Aligning the Strategic Plan with Enterprise Risk ... · © 2015 Wolf & Company, P.C. Can we take...
Transcript of Aligning the Strategic Plan with Enterprise Risk ... · © 2015 Wolf & Company, P.C. Can we take...
MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS © 2015 Wolf & Company, P.C.
2015 CEO & Board University
Aligning the Strategic Plan with Enterprise
Risk Management Programs
Michael D. Cohn, CPA, CISA, CGEIT
© 2015 Wolf & Company, P.C.
Session Description
Risk assessment is agreeably the foundation for an
effective enterprise risk management program. Once
you have it complete, how do you know what’s next?
Your Risk DNA confirms the tenets of your strategic
plan and guides managers how to deliver products and
services. Key Risk Indicators, if properly aligned with
your Risk DNA, should monitor all the key threats. Miss
identifying key threats and/or KRIs and risk a negative
impact to capital. Once alignment is complete, what
else should you be talking about?
2
© 2015 Wolf & Company, P.C. 3
© 2015 Wolf & Company, P.C.
Can we take more
risk and remain safe?
4
© 2015 Wolf & Company, P.C.
Are We Safe?
5
© 2015 Wolf & Company, P.C.
Are We Still Safe?
6
© 2015 Wolf & Company, P.C.
And Now?
7
© 2015 Wolf & Company, P.C.
What actions can we take to
make enterprise risk
management programs
more strategic?
8
© 2015 Wolf & Company, P.C.
Current State of Affairs
9
© 2015 Wolf & Company, P.C.
We Are Here
10
More People
More Process
More Technology
More Policy
More Procedures
More Governance
More Regulation
Social Media
Risk
Assessment
Vendor
Risk
Asses
sment Fair Lending
Risk
Assessment
Operations
Risk
Assessment
RDC Risk
Assessment
BSA/OFAC
Risk
Assessment
ID Theft
Red
Flags
Risk
Assess
mentIT Entity Level
Risk
Assessment
Customer
Information
Risk
Assessment
Market Risk
Assessment
New Product
Risk
Assessment
MFA Risk
Assessment
Vendor Risk
Assessment
Business
Continuity
Risk
Assessment
Interest
Rate
Risk
Liquidity Risk
Management
Credit Risk
Management
© 2015 Wolf & Company, P.C.
Emerging Threat Landscape
OPERATIONS:
• Technology risk
• Cyber risk
• Multi-factor authentication
risk
• Model risk
• Privacy risk
• Transaction risk
• ACH risk
• RDC risk
• Mobile Banking risk
• Regulatory Compliance risk
• BSA/OFAC risk
• Fair Lending risk
• UDAAP risk
• Social Media risk
• Profit risk
• Board of Director risk
• Key Employee risk
11
• Vendor risk
• Business Continuity risk
• Legal risk
• Compensation risk
• Financial Reporting risk
MARKET:
• Credit risk
• Interest Rate risk
• Liquidity risk
• Foreign Exchange risk
• Price risk
New Product risk
Strategic risk
Reputation risk
Today’s ThreatsEmerging
Threats Areas
© 2015 Wolf & Company, P.C.
Compliance ERM
Integrated ERM
Top to Bottom ERM
12
Compliance
Tech & Ops
Risk (Management)
ALCO
Risk (Board)
Audit
Current ERM Maturity Model
Informs Risk Governance
© 2015 Wolf & Company, P.C.
Pulling the ERM Program Together
Risk Indicators
Enterprise Risk Assessments
Risk Committees
Risk Appetite Statement – Preamble Example
Strategic Plans
We will only sell products that we believe are suitable for customers whose business we understand and we can monitor. Every employee will understand the risks to the organization within their roles and responsibilities, and we will be accountable for
behaving with high ethical standards.
© 2015 Wolf & Company, P.C.
Do We See the Risk?
14
© 2015 Wolf & Company, P.C.
Mapping Your
Enterprise Risk DNA
15
© 2015 Wolf & Company, P.C. 16
“What Can Kill You vs.
What Just Hurts”
© 2015 Wolf & Company, P.C.
