Towards the end of last week, Matthew Elderfield launched the Probability Risk and Impact SysteM (PRISM, summary here and detail here), which aims to usher in a new age of supervisory challenge to the Irish financial sector, well documented as having had an easy time of it before credit started to get crunchy.
One big challenge for the CBoI will be to get everything up and running before June 2012 (hopefully the recruitment drive wasas good for quality as it seemingly was for quantity!), so all the best to them for that. More pointedly, the acknowledgement that the ramping up of staff numbers will start to be felt in the industry levies asap, coupled with future income streams referenced in their planned aggresive enforcement and fining of non-compliant firms must have any of the stragglers still living in 2006 quaking in their boots.
Very interesting to see the take on Risk Appetite, Risk Tolerance, Risk Assessment Criteria etc applied by a regulator to its industry, rather than my normal vantage point of a risk consultant, either advising on or benchmarking the same facets of individual ERM frameworks within an insurance undertaking. I would have thought the way in which these things are described in Mr. Elderfield's speech should be good guidance for corporate governance code adherence over there (let's face it, it doesn't get better than from the horse's mouth!).
One thing that would make me very uncomfortable as an Insurance consultant is the extent of the crossover between ORSA, QRTs, SFCR and RSR and what is being proposed under PRISM. I would not be keen on, for example, defining 'Risk Profile' for my client in line with Solvency II definitions, only to be contradicted by the regulator's PRISM definition of 'Risk Profile', which is overall solvency needs by any other name.
If I get some spare time, I may run a cross-check between ORSA and PRISM obligations, and work out whether the CBoI is trying to tell the insurance industry how to do an ORSA via subliminal messages - for the life of me, I can't quite work out what this does for the industry that an ORSA run with "appropriate" frequency doesn't.
An online repository for Solvency II, ERM and Corporate Governance material and comment from the Principal of Governance Matters, an independent Risk Consultancy firm based on the Isle of Man.
Showing posts with label Appetite. Show all posts
Showing posts with label Appetite. Show all posts
Tuesday, 6 December 2011
Thursday, 16 June 2011
Economist Intelligence Unit - New Challenges for risk management in financial services
As ever, the Economist Intelligence Unit have come up trumps with a very worthy piece on risk management progress and problems over the last year (relatively small sample at 315 participants, and a touch US heavy would be the only bits I would flag for benchmarking purposes).
The increase in risk appetite over the last 12 months flagged by participants seems logical, and the general observation that boards are paying more attention to risk also fits in with the prevailing mood from supervisors and regulators post-credit crunch (bear in mind this facet would be overwhelming if it was EU-only thanks to Solvency II et al).
That Enterprise-wide risk management was receiving the most attention from the risk function and the boards in insurance/reinsurance participants is also no surprise, with Solvency II/Equivalence/IAIS ICPs to consider. I also liked the acknowledgement that improving skills in identifying interdependencies in enterprise risks is seen as a priority by risk professionals
However, there were a number of areas which ranged from mildly concerning to shocking, such as;
I would add that the case study of Metro Bank (first new bank in the UK in 100 years) seems very unusual, in that they have decentralised responsibility for risk instead of having a dedicated function - very interested to know how this is approached by the banking regulator.
The increase in risk appetite over the last 12 months flagged by participants seems logical, and the general observation that boards are paying more attention to risk also fits in with the prevailing mood from supervisors and regulators post-credit crunch (bear in mind this facet would be overwhelming if it was EU-only thanks to Solvency II et al).
That Enterprise-wide risk management was receiving the most attention from the risk function and the boards in insurance/reinsurance participants is also no surprise, with Solvency II/Equivalence/IAIS ICPs to consider. I also liked the acknowledgement that improving skills in identifying interdependencies in enterprise risks is seen as a priority by risk professionals
However, there were a number of areas which ranged from mildly concerning to shocking, such as;
- Nearly a quarter reported that the Risk Function is more often than not overridden or ignored (bear in mind these are financial services risk executives that have been polled)
- No improvement y-o-y on the percentage of respondents with a "clearly defined risk strategy"
- Investment in Risk functions has fallen in aggregate in almost every area
- Almost 2/3rds said complexity is incresing the risk exposure of their company
- Only 21% were confident that 100% of their risk exposure was measured and monitored accurately
- Only half felt members of the risk team played an important role in strategic decision making
- A similar percentage note that their boards have become more demanding with their risk reporting expectations (there must be some boards therefore asking for more from the function, then excluding them from the decision making process)
- In only 55% of participants the head of risk had a mandate to report to the Board independently
- Only 39% said their organisation has a "common risk language" - this is especially poor for financial services
- Effectiveness of organisations in managing "real-time risk" was rated poorly - this is fundamental to the risk function adding value and influencing strategic decision making, so must improve.
- Only a third have improved the quality of their board information on emerging risks
- 29% of respondents said they did not have "adequate expertise" in operational risk
I would add that the case study of Metro Bank (first new bank in the UK in 100 years) seems very unusual, in that they have decentralised responsibility for risk instead of having a dedicated function - very interested to know how this is approached by the banking regulator.
Subscribe to:
Posts (Atom)