Risk-based Supervision

GRENADA AUTHORITY FOR THE REGULATION OF

FINANCIAL INSTITUTIONS
GARFIN
TECHNICAL ASSISTANCE MISSION
GEORGETOWN, GRENADA
COURTNEY CHRISTIE-VEITCH
FINANCIAL SECTOR SUPERVISOR, CARTAC

SEPTEMBER 8 - 11, 2014

Presentation Outline
Background
Significant Activities
Materiality
Inherent risks
Quality of Risk Management
Residual Risk

Presentation Outline
Direction of Risk
Capital Assessment
Earnings Assessment
Liquidity Assessment
Composite Rating

Background: Role of Prudential Supervision

Background:
How Supervisors Carry Out Their Role

The Essence of Risk Taking

Experience taught me a few

things. One is to listen to your
gut, no matter how good
something sounds on paper.
The second is that you're
generally better off sticking
with what you know. And the
third is that sometimes your
best investments are the ones
you don't make. Donald
Trump

Rationale for Risk-based Approach

Resources are not infinite / allocation of scarce

resources
Mechanism to prioritize work/on-sites focus
efforts on greatest risks
Focus on risks to institution's aims and objectives
Basis for justifying approach, action and decision
Documented and consistent approach to risk
management

Risk Management Stages

Decision
to be Riskbased

Set Risk
Context

Step 1: Identifying Significant Activities

Sagicors 2013
Our Team delivered net profits of $6.3 billion,
which is 7% above 2012 and our fourteenth
consecutive year of profit growth. Revenues were
$42.4 billion, an improvement of 19% over 2012.
We provided $15.75 billion of insurance and
annuity benefits to our customers and their
families in 2013. In addition, we managed the
GEASO and GPASO health business on behalf of
the Government of Jamaica and the largest pool
of pension funds in Jamaica. These are major
businesses from which we pay out another
almost $10 billion annually. Our investment
funds outperformed their respective benchmarks
for the most part and some were the best
performers in their asset class. Left: Dr. The
Hon. R.D. Williams, Chairman Right: Richard
O. Byles, President & CEO

Annual Report

Step I: Identifying Significant Activities

Line of business
Business units
Enterprise wide process e.g. information technology
Activities can be identified from:

Organization structure
Strategic plans
Operational and Business plans
Capital allocations,
Financial reporting (internal/external)

Step I: Identifying Significant Activities

What are the lines of business/business

units in an insurance firm?

What are the lines of business / business

units in a credit union?

Step I: Identifying Significant Activities

Types of Insurance

Life insurance; Non-life insurance; Reinsurance

E.g. Activities / Lines of Business / Business Units

Insurance
Annuity
Underwriting
Claims
Investment
Health business
Pension Funds Management
Premium
Related Party Transactions

Step I: Identifying Significant Activities

E.g Activities / lines of business / business units in

a credit union?

Loans
Investments
Cash and placements
Deposits / share / savings
Related Party Transactions

Step II: Determining Materiality

Assets generated by the activity relative to total asset

size
Revenue generated by activity in relation to total
revenue
Net income before tax/total net income before tax
Risk weighted assets generated by activity / total
RWA
Capital allocation / total capital
Strategic importance

Step III: Assess Inherent Risks

Inherent risk is risk which cannot be
segregated from the activity. It is intrinsic to
an activity and arises from exposure to and
uncertainty from potential future events.
Inherent risks are evaluated by considering
the degree of probability and the potential
size of an adverse impact on an institutions
capital, liquidity or earnings.