Your Risk DNA Map
17
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
Personal Checking L H H H H H H H L L L L
Business Checking H M L H H H L M L L L L
Savings Accounts L H H H H M H H L L L L
Retail CD L H L H H M M M L L L L
Internet Banking H H H H H H H H M M M M
Residential Mortgages M H M H H M H H H H H M
Home Equity L M L H H M H H H H L M
Consumer L M L M M M M M H M M M
Commercial Real Estate H M M M L H L M H H H H
Asset Backed H M M M L M L M H H H M
C & I H M M M L H L M H H H M
Trusts & IRA L M M L H L H H L L M L
Brokerage M M H H H H H H L L L M
Cash Management M M L H H M M M M M M M
Merchant Card Services M M M M M M M M M M M M
Treasury Management M H H M H M M M L M M H
IT Operations L M L H M H L L L L L L
RETAIL BANKING
LENDING
INVESTMENTS
BUSINESS SERVICES
CORPORATE SERVICES
Market
StrategicProducts and Services Reputation
Operations Customer
Information
Regulatory
Compliance
© 2015 Wolf & Company, P.C.
Your Risk DNA Map
18
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
Personal Checking L H H H H H H H L L L L
Business Checking H M L H H H L M L L L L
Savings Accounts L H H H H M H H L L L L
Retail CD L H L H H M M M L L L L
Internet Banking H H H H H H H H M M M M
Residential Mortgages M H M H H M H H H H H M
Home Equity L M L H H M H H H H L M
Consumer L M L M M M M M H M M M
Commercial Real Estate H M M M L H L M H H H H
Asset Backed H M M M L M L M H H H M
C & I H M M M L H L M H H H M
Trusts & IRA L M M L H L H H L L M L
Brokerage M M H H H H H H L L L M
Cash Management M M L H H M M M M M M M
Merchant Card Services M M M M M M M M M M M M
Treasury Management M H H M H M M M L M M H
IT Operations L M L H M H L L L L L L
RETAIL BANKING
LENDING
INVESTMENTS
BUSINESS SERVICES
CORPORATE SERVICES
Market
StrategicProducts and Services Reputation
Operations Customer
Information
Regulatory
Compliance
© 2015 Wolf & Company, P.C.
Your Risk DNA Map
19
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
Personal Checking L H H H H H H H L L L L
Business Checking H M L H H H L M L L L L
Savings Accounts L H H H H M H H L L L L
Retail CD L H L H H M M M L L L L
Internet Banking H H H H H H H H M M M M
Residential Mortgages M H M H H M H H H H H M
Home Equity L M L H H M H H H H L M
Consumer L M L M M M M M H M M M
Commercial Real Estate H M M M L H L M H H H H
Asset Backed H M M M L M L M H H H M
C & I H M M M L H L M H H H M
Trusts & IRA L M M L H L H H L L M L
Brokerage M M H H H H H H L L L M
Cash Management M M L H H M M M M M M M
Merchant Card Services M M M M M M M M M M M M
Treasury Management M H H M H M M M L M M H
IT Operations L M L H M H L L L L L L
RETAIL BANKING
LENDING
INVESTMENTS
BUSINESS SERVICES
CORPORATE SERVICES
Market
StrategicProducts and Services Reputation
Operations Customer
Information
Regulatory
Compliance
© 2015 Wolf & Company, P.C.
“Risk assessment is not the end
but the end of the beginning.”
20
- Mike Cohn, 2005
© 2015 Wolf & Company, P.C.
Risk Assessment – Are We Done?
1. Control Testing
Are our junior associates processing transactions safely?
2. Monitoring
Are our business processes functioning safely?
E.g.; Vendor. Compliance.
3. Policies & Procedures
Did management construct an environment to operate safely?
4. Key Risk Indicators
Can we reasonably evaluate if we will perform safely tomorrow?
21
© 2015 Wolf & Company, P.C.
Key Risk Indicators
22
© 2015 Wolf & Company, P.C.
Our Risk Indicator Challenge
23
Quantitative Measures
• Credit Risk → Stress Testing
• IRR → Earnings Simulation
• Liquidity Risk → Capital Management
Qualitative Measures
• Vendor Risk → Monitoring
• IT Risk → Monitoring
• Compliance → Monitoring
© 2015 Wolf & Company, P.C.
