iRiskoct11

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

IN THIS ISSUE

Intelligent riskINTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

LETTER FROM THE CHAIRMAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

LETTER FROM COO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

VISIONS OF RISKSystematic Risk — It’s Still All About the Data . . . . . . . . . . . . . . . . . . . . . 4

Recovery and Resolution Planning — Asking the Right Questions . . . 9

Five Downside Risks to the Global Recovery: . . . . . . . . . . . . . . . . . . . . 11Global Macroeconomic Outlook and Risks

IT Risk Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Stress-Testing: Lessons Learned and Emerging Requirements — . . . . 20The U.S. and European Banking Authority (EBA) Frameworks

ACADEMIC PARTNER PROFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26National University of Singapore — Risk Management Institute

WHAT’S ON THE WEB? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Stress Testing After the Crisis...and Before

CHAPTER REPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29PRMIA Munich

ANNOUNCEMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30PRMIA Higher Standard Award Recipient Dr. Dan Rodriguez

LEARNING OPPORTUNITIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

PRMIA LEADERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Board of Directors, Founders, Committees

EDITORIAL BOARD

EXECUTIVE EDITORCarol Alexander [email protected]

EDITOR Michael H. Martin [email protected]

PRODUCTION EDITORChristine Bernier [email protected]

CHINESE TRANSLATION Xi [email protected]

REGULARS

VISIONS OF RISK Bob Mark [email protected]

WHAT’S ON THE WEBTom Day [email protected]

ACADEMIC PARTNER PROFILE Christine Bernier [email protected]

CHAPTER REPORTKristin [email protected]

Thanks to our sponsor, the exclusivecontent of Intelligent Risk is freely distributed worldwide to nearly80,000 PRMIA members. If youwould like more information aboutsponsorship opportunities [email protected]

KPMG in the UK is a leading provider of professional services, whichinclude audit, tax, and advisory. Using a wide variety of technical andsector-specific skills, KPMG's Risk & Compliance team, within Advisory,

proactively helps clients increase profits whilst reducing reputational, operational, financial andother risks. We are experienced in managing diverse issues including; fraud, regulatory compli-ance, risk transformation, capital efficiency, technology risk, corporate governance, dispute res-olution, deriving value from contracts and many more. With a team of almost 1000 profession-als across the UK, supported by a wider global network, we have a strong national presenceand a multinational capability to handle complex cross-border engagements. Contact KPMG [email protected]

OCTOBER 2011VOLUME 1 , ISSUE 3

SPONSORED BY:

K N O W L E D G E F O R T H E P R M I A C O M M U N I T Y

Copyright (c) 2011 Professional Risk Managers’ International Association, All Rights Reserved

www.prmia.org/irisk

www.linkedin.com/groups?gid=55685

http://www.facebook.com/pages/PRMIA/92264857799

mailto:[email protected]




||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Stress testing has long been recognized as an important tool in riskmanagement. At the same time, doing it well remains a significantchallenge. For example, the stress tests on capital adequacy conducted by

the US Fed in 2009 are widely credited with calming the markets despitewidespread skepticism about their rigor and transparency at the time. In contrast,as PRMIA Chair Carol Alexander points out below, many of the European banks thatpassed more recent and arguably stiffer stress tests were nevertheless punished byinvestors in the markets, presumably because the stress scenarios considered did not include the paramountconcern of the moment – possible sovereign default within the Euro zone. Yet it would be hard to argue thatthere was better information about the state of banks back in 2009. So do stress tests work or not? As YulBrenner memorably sang in the musical The King and I, “It is a puzzlement.”

Observers are right to be skeptical about stress tests. They are by definition selective and driven byassumptions. Designers of the tests necessarily prioritize some criteria over others – in much the same waywriters select details to tell a story. And as with a good story well-told, selecting the right details illuminates,clarifies and focuses attention with remarkable efficiency. Conversely, selecting poorly makes for a distractingexposition and a dull read, assuming anyone pays attention at all. Worse, it may mislead or mischaracterize thefacts at hand. Yet stress tests remain among the best tools available for identifying risks, and even imperfectstress tests reveal weak links in interconnected portfolios or funding chains.

Given the difficulty of selecting the right details in every case, most specialized fields develop “rules ofthumb.” Here’s one from publishing: editors often refer to the “rule of three.” It works like this. Three high-profile events – three different celebrities wear similar outfits, three similar products are released the same week,three seemingly unrelated events have some common factor, etc. For an editor, these occurrences may constitutea “trend” that, in the hands of a decent writer, could sustain a story that grabs reader’s valuable attention.(Bonus points if photogenic celebrities are involved.)

Three also seems a magic number when it comes to stress testing. How often have you seen best/worst/mostlikely as the scenarios presented for consideration? More sophisticated versions exist as well, such as DavidRowe’s discussion of stress-testing based on (1) history, (2) imagination and (3) “pessimisation.” (See theprevious issue of Intelligent Risk for details.) David and other thought leaders can undoubtedly come up withadditional worthwhile types of stress testing, but he settled on three.

Risk managers and others continue to work hard to improve stress testing capabilities and quality. (For someexamples check out Thomas Day’s article about lessons learned and emerging standards in stress tests.) At thesame time, as professionals we should not dismiss our own rules of thumb lightly. An assessment by theEuropean Central Bank found that key disrupters in the financial crisis, notably the seizing up of the fundingmarkets between banks, were only included in bank stress tests by rule of thumb.1 One more thought: one of theearliest uses of the term “rule of thumb” was as an imprecise but reliable and convenient measure. It wassubject to misuse of course, but that does not mean it is useless. Enjoy the issue and, as always, let us knowwhat you think we are doing well and where we can improve.

MICHAEL H. MARTIN, [email protected]

EDITOR’S NOTE

Michael H. Martin is a sustaining member of PRMIA, a senior examiner for Office of Comptroller of Currency and founder of a management consult-ing firm. He has written on business and risk management for Fortune, BNet and other publications. The views expressed do not necessarily repre-sent those of the OCC.

1 INTELLIGENT RISK — OCTOBER 2011

1 ECB: EU Banks' Liquidity Stress testing and contingency funding plans 2008. Available at: http://www.ecb.int/pub/pdf/other/eubanksliquiditystresstesting200811en.pdf



As the European sovereign debt crisis continues, with Greece teetering on the edgeof default and the crisis now spreading to Spain, Portugal and even Italy, bankingregulation remains at the top of the international political agenda. Eight of the

ninety largest European banks failed July’s European Banking Authority (EBA) stress tests.Following widespread criticism that last year’s tests were inadequate, this year regulatorshave attempted to tailor the tests to incorporate the major local factors that contribute to systemic risk in the region.

But investors clearly believe that many banks are at far higher risk of insolvency than the test results imply.Share prices of banks fell more sharply than other stocks in August, even in the UK which does not use the Euroand where no banks failed the tests. And this evident skepticism remains well-founded because the tests did notinclude the possibility of sovereign default.

Of course, one can never include all possible future-state scenarios in stress tests, which are by definition limited inscope. The choice of scenarios and consequently the test results are thus to some degree subjective and dependent onjudgment of those designing the tests. The quality of any stress test further depends on the imagination and skill of thedesigner, the relevance of the stress-scenarios considered, and the transparency of the methodologies used.

More than this, the design of the recent EBA tests included political considerations. Banking regulators – likeother major players in the financial arena – have conflicting incentives. Unfortunately they can be influenced by thepolitical establishment as well as by the banks they are charged with supervising. Whilst regulators should havebeen more aware of the increasing systemic risk during the credit boom, they also received more than their fairshare of the blame for the banking crisis and they are anxious not to repeat this mistake. At the same time, theyhave a duty to national parliament to avoid the crisis of confidence in the economy that would doubtless followmore bad news in the banking sector. So the recent stress tests avoided the reasonable but catastrophic scenarioof sovereign default. Does this enhance or undermine the credibility of the central authorities?

Rating agencies have also been in the limelight recently, and they also suffer from conflicting incentives. Theircredibility depends on making reliable predictions, even though their income is derived mainly from the companiesthey rate. But placing any entity on a downgrade watch-list risks becoming a self-fulfilling prediction, becauseinvestors can panic. Any such action with regard to a sovereign must be seriously considered.

The recent downgrading of the US government was like a blow from an economic “Sword of Damocles”hanging over the heads of senate with the intention of breaking the extraordinary impasse created by Republicansblocking the Democrats’ attempts to raise the cap on government debt. In the face of the rating agencies’ actionpresumably not even Murdoch’s mighty Fox news can rally against Obama’s proposals. And so politicalconsiderations arise, just as they do for regulators.

Like the recent stress tests, rating analysts’ views of the credit-worthiness of an entity can be highly subjective.This is especially pertinent for companies in Japan and China, where accounting procedures and governmentguarantees differ significantly from those in the West. Default probabilities based on observed, historical shareprices offer the most objective view.1 But even if the on-going review of rating agencies by the US Securities andExchange Commission recommends that all rating agencies employ such objective techniques, they cannot applyto the many non-traded entities that need to issue debt, and neither would they apply to sovereigns.

Unlike regulators, rating agencies are not part of the central bank or government agency. They are privatecompanies, based mainly in the US, so it is remarkable that their subjective views on the solvency of sovereignshave such political power.

Please post your opinion to the PRMIA blog “Political Power of Regulators and Rating Agencies” at www.prmia.org

PROFESSOR CAROL ALEXANDERChair of the Board, [email protected]

LETTER TO PRMIA MEMBERS

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

1 Opinions differ about reliance on historical data for estimating default probabilities. For instance, David Rowe’s September Risk Magazinecolumn argues in favor of them (see www.dmrra.com) whereas recent research explores pricing default risk based on option-implied volatility(E.g. Cao, C., Yu, F. and Z. Zhong. (2011). Pricing Credit Default Swaps with Option-Implied Volatility. Financial Analysts Journal, 67(4), pp 67-76).

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Every day, industry leaders share their skills, knowledge and experience to serve PRMIAand the risk profession. In the past twelve months more than 600 key practitionersand academics have worked in partnership with other professional associations,

industry leaders and staff in the furtherance of PRMIA’s global commitment to sound riskmanagement standards and practices. They have driven the integration of practice and theoryby connecting practitioners, researchers, students and others interested in the field of risk management through oneconsistent focus – PRMIA. They have set the foundation and led the way for PRMIA to promote cross-cultural ethicalstandards, serving emerging as well as more developed markets.

We recognize these respected PRMIA leaders for the indispensable roles they play and for the powerful economic and socialbenefit they provide to the risk profession they serve. On behalf of PRMIA members globally, I wish to express my sincererespect and appreciation for their commitment to making a difference through their volunteer leadership roles at PRMIA.

I would like to offer a special thank you and congratulationsto Dr. Daniel Rodriguez, who was recently named as therecipient of the 2011 PRMIA Higher Standard Award, for hiscontribution to PRMIA and the risk profession during the past year. See page 30 to learn more about the award and Dr. Rodriguez’s commitment.

JODI LUNDELLChief Operating [email protected]


LEADERSHIP — THOUSANDS OF HOURS SERVEDTRANSLATES TO SIGNIFICANT IMPACT ON PRMIA

To support the education of entry-level riskmanagers in Chinese-speaking countries, PRMIAis now offering its Associate Professional Risk

Manager (Associate PRM) certificate exam and allaccompanying study materials in Chinese.

The Associate PRM, which was first introduced inEnglish in 2008 and is recognized as the standard forthe core competency in risk management, is acertificate program intended for individuals enteringthe risk management profession, or those whointerface with risk management disciplines on a regularbasis, such as auditing, accounting, legal, and systemsdevelopment personnel who want to understandfundamental risk management methods and practices.

“The professionalization of risk management istaking hold in China. The fast growing economydemands ever more risk managers. Getting anAssociate PRM is a first step for any aspiringprofessionals in joining the fast-growing field of risk

management” says Nicholas Zhu, co-regional directorof Shanghai PRMIA’s chapter.

Designed to be mathematically and theoreticallyless detailed than PRMIA’s Professional Risk Manager(PRM™) certification, the program covers the coreconcepts of risk management, allowing non-specialiststo interpret risk management information and reports,make critical assessments and evaluate theimplications and the limitations of such results. PRMIAmembers who pass the Associate PRM exam willreceive a certificate and are exempt from PRM Exam IV.

Easy to obtain study materials and widely availableexam options provide Associate PRM candidates withoptimum flexibility to fit the preparation and testingprocess into their individual work schedules. The examis offered every business day of the year at Pearson VueTesting Centers and their affiliates around the world.Click here to learn more about the Chinese exam,access study materials, or purchase exam vouchers.

