Griffin, Director, Risk Advisory Services, Ernst & Young PRMIA Ireland is eager to explore new insights and contributions; any member based in Ireland who is interested in getting involved should reach out to ireland@prmia.org for a no-commitment, informal discussion. 050
Intelligent Risk - February 2021
calendar of events Please join us for an upcoming virtual course, thought leadership webinar, or virtual event. New offerings are added on a regular basis; watch the PRMIA website at www.prmia.org for updates.
PRM™ SCHEDULING WINDOW January 1 – June 30 SPREADSHEET CONTROL FOR RISK MANAGEMENT February 9 – March 8 – Virtual Course MEASURING EXPOSURE TO PUBLIC POLICY RISK February 10 – Thought Leadership Webinar PRM™ TESTING WINDOW February 15 – June 30 BEYOND VALUE AT RISK: TAIL RISK February 17 – Thought Leadership Webinar
CONSTRUCTIVE VS. DESTRUCTIVE CONFLICT FOR RISK MANAGERS March 10 – Thought Leadership Webinar VALUE AT RISK METHODS USING R March 23 – May 3 – Virtual Course INTRODUCTION TO CORPORATE FINANCIAL RISK MANAGEMENT March 24 – Thought Leadership Webinar CORPORATE FINANCIAL RISK MANAGEMENT April 20 – June 14 – Virtual Course
Intelligent Risk - February 2021
051
INTELLIGENT RISK knowledge for the PRMIA community ©2021 - All Rights Reserved Professional Risk Managers’ International Association