We Typically See
Several Hundred Risk Indicators
24
INDICATOR NAME INDICATOR NAME INDICATOR NAME INDICATOR NAMECredit Allowance to total nonaccrual loans Products Net change in core deposits
Monthly comparison of: Allowance to total loans Collateral Type Net change in new accounts versus closed accounts
Commercial & Residential Loans by types Non-performing assets to total assets Geographic (by county) Trend Analysis
a. Growth numbers quarterly Total loans to total assets Concentration limits by product type including security
assets
ALCO
Percentage of loan types over total loans OREO to total assets Risk rating migration by loan type Quarterly Ratio Reporting including Peer
Non-accrual and non-performing loans residential Other assets to total assets Loan balances by risk rating by loan type Interest Income/Avg Earning Assets
Non-accrual and non-performing loans commercial Net charge offs to total loans Loans with policy exceptions Interest Expense/Avg Earning Assets
OREO a. By type - Consumer and Commercial/CRE % with details by type of exception if significant Net Int Income/ Avg Earning Assets
ALLL OREO to average assets Capital Net Non-Core Funding Dependency Ratio
30 day and over past due commercial & residential loan Classified assets to capital Tangible ratio Excluding CDs over $100 thousand
a. Include aggregate past due and non-accrual loans Total Past due & nonaccrual loans as % of each loan Tier 1 Ratio Excluding CDs over $250 thousand
Overdrawn tax escrow balances Non-performing as % of each loan category Total Risk Based Capital ST Non-Core Funding Dependency to Total Assets
Charge-offs by type of asset/loan type Number of delinquent notes by loan category Tangible common equity ST Non-Core Funding Dependency to Total LT Assets
Broker Monitoring Charge-off ratios by loan/asset type as % Annual market share Core Deposts as % of Aver Assets
Repurchase Claims Quarterly LTV and DTI and Credit scores by loan type Stress test results Brokered Deposits to Deposits
QC review statistics (monitoring oversight of 1st line) % of risk rating downgrades made by loan review
function, rather than by loan officer
Liquidity/Funding Brokered Deposits Maturing less than 1 Year to
Brokered Deposits
Loss Mitigation (Servicing) Quarterly Total Liquid Assets to Total Assets Growth in categories of loans and deposits
CRE Concentration for 100% & 300% ratio Unencumbered Liquid Assets to Total Assets On-hand liquidity ratio
Monthly/Quarterly ratios of: Concentrations exceeding 25% of Risk Based Capital
by:
1, 3, 12 month base and stress iflows to total outflows Outside bank rating - Moody's, S&P. IRA
Nonaccrual commercial loans to total commercial loans Individual Borrower BASEL III Rations (LCR & Net Stable Funding Ratio) NII at risk and EVE at risk sensitivity calculations
a. Peer ratios and regulatory classified/criticized ratios Small Inter-related Groups Borrrowings maturing or putable Gap measures
Nonaccrual loans to total loans Individual Project Single non FHLB provider Loans/Assets
a. Peer ratios and regulatory classified/criticized ratios
quarterly
Single Repayment Source Deposits Investments/Assets
Nonaccrual loans and OREO to total assets Concentrations exceeding 100% of Risk Based Capital DDA overdrafts over 60 days Loans/Deposits
Allowance to non-accrual commercial loans Industry DDA overdrafts in excess of $5,000 Efficiency Ratio
Can 30-50 Key risk indicators keep the institution safe?
© 2015 Wolf & Company, P.C.
Does Your Institution
Look Like This?
25
Functional Risk Area Number of Risk
Indicators
Credit risk 72
Interest Rate risk 52
Liquidity risk 38
Regulatory Compliance risk 31
Transaction risk 21
Information Technology risk 21
Reputation risk 14
Vendor risk 12
Strategic risk 6
Business Continuity risk 3
Customer Information risk 3
Price risk 2
TOTAL 275
© 2015 Wolf & Company, P.C.