Inherent Risk Assessment

Inherent Risk Framework - Traditional

B
u
s
i
n
e
s
s
.
E
n
v
ir
o
n

O
p
e
r
a
ti
n
g
.
E
n
v
ir
o
n

Inherent Risk Framework - Revised

B
u
s
i
n
e
s
s
.
E
n
v
ir
o
n

O
p
e
r
a
ti
n
g
.
E
n
v
ir
o
n

Inherent Risk Rating

Inherent Risk Rating

Inherent Risk Rating - CAMELS

Inherent Risk Rating - CARAMELS

Asset Quality Assessment

Soundness of risk identification practices,

credit underwriting standards and credit

administration practices (Credit Risk)
Level, distribution, severity and trend of
problem, classified, non accrual,
restructured, delinquent and
nonperforming assets (on and off balance
sheet) (Credit Risk)

Asset Quality Assessment

Adequacy of allowances for loans and

lease losses and other valuation

reserves
Credit risks arising from or induced by
off-balance sheet transactions, e.g.
unfunded commitments, credit
derivatives, commercial and standby
letters of credit and lines of credit.

Asset Quality Assessment

Diversification and quality of the loan

and investment
Extent of securities underwriting
activities and exposures to
counterparties in trading activities
Existence of asset concentration

Asset Quality Assessment

Ability of management to properly

administer its assets, including timely

identification and collection of problem
assets
Adequacy of internal controls and
management information systems
Volume and nature of credit
documentation exception.

Asset Quality Assessment

Prudent investment portfolio? (CR)
Adequate spread of investments among asset types

and counter parties (CR)

Investment policy in place to ensure ongoing
prudency of investment portfolio (CR)
Investment consistent with policy (CR)
Investment administered in a prudent manner
(OR)
Mix of investment assets in line with deposit and
insurance fund requirements (LRR)

Asset Quality Rating

Asset Quality Rating

Sensitivity to Market Risk Assessment

Sensitivity of earnings or the economic

value of capital to adverse changes in

interest rate, foreign exchange rates,
commodity prices or equity prices
The ability of management to identify,
measure, monitor and control exposure to
market risk given the size, complexity and
risk profile of the FI

Sensitivity to Market Risk Assessment

The nature and complexity of interest rate

risk exposure arising from non trading

positions
The nature and complexity of market risk
exposure arising from trading, asset
management activities and foreign exchange
operations

Sensitivity to Market Risk Rating

Sensitivity to Market Risk Rating

Sensitivity to Market Risk Rating

Sensitivity to Market Risk Rating

Sensitivity to Market Risk Rating

Reputational Risk Assessment

Corporate Governance
Management integrity
Staff competence / support
Corporate culture
Risk management and control

environment

Reputational Risk Assessment

Financial Soundness / Business viability
Business practices
Customer satisfaction
Legal / regulatory compliance
Contagion risk / rumors
Crisis management
Disclosure and transparency

Reputational Risk Rating

Reputational Risk Rating

Reputational Risk Rating

Reputational Risk Rating

Reputational Risk Rating

Concentration Risk Assessment

Concentration risk can arise from uneven
distribution of exposures (or loan) to its
borrowers. Such a risk is called Name
Concentration risk. Another type is Sectoral
Concentration risk which can arise from
uneven distribution of exposures to
particular sectors, regions, industries or
products.

Concentration Risk Assessment

Geographic concentration
Single name
Related party
Balance sheet
Business / Product line

Operational Risk Assessment

Operational risk is "the risk of a

change in value caused by the fact that

actual losses, incurred for inadequate
or failed internal processes, people and
systems, or from external events
(including legal risk), differ from the
expected losses". Basel Definition

Operational Risk Assessment

Internal Fraud - misappropriation of assets, tax evasion, intentional

mismarking of positions, bribery

External Fraud- theft of information, hacking damage, third-party theft
and forgery
Employment Practices and Workplace Safety - discrimination, workers
compensation, employee health and safety
Clients, Products, & Business Practice- market manipulation, antitrust,
improper trade, product defects, fiduciary breaches, account churning
Damage to Physical Assets - natural disasters, terrorism, vandalism
Business Disruption & Systems Failures - utility disruptions, software
failures, hardware failures
Execution, Delivery, & Process Management - data entry errors,
accounting errors, failed mandatory reporting, negligent loss of client
assets

Strategic Risk Assessment

Strategic Risk is the risk of current or

prospective impact on the financial

institutions earnings, capital, reputation
or standing arising from change in the
environment and from adverse strategic
decisions, improper implementation of
decisions or lack of responsiveness to
industry, economic or technological
changes.