PRMIA Announces Chinese Associate PRM Exam

VOTING FOR THE PRMIA BOARD OF DIRECTORelections and proposed changes to PRMIA bylawsis open through 8:30 a.m. CT on 27th October,2011. PRMIA members are encouraged to visitwww.prmia.org/election2011 to place their vote forthe nominee of their choice and to review and voteon the proposed bylaw changes.

http://prmia.org/index.php?page=exam&option=trainingAPRM


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


SYSTEMIC RISK — It’s Still All About the DataALLAN GRODY

BACKGROUND

Since technology-driven systemic risk first appeared inthe late sixties, a time encompassing Wall Street’sback-office paper work crisis and the globalization ofcommerce, it has been accepted that data consistencyand standardization was the key to transparency andthe monitoring of risk. The first well-known financialproduct identification standard, the US-centric CUSIPnumbering system for US stocks and bonds wasdeveloped then. At about the same time internationalbanks, working with the new methods of telecomputing,devised a system which transmitted payments inforeign currencies between banks. Today, SWIFToperates in much the same way as it did then with aset of proprietary codes, known as BICs, to identifythe banks that are at the end points in its network.Systemic shocks materialized quickly. SWIFT, not yet ayear old had to deal with the collapse of the Herstattbank in Germany which, in its overnight bankruptcy,had received funds from US banks but was unable tocomplete its payments to the US banks because itsassets were frozen.1

Nearly two decades later, the near collapse of theincreasingly electronic US’s stock, futures and optionsmarkets brought on by a misaligned financially engi-neered product, portfolio insurance, awakened regula-tors to the lack of transparency. Regulators realizedthat they had no mechanism to aggregate and viewthe related transactions of all the counterpartiesacross all the interconnected markets. In 2008 thenear collapse of the global financial system, in largepart seeded by misguided financially engineered deriv-atives products, again exposed regulators to the lackof transparency. Again it was due to the differentlyidentified counterparties and another concern, thelack of an audit trail from interconnected productorigination markets through securitization markets totheir final destinations. The lack of an audit trailacross electronically interconnected markets againsurfaced in the “flash crash” incident of 2010.Fast forward to today’s Dodd-Frank Act (DFA),

which charters a new branch of the US Treasury, theOffice of Financial Research (OFR) to provide input tothe Financial Stability Oversight Council (FSOC) on

VISIONS OF RISK THOUGHT PIECES FROM PRMIA LEADERS

1 Grody, A.D. Payment and settlement systems: The case for mutualized risk mitigation within the Basel II framework, Journal of Risk manage-ment in Financial Institutions, Special Issue: Blind Spots in Risk Management, July–September 2008 Volume 1 Number 4 ISSN 1752-8887

ABSTRACT

The financial services industry today consists of monstrously complex global financial institutions … systemicallyimportant … too big to fail….even too complex to manage! Regulators are focused on observing systemic risk in thesegiant, global institutions. Systemic risk analysis is a new discipline in its infancy. We have barely figured out the scienceof individual enterprise risk management when we now have placed another burden on our regulators through theDodd-Frank legislation and soon through the European Communities central bank. This is the burden of observing thebuildup of risk that has the potential of cascading into the global contagion of systemic risk. However, it is understoodthat without a global view of the underlying positions and cash flows, aggregated through common identifiers, systemicthreats cannot be detected.

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


the vulnerability of the US economy to systemicthreats. The early rule-making by the OFR calls fortheir developing the underlying data structures andidentification standards to support this mission. Thisis to be followed by rule-making for reporting positionand transaction data so that the OFR can analyze riskexposures building up to the point they can trigger thecontagion of systemic risk.Late last year the OFR posted its notice of

rulemaking on Legal Entity Identification (LEI).2

Similar notices of rule making were provided by theSEC3, the CFTC4 and by a combined staff of theFederal Reserve, SEC, CFTC, the OFR, FINRA and theFDIC5. On July 17, 2011 a follow up whitepaper on theLEI was issued by staff of the Federal Reserve, FDICand FINRA.6 The focus of all the preliminary rulemaking and white papers was to prescribeinitial principles for data standards applicable tobusiness entity identifiers, swaps uniform identitycodes, and a myriad of unique product identifiers andtransaction codes. Over thirty responses werereceived, but just a few responders responded to all. Taken together, the agencies’ releases state a

preference for universal, unique and unambiguousidentifiers and data standards, as well as an industryconsensus process to determine reference data. Theyspeak to internationally recognized standards bodiescoordinating such standards as a not-for-profit publicgood; and discuss the possibility of financial firmseliminating the use of multiple proprietary referencesystems in favor of a single, widely-accepted global system.

THE ISSUES

Systemic risk is a global phenomenon that needs tobe measured by multiple global regulators acrossmultiple financial firms. Without a global view of theunderlying positions aggregated through commonidentifiers, systemic threats cannot be effectivelydetected. Since US regulators cannot compel othersovereign jurisdictions to comply and systemic riskcannot be dealt with from within regulatory silos, theOFR’s ambition and hope is to implement thenecessary regime globally through cooperatingregulatory bodies. Here its ambitions are now to be carried forward

through the G-20’s Financial Stability Board (FSB)7

which has been assigned the responsibility forcreating a systemic risk analysis framework not unlikethe Bank for International Settlements (BIS’s)Committee on Bank Supervision’s oversight of theglobal capital standard. Now in its thirdtransformation (and with yet to be fixedimperfections) BIS’s capital standard serves as agovernance model that should be emulated for globaldata standards. The BIS regime respects sovereignregulation while providing the framework for commonstandards implemented by each sovereign regulator. Itmay be the best model for transcending regulatory silos. BIS recently recognized that relatively simple

aggregate statistics can help to gauge the build-up ofsystemic risks nationally and globally. However itnevertheless concludes that “to improve our under-standing, to fully exploit the potential of the variousapproaches used to conduct systemic risk analysis, we

2 Statement on Legal Entity Identification for Financial Contracts at http://www.treasury.gov/initiatives/Documents/OFR-LEI_Policy_Statement-FINAL.PDF

3 Regulation SBSR – Reporting and Dissemination of Security-Based Swap Information at http://sec.gov/rules/proposed/2010/34-63446.pdf

4 Swap Data Recordkeeping and Reporting Requirements; Proposed Rule athttp://www.cftc.gov/LawRegulation/FederalRegister/ProposedRules/2010-30476.html

5 Creating a Linchpin for Financial Data: The Need for a Legal Entity Identifier at http://ssrn.com/abstract=17232986 Legal Entity Identifier: What Else Do You Need to Know? at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=18664477 US Department of the Treasury, Office of Financial Research Issues Statement on Progress to Date and Next Steps Forward in the GlobalInitiative to Establish a Legal Entity Identifier (LEI), 8/12/2011 at http://www.treasury.gov/press-center/press-releases/Pages/tg1275.aspx

VISIONS OF RISK SYSTEMIC RISK – IT’S STILL ALL ABOUT THE DATA

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


need more. We need consistent and comparable dataacross institutions. We need information on the level ofcommon exposures. And we need data on inter-linkages.” 8

The global financial industry does not have unique,unambiguous and universal computer-usableidentifiers. This results inevitably in multiple versionsof what needs to be identical identifying information.The impact is predictable — transactions that need tomatch for payment and settlement, and transactionsconducted by the samecounterparty in the sameproducts that need to beaggregated into positionsfor risk analysis do notmatch nor do they getaggregated properly. Thisis more than anoperational challenge.Because systemicallyimportant financialinstitutions are globaland transcend sovereigngovernments reach, local regulators rules, evenregional compacts, regulatory oversight is neithertimely nor comprehensive. We now realize that we have no way of “seeing” the

same counterparty’s risk exposure across the differentfinancial firms with which it obtains loans from, entersinto Swaps contracts with, or sets risk exposure limitsfor. As became abundantly clear in the failure ofLehman Brothers, firms could not even understandthe pieces of Lehman each financial institution wasdealing with, nor understand in what capacity theywere doing business with it, nor aggregate the riskexposure individual institutions had to Lehman’sfailure. What were regulators thinking when theyexamined these institutions? What about theirauditors? Ask the bankruptcy lawyers and forensicaccountants what a mess it was...and is. Accepting so-called best practices when such practices are not even

close to being a reasonable standard is now beingaddressed. In light of the financial crisis, newstandards and methods of systemic risk analysis are being proposed.

THE US REGULATORS APPROACH TO

SYSTEMIC RISK ANALYSIS

In the US, a Financial Stability Oversight Council(FSOC) will install a new systemic risk oversight

regime composed of theheads of ten existing andnew government agenciesincluding the SEC, CFTC,Treasury, Federal Reserve,and FDIC. A new officewithin the Treasury, theOFR, will be detailed to thetask with a newly appointedDirector. The Director of theOFR, not yet appointed, willtestify annually to Congresson the activities of the OFR

with a focus on an assessment of systemic risk. Thistestimony can then be used by policy makers andfederal agencies to determine risk mitigating actions,including breaking up too-big-to-fail financial firms.Importantly, no government officer or agency has theright to review the Director’s testimony prior to itssubmission. The Director is appointed to a six-yearterm by the President, with the advice and consent ofthe Senate. The Director has a non-voting seat on theFSOC. The OFR will be funded initially by the FederalReserve and thereafter will set its own budget. Thebudget will primarily be funded from fees assessed onlarge banks and non-bank financial companiessupervised by the Federal Reserve.The OFR is empowered to provide data to Council

members by standardizing the types and formats ofdata to be collected from all financial companies, notjust those subject to the systemic risk regime. The

BIS’s capital standard serves as a

governance model that should be

emulated for global data standards. The

BIS regime respects sovereign regulation

while providing the framework for common

standards implemented by each sovereign

regulator. It may be the best model for

transcending regulatory silos.

8 Cecchetti, Stephen G., Fender, Ingo, McGuire, Patrick, Toward a global risk map, May 2010, at http://www.bis.org/publ/work309.pdf


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


OFR has subpoena power to collect this data. Thedata being requested will find its way into the OFR’snewly created Data Center through a variety of yet tobe developed automated means. The data asproposed will contain an unprecedented level ofgranular information including information onpositions, transactions, valuation methods, cash flowsand identities of counterparties. This level ofgranularity is required to make the necessarycalculations for analyzing systemic risk. This data hadpreviously been only available periodically to on-siteexaminers of individual financial institutions.Such granular and comprehensive data has never

been requested or concentrated within onegovernment financial oversight agency, much less atcomparable scale and frequency. A myriad of globaleconomic, market and company specific data will alsohave to be sourced from hundreds of data vendorsand government sources. Policies for computingsystemic risk exposures will need to be set. Forexample, policies will need to be developed on thetolerances for the amount of systemic risk that shouldbe allowed. Dynamic scenarios must be stress testedagainst the collected data for catastrophic eventsassociated with everything imaginable from oil spillsto weather to war. Volatility, liquidity, capital andleverage gauges must be calibrated and also stresstested around these scenarios. The OFR will need avariety of analytical tools, yet to be developed, to siftthrough unprecedented quantities of data pouring infrom financial institutions.

THE APPROACH TO SYSTEMIC PAYMENT AND

SETTLEMENT RISK

Another significant systemic issue has historicallybeen pursued in the globalized and electronic trade,payment, clearance and settlement systems of thecapital, contract and currency markets. There aredelays between the times electronic transactions areentered into and when they are finalized (and actualtransfer of the electronic representation of the assetsand payment takes place). This period of time variesdepending upon the financial product traded, theregion or country within which trades are conducted,and the domicile of counterparties that traversedifferent market closing time zones. Because datastandards are not uniform or universal the timerequired to reconcile differences is increased tovarying degrees.Failures of financial institutions between the trade-

date and the settlement date, specific financialtransactions that are unresolved at settlement-date,and fraudulent trades, have all occurred due to thelack of timeliness of payment and settlement. Allfinancial transaction markets have a goal ofshortening the settlement cycles with a vision towardsimultaneous real-time trading, payment andsettlement. It is thus hoped that by correcting theunderlying data structures and setting universal dataidentification standards this systemic risk issue willalso be mitigated. The DFA also proposes to establish central

counterparties (CCPs) and electronic trading of Swapsand other previously over-the-counter derivatives.With transactions now concentrated in this way theinevitable question arises, are those entities now too-big-to-fail? In a word, yes. But they never have failed inthe over 100 years they have been the mainstay ofsystemic risk management between financialinstitutions. There have been a few that hadexperienced events that caused their business to betransferred to another facility or to be reconstitutedunder better capital guarantees, but never a collapse

The FSB (the G-20’s Financial Stability

Board) should be encouraged to oversee

data standards as BIS does today with

capital standards, thereby allowing it to

carry out its most recent mandate to

oversee systemic risk analysis globally.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


of systemic concern.Central counterparties already provide a transparent

and easily-monitored risk regime. Will it be a betterguarantee than the too-big-to-fail concept ofgovernments? Will it work better than the living willdoctrine that regulators are imposing on systemicallyimportant financial institutions to assist in theirbreakup? With a central counterparty, the entirefinancial community, with a vested interest to protecteach other, provides the guarantee, and onlyshoulders the risk of a single day’s projected exposureat most. In the government’s bailout or breakup,ultimately the disinterested taxpayers are on the hook.With more CCPs and more concern over these entitiespotentially failing it will be left to further innovations,perhaps through private pools of contingent capital,to add to the capital cushion available beforegovernment money is needed.9

CONCLUSION

At this early point in the emerging global debate onthe tools and methods of systemic risk analysis it isnecessary to encourage industry-regulator-ledsolutions and to make the appropriate connections to global institutions and organizations such as the G-20’s Financial Stability Board, IOSCO and BIS.Establishing effective data standards is critical toidentifying and quantifying systemic risk. The FSBshould be encouraged to oversee data standards asBIS does today with capital standards10, therebyallowing it to carry out its most recent mandate tooversee systemic risk analysis globally.

9 Grody, A.D., Central counterparties — New uses for a century-old market mechanism Journal of Risk Management in Financial Institutions, Vol. 4 Issue 2, March, 2011

10 Grody, A.D.; Mark, R.M, Federal Register/Vo. 72, No. 39/Wednesday, February 28, 2007 Request for Comment on Supervisory Guidance forBasel II Implementation at http://www.federalreserve.gov/SECRS/2007/July/20070717/OP-1277/OP-1277_16_1.pdf


ABOUT THE AUTHOR

Allan Grody is the founder of FinancialInterGroup Holdings Ltd andFinancial InterGroup Advisors. Over afour decade career he has had handson experience in multiple sectors ofthe financial industry. He has beeninvolved both domestically and inter-

nationally on building businesses and consulting onissues related to financial institutions’ global strategies,capital and contract market restructuring, industry-widefinancial business reorientation, information systemsand communications infrastructures, and risk manage-ment systems.

