Steve Troop

1
RISK MANAGEMENT FOR SENIOR BANKERS

• Steve Troop
• Deputy Chief Executive - HSBC Turkey
• Istanbul, 20th November 2002

2
What todays presentation is not

• Technically-focused soft issues rather
  than the mechanics of risk management..
• Definitive no-one can offer a set of
  Answers all I will do today is illustrate
  some - but by no means all - of the Questions..

1
3
Todays Presentation

• The role of senior management in risk
  management
• Establishing sound risk management principles
• Some thoughts on the application of
  risk-management-in-the-round

2
4
1. Senior Managements Role

• Banking is the original risk business
• No-risk banking a contradiction in terms
• We buy risk, we sell risk, we measure risk, we
  manage risk, we (or our subordinates) make risk
  decisions all day and every day
• If risk is the essence of banking, it follows
  that the role of senior management is risk
  management .
• .

3
5
1. Senior Managements Role

• Establishing a culture of risk management
• Strategy
• Core Values / the conscience of the company
• Consistency
• Provide focus
• Seeing the big picture - joined-up risk
  . management
• Collective Management at the top of the bank
• Picking the right team

4
6
The Role of Senior Management(2)

• Establishing a culture of risk management
• Strategy
• Every bank should have one !
• A banks strategy is, of itself, a statement of
  risk appetite
• Review, revise , update
• Test investment and risk decisions against that
  strategy
• Communicate it internally

5
7
The Role of Senior Management(3)

• Core Values / the conscience of the company
• Statement of principles
• Guidelines / handbooks as to staff conduct
• Role models talk-the-walk / walk-the-talk
• Collective belief in the value of risk
  management (If senior management dont believe in
  it, why should anyone else ?)
• Consistency
• Set rules and then apply them
• Be seen to apply them

6
8
The Role of Senior Management(4)

• Provide focus
• Risk management as a tool to achieve efficiency,
  productivity and profitability
• Deployment of resources link between risk,
  return, capital employed, strategy. Measurement
  and modelling is important though it is decision
  makers who create the difference.

7
9
The Role of Senior Management(5)

• Seeing the big picture joined-up risk
  management
• Multiplicity of risks
• Credit
• Market interest / exchange rate, re-pricing,
  availability
• Operational / technical
• Compliance / legal
• Reputational
• Complication some of these risks compete / some
  offset
• How to pull them all together and see the big
  picture ?

8
10
The Role of Senior Management(6)

• Collective management at the top of the bank
• Is there a Top Team ? Is it a Team ? Does it
  communicate ?
• Does it discuss risk management? If so, how
  often?
• Shared approach to risk management / common view
  - or someone elses job ?
• How honest is communication ? Do we encourage
  intuition / feelings ?

9
11
The Role of Senior Management(7)

• Have we picked the right team ?
• Balance mix of styles / perspectives
• Professional training, experience, CVs

10
12
The Role of Senior Management(8)

• Does our organisational structure facilitate
  appropriate risk management ?
• Reporting lines do these reflect the need for
  independence / objectivity ?
• .or do we have the fox looking after the hen
  house ?

11
13
The Role of Senior Management(9)

• Delegated authorities are essential to the
  effective operation of any large bank are they
• Unequivocal ? (As to value, limits, scope of
  activity, decision-making, etc)
• Clearly understood by those who hold those
  authorities ?
• Are excesses -of-authority identified quickly
  (and by whom) ?

12
14
The Role of Senior Management(10)

• Questions to ask - on a regular basis
• Bonuses do our strategies for variable
  compensation complement - or compete with - a
  risk management culture ?
• Recognition do we promote / advance the
  careers of those who demonstrate a balanced
  approach to management (considered commercial
  judgment with an awareness of risk) ?

13
15
The Role of Senior Management(11)

• Questions to ask - on a regular basis
• Roles responsibilities is risk management
  embedded in everyones Job Description - or is
  there a poachers-and-gamekeepers environment ?
  (Creative tension is inevitable and healthy
  internal warfare is not)
• Training does the risk-management ethos inform
  / shape Training commitments and budgets ?

14
16
The Role of Senior Management(12)

• Questions to ask - on a regular basis
• Reputational risk key role of senior
  management. What do we have in place to protect
  us from banana skins that will embarrass us in
  front of regulators, our customers, our
  shareholders, our staff, the media and the
  general public ?

15
17
The Role of Senior Management(13)

• More questions
• Are we compliant with legislation ? Though at
  least as important
• Have we let compliance with legislation /
  regulation become a proxy for managing risks ?
  (Going-through-the-motions)
• Do we shoot-the-messenger or are there channels
  / mechanisms through which more junior concerns
  can be listened to ?