Uncovering the Gaps Create
Opportunities for Improvement
26
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
RETAIL BANKING
Personal Checking 10 1 1 1 8 3 2 2 0 30 0 7
Business Checking 10 1 1 1 8 3 2 2 0 30 0 7
Savings Accounts 10 1 1 1 8 3 2 2 0 30 0 7
Retail CD 10 1 1 1 8 3 2 2 0 30 0 7
Internet Banking 0 1 1 1 8 3 2 2 0 0 0 0
LENDING
Residential Mortgages 9 1 1 1 8 3 2 3 17 1 0 0
Home Equity 9 1 1 1 8 3 2 3 17 1 0 0
Consumer 6 1 1 1 8 3 2 3 15 1 0 0
Commercial Real Estate 18 1 1 1 8 3 2 3 30 30 0 3
Asset Backed 11 1 1 1 8 3 2 3 25 30 0 3
C & I 11 1 1 1 8 3 2 3 25 30 0 3
INVESTMENTS
Trusts & IRA 2 1 1 1 8 3 2 4 2 0 0 0
Brokerage 0 1 3 1 8 3 2 4 1 0 0 0
BUSINESS SERVICES
Cash Management 0 1 1 1 8 3 2 2 0 0 0 0
Merchant Card Services 0 1 1 1 0 3 2 3 0 0 0 0
CORPORATE SERVICES
Treasury Management 6 0 2 1 8 3 0 2 0 13 3 26
IT Operations 0 0 0 12 10 3 2 2 0 0 0 0
Market
Products and Services Strategic Reputation
Operations Customer
Information
Regulatory
Compliance
-8
1 3 4
+8
2. e. Rate-sensitive Assets/Assets(%)
2. f. Rate-sensitive Liabilities/Assets %)
2.d. Maintain Interest Expense/ Avg. Assetswithin acceptable limits (%)
2.c. Maintain EVE above acceptable levelswithup/down 100, 200, 300 bps rate shocks
2.b. Maintain Duration gap betweenacceptable levels with up/down 100, 200,…
2.a. Achieve satisfactory CAMELS ratings forSensitivity to Market Risk
2. Market/ Risk Earnings
1 3 44.a. Achieve satisfactory CAMELS ratings for
Liquidity
4.b. Maintain Satisfactory Net Non-CoreFunding Dependence (%)
4.c. maintain satisfactory Net Short-TermLiabilities/ Assets (%)
4.d. Maintain satisfactory FHLB fundingavailability
4.e. Maintain acceptable liquidity ratios (%)
4.f. Maintain Acceptable Levels of pledgedsecurities
4. Liquidity
100
100
300
4
1 3
200
200
400
8
4
3.g. Maintain C&I within limits to RBC (%)
3.f. Maintain Residential 1-4 within limits to RBC(%)
3.e. Maintain CRE Loans/ Total RBC withinacceptable level (%)
3.d. Maintain ALLL within acceptable level(3000s)
3.c. Maintain Non-Performing Loans/ Loanswithin acceptable level (%)
3.b. Maintain Non-Performing Assets/ Assetswithin acceptable level (%)
3.a. Achieve satisfactory CAMELS ratings forAsset Quality
3. Credit Risk
1
20
6
3
30
8
4
1.d. Maintain Leverage Ratio within acceptablelevels (%)
1.c. Maintain capital ratios above regulatorycapital requirements (%)
1.b Maintain Total Equity/ Total Assets withinacceptable limits (%)
1.a Achieve satisfactory CAMELS ratings forCapital Adequacy
1. Capital Adequacy
1
1
Green Risk is within acceptable threshold Current Level
Yellow Increase in risk as threshold has been breached 12 month Avg
Red Increase in risk as threshold has been breached
Legend
10.7
17.5 17.7
10.3 10.4
6.0
..89 .99
63.963.7
33.1.32.2
5.5
5.65.5
7.0
379.5378.2
.159.6155
5.8
9.5
30.6
29.428.6
7.0
10.9
.12 .12
Risk Appetite Key Risk Indicators
Example
© 2015 Wolf & Company, P.C.
Cost of Risk Management
28
© 2015 Wolf & Company, P.C.
“Not until you measure it can
you make it cost less!”
29
- Mike Cohn, 2012
© 2015 Wolf & Company, P.C.