In an earlier career he was the founder and Partner-in-charge of Coopers & Lybrand’s (now PWC’s)Financial Services Consulting Practice and founded andtaught the only graduate level Risk ManagementSystems course at NYU’s Stern Graduate School ofBusiness. He began his business career with GeneralElectric Credit Corp. and later went on to hold positionsin the investment management business withNeuberger Berman and in the securities industry withMorgan Stanley’s predecessor firm Dean WitterReynolds. He later was an officer with ABN-AMRO’spredecessor bank (now Royal Bank of Scotland).

He was a founding Member of the Board ofDirectors of the Technology Committee of the FuturesIndustry Association; an Executive Committee Memberof the Emerging Business Council of the InformationIndustry Association; an Executive Board Member of theVietnamese Capital Markets Committee; and, for nearlya decade, an Advisory Board Member to the annualComputers in the City Conference sponsored by theLondon Stock Exchange. He is currently a FoundingBoard Member of the Journal of Risk Management inFinancial Institutions. He is the author or co-author ofmany trade articles and academic journal papers andwrites frequently on the intersecting influences of datamanagement and risk management.

Mr. Grody can be reached at (917) 414-3608 oragrody@Financialinter Group.com


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

RECOVERY AND RESOLUTION PLANNING — Asking the Right QuestionsANDREW DAVIDSON

Global SIFIs must complete their draft recovery planby December 2011, followed by a draft resolution planby June 2012. Creating RRPs can highlight significantchallenges where the business model and strategyrestrict both recoverability and resolvability.

1. RECOVERY PLANNING

In principle the recovery plan “remains under thecontrol of management,” however, it is a keysupervisory tool to identify options for recoveringfinancial strength and viability under severe stress.Its ultimate objective is to identify credible recovery

options that can be implemented quickly under arange of idiosyncratic and market-wide stressscenarios, addressing both capital shortfalls andliquidity pressures. It is a logical extension of currentprocesses for managing capital and liquidity understress; however, it does require additional analysisaround core asset disposals and radical de-riskingsteps that may result in franchise damage. A firm’sstrategy and risk appetite should reflect the optionsnecessary to deliver an effective recovery plan.

Questions firms should ask:� Does our corporate strategy reflect thepressure of regulatory reform on our businessmodel and operating structures, including thelikely impact on client, counterparty andinvestor behaviour?

� Have we understood the systemic riskassociated with our core businesses andcritical functions, including the way in which

we currently aggregate/manage risk andprovide operational support across borders?

� Have we identified the key financial andoperational dependencies between legalentities and products/services that couldrestrict recovery and resolution flexibility?

� Have we determined implications forprofitability and competitive positioning, andcan pricing structures flex with any futurechanges in operating structures and/or capitalsurcharges?

2. RESOLUTION PLANNING

Regulatory and government authorities are requiringdata and information to help them to create aniterative guide for achieving orderly resolution in theevent that recovery measures are either not feasible orineffective. It remains to be seen if they will rely onthat analysis, or look to derive greater comfort viahigher capital requirements and/or legal entityrestructuring.In addition, firms are being encouraged to adopt

operating structures that will facilitate a viableseparation of legal entities and of banking andinsurance products/services; thereby deliver greater‘resolvability’ and more flexibility within the resolutionstrategy.Particular focus is being given to practical obstacles

to resolution such as:� A lack of comprehensive understanding of theposition of each legal entity.

In November 2011 the G20 leaders will endorse recommendations to address the moral hazardposed by Systemically Important Financial Institutions (SIFIs). This will include the requirement

for an “adequate and credible” recovery and resolution plan (RRP) from any firm deemed to havea potential impact on financial stability. What questions should firms ask themselves in relation totheir RRPs?



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

� A reliance on service providers that may reducethe ability to preserve the continuity ofsystemically important functions andoperations.

� Intra-group transactions that may impedeactions to separate legal entities.

� Continuation of essential services provided bypayments systems.

Questions firms should ask:Recovery options and triggers

� Do the trigger framework and menu ofrecovery options address local regulatoryconcerns, and demonstrate both an ability andintention to act quickly?

� What stress scenarios have been envisagedwhen framing recovery options? Do theseinclude market-wide stresses that may restrictour ability to sell assets or raise new capital?

� How frequently do we need to refresh thefeasibility and quantum of recovery options?

Credit exposures� Are we vulnerable to counterparty failure,including indirect exposure via marketinfrastructure?

� What impact will market infrastructure reformshave on funding and revenues (e.g. paymentservices)?

Resolution� Have we evaluated the need for up-frontoperational and legal entity restructuring tofacilitate a potential future resolution?

� Have we evaluated the best solutions forimproving resolvability across staff, premises,intellectual property, IT systems and data?

� Do our key third parties create the necessaryresolution flexibility? Is internal serviceprovision subject to service level agreementsthat would operate effectively in the event of abreak up?

VISIONS OF RISK RECOVERY AND RESOLUTION PLANNING

ABOUT THE AUTHOR

Andrew Davidson is the principaladvisor for KPMG, LLP (UK) andhas over 15 years of financial serv-ices experience working as anauditor, banker and consultant.Most recently he completed a nine

month secondment to the UK FSA where he workedwith the Bank of England and H.M.T. to identify andmitigate key risks to financial stability.

For the last two years Andrew has played a leadingrole in advising global financial institutions on thecommercial impact of the regulatory reform agenda,including the evolving principles of recovery and res-olution planning. Mr. Davidson can be reached at020 7694 2242 and [email protected]

ABOUT THE SPONSOR

KPMG in the UK is a leading provider of professional services, which include audit, tax, and advisory.Using a wide variety of technical and sector-specific skills, KPMG's Risk & Compliance team, withinAdvisory, proactively helps clients increase profits whilst reducing reputational, operational, financial andother risks. We are experienced in managing diverse issues including; fraud, regulatory compliance, risktransformation, capital efficiency, technology risk, corporate governance, dispute resolution, deriving valuefrom contracts and many more. With a team of almost 1000 professionals across the UK, supported by awider global network, we have a strong national presence and a multinational capability to handle complexcross-border engagements.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

FIVE DOWNSIDE RISKS TO THE GLOBAL RECOVERY:Global Macroeconomic Outlook and RisksJUAN LICARI, PH.D. (Senior Director, Moody’s Analytics) AND ANDREA APPEDDU (Economist, Moody’s Analytics)

The euro zone might fall back into recession in comingquarters. The outlook has darkened substantially,suggesting the 17-member euro region may report atleast two consecutive quarters of contraction over thenext year. Three factors are driving the downturn in theregion: weakening domestic demand, a dimming globaloutlook, and tightening financial conditions.

Meanwhile, inflation concerns have somewhat recededin emerging markets, where policymakers have focusedon restraining credit to stem aggregate demand growth,while limiting foreign capital inflows to relieve pressureon domestic currencies.

We expect the global recovery to remain fragile in thesecond half of the year, with Europe lagging behind theU.S. and emerging markets. We see five main threats tothis baseline forecast. Moody’s Analytics’ Economic andCredit Analytics division has developed an econometricmodeling framework to examine how macroeconomicstresses affect key financial market variables, includingstock indices, CDS spreads, rating migration matrices,yield and swap curves. In the following paragraphs wediscuss the five macroeconomic risks – from the lowestto the highest impact – and the likely financial marketreaction should any of these risks materialize.

1. AN OIL PRICE SHOCK Supply-side shocks have historically been harder forpolicymakers to deal with. A sudden drop in theavailability of a vital production input such as oil cancause stagflation in countries that depend on outsidesources to supply it. This happened in 1974 after theYom Kippur war and in 1980 after the Iranian revolution.Moody’s Analytics estimates that a $10-per-barrelincrease in oil prices today would slow the rate of global

GDP growth by a quarter of a percentage point in oneyear, with a far more severe contraction in fast-expandingeconomies such as China, India and Brazil. In this light,we welcomed the decision of the International EnergyAssociation to release 60 million barrels of crude oilfrom national reserves in June and July. The IEA decisionhelped offset the loss of some 1.5 million barrels per dayof Libyan crude oil production, after OPEC failed to raiseits own members’ output quotas. However, the supplyoutlook remains at risk from political turmoil in theMiddle East and OPEC’s tough stance on raising supply.The price of Brent crude, just below $100 per barrel,serves as a reminder that whatever weakness may existin global demand, concerns also remain about tightsupplies in an uncertain market.

If events were to push oil prices sharply higher, withWest Texas Intermediate crude reaching $150 per barrel,falling household purchasing power and shrinking firmprofit margins would bring a plunge in consumer andbusiness confidence. Major central banks would ceasemonetary tightening in an effort to support aggregatedemand. We thus would expect selling pressures onfixed-income securities—both governments andcorporates—that lack inflation-protection features. Wesee precious metals benefitting from inflation fears andlowered risk appetites.

2. A HARD LANDING IN EMERGING MARKETSUpward price pressures have challenged policymakers inemerging economies over the last couple of years, eventhough inflation risks have abated recently, following aworrisome first half of the year. While headline inflationin developed markets has accelerated somewhat due tosurging prices for unprocessed food and energy,

The economic recovery of the major Western economies appeared uncertain as the fourth quar-ter of 2011 began. In the U.S., the outlook for consumers has deteriorated markedly, with the

unemployment rate edging higher, confidence shaky and house prices still weak despite accom-modative monetary and fiscal policies.



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

emerging economies have seen a build-up in coreprices, fuelling wage expectations. Policymakers in thesecountries have coupled traditional monetary tighteningwith macro-prudential measures that attempt to stemcredit growth without putting upward pressure on theircurrencies. Policymakers will need to use a fine brush toaddress high inflation and capital inflows withoutchoking economic growth.

Should any of the major developing economiesexperience a sharp slowdown, we expect investorappetite for emerging market equity, debt and currenciesto cool. Moreover, lower Chinese demand for industrialinputs would cause a downward correction in prices forferrous and base metals.

3. U.S. RECESSIONWe believe that the risk of near-term recession for theworld’s largest economy is around at 50%. Strainedhousehold conditions, in particular, raise relevantconcerns. Consumer sentiment, as measured by theUniversity of Michigan Consumer Sentiment Survey,remains at lows it has not hit since the height of the2008-09 Great Recession. In August, personal incomerecorded its first decline in nearly two years, led bydeclines in interest income as the result of declininginterest rates. Most important, wage income declinedfor the first time since November on persistent labourmarket weakness. As recently as March, initial filings forunemployment insurance were running below 400,000per week, and the U.S. job market appeared poised for aself-sustaining recovery. However, the trajectory sincethen has been disappointing, and businesses havegrown more hesitant to hire. Moreover, the housingmarket remains highly vulnerable, with declining homeprices still weighing on consumer confidence. July’sCase-Shiller index showed continued deterioration ofhouse prices nationwide, though the pace of declinemoderated somewhat. Nonetheless, U.S. prices will fallthrough early 2012, as the liquidation of elevatedforeclosure inventories floods the marketplace withdistressed properties. This glut of affordable existinghomes is also taking its toll on new-home sales, despiterecord low mortgage rates. Late September’s datashowed that new sales fell back below 300,000 inAugust, worryingly close to the cyclical and 48-year low

of 278,000, experienced in August 2010. Given the largeamount of remaining foreclosure inventories yet to beliquidated, new-home sales will remain near historiclows through the end of this year.

Should such a scenario materialize, we expect riskappetite to diminish, with U.S. Treasuries and the dollarrising and equities and corporate bonds continuing toshow protracted weakness.

4. EURO ZONE RECESSIONBusiness and consumer confidence in the region has fallen sharply since the second quarter, and asubstantial rebound is unlikely. Households face anumber of headwinds which will weigh heavily ondiscretionary spending. Tight fiscal policy, includinghigher taxes and lower welfare spending for manycountries across the region, will be the drag. A return torecession also means unemployment would rise again.Weak wage growth and lingering price pressures onessentials such as fuel will continue to squeeze finances.Meanwhile, falling profit margins and weakeningdemand will weigh on businesses’ output and spending.The closely watched euro zone purchasing managers’index for manufacturing has fallen off sharply fromearlier in the year and held in contraction territory inSeptember for the second month in a row. Thecomposite PMI suggests the wider economy stagnatedat best during the month. Weakening intraregional tradeflows due to fiscal tightening would be another drag.Exports to other euro zone economies account foraround two-thirds of the member nations’ aggregatetotal exports. A weaker global economy would onlyexacerbate exporters’ problems. The U.K., a key tradepartner for a number of euroland countries, is alsostruggling with fiscal austerity; slowdowns in the U.S.and China would also drag on demand, for Germany'sgoods in particular.

A euro zone recession would put further strains onthe region’s capital markets, with local banks strugglingto meet their funding needs because of investor riskaversion. Some help could come from the ECB reversingthe 0.50 bps rate hikes enacted between April and Julyand re-introducing the full arsenal of unlimited liquidityoffers already used during the 2008-09 Great Recession.