16
18
The Role of Senior Management(14)

• (Yet) more questions
• Do we learn from mistakes ? Formal, independent,
  objective review with recommendations ? (Are
  these followed up ?)
• Is information flow timely ? (It took an
  estimated 45 seconds for nervous stimuli to get
  from the tail of the largest dinosaur to its
  brain - by which time, the predator had already
  eaten both hind legs .)
• Top management meetings shape and focus is
  important. Do we spend time explaining (arguing
  about?) what happened - or do we focus on what
  might/could / will happen in future ?

17
19
2. Sound Risk Management Principles

• Balance between risk / reward we all claim to
  understand the basic principles of risk/ reward.
  Most of us focus on the reward
• Identifying future income associated with a
  particular investment / lending decision is
  straightforward do we identify (quantify)
  worst-case risk ?
• If we do, do we have house-limits on worst-case
  risks ?
• (Put bluntly, how much are we prepared - or
  indeed, how much can we afford - to lose ?)

18
20
Sound Risk Management Principles (2)

• Do we look at profitability on transactions /
  relationships / business-lines ?
• Loss-leadership a fact of commercial life in
  competitive markets
• Loss-leadership is a tactic - not a strategy.
• Do we / can we measure loss-leadership ? Do we
  limit (time or value) how far we are prepared to
  go with loss-leadership at a bank-level ?

19
21
Sound Risk Management Principles (3)

• Do we have a portfolio strategy ?
• Have we limited activity / exposure to specific
  sectors ?
• If we have, can we implement it ? (i.e. is the
  data accessible / is it recorded correctly ?)
• Do we have natural hedges ? Do these supply
  the balance we need ?
• If no, what hedging tools can we put in place ?

20
22
Sound Risk Management Principles (4)

• Do we demonstrate resolve
• How do we deal with policy exceptions ?
• How many exceptions do we have ? (If a large
  number, do we really have a policy ?)
• Its all about execution

21
23
Sound Risk Management Principles (5)

• Top Team involvement
• Collective decisions (not just collective
  discussions)
• Dont be afraid to micro-manage / spot-check from
  time to time

22
24
3. Risk Management-in-the-round

• A clear and obvious need to bring it all
  together
• Executive Risk Committee
• ALCO
• EXCO
• IT Steering Committee
• Board Meetings
• Audit Reports
• Contingency Management

23
25
3. Risk Management-in-the-round

• Executive Risk Committee
• Risk Decree requirement
• Chaired by non-Executive Director Board Member
  (Minutes for Board)
• Quarterly reviews of risk management
• No business leadership participates
• Heads of Audit, Operations, Compliance, Legal,
  Credit, Treasury Control/ Back Office, ICU.

24
26
3. Risk Management-in-the-round

• ALCO
• Weekly (more often as needed)
• Minuted
• Standard format specific sections on limit
  excesses (credit, treasury)
• Reviews pricing, funding, balance-sheet, PL,
  profitability
• Attended by both business leadership and risk
  control functions.

25
27
3. Risk Management-in-the-round

• EXCO
• Monthly (more often as needed)
• Business leadership top management of the bank
• Minuted
• Reviews out put from Audit, ERC and ALCO.

26
28
3. Risk Management-in-the-round

• IT Steering Committee
• Quarterly (more often as needed)
• Business leadership top management of the bank
• Minuted
• IT material in any risk management discussion
  plus inherent risks in IT itself
• ITs central role as provider of numeric tools
  for measurement and management of risk

27
29
3. Risk Management-in-the-round

• Role of Audit
• Reviews the adequacy / effectiveness of risk
  controls
• Publishes formal reports recommendations
  addressed to owners of businesses and
  processes.
• Timely responses required / tracked to
  conclusion.
• Formal reporting line to Audit in Head Office
  (London)

28
30
3. Risk Management-in-the-round

• Contingency Management
• Pre-identifcation of possible event / systemic
  risks
• Modelling tools / early warning signals
• Business Resumption / Disaster Recovery Plans
  (Test them)

29
31
SUMMARY

• Risk management is the very essence of top
  managements role and its principal
  responsibility
• Top management set the tone for risk management /
  risk consciousness at any institution
• Risks are interdependent top managements job
  is to see The Big Picture

30
32
CONCLUSION

• No Right Answer..
• An evolutionary process complacency the
  greatest threat
• Asking difficult Questions - and constant
  refinement of the Answers - is the most valuable
  thing any senior manager can and should be
  doing..

31
33
THANKYOU FOR LISTENING.
ANY QUESTIONS ?
32