No Consolidated Risk
Management Budget
30
Expense Item Expense Item Expense Item Expense Item
Account disclosures Consulting for Auditing Internal Audit Penetration tests
Adverse action notices Correspondent bank loans Internal Audit Oversight Periodic statement. disclosures
Adverse action notices (incl. FCRA) Cost of sterile reserves IRP Plan Mgmt and Testing Privacy notices: annual mailout
Advertising Cost of sterile reserves IRR Privacy notices: opt-out maintenance
Alarm Monitoring CRA Committee - meeting prep ISO and staff effortProviding cr. scores to mort.
applicants
ALCO Modeling (in-house time) CRA performance context IT Audit Services Providing disclosures to customers
ALCO Modeling Software CTR reporting IT Audit Services Oversight Proximity cards
Anti-virus Customer notification of negative info. Legal review of contractsR&D in regards to Compliance with
new laws
APR disclosure Data management Loan limit monitoring Regulatory Exam
Avg. of annual reporting per month Determinates of hold notices Locks Reputation monitoring
Avoiding use of medical information DVR recording devices Mailing provisional credit lettersRisk assessment performance and
management
Background checks Error resolution Maintaining CRA public file Risk assessment software
Assistance with customer FEMA,
LOMA and LOMR requirementsFiling documentation
Management of all of the above
items within Software/hardwareRobbery training
BCP Plan Mgmt and Testing Financials on critical vendors Monitoring "related interests" SAR reporting
BCP Software FinCen requests Monitoring 3-day rescission ruleSchedule notices (initial, ATM,
teller windows)
Board prior approval Firewall Monitoring WDs to MMDA's Security awareness training
Cameras FM200 Gas System Monitoring services Servicing disclosure
Change in term/CD renewal discl. Fraud alerts Monitoring to avoid discrimination Single Signon software
Completion of calculation worksheet Handling disputes and blocking info. Network based IDS/IPS Social engineering tests
Compliance Monitoring HMDA software OFAC list and monitoringTraining (AIB, seminars, workshops,
schools)
Compliance Monitoring Oversight Home Owners Equity Protection Act (HOEPA)Outside consultants, attorneys and
auditors
Training materials (guide, books,
subscription)Consultants for Monitoring Host based IDS/IPS Paperwork on each loan (LAR report) US Patriot Act: Customer
Consultants or auditors Independent Loan Review Patch managementUS Patriot Act: monitoring high-risk
customers
© 2015 Wolf & Company, P.C.
Allocate the Costs of Risk
Management
31
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
Personal Checking 12,000 10,000 5,364 30,000 57,364
Business Checking 1,000 5,000 15,000 21,000
Savings Accounts 15,000 15,000
Retail CD 1,500 1,500
Internet Banking 6,000 6,000
Residential Mortgages 12,000 5,000 5,000 40,000 8,000 5,400 75,400
Home Equity 6,000 20,000 26,000
Consumer 4,000 30,000 34,000
Commercial Real Estate 5,000 8,000 7,500 20,500
Asset Backed 5,000 4,000 9,000
C & I 4,440 7,500 11,940
Trusts & IRA 10,000 5,000 3,000 18,000
Brokerage 6,000 6,000
Cash Management 3,500 5,000 3,000 11,500
Merchant Card Services 3,000 3,000
Treasury Management 5,000 5,000
IT Operations 13,000 13,000
TOTAL 75,000 33,000 23,364 150,000 20,440 24,400 3,000 5,000 334,204
RETAIL BANKING
LENDING
INVESTMENTS
BUSINESS SERVICES
CORPORATE SERVICES
Market
TOTALProducts and ServicesRegulatory
ComplianceReputationStrategic
Operations Customer
Information
© 2015 Wolf & Company, P.C.
Uncovering the Gaps Create
Opportunities for Efficiency
32
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
Personal Checking 12,000 10,000 5,364 30,000 57,364
Business Checking 1,000 5,000 15,000 21,000
Savings Accounts 15,000 15,000
Retail CD 1,500 1,500
Internet Banking 6,000 6,000
Residential Mortgages 12,000 5,000 5,000 40,000 8,000 5,400 75,400
Home Equity 6,000 20,000 26,000
Consumer 4,000 30,000 34,000
Commercial Real Estate 5,000 8,000 7,500 20,500
Asset Backed 5,000 4,000 9,000
C & I 4,440 7,500 11,940
Trusts & IRA 10,000 5,000 3,000 18,000
Brokerage 6,000 6,000
Cash Management 3,500 5,000 3,000 11,500
Merchant Card Services 3,000 3,000
Treasury Management 5,000 5,000
IT Operations 13,000 13,000
TOTAL 75,000 33,000 23,364 150,000 20,440 24,400 3,000 5,000 334,204
RETAIL BANKING
LENDING
INVESTMENTS
CORPORATE SERVICES
TOTALReputation
Market
Products and Services
Operations Customer
Information
Regulatory
ComplianceStrategic
BUSINESS SERVICES
© 2015 Wolf & Company, P.C.