VISIONS OF RISK FIVE DOWNSIDE RISKS TO THE GLOBAL RECOVERY


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

5. GREECE’S DISORDERED DEFAULTHow far can the debt crisis go? Greece needs €8 billionby early November when they will run out of cashbuffers. The country needs another similarly sizedinfusion in December. The EU and IMF set up the firstbailout package for Greece in May 2010; since thengovernments in Ireland and Portugal have also requiredinternational aid to meet their funding needs. All threegovernments have been shut out of private capitalmarkets, as have their domestic banks, who survivebecause of special liquidity measures set up by the ECB.The risk-off trade, which forced cross-asset correlationsin August to levels last seen following Lehman’s demise,has hit Italy, the third largest government bond marketin the world after Japan and the U.S., and the third mostindebted sovereign after Japan and Greece. With anemiceconomic growth and fiscal austerity already stretchinghousehold purchasing power, investors will continue toquestion the ability of euro zone governments to speakwith one voice about the crisis. Investors will also bewatching newly-appointed ECB governor Mario Draghi,scheduled to replace Jean-Claude Trichet in November,for clues about how far the ECB will go with its purchaseof Spanish and Italian sovereign bonds. However, webelieve that a strong policy solution may only beconcerted among member governments. Extending theEFSF so it can actively buy distressed sovereign debt insecondary markets and provide fresh capital to theregion’s banks is of tantamount importance to addressnear-term volatility, but investors will continue to closelymonitor policymakers’ ability to preserve the near- andmedium-term stability of European capital markets.

If a disorderly Greek default occurred, equity andcredit prices in Europe would behave much as they didafter the Lehman Brothers bankruptcy in September2008. Rates on euro-denominated wholesale lendingwould surge to reflect uncertainly about the future of thecurrency union, and the euro itself would plunge torecord lows against the U.S. dollar. Heightened riskaversion would hit high-yielding assets around the globe.

It is important to keep in mind that every forecastinvolves a degree of uncertainty. While baselinepredictions include valuable information about the mostlikely outcomes, global economic events over the lastfour years have demonstrated the relevance of “tail

risks” created by seemingly less likely events. When notappropriately considered, volatility associated withbaseline forecasts may lead decision-makers to bearunnecessary risk in the allocation of resources.

For years, our clients have relied upon our ability totailor economic scenarios to their risk management andresource planning needs, and benefitted from ourexpertise about the global macroeconomy. Throughsophisticated and transparent methodologies, our 60-plus economists in West Chester (PA), London andSydney regularly update existing off-the-shelf scenariosand create new ones to meet the fast evolving needs ofour global clients.

VISIONS OF RISK FIVE DOWNSIDE RISKS TO THE GLOBAL RECOVERY

ABOUT THE AUTHORS

Juan Licari is a Senior Director atMoody’s Analytics and the headof the Credit Analytics team forEurope, the Middle East, and Africa.Dr. Licari’s team provides consultingsupport to major industry players,builds econometric tools to model

credit phenomena, and implements several stress-test-ing platforms to quantify portfolio risk exposure. Histeam is an industry leader in developing and imple-menting credit solutions that explicitly connect creditdata to the underlying economic cycle, allowing portfo-lio managers to plan for alternative macroeconomicscenarios. Juan is actively involved in communicatingthe team's research and methodologies to the market.He often speaks at credit events and economic confer-ences worldwide. Dr. Licari holds a PhD and an MA ineconomics from the University of Pennsylvania andgraduated summa cum laude from the NationalUniversity of Cordoba in Argentina.

Andrea Appeddu is an economist in the London office of Moody’sAnalytics. Andrea is part of theCredit Analytics team, where hemodels and forecasts retail and corporate credit variables understressed macroeconomic scenarios.

He previously covered the macroeconomic analysis ofseveral European countries. Before joining Moody’sAnalytics, Andrea was an associate at IHS GlobalInsight, where he analyzed and forecast for ferrousand nonferrous metals and the capital goods sector.He holds an MSc in financial economics from Warwick Business School.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

IT RISK EVALUATIONJOHN KYRIAZOGLOU

1. UNCERTAINTY AND RISKS

Uncertainty within a business firm or functional unitis usually caused by one or more of the followingfactors (acting on its own or in combination): 1

� Irregularities in human performance

� Machine and/or systems break-downs

� Failures to maintain standard operatingconditions

� Inadequate assessment of impact of externalforces (market, economy, politicalenvironment)

� Inefficient use of resources (funds, personnel,equipment, technology, knowledge)

� Lack of appropriate controls of businessfunctional complexity issues

Thus the extent to which a business firm or unit willexcel or fail depends on the degree to which theserisks are successfully handled.The process of identifying and assessing the basic

risk factors related to the above, the level of risk

associated and their relevance to internal audit is notuniversal across firms or even within the same unitover time. Hence, a thorough risk analysis of anyenterprise requires a very good understanding of thebusiness, in terms of what it is trying to achieve andwhat would make it successful in the long run. Ingeneral terms, a set of Critical Success Factors may beused to get a full understanding of what would makea business entity or function successful. These may bethe following:2

� Make best use of resources (funds, personnel,equipment, technology, knowledge).

� Ensure best quality for services/productsdelivered/created by adding value toproduction chain/process.

� Provide efficient service to customers in thebest possible time.

� Locate best vendors and obtain best prices andservice.

� Interact with the market forces effectively (localmarket, international market, competition, co-operative agreements).

This article describes a methodology to be used in offering concluding remarks to the manage-ment of an audited entity as to whether, for each objective assessed during an audit assign-

ment, the situation is satisfactory, requires improvement or unsatisfactory. The aim is to provide aconceptual and practical framework to define and implement an evaluation method for InternalAudit assignments. The main uncertainties are identified and the objectives of Internal Audit aredescribed, then we present an evaluation methodology for risk assessment.


“The global information society is increasingly dependent on electronic networking and exchanging ‘electronic goods’ with high economic value, both in private life and in business.”

— Prof. Heinz Thielmann, Fraunhofer Institute, Germany (2006)

1 For more on risks, see: (1) www.theirm.org (2) ISO/DIS 31000 “Risk management — Principles and guidelines on implementation”www.iso.org.2 For more on CSFs, see: (1) Rockart, John F. “A Primer on Critical Success Factors” published in The Rise of Managerial Computing: The Best ofthe Center for Information Systems Research, edited with Christine V. Bullen. (Homewood, IL: Dow Jones-Irwin), 1981, OR, McGraw-Hill SchoolEducation Group (1986). (2) Chung, Kae H., Friesen, Michael E., “The CSF Approach to Management at Boeing,” Journal of ManagementSystems, Summer 1991, pp. 53-63.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

2. INTERNAL AUDIT OBJECTIVES

Firms and functional units must establish effectiveinternal control and develop management informationsystems to safeguard assets, information andcompany resources, measure operating performanceand profitability and generally ensure companylongevity. One function of Internal Audit (IA) is toensure that all proper measures, policies andcontrols/techniques are in place in order to assureproper business/functional continuity for theCompany’s management and shareholders. IA do thisby assessing how the audited entity meets IAobjectives (as per IA audit program and checklist ofactivities) and reporting the findings for all firms andfunctions examined, in an IA report. An example ofthese objectives are depicted below:3

A. General/Financial/Operational� written formal operational and supportprocedures in respect of the company’soperations, are established

� there is full and no false inclusion oftransactions

� the supporting documentation is bona fide

� the correct income is promptly received for allbusiness trips

� sales are conducted in accordance with theterms of the relevant contracts

� interest is being correctly charged

� sales are backed by adequate guarantees incase of late payments

� procurement procedures exist

� quotations are sought from capable and pre-qualified subcontractors/contractors

� there is a budget and it is strictly followed

� a business plan exists

� adequate training is provided to all criticalpersonnel

� agreements between company and customersexist

� correct invoicing procedures are applied

� management reporting is performed regularly

� correct approval/authorization is sought for allbusiness dealings

� emergency procedures are in place

� regular monitoring by management isperformed and is evident through the process

B. Information Technology� there is an IT budget and it is strictly followed

� a business plan exists

� adequate training is provided to all criticalpersonnel

� agreements between company andmaintenance contractors exist

� existing hardware is properly purchased and used

� only licensed software packages exist

� management monitoring and reporting isperformed regularly

� emergency procedures are in place

� IT standards, procedures and policies exist

� the IT support function is properly set-up

� on-site and off-site storage procedures exist

� an IT strategy is established and followed closely

� the relevant computerized systems areproperly used

� an adequate IT security policy exists

� adequate security of computer systems exist

VISIONS OF RISK IT RISK EVALUATION

3 For more on the Internal Audit Process, see: (1) ‘The Government Internal Audit Manual’, UK Government, HM Treasury, London: HMSOPublications. 1996. (2) Aghili, S. (2009): A six sigma approach to internal audits. Strategic Finance (February): 38-43. (3) Archambeault, D. S.,F. T. DeZoort and T. P. Holt (2008): The need for an internal auditor report to external stakeholders to improve governance transparency.Accounting Horizons (December): 375-388. (4) Bainbridge, D. R. and J. W. Paul (1986): Relating audit and internal control objectives: A miss-ing step in specifying compliance tests. Journal of Accounting Education 4(2): 63-74. and (6) Chorafas, D. N. (2001): Implementing andAuditing the Internal Control System. St. Martin’s Press. Also see: www.iia.org and www.isaca.org.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

� adequate security of physical environment isset-up

� back-up of computer data and software istaken regularly

� adequate testing for implemented applicationsis performed

� adequate auditability of computer system exists

The objective of IA is simply to assist managementand staff to carry out their duties and activities mostefficiently and effectively and encourage them themake the best use of proper controls. The scope of IA therefore includes:

� reviewing the reliability of the organization’sinformation systems

� reviewing the systems used for ensuringcompliance with the organization’s policies,operating procedures and all statutory, legaland regulatory body requirements

� reviewing the means for safe guarding, valuingand verifying the existence of the organization’sassets

� assessing whether value for money is achievedover the organization’s use of its resources

� assessing whether the organization’s operatingperformance is consistent with its definedobjectives and being carried out as planned

As part of this scope and in order to offer an objectiveopinion on to extent to which each business objectiveis met, IA must conduct an evaluation of the auditfindings at the end of the assignment.

3. RISKS AND THEIR EVALUATION

Risk is the potential that events, either expected orunanticipated, may have an adverse impact on thefirms’ (or functions’) earnings or capital. Theexistence of risk is not a major reason for concern.Rather, how management plans to mitigate risks bycontrolling or limiting exposure to each warranted orunwarranted risk is most important. The major risksto any organizational entity pertain to the following:

A. General Issues (including Financial andOperational)

� Incorrect management monitoring andreporting

� Operational problems (and inadequatecontrols over costs, stock, structure, expenses,income, process)

� Statutory (legal, regulatory) breaches(violations)

� Loss of income (due to non-compliance withrequirements)

� Misuse (loss, wastage) of resources (funds,personnel, equipment, information, technology)

� Bad debts (including non-payment by clients)

� Confidentiality breaches � Business interruption

� Inferior quality of goods or end products andservices delivered

� Incorrect information resulting in wrongservices

B. Information Technology

� lack of business plan

� lack of IT strategy

� lack of IT budget

� lack of IT security policy

� deviations from the Company’s establishedprocedures

� inadequate separation of duties

� failure to anticipate market trends

� computer systems and software not properlysupported

� lack of security of computer systems

� lack of security of physical environment

� improper or inadequate or non-existentmaintenance contracts

� no adequate management monitoring andreporting

� inadequate documentation for informationsystems



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

� incomplete IT standards, procedures andpolicies

� unauthorized software packages

� business interruption

� incorrect recording/maintaining/processing ofinformation/data

� not evaluating needs properly

� failing to control development costs

� incorrect hardware selection and sizing

� delays in implementation

� inadequate back-up of software and data

� lack of contingency and fall-back procedures

� unauthorized disclosure of confidentialinformation

� loss of extremely valuable information (storedin application systems)

� no audit trail exists

Evaluating risks in an entrepreneurial environmentrequires undertaking various types of tests and ratingthe audit findings (of each audit assignment) in orderto formulate a calculated opinion. The types of audittests conducted may be compliance, weakness,substantive or any combination thereof: Compliancetests are used to verify whether a specific control isoperating in accordance with expectations; Weaknesstests are utilised when a compliance test hasindicated a major failure of a control to establishwhether the control system has broken down entirelyor the failure is merely due to an isolated error;Substantive tests are used to verify the existence andvalue of specific assets, liabilities, revenues andexpenditures, either as part of general confirmation orin response to a known breakdown in control. Thetesting techniques utilised in an audit examinationmay include:4

� additions of transactions: used for confirmingtotals, balances and other quantitativeamounts

� walk-through: used to confirm one’s

understanding of how a transaction ordocument flows

� vouching: used to verify the authenticity andaccuracy of individual transactions againstsupporting evidence

� observation: used to confirm that dynamicoperations and procedures are being effectivelyand efficiently employed

� spot checks: surprise checks designed todetect irregularities

� analytical review: a method for analysing dataintended to highlight inefficiencies,inconsistencies or irregularities for subsequentinvestigation

� predictive analysis (via modelling software): aset of computer programs used for performingvarious audit functions on computer held data

� execution of audit software (upon extracteddata)

4. RISK REPORTING

A concise method for communicating anddocumenting judgments about the quality of inherentrisks is required. This may be conducted in a step-wise fashion whereby:

1. The audit objectives are stated in thebeginning of the audit assignment

2. Risk factors are associated to each statedobjective

3. The risk factors are rated in a scale (1 to 10, 1for least important, 10 for most important)

4. The audit assignment is conducted accordingto the programme, sample data, checklist,tests and techniques

5. The audit findings are recorded in the auditreport (and each outstanding point ratedaccording to a priority level indicator: High,Medium, Low for action purposes)

6. The outstanding points, local managementrecommendations and other audit findings (asper work notes) are inserted and documented


4 For more information, see: Adrion W.R., Branstad M. A., Cherniavsky J.C. (1981): ‘Validation, Verification, and Testing of Computer Software’.NBS Special Publications, U.S.A.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

in the evaluation table (containing objectivesand risks)

7. The evaluation results are tabulated as performula stated (i.e. “Detail Evaluation = 100 -(Risk Weight * Priority Weight)”, where RiskWeight is obtained from the relevant RiskWeight Table and Priority Weight is equal to 10for “High” priority items, 7 for “Medium”priority items, 2 for “Low” priority items)

8. The rating of 80%–100% results in a“Satisfactory” opinion for the assessment of agiven objective, the rating of 30%–79% in a“Requires Improvement” opinion and 0%–29% in a “Unsatisfactory” opinion

9. The underlying idea is to rate up to 100% anideal situation (i.e. perfect) while 0% the leastideal environments

5. VALIDITY AND LIMITATIONS

The methodology contained herein has been appliedto a variety of internal audit assignments (corporate,production processes, and IT) and to a multitude ofindustrial settings/companies in the private sector, inseveral countries. It should be stated however that,various conceptual and methodological issues needfurther refinement and study and more techniquesmay be required in order to improve the application of this methodology in the long run. These issues are, in general terms:5

Objective ValidityA measurement test is required to ensure that anobjective is valid over time across all businessentities, for all markets, for a variety of industries andfor a multitude of functions. One such test may be torate the given objective according to its contributiontowards proper business continuity.

