Enterprise Risk Management COSO Definition The ERM Evolution

Enterprise Risk Management • • • COSO Definition The ERM Evolution The Risk Management Process Practical Considerations in ERM Implementation Common Risks Included in Bank ERM Programs Value Identified in Bank ERM Programs

COSO Definition • “Enterprise risk management is a process, effected by the entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of objectives. ”

The ERM Evolution • • • More – and more Complicated – Risks External Pressure Portfolio Point of View Quantification Boundaryless Benchmarking Risk as Opportunity

The Risk Management Process • • Establish Context Identify Risks Analyze/Quantify Risks Integrate Risks Assess/Prioritize Risks Treat/Exploit Risks Monitor and Review

Practical Considerations in ERM Implementation • • Designating an ERM “Champion” Making ERM Part of the Culture Determining All Possible Organizational Risks Quantifying Operational and Strategic Risks Integrating Risks – Determining Dependencies Monitoring the Process Start Slowly – Build Upon Successes

Common Risks Included in Bank ERM Programs • • • • Market – 89% Operational – 89% Credit – 88% Liquidity – 68% Regulatory/Compliance – 65% IT Security – 63% Business Continuity – 58% Legal/litigation – 46% Hazard or Insurable Risks – 41% Reputation – 40% Strategic – 37% Privacy – 32% Geopolitical – 19% Other – 3%

Value Identified in Bank ERM Programs • • • Improved Understanding of Risks/Controls Improved Regulatory Perception Reduction of Losses Due to Risk Events Improved Rating Agency Perception Improved Earnings Quality Improvement in Reputation and Transparency for Shareholders • Improved Risk-Adjusted Returns • Lower Requirement for Economic Capital • Reduction in Insurance Premiums