Final Take Aways
1. Measure your Enterprise Risk DNA
Strategic Plan → Risk Appetite → Enterprise Risk Assessment
2. Align KRI with High Risk Threats
Management KRIs → Executive KRIs → Board KRIs
3. Reduce the Cost of Risk Management
Bottom Line: Seize the Opportunity to make ERM a
strategic asset, not a check-the-box process.
33
© 2015 Wolf & Company, P.C.
“Amateurs built the ark,
professionals built the Titanic.”
unknown
34
Final Thought
© 2015 Wolf & Company, P.C. 35
Mike Cohn, CPA, CISA, CGEIT
Director, WolfPAC Solutions Group
Member of the Firm
Voice: (617) 428-5488
Email: [email protected]
LinkedIn: mikecohn1
Twitter: @MikeDCohn
Blog: wolfpacsolutions.com/blog/author/101
www.wolfandco.com
www.wolfpacsolutions.com
Thank You
© 2015 Wolf & Company, P.C.
Appendix:
Two Client Case Studies
36
Focusing the Measurement of Key Risk Indicators
with the institution’s Risk DNA
Provisioning the Cost of Risk Management with the
institution’s Risk DNA
© 2015 Wolf & Company, P.C.
KRI Case Study
• Key Profile Elements
– $800mm
– 5 Adjacent Counties
– 3 Commercial Loan Products
– No Residential Lending; Minimal Consumer Lending
– CDs being replaced by Core Commercial Deposit Accounts
• Well Capitalized
• Desire to enhance ERM beyond ALM elements
• CEO steering a significant profile change
37
Call to Action: Develop Risk Metrics Critical for the
Board to monitor
© 2015 Wolf & Company, P.C.
275 Baseline Risk Indicators
38
INDICATOR NAME INDICATOR NAME INDICATOR NAME INDICATOR NAMECredit Allowance to total nonaccrual loans Products Net change in core deposits
Monthly comparison of: Allowance to total loans Collateral Type Net change in new accounts versus closed accounts
Commercial & Residential Loans by types Non-performing assets to total assets Geographic (by county) Trend Analysis
a. Growth numbers quarterly Total loans to total assets Concentration limits by product type including security
assets
ALCO
Percentage of loan types over total loans OREO to total assets Risk rating migration by loan type Quarterly Ratio Reporting including Peer
Non-accrual and non-performing loans residential Other assets to total assets Loan balances by risk rating by loan type Interest Income/Avg Earning Assets
Non-accrual and non-performing loans commercial Net charge offs to total loans Loans with policy exceptions Interest Expense/Avg Earning Assets
OREO a. By type - Consumer and Commercial/CRE % with details by type of exception if significant Net Int Income/ Avg Earning Assets
ALLL OREO to average assets Capital Net Non-Core Funding Dependency Ratio
30 day and over past due commercial & residential loan Classified assets to capital Tangible ratio Excluding CDs over $100 thousand
a. Include aggregate past due and non-accrual loans Total Past due & nonaccrual loans as % of each loan Tier 1 Ratio Excluding CDs over $250 thousand
Overdrawn tax escrow balances Non-performing as % of each loan category Total Risk Based Capital ST Non-Core Funding Dependency to Total Assets
Charge-offs by type of asset/loan type Number of delinquent notes by loan category Tangible common equity ST Non-Core Funding Dependency to Total LT Assets
Broker Monitoring Charge-off ratios by loan/asset type as % Annual market share Core Deposts as % of Aver Assets
Repurchase Claims Quarterly LTV and DTI and Credit scores by loan type Stress test results Brokered Deposits to Deposits
QC review statistics (monitoring oversight of 1st line) % of risk rating downgrades made by loan review