Risk ValidityA test must be designed to ensure that each riskassociates correctly with one or more objectives. Aseach objective may be associated with more than onerisk, and each risk may be associated with multiple

objectives this issue is not easily resolvable. Onesimplistic test would be to conduct a fit-to-purposeanalysis for each objective – risk association.6

Sample ValidityCertain conceptual issues need to be dealt with beforea system can be studied. These are: samplecomposition (both simple and complex transactionsmust be represented) and sample objectivity (isobjective reality captured or only the auditmeasurement aspects are depicted in a mechanisticway?). Finally the concept of materiality must be dealtwith. It is very easy to become overly tied down toinsignificant details while a control weakness exposesthe business to maximum potential losses. In otherwords one must worry about what is material(important) in the overall context of the organization.

Information system qualityIn all information systems (and particularly when theyare based on computer technology where the rules,logical instructions and software code is quiteintricate and the combination in executing theprocesses of the information system quite enormous)the testing of system measurements on only arepresentative sample becomes quite academic.7

What’s important is not the size and the validity ofthe sample but rather how the system’s richness andmulti-functional capabilities are represented andsimulated for testing. The risk evaluation methodology is based only on

running a variety of tests in a specific way, and in asomewhat controlled environment. It cannot offer anopinion on the particular systems' quality measuressuch as:8

� software reliability

� maintainability

� serviceability

� logical complexity

� portability

� efficiency

� evaluation


8 For more information, see: (1) Howard, W.J. (1998). The Cost of Quality Audit, Strategic Direction Publishers, Switzerland. (2) Hoyle, David(1994): ISO 9000 Quality Systems Handbook. UK: Butterworth-Heinemann.


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

� cost of exposure

� accuracy

� fit-for-purpose aspects

� performance

� database optimality (structure, integrity,privacy, data relationships)

6. CONCLUDING REMARKS

Risk analysis and evaluation involves an assessmentof the quality of risk management. Accurate andtimely measurement is critical to effective riskmanagement systems. The risks are controlled by theimplementation of policies, standards and proceduresand by capable management, appropriate staffing andinformed boards endorsing and approving strategicpolicies in order to reduce the organization’s risktolerance.In auditing “live” systems, the gains from meeting

certain objectives need not be offset by the lossesfrom not meeting certain other objectives. In simpleterms, objectives neither compete against each othernor co-operate with each other. They merely co-exist ina somewhat hierarchic way, or in a precedence order,or in a co-dependent temporal continuum (i.e. oneobjective’s existence depends on another objectivewithin a particular time-frame). There is no distinctlogic for associating objectives and risks, and there isno hard rule for assessing whether the sample dataadequately represent the actual population. The plurality of inter-connections between

objectives and risks is not easily tested. Also there isno methodological test to determine the relation oftest data to actual population which is probably onlyevidenced in a heuristic way. What’s important is notthe degree of association between the two. Rather, itis how the network of relationships existing in real lifesituations are contained in the sample tested, andwhether the results provide a realistic reliabilitymeasurement of the system. Our methodology aimsto provide Internal Auditors with a simplistic yetrealistic and powerful tool to offer an objectiveopinion to all parties concerned, on the efficiency andeffectiveness of a particular audited activity.


ABOUT THE AUTHOR

John Kyriazoglou, CICA, M.S, B.A

(Hon) is an International IT and

Management Professional with

over 35 years experience in

Canada, Europe and the Middle

East, as a Senior IT manager, IT

auditor, Group EDP Internal Audit Manager and sen-

ior management consultant, in a variety of clients

and projects, in both the private and the public sec-

tors. John has published over 20 articles in profes-

sional publications, has served in numerous scientific

committees, is a member of several professional and

cultural associations, and is giving courses on IT

Auditing, Security and Electronic Crime Prevention.

Mr. Kyriazoglou has authored five books: EDP/IT

Auditing, published in 2001 by Anubis Publications,

and listed in the international Web site of ISACA

www.isaca.org/bokstore; Performance Measurement

for Private and Public Organizations, co-authored by

Ms. Despina Politou, and published in 2005 by ION

publishers; Thoughts on Love and Friendship published

in 2009 by YADES Publishers; IT Strategic &

Operational Controls, published in 2010 by IT

Governance (U.K.: www.itgovernance.co.uk); and

Corporate Strategic and Operational Controls, to pub-

lished by the Institute for Internal Controls, by the

end of 2011, co-authored by Dr. F. Nasuti, and Dr C.

Kyriazoglou.

Mr. Kyriazoglou recent risk-related articles include:

Greek Translation of the English Standard on ‘Risk

Management’, www.theirm.org, England, 6/2007,

(co-authors: Dr. C. Kyriazoglou, and Dr. R. Sygkouna);

and ‘A long road still to travel……’(Risk management

in Greece), Ref.: Risk Management Professional

Magazine, pg. 42, Sept. 2010, www.rmprofessional.

com, England. John can be contacted at:

[email protected].


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

STRESS-TESTING: Lessons Learned and Emerging Requirements — The U.S. and European Banking Authority (EBA) FrameworksTHOMAS DAY

INTRODUCTION

Numerous changes and challenges have impactedcross-border, systemically important financialinstitutions (SIFI) in the past few years. SIFI’sexposure to macro-economic shocks such home pricedeclines, weak GDP grown, persistently highunemployment and other internal and external riskfactors has become an issue of critical importancedue to the costs that large bank failures impose onthe global financial system in times of crisis. Large, internationally active banks assumed to be

“Too Big to Fail” (TBTF), or too interconnected to fail,fund their balance sheet at advantageous borrowingrates relative to less interconnected financialorganizations. This moral hazard incentivizes thesefirms to hold lower levels of capital and create greaterlevels of leverage in order to maximize returns. Whilereturn maximization is usually a positive aspect ofbanking, finance, and free-markets, it can becomedangerous when excessive risk taking is spurred bypublic subsidies, for example deposit insurance,various official-sector guaranty programs or by otherfactors such as fixed capital rules prone tomodification, dilution or incorrect business modelcalibration. In such an environment it becomesincumbent upon these SIFIs to develop – and

regulators to require and enforce – robust internalprocesses to measure, manage and control risk aswell as to ensure that sufficient capital is retained,raised, or created. Such an approach can foster safeand sound operations, mitigate the risk of publicallyfinanced bailouts and reduce financial systeminstabilities. Recognizing the systemic risks imposed on the

financial system by large financial organizations, theFederal Reserve System (FRS), European BankingAuthority (EBA), G-20, Financial Stability Board (FSB)and the Basel Committee on Banking Supervision(BCBS) have embarked on projects to enhancefinancial stability and promote heightened levels ofcapital and liquidity for national and global SIFIs andnon-bank intermediaries that could create financialcontagion. One focus of such projects is integrated stress-

tests to allow a firm to understand ways various risksinteract and to improve forward-looking forecasts ofcapital, liquidity, expected loss, pre-provision revenue,and other measures. A Basel white paper entitled“Principles for Sound Stress Testing Practices andSupervision” states it thus:

“Prior to the crisis, many banks did not havean overarching stress testing programme in

ABSTRACT

Banks are increasingly required to integrate risk infrastructures, governance processes, and risk appetite frameworks inways that have not been required in the past. While stress-testing is nothing new, the for the recent U.S. and E.U.stress-testing requirements and guidance represent a methodological shift, combining risk analysis and measures thathave historically remained in silos. Meeting the new framework of requirements in a repeatable fashion requiresunprecedented coordination across various business, risk, and operational units. A major insight from the last couple of years is that all banks are subject to the same macro-economic shock(s). For all the talk about enhanced riskmanagement, enterprise-risk modeling remains primitive and non-integrated at many systemically important financialinstitutions (SIFIs). During the crisis, regulators were flying blind and not much has changed. A new framework forflexible, forward-looking, and integrated scenario analysis and stress-testing is needed. Implementing such a frameworkand combining business, capital, and risk strategy requires an enterprise decisioning tool that is agile, flexible, andserves the needs of internal and external stakeholders.



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

place but ran separate stress tests forparticular risks or portfolios with limited firm-level integration. Risk-specific stress testingwas usually conducted within business lines.While stress testing for market and interestrate risk had been practiced for several years,stress testing for credit risk in the bankingbook has only emerged more recently.”

— Basel, May 2009

RISK GOVERNANCE AND STRESS TESTING PROCESSES

Breaking down silos and producing a useful firm-widestress-testing infrastructure are important policyobjectives and critical internal risk management goals.And although different supervisory authorities arepursuing this agenda at different speeds, the over-arching principles are largely consistent and relativelycoherent. Visually, they can be depicted as in Figure-1 below.

Implementing the emerging requirements and stayingfocused on sound practice requires an investment inpeople, systems, and processes that should be tightlycoupled to internal governance mechanisms such aspolicies, limits, controls, and the firm’s risk appetiteframework. As seen above, stress-testing is anintegral part of a firm’s overall risk managementinfrastructure and, ideally, links directly to business,capital and risk management strategies and plans.Ultimately, stress-testing should inform theorganization’s risk appetite framework. As regulatorystandards evolve, it likely becomes a component ofRecovery and Resolution Plans, Contingent Capitalinstruments, capital planning, and various elementsof Basel II and Basel III, including requirements fordisclosure (for example, Pillar III of Basel II).

ADDRESSING FIRM-WIDE EXPOSURE TO STRESS

A well designed stress-testing framework spansbeyond methodologies and quantitative finance.Since methods are merely approximations to the real-

STRESS TESTING: LESSON LEARNED AND EMERGING REQUIREMENTSVISIONS OF RISK


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

world; judgment and expertise in relation to firm-widestress-testing projects are essential. This requires anarchitecture that is both flexible and responsive toemerging events in a crisis. Solutions that focus toomuch on methodological or quantitative purity canget bogged down in computational design featuresthat limit their usefulness when a crisis is emergingand new scenarios and testing needs to be applied,just when it matters most. A better risk architectureorients the firm toward forward-looking risk metricsthat link hypothetical macro-economic shocks to riskfactors such that future-period capital and liquiditystrength can be assessed in a dynamic, flexible, andrapid fashion. Agility (in addition to scenario reporting) is an

important consideration that remains elusive due toinfrastructure, data, and integration issues.Nevertheless, appropriate frameworks allow forthoughtful progression toward future-state designgoals in ways that minimize rework and leverageexisting risk-system spending. Well-managed, theymaximize return-on-investment (ROI) even for currentrisk systems.Supervisory authorities expect banking organizations

to understand their risks and assess the likely impactsthat stressful events could have on their condition. Astrong stress-testing framework should allow a firm toanswer “what-if” scenarios driven from movements inmacro-economic variables, and should inform,monitor, and assess the organization’s risk appetiteframework. In some cases macro-economic variablesneed to be “localized” given that regional economiccircumstances, such as home price, can differdramatically from region-to-region and even city-to-city. Other variables such as unemployment, industryconcentration can be similar. Failing to make suchadjustments risks underestimating financial risks, forexample if loss estimates do not accurately reflectsensitivity to a given macro-economic scenario. Thisis especially true for regional institutions holdingportfolios with geographic concentrations.Although stress-testing is nothing new to most risk

managers, some of the proposed methodologies

advocated by the bank supervisory community areambitious, complex, and difficult to implement in amanner easily repeated. Risk-forecasting methodsdiscussed below require significant internalcollaboration and excellent project management tocombine line-of-business, risk culture, IT architecture,legacy systems, and governance processes in ancoherent, efficient design that can be repeated atleast quarterly — and ideally monthly. Former Comptroller of the Currency John Dugan

noted the complexity of stress-testing in a speech tothe Richmond Federal Reserve Bank (FRB).

“The ambitious scope of the SCAP tests madethe exercise much more difficult, both forbanks and for bank supervisors. Testspecifications had to cover a wide swath ofbank operations: details like provisions forloan loss reserves, the payment of dividends,and the impact on other non-credit-relatedparts of the business.” “In addition, bankinformation systems are not designed toaggregate information in this way on a regularbasis. Much improvement is needed in thesesystems (...) but until strides are made,comprehensive stress testing will remain verydifficult.” “...the issues I’ve just mentionedmake me reluctant to begin conducting suchtests routinely as the cornerstone of oursupervision. Similarly, I think we should avoidthinking of stress tests as just way to assesscapital adequacy. Ask any risk manager, and heor she will tell you that one of the main benefitsof stress testing is the focused dialogue itgenerates around risk-taking and risk appetite.”