Strategic Risk Assessment

Four Key Elements:
Strategic

Planning
Alignment and change management
Implementation and monitoring
Performance evaluation and feedback

Strategic Risk Assessment

Compatibility or suitability of the

institutions goals and objectives

(consistent with - corporate vision, values,
culture, business direction, risk tolerance)
Financial objectives consistent with
strategic goals
Strategic decisions are prudent relative to
size and complexity

Strategic Risk Assessment

Responsiveness to changes in

environment
Adequacy of resources in carrying out
strategic decisions
Implementation of strategic decisions
Impact of strategic decisions

Reinsurance Risk Assessment

Financial soundness of insurers reinsurance companies

(Credit Risk)
Adequacy of diversification of ceded premiums among

reinsurance companies (Credit Risk)

Appropriateness of insurers reinsurance strategy
(Underwriting/Liability Risk)
Adequacy of Insurers protection against catastrophic

events (Underwriting/Liability Risk)

Appropriateness of insurers reinsurance contracts
(Operational Risk)
Appropriateness of the administration of reinsurance

relationships by the insurer (Operational Risk)

Actuarial Liability Risk Assessment

Insurers liability appropriately

estimated and reported

(Product Design Risk)
Are regulatory requirements being met

by Insurer regarding technical

provisions (Legal/Regulatory Risk)

Self Dealing and Related Parties Risk

Assessment
Process in place to review related party

transactions (Operational Risk)

Related parties dealings in accordance
with ethical standards (Reputation Risk)
Written code of ethics policy in place
for employees (Reputation Risk)
Significant related party revenue,
expenses, assets or liabilities?

Proposed Risk Assessment System Inherent Risks

Group Exercise # 2
Using a scale of 1 5 (1 = Strong and 5 = Critically
Deficient), develop a risk scoring (definition) matrix for the
following inherent risks: Group A
Strategic Risk
Operational Risk
Concentration Risk
2. 2. Using a scale of 1 5 (1 = Strong and 5 = Critically
Deficient), develop a risk scoring (definition) matrix for the
following inherent risks: Group B
Reinsurance
Actuarial liabilities
Self dealing and related parties
1.

Group Exercise # 3

1. Identify the inherent risks in each of the

significant activities and score on the scale of 1 5
for each supervised entity (credit unions and
insurance companies).

Quality of Risk Management and Oversight

Operational Management
Compliance Function
Internal Audit / Supervisory Committee Function
External Audit Function
Risk Management Function
Senior Management
Board Oversight

Quality of Risk Management Assessment

Operational management

Day to day management of significant activities

Adequate and appropriate for nature, size and complexity
of the financial institution
Sufficient and effective in managing and mitigating key
risks
Policies
processes
Control systems
Staff levels and experience

Quality of Risk Management Assessment

Board Oversight

Vary based on size, structure and complexity of institutions

Institutions required to have in place an effective board of
directors and senior management
Board agree risk appetite e.g. aggressive or conservative
Board of directors ultimately accountable for management and
oversight of the institution
Business plan in place and appropriate deposit/savings
growth or premium growth too aggressive?
Depending on size, board may delegate some oversight
responsibilities to board sub-committees e.g.. audit, risk
management and human resource

Quality of Risk Management Assessment

Senior Management Oversight
Depending

on size, senior management may

delegate some oversight responsibilities to other
oversight functions:
Risk management
Supervisory Committee/Internal Audit
Compliance

Quality of Risk Management Assessment

Level and quality of oversight and

support of all institution activities by the

board of directors and management
The ability of the board of directors and
management, in their respective roles to
plan for, and respond to risks that may
arise from changing business conditions
or the initiation of new activities or
products

Quality of Risk Management Assessment

Adequacy of, and compliance with

appropriate internal policies and

controls addressing operations and
risks of significant activities
Accuracy, timeliness and effectiveness
of management information and risk
monitoring systems appropriate for the
FIs size, complexity and risk profile.