function, rather than by loan officer
Liquidity/Funding Brokered Deposits Maturing less than 1 Year to
Brokered Deposits
Loss Mitigation (Servicing) Quarterly Total Liquid Assets to Total Assets Growth in categories of loans and deposits
CRE Concentration for 100% & 300% ratio Unencumbered Liquid Assets to Total Assets On-hand liquidity ratio
Monthly/Quarterly ratios of: Concentrations exceeding 25% of Risk Based Capital
by:
1, 3, 12 month base and stress iflows to total outflows Outside bank rating - Moody's, S&P. IRA
Nonaccrual commercial loans to total commercial loans Individual Borrower BASEL III Rations (LCR & Net Stable Funding Ratio) NII at risk and EVE at risk sensitivity calculations
a. Peer ratios and regulatory classified/criticized ratios Small Inter-related Groups Borrrowings maturing or putable Gap measures
Nonaccrual loans to total loans Individual Project Single non FHLB provider Loans/Assets
a. Peer ratios and regulatory classified/criticized ratios
quarterly
Single Repayment Source Deposits Investments/Assets
Nonaccrual loans and OREO to total assets Concentrations exceeding 100% of Risk Based Capital DDA overdrafts over 60 days Loans/Deposits
Allowance to non-accrual commercial loans Industry DDA overdrafts in excess of $5,000 Efficiency Ratio
Can 30-50 Key risk indicators keep the institution safe?
© 2015 Wolf & Company, P.C.
Case Study KRI Inventory
39
Functional Risk Area Number of Risk
Indicators
Credit risk 72
Interest Rate risk 52
Liquidity risk 38
Regulatory Compliance risk 31
Transaction risk 21
Information Technology risk 21
Reputation risk 14
Vendor risk 12
Strategic risk 6
Business Continuity risk 3
Customer Information risk 3
Price risk 2
TOTAL 275
Potentially Too Many Indicators
Ensure Key Threats Covered
Enhance Risk Assessment to
Identify Key Threats
© 2015 Wolf & Company, P.C.
Align the Enterprise Risk Assessment
and Key Risk Indicators
40
TransactionInformation
TechnologyVendor
Business
ContinuityCredit
Interest
RatePrice Liquidity
RETAIL BANKING
Personal Checking 10 1 1 1 8 3 2 2 0 30 0 7
Business Checking 10 1 1 1 8 3 2 2 0 30 0 7
Savings Accounts 10 1 1 1 8 3 2 2 0 30 0 7
Retail CD 10 1 1 1 8 3 2 2 0 30 0 7
Internet Banking 0 1 1 1 8 3 2 2 0 0 0 0
LENDING
Residential Mortgages 9 1 1 1 8 3 2 3 17 1 0 0
Home Equity 9 1 1 1 8 3 2 3 17 1 0 0
Consumer 6 1 1 1 8 3 2 3 15 1 0 0
Commercial Real Estate 18 1 1 1 8 3 2 3 30 30 0 3
Asset Backed 11 1 1 1 8 3 2 3 25 30 0 3
C & I 11 1 1 1 8 3 2 3 25 30 0 3
INVESTMENTS
Trusts & IRA 2 1 1 1 8 3 2 4 2 0 0 0
Brokerage 0 1 3 1 8 3 2 4 1 0 0 0
BUSINESS SERVICES
Cash Management 0 1 1 1 8 3 2 2 0 0 0 0
Merchant Card Services 0 1 1 1 0 3 2 3 0 0 0 0
CORPORATE SERVICES
Treasury Management 6 0 2 1 8 3 0 2 0 13 3 26
IT Operations 0 0 0 12 10 3 2 2 0 0 0 0
Market
Products and Services Strategic Reputation
Operations Customer
Information
Regulatory
Compliance
© 2015 Wolf & Company, P.C.
What Will Management Do Next?
1. Construct the KRI universe
2. Educate to build consensus on KRI reporting
3. Develop the reporting process, reaffirm the goals,
and present to the Board
41
© 2015 Wolf & Company, P.C.
Cost of Risk Management
Case Study
• Key Profile Elements
– $500mm Community Bank
– Solid franchise focused on retail lending and deposit
products
– ERM program functioning for 5 years; CRO in place
• Well Capitalized
• Tenured and stable management team
42
Call to Action: Measure the Cost of risk management
to identify inefficiencies and gaps
© 2015 Wolf & Company, P.C.