— John C. Dugan, April 15, 2010, FRBRichmond Credit Markets Symposium[emphasis added]

CURRENT STRESS TESTING METHODOLOGICAL

EXPECTATIONS

The 2009 Supervisory Capital Assessment Program(SCAP) that was undertaken by the Federal ReserveSystem is credited with calming markets in the United



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

States and, to a lesser degree, restoring confidence inthe international financial system. The SCAPintroduced a new paradigm of stress-testing to thefinancial system and helped inform the methodologyand framework currently being advocated by theglobal supervisory community.Although many firms stress-test specific risk factors

like interest-rates, probabilities of default, creditspreads and so on in isolation (whether using in-house or vendor-provided “point solutions”) theSCAP and subsequent CCAR exercises combinedmultiple factors into one over-arching frameworkcovering macro-economic forecasting, pro-forma loss,reserves, pre-provision net interest income (i.e.margin), other operating revenue and expenses,dividend policies, trading, accounting rule changes,and liquidity risks, among others. In effect, newregulatory expectations require different risk disciplinesto work together to produce a comprehensive,enterprise-wide view of risk in stressed conditions.Given the requirement in the United States and

other jurisdictions that all large banks develop Board-level Risk Committees, an integrated frameworkshould provide the perspective required tocommunicate expected, contingent, and extreme-riskexpectations among senior management and a firm’sBoard of Directors. A better risk “language” in termsof macro-economic, regional and local marketforecasts will also improve management’s dialogueabout exposures while facilitating oversight andtransparency amongst Board, executive management,and the firm’s risk function(s). While acknowledging the need to make certain

assumptions, the clear expectation of the banksupervisory community is for forward-looking stress-tests to be conducted on a routine basis andincorporated into risk governance, capital planning,and liquidity risk management. While U.S. authoritiesare arguably slightly ahead in their approach towardstress-testing, the European Banking Authority (EBA)has additional challenges. EBA methodologies andprocesses cross a wide number of competingregulatory authorities that must balance matters ofnational discretion with the need for realisticscenarios, methodological rigor, and comparability.

Fortunately, in many cases the US Federal ReserveBank (FRB) stress-testing framework and the EBAframework will require similar scenarios and output.Although the final rule for US-domiciled banks had

not been published as of this writing, recentproposals (combined with the output of the recentSCAP and CCAR horizontal exercises) providesufficient background and guidance to summarizebasic elements at a high-level:

� Design a series of macro-economic scenarios

1. Include mandated scenarios as defined by the prudential supervisor

2. Develop and include firm-specific scenariosdesigned and defined by the bank

� Operationalize these macro-economicscenarios in a manner that will drive key riskfactors, business decisions, and industryimpacts over the required time horizonincluding:

1. Interest rates, yield-curves, and spreads (i.e.,pre-provision net interest income/operatingprofit)

2. Credit transitions (i.e., movement from onerating category to another)

3. Credit losses, loan loss reserves, andimpairments

4. New business strategy, such as loan volumeand business mix. Importantly, the firm’sfunding structure will also be required to betied to scenarios

5. Trading portfolio risk

6. Other income and other expense

7. Dividend policy

8. Anticipated accounting policy changes, asappropriate

� Produce monthly balance sheet and incomeforecasts that measure

1. Credit migrations and attendant shifts inrisk-weighted assets

2. New business strategies, including possibledeleveraging, no-growth and related



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

business volume and mix assumptions

3. Regulatory capital levels under appropriateBasel methodologies (i.e., advancedmeasurement approach in the US)

4. Economic and tangible common equitylevels

� Analyze assumptions, results and potentialcapital planning requirements

Working through such an approach should allow afirm to produce projected capital and liquidity needsover a forward-looking time period such that risks tocapital are attributed to the exposures and risk factorsdriving overall enterprise strategy. For example,Chart-1 below illustrates one potential output fromsuch a modeling framework as a capital waterfall“walk-down” report. (The illustration reflects a base-case forecast of capital adequacy over a 24-monthstime horizon.)Based on this sample report it is clear that the

reduction in capital adequacy is driven mainly bydividends, draw-downs on unfunded lines of credit,

and a remix of risk weighted assets towards higherrisk-weighted asset (RWA) classes. The shift in RWAmay be driven from balance sheet growth and/orchanges in enterprise risk appetite. Importantly, inone simple report we see the contribution of margin(i.e. pre-provision net revenue), credit risk (i.e.expected losses) and numerous other factors. Once a framework exists to generate output like

this, comparing results from different macroeconomicscenarios and sensitivity tests becomes a relativelystraightforward exercise that provides usefulinformation and insight about risk tolerance, trendsand direction. In the example presented, data iscreated by forecasting credit transitions and averagebalances by rating grade/category of each balancesheet product category for existing and new businessover the appropriate time horizon and subject to thegiven scenario assumptions. It also integratesinformation from existing point-solutions for balancesheet management and Basel II capital calculations(i.e. IRB approach under Basel II).



||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

CONCLUSION

As indicated in the December 23, 2010 SeniorSupervisors Group (SSG) report entitled;“Observations on Developments in Risk AppetiteFrameworks and IT Infrastructure”:

“Firms with more seasoned [risk appetiteframeworks (RAFs)] have also created a forward-looking process that establishes expectationsabout the firm’s consolidated risk profile in avariety of circumstances based on stress tests andscenario analyses. The use of stress tests andscenario analyses on a consolidated basis can testthe RAF as well as help firms identify where theirrisk profiles are most vulnerable. In response, anRAF can help establish a road map for risktaking, loss mitigation, and the employment ofcontingency measures.”

Recently, the U.S. Comprehensive Capital Assessmentand Review (“CCAR”) and the June 17, 2011 FederalReserve Bank (FRB) proposed guidance on CapitalPlans have further pushed the stress-testing, capitaland liquidity planning agenda deeper into the normaloperating framework for supervision. Regulatoryagencies are seeking to make stress-testing, capitaland liquidity planning a core, repeatable element of

their oversight processes. All firms over specific size,as defined by prudential supervisors, must have theability to produce these consolidated stress-tests. Astrong solution framework will integrate currentlysiloed risk solutions into an organization’s broaderrisk management framework. Whatever approach istaken, it is essential to coordinate across multiple anddiverse business and risk units, re-use of as muchinternal technology as possible, and ensure dataarchitecture and design is sound. Spending theproper amount of time up-front designing the rightmulti-phased project is not only prudent – it willreduce your future levels of stress.

ABOUT THE AUTHOR

Thomas Day is the ManagingDirector of Risk Solutions and Policy,SunGard Ambit and Principal, AmbitRisk Institute. He is a PRMIA Boardmember; Vice Chair of the ExecutiveCommittee; Regional Director of thePRMIA Washington DC Chapter;

Advisory member of the Atlanta Steering Committee;and member of the PRMIA training committee. Email:[email protected]

BECOME A PRMIA SUSTAINING MEMBER

Benefits of Sustaining Membership:� Free access to thought leadership webinars

� Free digital subscription to the Journal of Risk Management in Financial Institutions

� Discounts on select PRMIA publications, exam vouchers and online courses

� Discounts on PRMIA events and training courses (up to $100 per course or event)

� Full access to PRMIA Exclusive Content, including surveys, meeting replays andPRMIA’s Jobs Board

Sustaining members receive all of these valuable benefits for a small annual fee. For furtherdetails, including concessionary rates for students and low-income groups, visitbit.ly/PRMIAMembership or contact Sue Rod at [email protected]



http://prmia.org/index.php?page=membership

http://www.henrystewart.com/jrmfi.aspx


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


NATIONAL UNIVERSITY OF SINGAPORE — RISK MANAGEMENT INSTITUTEJIN-CHUAN DUAN

Credit Rating InitiativeRMI’s major research project is acredit rating initiative undertakenin response to criticism of creditrating agencies in the wake ofthe 2008-2009 financial crisis.As a non-profit endeavour, theinitiative takes a “public good”approach to credit ratings withthe goal of keeping the ratingsystem current, evolutionary and organic. To that end,RMI spurs research and development in credit ratingmethodologies.

The primary component of the initiative is aprobability of default (PD) estimation system thatprovides updates on a daily basis to ensure theirrelevance and currency. Currently, PDs are available for30 economies in North America, Western Europe andAsia-Pacific. Estimates for 2,200 selected firms areavailable to the public; full access to over 28,000 firmswill be granted free of charge to qualified professionalsat the discretion of RMI. Future phases will expandcoverage globally.

A key objective is to demonstrate the feasibility of atransparent, independent ratings system. RMI sourcesideas globally, providing infrastructure and welcomingcontributions from external researchers andpractitioners. Implementation quality and editorialcontrol are maintained by taking a ‘selective Wikipedia’approach to managing contributions. Regulators can useRMI’s estimates to inform their supervisory activities.Industry practitioners can use the outputs to augmenttheir analyses. And companies can leverage the expertise

and data developed by the initiativeto enhance their internal creditsystems.

In addition, two RMIpublications bridge the gap betweenacademic research and practice. TheGlobal Credit Review presentsdevelopments in global creditmarkets, regulatory frameworks, andtheoretical and empirical research

on credit risk annually. RMI’s Quarterly Credit Reportanalyzes credit conditions across regions, economiesand sectors based on PD estimates.

Training and Education RMI works with the financial industry to helppractitioners enhance their risk management proficiency.The institute has provided PRMTM Certification Trainingsince 2007. A Masters of Science in FinancialEngineering has been offered through NUS since 1999.These courses help students and professionals gain theskills, know-how and financial intuition to analyse,interpret and communicate risk effectively, whileproviding a thorough grounding in the mathematics andIT skills required to implement risk and pricing models.

ACADEMIC PARTNER PROFILE SPOTLIGHT ON PRMIA’S UNIVERSITY NETWORK

ABOUT THE AUTHOR

Jin-Chuan Duan has been the direc-tor of RMI since 2007. He holds ajoint appointment as the Cycle andCarriage Professor of Finance at NUSBusiness School.

The National University of Singapore’s (NUS) Risk Management Institute (RMI) was estab-lished in 2006 as a research institute dedicated to financial risk management with support

from the Monetary Authority of Singapore under the Risk Management and Financial Innovationprogram. RMI seeks to complement, support and develop Singapore’s financial sector’s knowledgeand expertise in risk management to address the challenges arising from globalization, structuralchange and volatile markets.

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


BANK FOR INTERNATIONAL SETTLEMENTS (BIS)

http://bit.ly/mX6d6B

Rating: ��

BIS is one of the best resources to explore supervisorystandards for stress testing including best practices,industry statistics and, notably, the widely accepted“Principles for sound stress testing practices andsupervision” (see: http://bit.ly/nUdxXb). The websitehas a “stress test” publication category, and relatedinformation can be found in other categories bysearching “stress testing.”

FINANCIAL SERVICE AUTHORITY (FSA)

http://bit.ly/pInBuK

Rating: ��

FSA, an independent, non-governmental body thatregulates the financial services industry in U.K., providesan excellent online library related to stress testing. Itcollects materials about specific institutions as well assystem-wide risks. The website covers relevantframeworks, methodologies, models and practicalQuestions & Answers. (See: http://bit.ly/nESUXD)

EUROPEAN BANKING AUTHORITY (EBA)

http://bit.ly/rv3kWL

Rating: ��

The EBA is a regulatory agency that has taken over allexisting and ongoing tasks and responsibilities from theCommittee of European Banking Supervisors (CEBS).EBA initiates and conducts EU-wide stress testing incooperation with the European Systematic Risk Board.The agency has published outcomes, scenarios andmethodologies, questions and answers since 2009.These include the “CEBS Guidelines on Stress Testing”(see: http://bit.ly/q2zAMg) and “Questions andAnswers on the EBA 2011 EU-wide stress test” (see: http://bit.ly/o3uDVd).

BOARD OF GOVERNORS OF THE

FEDERAL RESERVE SYSTEM

http://bit.ly/qMYrHu

Rating: ��

The Federal Reserve Board in U.S., along with theFederal Deposit Insurance Corporation and DepartmentOf The Treasury’s Office of the Comptroller of theCurrency (OCC) has published Proposed Guidance onStress Testing (see: http://1.usa.gov/qITdSz). Someresponses to their requests for comment have also beenposted as well as congressional testimony andspeeches, including one from the Fed’s Board ofGovernors: “Lessons from the Crisis Stress Tests” (see: http://1.usa.gov/a2y1vX).

WHAT’S ON THE WEB EXPERT GUIDES TO THE BEST LINKS

“All banking organizations should have the capacity to understand their risks and

the potential impact of stressful events and circumstances on their financial condition.”

Inadequate capital and liquidity standards, deficient information models based on poor data, siloedrisk management practices, and inadequate regulatory oversight – all of these factors contributed to

the crisis but none are entirely new. The U.S. and Europe now require stress testing at both institution-al and systemic levels to determine capital and liquidity requirements to withstand steady declines andsudden shocks. We hope you find the following websites valuable, whether you are establishing policy,managing implementation or conducting research.

STRESS TESTING AFTER THE CRISIS…AND BEFOREWEIHUA NI

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


COMMITTEE TO ESTABLISH THE NATIONAL

INSTITUTE OF FINANCE (CE-NIF)

http://bit.ly/r54uT0

Rating: ��

CE-NIF is a group of volunteers that collectsgovernment reports, industrial publications, andacademic research papers with the aim of contributingto the restructuring of financial regulation in the U.S.Areas covered include stress testing, capital planning,etc.

DEFAULTRISK.COM

http://bit.ly/5Gj4Q9

Rating: ��

This site collects information related to default risk andclaims to be the web’s biggest credit risk modelingresource. IT highlights a top twenty section covering thelatest in-depth papers worth reading, including “The Roleof Stress Testing in Credit Risk Management,” fromMoody’s Research Labs.

WOLTERS KLUWER LAW & BUSINESS

CCH Financial Reform News Center

http://bit.ly/mWUOna

Rating: ��

The CCH Financial Reform News Center has a “stresstesting” category that tracks discussions, expertcommentary, and financial reform events based on itsown reporting and that of other media.