Quality of Risk Management Assessment

(Audit and Internal Controls)
Compliance with laws and regulations
Responsiveness to recommendations

from auditors and supervisory authorities

Management depth and succession
Extent that board of directors or
management is affected by, or susceptible
to, dominant influence or concentration
of authority.

Quality of Risk Management Assessment

(Audit and Internal Controls)
Reasonableness of compensation policies and

avoidance of self dealing

Demonstrated willingness to serve the legitimate
FI needs of the community
Claims paid by insurer in a fair and timely
manner
Insurer compliant with market conduct
requirements
The overall performance of the institution and its
risk profile

Quality of Risk Management Rating

Quality of Risk Management Rating

Quality of Risk Management Assessment

Quality of Risk Management Assessment

Residual Risk Assessment

How key risks are managed in each

significant activity operational management

Effectiveness of oversight functions

Governance / Board
Internal audit / Internal controls
Compliance

Each key inherent risk is considered

separately for each significant activity

Determine aggregate residual risk

Residual Risk Rating

Residual Risk Rating

Residual Risk Assessment

Direction of Risk

Stable

Risk Impact
Capital Adequacy Assessment
Level and quality of capital
Overall financial condition
Managements ability to address

emerging capital needs

Nature, trend and volume of problem
assets and adequacy of provision for
loans and investment losses and
adequacy of other reserves

Risk Impact
Capital Adequacy Assessment
Sufficient capital relative to liabilities

and volumes of business

Appropriateness of type of capital
In compliance with share capital,
solvency margin, deposit and fund
requirements as set out in law and regs.

Risk Impact
Capital Adequacy Assessment
Off balance risk exposures
Growth prospects and past experiences

in managing growth
Balance sheet composition, nature
amount of intangible assets,
concentration risks, market risks, risks
in non traditional activities
Access to capital

Capital Adequacy Rating

Capital Adequacy Rating

Risk Impact
Earnings Risk Assessment
Levels of earnings including trends and stability /

quality of earnings sources

Earnings track record to augment capital
Ability to provide for adequate capital through
retained earnings
No repatriation of profits / payments of dividends
before full compliance with Acts.
Level of expenses in relation to operations
Underwriting revenues relative to incurred claims
(product design and underwriting risks)

Risk Impact
Earnings Risk Assessment
Adequacy of the budgeting systems,

forecasting processes, management

information systems
Adequacy of provisions to maintain the
allowance for loan and lease losses and
other valuation allowance
The earnings exposure to market risk,
such as interest rate, foreign exchange and
price risks

Earnings Risk Rating

Earnings Risk Rating

Risk Impact
Liquidity Risk Assessment
Availability of assets readily convertible to cash

without undue loss

Access to money markets and other sources of funding
Level of diversification of funding sources, both on
and off-balance sheet
The degree of reliance on short-term, volatile sources
of funds, including borrowings and brokered deposits,
to fund longer term assets
Appropriate matching of assets and liabilities
Level of FX assets relative to liabilities

Risk Impact
Liquidity Risk Assessment
The trend and stability of deposits / liquid assets
Written policies in place for interest rate, FX and

liquidity risks
The ability to securitize and sell certain pools of
assets
The capability of management to properly identify,
measure, monitor and control institutions liquidity
position, including the effectiveness of funds
management strategies, liquidity policies,
management information systems, and contingency
funding plans

Liquidity Risk Rating

Liquidity Risk Rating

Composite Risk Assessment

Framework for Risk-based Supervision

CORBASCELS

CAMELS
/CARAMELS

Framework for Risk-based Supervision

CORBASCEL

Thank you!
Any questions?