Client Case Study:
150 Types of Expenses
43
Expense Item Expense Item Expense Item Expense Item
Account disclosures Consulting for Auditing Internal Audit Penetration tests
Adverse action notices Correspondent bank loans Internal Audit Oversight Periodic statement. disclosures
Adverse action notices (incl. FCRA) Cost of sterile reserves IRP Plan Mgmt and Testing Privacy notices: annual mailout
Advertising Cost of sterile reserves IRR Privacy notices: opt-out maintenance
Alarm Monitoring CRA Committee - meeting prep ISO and staff effortProviding cr. scores to mort.
applicants
ALCO Modeling (in-house time) CRA performance context IT Audit Services Providing disclosures to customers
ALCO Modeling Software CTR reporting IT Audit Services Oversight Proximity cards
Anti-virus Customer notification of negative info. Legal review of contractsR&D in regards to Compliance with
new laws
APR disclosure Data management Loan limit monitoring Regulatory Exam
Avg. of annual reporting per month Determinates of hold notices Locks Reputation monitoring
Avoiding use of medical information DVR recording devices Mailing provisional credit lettersRisk assessment performance and
management
Background checks Error resolution Maintaining CRA public file Risk assessment software
Assistance with customer FEMA,
LOMA and LOMR requirementsFiling documentation
Management of all of the above
items within Software/hardwareRobbery training
BCP Plan Mgmt and Testing Financials on critical vendors Monitoring "related interests" SAR reporting
BCP Software FinCen requests Monitoring 3-day rescission ruleSchedule notices (initial, ATM,
teller windows)
Board prior approval Firewall Monitoring WDs to MMDA's Security awareness training
Cameras FM200 Gas System Monitoring services Servicing disclosure
Change in term/CD renewal discl. Fraud alerts Monitoring to avoid discrimination Single Signon software
Completion of calculation worksheet Handling disputes and blocking info. Network based IDS/IPS Social engineering tests
Compliance Monitoring HMDA software OFAC list and monitoringTraining (AIB, seminars, workshops,
schools)
Compliance Monitoring Oversight Home Owners Equity Protection Act (HOEPA)Outside consultants, attorneys and
auditors
Training materials (guide, books,
subscription)Consultants for Monitoring Host based IDS/IPS Paperwork on each loan (LAR report) US Patriot Act: Customer
Consultants or auditors Independent Loan Review Patch managementUS Patriot Act: monitoring high-risk
customers
© 2015 Wolf & Company, P.C.
Cost of Each
Element
44
Item Estimated Cost
Consulting - IRR $24,400
Consulting - Liquidity 3,000
Consulting - Liquidity 2,000
Consulting - FAS 107 3,000
Internal Audit 75,000
OTTI Analysis 20,440
Compliance 42,500
Impairment Analysis 5,000
Compliance on the Web 1,995
Trade Membership 3,520
IT Vulnerability/Intrusion Testing 13,000
Compliance Academy 1,948
BSA/AML Compliance Seminar 395
Compliance online training 4,068
Core System - SAS70 report 800
Disaster Recovery Site fee 23,664
estimated staff cost - (BSA) 5,000
estimated staff cost - (BSA) 15,000
estimated staff cost - IT 20,000
estimated staff costs - lending 11,320
Online disclosures 2,250
CRA/HMDA reporting software 1,907
Loan Documents/disclosures 4,365
Loan Documents 6,254
Annual Privacy/Reg E notice + postage 6,309
Records Retention/Destruction 12,300
IT audit logging software 8,994
IT email virus scans 2,695
IT intrusion monitoring software 4,445
IT software blocks malicious websites 8,635
Total $334,204$334,204
© 2015 Wolf & Company, P.C.
Allocate the Costs of
Risk Management
45
© 2015 Wolf & Company, P.C.
Align the Cost of Risk
Management
46
© 2015 Wolf & Company, P.C.
What Will Management Do Next?
1. Reallocate resources to High risk areas
2. Evaluate the total resource provision
3. Budget and provision based on changes to the
business and regulatory environment
47