EUROPEAN CENTRAL BANK

http://bit.ly/pg6gHF

Rating: ��

The ECB published “EU Banks’ Liquidity Stress Testingand Contingency Funding Plans” in November 2008(see: http://bit.ly/pg6gHF). The report provides anoverview and insights based on literature review,workshop, survey, and the experience of regulatoryagencies.

The following websites provide information relevant tothe history of stress testing and should help anyone whowants to understand its evolution after the financialcrisis.

CZECH NATIONAL BANK (CNB)

http://bit.ly/pF7nsz

Rating: ��

Faced with the financial instability experienced by manycountries in the 1990s, the CNB published “StressTesting: A Review of key Concepts” in 2004 (see:http://bit.ly/pF7nsz). The paper provides a literaturereview on quantitative methods used to assess thesystem-wide risks.

INTERNATIONAL MONETARY FUND (IMF)

http://bit.ly/n41gNy

Rating: ��

Along with the World Bank, the IMF prepared a FinancialSector Assessment Program in response to the 1999Asia financial crisis. The IMF also published a series ofpapers on system-wide stress testing, including “StressTesting of Financial System: An Overview of Issues,Methodologies, and FSAP Experiences” (see:http://bit.ly/qMEFja) and “Stress Testing FinancialSystems: What to Do When the Governor Calls” (see:http://bit.ly/pjuMSJ). It also held an “Expert Forum onAdvanced Techniques on Stress Testing: Applications forSupervisors” in 2006 (see: http://bit.ly/pXRjSG).

ABOUT THE AUTHOR

Weihua Ni is an independent con-sultant for China-related business,member of PRMIA DC ChapterSteering Committee, and formerofficer of Enterprise RiskManagement, Audit at ChinaCustoms. He holds a Master of

Science in Information Management from SyracuseUniversity with extensive research in Enterprise RiskManagement. Email: [email protected]

WHAT’S ON THE WEB STRESS TESTING AFTER THE CRISIS...AND BEFORE

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


CHAPTER REPORT

PRMIA MUNICH CHAPTER

The Munich PRMIA Chapter was founded in June 2004 with an inaugural presentation by Christopher Conrad on Hedge

Accounting according to IAS 39. Over the years the chapter hasgrown from zero to about 2500 members. The current annual growthrate is around 12 percent. The mission of the Munich Chapter is to:

� Provide a platform for local Risk Management experts

� Organize regular events with high profileinternational academics and professionals

� Promote the PRM and Associate PRM certification � Contribute to PRMIA bottom line by organizingregular workshops

� Interact with other local chapter especially inGerman speaking countries

The Munich Steering Committee consists of thefollowing members:

� Dr. Domink Dersch, PRM, Matobis InvestmentServices, founding and acting Regional Director

� Dr. Klaus Böcker, Deutsche Pfandbriefbank� Michael Ege, PRM, Munich Re, founding SC member

� Dr. Markus Hirschberger, PRM, Munich Re� Dr. Ulla Theiler, Risk Training� Dr. Michael Thiergen, PRM, Commerzbank,founding SC member

� Dr. Marc Wagner, PRM, Allianz InvestmentManagement

� Prof. Dr. Rudi Zagst, Lehrstuhl fürFinanzmathematik, Technical UniversityMunich, founding SC member

Most of the Munich SC members are also very active volunteers in various PRMIA global committees.

The main background of the Munich members is inInvestment Banking, Insurance and Re-Insurance,Asset Management, Risk Management Consulting andSolutions. Traditionally we have strong links and inter-action between practitioners and academics from theTechnical University Munich and other local universities.

Our chapter events are usually free of charge thanksto our solid sponsor base. However, Munich is contribut-ing to the PRMIA bottom line by promoting sustainingmembership, certification and paid workshops whichwe’ve organized since 2009. The two-day workshopswith world leading experts attract participants from allover Europe. The list of past workshops includes:

� 2009, Prof. Stan Uryasev on Tail Risk Measures� 2010, Prof. John Hull on Fundamental on RiskManagement

� 2011, Dr. Riccardo Rebonato on Stress Testing

Munich is an advocate of the PRMIA certification.We are organizing regular PRM and Associate PRMinformation events and training courses. As a result theAPRM and PRM became an integral part of internaleducation programs and Munich exam takers regularlyachieve top results worldwide.

To learn more about the Munich chapter, visit us atwww.prmia.org/Chapter_Pages/Munich. For questions,comments or sponsorship opportunities, contactDominik Dersch at [email protected].

SPONSORSHIP OPPORTUNITIES

Interested in partnering with PRMIA as a sponsor? Many opportunities are available to you:� Align your company with thought leadership and knowledge by sponsoring Intelligent Risk� Take advantage of branding opportunities through a PRMIA website sponsorship� Focus your promotions locally and regionally through chapter meetings and event sponsorships� Directly reach out to PRMIA members through surveys and webinars

For more information please contact Cheryl Buck, [email protected]


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


ANNOUNCEMENTS

Can you tell us about your involve-ment with PRMIA and the risk management industry this year?One of my primary roles withinPRMIA over the past year has beenthat of educator, which is one of mypassions. In addition to coaching andhelping lead other risk managers with-in Credit-Suisse, I enjoy shaping anddeveloping curricula and educatingother executives across the industryabout risk management.

I am a former and current profes-sor, as well as a practitioner, and stillteach at Baruch College’s ZicklinSchool of Business and FordhamUniversity's Master’s in GlobalFinance program in New York City.For several years I’ve also served as afaculty member for PRMIA’s CompleteCourse in Risk Management atColumbia Business School ExecutiveEducation – in 2011 I taught theMarket Risk Management segment ofthe course. I also presented PRMIAwebinars reaching hundreds of finan-cial professionals around the worldand educating them on the some ofthe latest methodologies in risk man-agement. I continue to work closelywith the New York PRMIA chapterleadership to organize chapter eventsand enlist high-level guest speakersfrom industry and academia.

I strongly believe in PRMIA’sProfessional Risk Manager (PRM)

certification and continue to promote itin the industry and within my own firm.

I also conduct research in corporategovernance, including executive com-pensation structures and risk-taking.

What motivates your contributions toPRMIA’s activities?As a former academic, I appreciatethe fact that PRMIA is a not-for profitorganization dedicated to developingrisk managers and to setting higherstandards for the profession. I believein PRMIA’s mission and, as someonewho was brought up to believe in theimportance of serving a greater good,I aspire to that by contributing myskills and experience. I also enjoy thecontact with others in the industry.Discussing and debating the latesttopics and thinking in risk manage-ment is both rewarding and intellectu-ally stimulating.

Hundreds of volunteers have helpedPRMIA to grow, starting with itsfounding almost 10 years ago. Youbecame a member in 2004. Whatmotivates these volunteers? Volunteers have been instrumental tothe growth of PRMIA in the past andthey continue to take increasinglyactive roles developing and imple-menting an agenda for risk managersacross the industry. Because PRMIA isa not-for-profit organization, volun-teers are critical to its future growthand success. Fortunately, activePRMIA members seem to recognizethat they owe some of their successto PRMIA-led programs andresources. Volunteering is an effectiveway to give back to the organizationand contribute to the field.

Navin Sharma, Co-Regional Director for PRMIA’s New York Chapter hasworked closely with Mr. Rodriguez over the year. He expressed his appreciationto Intelligent Risk.

“Dan’s guidance and efforts have been instrumental to the NY PRMIAChapter, especially as we pursue our goals of expansion and organizingtimely, pertinent events in the area. Dan leads an initiative among leadingNew York City universities to increase the organization’s exposure andparticipation among students. This helps PRMIA with its growth goalswhile enhancing and broadening educational opportunities for students atall levels. We are very appreciative of Dan’s effort on behalf of PRMIA NY.”

PRMIA NAMES DR. DAN RODRIGUEZ 2011 PRMIA HIGHER STANDARD AWARD RECIPIENT

Arecent ballot of the 600+ volunteers serving on PRMIA committeesworldwide has selected Dr. Dan Rodriguez, Chief Risk Officer, Global

Arbitrage Trading and the Americas Equity Division at Credit Suisse, as therecipient of the 2011 PRMIA Higher Standard Award.

This prestigious award is presented annually to an individual for his or heroverall contribution to PRMIA and to the risk management profession during theprevious year. Dr. Rodriguez now joins the list of previous respected winners,including John Hull, David Koenig, Carol Alexander, and Robert Merton.

Dr. Dan Rodriguez names Xiaoning Olivia Gong, a graduate student ofQuantitative Finance at Fordham University, as the recipient of the PRMIAInstitute academic grant associated with his Higher Standard Award.

We asked Dr. Rodriguez about his motivations and his contributions to PRMIA and industry activities.

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


LEARNING OPPORTUNITIES

ONLINE SERVICESAvailable anytime, anywhere in the world with an internet connection.

WEBINARSMost of our webinars are free to sustaining members. Theyare the perfect option for busy people with little time ormoney spare, but who recognize the immense value of self-education. PRMIA webinars bring the international thoughtleaders in risk management live to your screen. Ask them aquestion and participate in questions to the audience. Or,being recorded, you may prefer a time and location that ismore convenient than the broadcast slot. Already a globalmarket leader in risk management webinars, we areexpanding our schedule even further during 2011. Justwatch your e-mail and check the website for updatedschedules on http://bit.ly/PRMIAWebinars

PROFESSIONAL DEVELOPMENTPRMIA offers over 700 online professional developmentcourses, all of which can be customized to your personal orcorporate needs. Delivered individually or as a corporatepackage, online training is extremely cost-effective, withmost courses priced at only US $25. Special pricing isavailable for corporate licensing of any online course orcourse combination. See http://bit.ly/PRMIAOnlineTraining

EXAMINATION PREPARATIONPRMIA offers access to multiple resources to assistcandidates in the exam preparation process. Theseresources include printed publications, online training,webinars, classroom training and DVDs. A full list of onlineexam preparation material is on http://bit.ly/PRMIAExamPrep

CLASSROOM TRAININGIntensive and Comprehensive

CUSTOMIZED COURSESCustomized courses are held in-house or at specializedtraining venues. One-to-one consultation with our specialisttraining professionals ensures that the learning experienceis tailor-made to your requirements. Our goal is to providetraining that is flexible and sensitive to delegates’ needs,knowledge and background. Enquiries: [email protected]

OPEN ENROLLMENT COURSESOpen enrollment courses meet the needs of members whoprefer to interact and network with other risk professionalswhile receiving a more rigorous training experience. AllPRMIA courses are taught by risk management industrypractitioners and university faculty, offering a unique blendof teaching. We have several classroom courses scheduledover the next few months and our schedule will continue todevelop throughout 2011 as we receive feedback andguidance from members and leaders. Click here for a list ofupcoming courses.

In the current environment risk education is not just a choice, it is a necessity.

“This short course on risk management (Complete Course in Risk Management) crams more into its20-week span than many other certificate or even degree level courses. The professors are excellent andthe material ensures a solid foundation in the subject. I would unhesitatingly recommend this course.”

Jay Namputhiripad, Director, Risk Management, Federal Home Loan Banks Office of Finance

PRMIA offers weekly thought leadership webinars. To register go to http://prmia.org/index.php?page=training&option=trainigWebinars

Since the global recession began in 2008 the demand for risk management training has dramatically

increased at all levels. In response, our training is evolving in line with member needs. PRMIA’s training

committee, comprised of volunteer risk professionals from around the world, recognizes the diversity in this

renewed demand. Some members want online access to a variety of topics delivered in brief, focused learning

sessions. Others request classroom training that is intensive and comprehensive, and are willing to commit sig-

nificant time and money to this. PRMIA has developed a wide-ranging program that meets all of these needs.

http://prmia.org/index.php?page=training

PRMIA, leading universities and local industry experts have partnered

together to offer this intensive executive education program covering

the core concepts of financial risk management:

Meeting the demands of risk professionals by bridging the gap

between theory and practice in financial risk management.

|

www.PRMIA.org Setting a Higher Standard in Risk Education

A COMPLETE COURSE IN RISK MANAGEMENT

NNEEWW YYOORRKK

Jan 11 - May 30, 2012

One evening weekly

WWAASSHHIINNGGTTOONN DD..CC..

Jan 12 - May 24, 2012

One evening weekly

LLOONNDDOONN

February 6 - 10, 2012

Five full days

CCAAIIRROO

February 19 - 23, 2012

Five full days

� Foundations of Risk Measurement� Foundations of Risk Finance Theory� Markets and Financial Instruments� Market Risk Management� Credit Risk Management� Operational Risk Management� Capital Allocation� Governance and Case Studies

For full course descriptions and registration information

click on logos above or visit: www.PRMIA.org

or contact [email protected]

CCUURRRREENNTTLLYY SSCCHHEEDDUULLEEDD CCOOUURRSSEESS

“This short course on risk

management crams more

into [it] than many other

certificate or even degree

level courses. The profes-

sors are excellent and the

material ensures a solid

foundation in the subject.

I would unhesitatingly rec-

ommend this course.”

