Risk Management in Financial Services Presented by Germana
Risk Management in Financial Services Presented by Germana Venturini MLC – Business Consulting
Agenda • What is risk management? • The risk management process • Common risks • Managing risk • Summary Slide 2
The laws that govern the industry Regulated REPUTATION Business - ASIC - TAX, tax - Anti-Money Laundering - Corporations Act - SIS Act - Intellectual Property Employment - Industrial - OH&S - Work Cover - Discrimination Consumer - ACCC - OFT - Ombudsmen - ++ x 8 local + many foreign jurisdictions Slide 3 Miscellaneous - EPA - Privacy - Drug & Food - Standards - Customs - Immigration
Our environment Think about… What are the issues you are concerned about in your business? Slide 4
What is risk management? • Risk management is not new – decisions are made on a daily basis • The future is uncertain, managing risk involves: – assessing the impact of risk(s) – deciding a course of action to suit your appetite or tolerance for risks • Expertise and experience is required to understand assumptions and methodologies behind the risk management process Slide 5
Risk management process Identify all risks relevant to your business Use checklists, plans, brainstorming, flow charts, scenarios etc. don’t leave anything out! Slide 6 Analyse risks Determine consequences & likelihood AS/NZ 4360 Evaluate risks Rate risks based on impact, probability & priority – Frequency – Impacts on profit, reputation, environment & legal obligations
Risk management process Treat risks Measures, processes & procedures to treat & minimise risk Slide 7 Monitor & review Procedures in place to review, monitor risk management system Communication & consult Procedures in place to communicate & consult with both appropriate internal & external stakeholders
Risk management process Slide 8
Risk management • What is the obligation? • What is the risk of non compliance? • What are the consequences of non compliance? • What is the likelihood? • What are the impacts to the business? • What are current control measures in place? • How effective are they? • Ratings Slide 9 Results in ACTIONS to concentrate on, with timeframes & people to make them happen
The risk matrix Likelihood Label Consequences Label I II IV V A Medium High Very high B Medium High Very high C Low Medium High D Low Medium High E Low Medium High Note: The relationship between consequence & likelihood will differ for each application — the level of risk assigned to each cell needs to reflect this. Risk Management Guidelines Companion to AS/NZ 4360: 2004. Reproduced with permission Slide 10
Risk analysis What can go wrong? Likely consequences How to deal with them Disruption to provision of services • High workload placing stress on staff • Ensure that selection of new providers can be justified using the assessment criteria advertised. • Political or PR implications of lobbying by unsuccessful providers • Negative implications for continuing service delivery to contract end • Potential for legal action Slide 11 • Ensure probity of process, especially with regard to conflicts of interest & observation of tender rules and regulations. • Negotiate transition arrangements before approaching the market to select the new provider.
Example Impact Likelihood Risk Level Product Providers 2 1 L Keep checking on performance of individual products Yes Ongoing Financial Planning Software 3 2 M Utilising from Alliance Program the Visi Statement of advice writing tool, incorporating the Visi Plan Software Yes Jan ’ 11 Yes Jan’ 11 Risk area Controls/Treatments Accept Risk Level? Review date Yes/No Research Providers 1 2 L Utilising from Alliance Program the Visi Research tool, incorporating Aegis and Premium Financial Research Auditors 1 2 L Appropriate service agreements Yes Jun’ 11 Compliance Providers 1 2 L Annual Licensee Review Yes Jnu’ 11 Economic Circumstances 1 3 L Fee for service revenue and education of clients Yes Ongoing Slide 12
Next level Slide 13
Types of risk Operational • The risk of loss within any part of the organisation, occurring as a result of : – Inadequate operational policy and procedures including systems, controls and infrastructure – Human error and management failure – Fraudulent or intentional acts (internal & external) – Unmanaged and uncontrollable events which impact on the operational activities • Why does it occur? – Poor information – Skills – lack of control Slide 14
Types of risk Legal / regulatory • The risk that you are not complying with your legal obligations – Corps Act inc FSRA, TPA, MIA, Banking Act, RBA Act, Fin Transactions Reports Act, Privacy, Credit Code, Common Law, OHAS, Employment • Law changes • Ambiguity Slide 15
Legal / regulatory risk • Non compliance with legal obligations – Failure to comply could lead to loss of business, personal liability, criminal sanctions, fines, adverse publicity, conditions imposed – Such risks need to be identified, managed and monitored • Unenforceable legal rights – Entails loss of legal rights such as relying on a legal contract – Legal rights need to be identified and appropriate measures taken to ensure adequately utilised and protected Slide 16
Difficulties of legal risk management • Complexity of laws – Corporations Act, RG, APRA, ASX • Constant changes to keep up with technology • Uncertainty in the law – lack of precise definition, different interpretation “must take reasonable steps, adequate arrangements, advice must be appropriate” • Deficient internal procedures • Different laws in different jurisdictions • Technological changes Slide 17
Types of risk Reputation • The risk that an organisation’s reputation or good name will be impacted • A consequence of operational risk exposure Ethical • Risk of engaging in unethical behaviour Slide 18
How can risks be managed? • Management controls accountability • Compliance controls • Policies & procedures • Training - initial & ongoing • Keeping abreast with changes Slide 19 • Segregation of duties • Adequate skilled resources • Internal & external audit • Disaster recovery plan
Managing operational risk • Clear business planning and objectives • Evaluation of business processes – Qualitative techniques - eg. process maps are useful – Quantitative techniques • Establishment of policies and controls • KPIs Slide 20
Reputation risk management considerations • Damage to reputation usually results from failure to manage other risks – market, credit, operation or legal risks. • A ruined reputation can result from the actions of one individual in the business - segregation of duties • • Slide 21 Understand stakeholder expectations Communication • • Consistent enforcement of controls • on governance, compliance Open culture - clear values & vision • Reward & recognition systems linked to business goals Training & corrective action Business continuity & crisis management plan Robust risk management system
Risk Management The art of risk management it to “pick important problems and fix them” Slide 22
Summary • Understand risk management • Identify key risks in your business and how you are going to deal with them WHAT ACTIONS DO YOU NEED TO TAKE FROM TODAY? Slide 23
Questions ? ? Slide 24
- Slides: 24