Jay Namputhiripad, Director-Risk ManagementFederal Home Loan Banks

Office of Finance

“Timely, insightful,

thought provoking risk

concepts that are directly

applicable to today’s mar-

ket dynamics. I would

definitely recommend this

course.” Jeffrey Buchman, StudentColumbia Business School

“Never seen such concen-

tration of risk in one

course. Very impressed

and glad that I took it.” Sia Siddiqi, Vice President,

AIG Financial Products

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


http://prmia.org/events/view_events.php?eventID=4016





CAROL ALEXANDER Chair of Financial Risk Management ICMA Centre, Henley Business School at Reading

PRMIA Involvement� Chair, Executive Committee � Education Committee � Co-Editor, PRM Handbook � Former Chair, Academic Advisory Committee

� 2006 Higher Standard Award

Term Expiration: 2012

THOMAS DAYManaging Director of Risk Solutions and Policy, SunGard Ambit

PRMIA Involvement� Vice-Chair, Executive Committee� Regional Director, Washington DC Chapter

� Advisory Member, Atlanta Steering Committee


DOMINIK DERSCHPrincipal Consultant, Dominik Dersch Beratung

PRMIA Involvement� Regional Director, Munich Chapter� Member, Regional Director Support and Standards Committee

� 2005 PRM Focus Award Winner� 2007 PRM Candidate of the Year Finalist


OSCAR MCCARTHY Strategic Risk Advisor, ABN Amro Markets

PRMIA Involvement� Secretary, Executive Committee� Regional Director, Netherlands Chapter� Former Deputy Regional Director, London� Former Member, Education and Standards Committee


ROBERT MARKManaging Partner & Chief Executive Officer, Black Diamond Risk

PRMIA Involvement� Treasurer, Executive Committee� Chair, Finance Committee� Co-Author Associate PRM Textbook —

Essentials of Risk Management� Former Vice-Chair, Executive Committee� Former Chair and Founder PRMIA Blue Ribbon Panel


BUD HASLETTExecutive Director, Research Foundation and Head, Risk Management and Derivatives, CFA Institute

PRMIA Involvement� Member, Finance Committee


COLIN LAWRENCEDirector, Prudential Risk Division, Financial Services Authority (FSA)

Visiting Professor, Risk Management, Cass Business School

PRMIA Involvement� Steering Committee, London Chapter


PHANG HONG LIMGroup Chief Risk Officer, CIMB Banking Group

PRMIA Involvement� Member, Regional Director Support and Standards Committee

� Former Regional Director, Singapore Chapter


CHAE SING, WONGSenior Vice President/ Head of Asia Business Risk Management, Marsh

PRMIA Involvement� Co-Regional Director, Beijing Chapter


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||PRMIA LEADERSHIP BOARD OF DIRECTORS

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


PRMIA was established in 2002 by a volunteer group of risk industry professionals with the vision of anchoring the new association in ethical guidelines, transparency and testing standards, providing

courses and publications that would be better than anything offered by others in the risk profession whilstalways committed to non-profit ideals of service. Listed below is this committed group of individuals.

EMERICO AMARI Senior Partner, MACFIN Group Management Consultants

� Regional Director, Italy

� Former Member, Education andStandards Committee

JEAN-MARTIN AUSSANT Member of Parliament for Nicolet-Yamaska

� Official opposition critic for theeconomy, financial institutionsand international commerce

� Québec National Assembly

JOHN PAUL BROUSSARDAssociate Professor, Rutgers School of Business – Camden

� Former Member, EthicsCommittee

MICHEL CROUHYHead of Research and Development at NATIXIS French Investment Bank

� Co-Author Associate PRMTextbook – Essentials of RiskManagement

� Co-author of chapter in PRMHandbook

DAN GALAI Dean, The School of Business Administration, The Hebrew University, Jerusalem Israel

� Co-Regional Director, Israel


� Former Member, Blue Ribbon Panel

FRANK HAYDENPrinciple, Risk and Decision

� Member, PRMIA Ethics Committee

� Reserve Member, RegionalDirector Support and StandardsCommittee

� Former Regional Director,Houston Chapter

KRUSKAL HEWITT Senior Advisor, Risk Management, J-Power

� Member, Exam Committee

� Member, Ethics Committee

� Former Member, Ethics andStandards Committee

GEOFF KATES CEO, Lepus

� Member, London SteeringCommittee

� Former Member, Board of Directors

� Former Chair, Executive Committee

� Former Regional Director, London Chapter

PRMIA LEADERSHIP FOUNDERS

DAVID R. KOENIG Chief Executive Officer, TheGovernance Fund Advisors, LLC � Member, Ethics Committee� Former Executive Director� Former Chair, Board of Directors � Former Member, Education andStandards Committee

� Former Regional Director, Mpls.� Former Member, Regional Director Support and Standards Committee

� Former Member, AcademicAdvisory Committee

� 2007 Higher Standard Award

ANDRZEJ KULIK Head of Middle-Office at BRE Bank in Warsaw, Poland

� Regional Director, Poland Chapter

� Former Board Member

� Former Vice Chair, Executive Committee

� Founder, Regional DirectorCommittee

DARREN LANGER Head of Portfolio Management, Tyndall Investment ManagementLimited

� Former Regional Director, Sydney Chapter

� Former Vice Chairman

PHANG HONG LIM Group Chief Risk Officer,CIMB Banking Group

� Member, Regional DirectorSupport and StandardsCommittee

� Former Regional Director,Singapore Chapter

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


PRMIA LEADERSHIP FOUNDERS

ROBERT MARKManaging Partner and Chief Executive Officer, Black Diamond Risk

� Treasurer, Executive Committee

� Chair, Finance Committee


� Former Vice-Chair, ExecutiveCommittee

� Former Chair and Founder PRMIA Blue Ribbon Panel

DAN ROSENCEO, R2 Financial Technologies

� Member, Toronto Chapter Steering Committee

� Former Regional Director, Toronto Chapter

� Author, two chapters of PRM Handbook

NAWAL ROY Managing Partner, Shobhit Capital Group

� Former Member, Interim Board of Directors

� Former Member, EducationCommittee

� Former Regional Director, New York Chapter

SETH SHAPIRO Senior Vice President and Risk Strategist, Kibble and Prentice/USI

� Co-Regional Director, Seattle Chapter

ALEXANDER SHIPILOV VP, Investment Banking Audit, TD Bank Financial Group

� Member, Finance Committee

� Former and Present Member,Toronto Chapter Steering Committee

� Representative, 2011 ERMSymposium OrganizingCommittee

� Former Board Member

� Former Treasurer, ExecutiveCommittee

� Former Chair, Regional DirectorSupport & Standards Committee

SERGEY SMIRNOV Director of Financial Engineering and Risk Management Laboratory, Head of Risk Management and Insurance Department at State University – Higher School of Economics (Moscow)

� Member, Russia Chapter SteeringCommittee

� Member, Exam Sub-committee

� Former Regional Director, Russia

� Former Member, Education andStandards Committee

LARS SODERLIND Senior Advisor, Market andLiquidity Risk, Swedish FSA

� Former Regional Director, Sweden Chapter

� Former Steering Committee Member, Sweden Chapter

ZVI WIENER Professor, Head of FinanceDepartment, School of Business Administration, Hebrew University of Jerusalem

� Co-Regional Director, Israel

� Former Co-Chair, Education andStandards Committee

DEBBIE WILLIAMSDirector of Marketing, R2 Financial Technologies

� Member, Boston Chapter Steering Committee

� Former Regional Director, Boston Chapter

PRMIA has 65 chapters and nearly 80,000 members world-wide. We are a not-for-profit member-led association, foundedin 2002 by a large group of leading risk professionals and academics—some are profiled on this and the previous page.We are dedicated to the free exchange of ideas aimed atadvancing the standards of the risk management profession.Our certifications are taken in over 90 countries. www.prmia.org

You can find details about our founders at http://prmia.org/index.php?page=aboutus&option=aboutusFounders


EXECUTIVECarol Alexander, ChairChair of Financial RiskManagement, ICMACentre, Henley BusinessSchool

Thomas Day, Vice-ChairManaging Director of RiskSolutions and Policy,SunGard Ambit

Robert Mark, TreasurerManaging Partner andChief Executive Officer,Black Diamond Risk

Oscar McCarthy, SecretaryStrategic Risk Advisor, ABNAmro Markets

FINANCERobert Mark, ChairManaging Partner andChief Executive Officer,Black Diamond Risk

Bud HaslettExecutive Director,Research Foundation CFA Institute

David RowePresident, David M. Rowe Risk Advisory

Sunando RoyAdvisor – Inspection, Central Bank of Bahrain

Alexander ShipilovVP, Investment BankingAudit, TD Bank FinancialGroup

EDUCATIONPaul Glasserman, ChairJack R. Anderson Professor of Business, Columbia Business School

Carol AlexanderChair of Financial RiskManagement, ICMACentre, Henley BusinessSchool

George JabbourProfessor of Finance,George WashingtonUniversity School ofBusiness

David RowePresident, David M. Rowe Risk Advisory

Elizabeth SheedyAssociate Professor,Macquarie Applied FinanceCentre, MacquarieUniversity

Kalyan SunderamAdvisor, Bahrain Instituteof Banking and Finance

ACADEMIC PARTNERSHIPElizabeth Sheedy, ChairAssociate Professor,Macquarie Applied FinanceCentre, MacquarieUniversity

Alain BelangerAssociate Professor,Department of Finance,Faculty of Administration,Université de Sherbrooke

John BilsonProfessor of Finance &Director, MS Finance, IITStuart School of Business

Zhongyang ChenProfessor, Department ofApplied Finance, RenminUniversity of China

John CotterProfessor, UniversityCollege Dublin

Antoine FrachotHead of Groupe des EcolesNationales dEconomie etStatistiques France,Scientific advisor AONGlobal Risk Consulting

Luis SecoDepartment of Mathematics,University of Toronto,Director of RiskLab Torontoand President and CEO ofSigma Analysis &Management Ltd.

Rudi ZagstChair of MathematicalFinance, Department ofMathematics, TechnischeUniversität München andPresident of risklab GmbH,Germany

PUBLICATIONSCarol Alexander, ChairChair of Financial RiskManagement, ICMACentre, Henley BusinessSchool

Joel BessisProfessor of Finance, HEC Paris

Don ChanceJames C. Flores EndowedChair of MBA Studies andProfessor of Finance,Louisiana State University

Jonathan HowittCRO, Evolution Group

ITStanislav Seltser, ChairSoftware Engineer,SunGard

James FlowersQuality AssuranceEngineer, eOriginal Inc.

Michael DelkDeveloper, delkDev

EXAMS Kalyan Sunderam, ChairAdvisor, Bahrain Instituteof Banking and Finance

Kruskal HewittSenior Advisor, RiskManagement, J-Power

Markus HirschbergerSenior Hedging Analyst,Munich RE

Krzysztof JajugaProfessor, WroclawUniversity of Economics

Christoph ObenhuberRisk Manager – MarketRisk, Volksbank AG

Sergey SmirnovDirector of FinancialEngineering and RiskManagement Laboratory,Head of Risk Managementand Insurance Departmentat State University – HigherSchool of Economics(Moscow)

Scott WarnerSenior Consultant,Avantage (UK) Limited

Peter WoodDirector, UndergradBusiness and AccountingPrograms, Faculty ofMathematics, University of Waterloo

Liu YupingVice President, Wells Fargo

TRAINING David Rowe, ChairPresident, David M. Rowe Risk Advisory

Thomas DayManaging Director of Risk Solutions and Policy,SunGard Ambit

Greg GoellerChief Risk Officer, StandardBank CIB Africa

Christopher LaursenVice President, NERA EconomicConsulting

Daniel RodriguezChief Risk Officer, GlobalArbitrage Trading and theAmericas Equity Division at Credit Suisse

REGIONAL DIRECTORSUPPORT ANDSTANDARDS Faruk Patel, ChairChief Analyst, RiskManagement, NationalBank Financial Group

Warren Murdoch, Vice ChairConsultant, AMXI

Mark AbbottManaging Director, Headof Quantitative RiskManagement, TheGuardian Life InsuranceCompany of America

Syed AhmadSenior Financial Economist,Federal Housing FinanceAgency

Yerram Raju BeharaDirector, Development &Research Services (P) Ltd.

Carlos da CostaCommodity FuturesSpecialist, ScotiaMcLeod

Dominik DerschPrincipal Consultant, Dominik Dersch Beratung

Ikhtiar KaziDirector, Institutional Sales& Business Development

Sven LudwigRegional Manager BusinessDevelopment GermanyAustria Switzerland,Sungard

Mario SchlenerAssociate Director,Navigant Capital MarketsAdvisers, NavigantConsulting, Inc.

Andy StalmanisHead of Market RiskOversight, WholesaleLloyds Banking Group plc

Alberto Sanyuan SuenCEO, Ascent Brasil and FullProfessor of Finance,UMESP

Reserve MembersLaurent BiradeSenior Risk Consultant SASInstitute

Karina CarreroProject Manager, BAC Credomatic Network

Frank HaydenPrinciple, Risk andDecision

Phang Hong LimGroup Risk Officer, CIMBBanking Group

RESEARCHGeorge Jabbour, ChairProfessor of Finance andDirector of MSF Program,The George WashingtonUniversity School ofBusiness in DC

ETHICS David Koenig, ChairChief Executive Officer, TheGovernance Fund Advisors,LLC

John Paul BroussardAssociate Professor,Rutgers School of BusinessCamden

Frank HaydenPrinciple, Risk andDecision

Kruskal HewittSenior Advisor, RiskManagement, J-Power

Colin LawrenceDirector, Prudential RiskDivision, Financial ServicesAuthority (FSA VisitingProfessor, Risk Management,Cass Business School

Renato MainoSenior Lecturer, BocconiUniversity – Milan andTurin University, PoliticalEconomics Dept.Consultant on risk manage-ment matters

Robert MarkManaging Partner & ChiefExecutive Officer, BlackDiamond Risk

Colin StringerDirector, ParacosaConsulting Limited

Desheng Dash WuAffiliate Professor andManaging Director,RiskLab, University ofToronto; Director ofRiskLab China ResearchCenter

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||PRMIA LEADERSHIP COMMITTEES

iRiskoct11

Documents

Transcript of iRiskoct11