Understanding the sub-prime mortgage crisis
Download
Report
Transcript Understanding the sub-prime mortgage crisis
<Insert Picture Here>
ERM and internal controls- A dovetailed relationship
Mr. Ravi Varadachari
November 17, 2008
Safe Harbor Statement
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
Agenda
• Setting the stage
<Insert Picture Here>
• The changing landscape
• Key to Enterprise Risk Management
• Deep dive into ERM and Internal Controls
• Recommendations and Conclusions
© 2008 Oracle Corporation – Proprietary and Confidential
3
Enterprise Risk Management
Economic Risk
• Market risk
• Credit risk
Societal Risk
Financial Risk
• Operational risk
• Liquidity risk
• Interest rate risk
Technological Risk
•ALM
Geopolitical Risk
© 2008 Oracle Corporation – Proprietary and Confidential
• Concentration risk
• Financial
institutions
are
exposed to a variety of risks
like financial risk, economic
risk, geo-political risk and
societal risk.
• Traditionally, the focus has
been on understanding and
managing the financial risk.
• Enterprise Risk Management
is a mechanism to have a
holistic view of all the risks
that a financial institution is
exposed to at the right level
of granularity.
4
Global risks
Economic
• Oil price shock/energy
supply interruptions
• US economy
• Chinese economic
hard landing
• Fiscal crises caused
by demographic shift
• Blow up in asset
prices/excessive
indebtedness
Financial
• Market risk
• Credit risk
•Operations risk
•Liquidity risk
•Interest rate risk
•Concentration risk
Societal
• Pandemics
• Infectious diseases in the
developing world
• Chronic disease in the
developed world
• Liability regimes
Geopolitical
• International
terrorism
•
Proliferation
of
weapons
of
mass
destruction
• Civil wars and failed
and failing states
• Retrenchment from
globalization
• Middle East instability
Technological
• Breakdown of critical
information infrastructure
• Emergence of risks
associated
with
nanotechnology
© 2008 Oracle Corporation – Proprietary and Confidential
5
Agenda
• Setting the stage
<Insert Picture Here>
• The changing landscape
• Key to Enterprise Risk Management
• Deep dive into ERM and Internal Controls
• Recommendations and Conclusions
© 2008 Oracle Corporation – Proprietary and Confidential
6
Changing Landscape of Risk
• Financial Crisis Experienced by Banks/Financial Institutions
• Increase in “Rare Events”
7
The current financial crisis
16th Mar ’08- Bear Stearns
17th Sept ’08- AIG
•Bear Stearns gets acquired for $2 a
share by JP Morgan Chase in a fire sale
avoiding bankruptcy.
•The US Federal Reserve loans $85 billion
to American International Group (AIG) to
avoid bankruptcy
7th Sept ’08- Fannie Mae & Freddie Mac
•Federal takeover of Fannie Mae and
Freddie Mac was based on a growing
concern about the liquidity of the firms
• These two companies back-up nearly
half the country’s mortgages.
15th Sept ’08- Lehman Brothers
•Liquidity crisis forced Lehman
Brothers to file for bankruptcy
© 2008 Oracle Corporation – Proprietary and Confidential
25th Sept ’08- Washington Mutual
•Liquidity crisis due to a 10-day bank run
forced the OTS (Office of Thrift and
Supervision) to place the bank under FDIC.
•The banking assets were sold to J P Morgan
Chase.
29th Sept ’08- Wachovia Bank
•Wachovia Bank was acquired by Wells
Fargo
• The bank was invested heavily in
adjustable-rate-mortgages and faced
severe losses.
8
The Global Story …
14th Sept ’07- Northern Rock Bank, UK
•UKs fifth largest mortgage lender
sought financial support from the Bank
of England. The bank was taken into
state ownership/nationalized
•This was on account of the global credit
crunch triggered by the sub-prime
mortgage crisis in the US.
18th Sept ’08- HBOS, UK
•HBOS was taken over by Lloyds
Bank TSB.
• The share prices suffered heavy
fluctuations on account of short selling
and rumors of a credit crunch.
© 2008 Oracle Corporation – Proprietary and Confidential
29th Sept ’08- Bradford & Bingley, UK
•The share prices of the bank fell on
account of the credit crunch.
•The bank was nationalized and the
Spanish bank Group Santander
acquired all the savings bank assets.
29th Sept ’08- Fortis Bank, Belgium
•The bank was partially nationalized
by the European Central Bank
• The share prices fell dramatically on
account of rumors of insolvency.
•Can be attributed to the sub-prime
mortgage crisis in the US
9
The Black Swam Phenomenon
“No amount of observations of white swans can allow the inference
that all swans are white, but the observation of a single black swan
is sufficient to refute that conclusion.”
What is a Black Swam?
•It is an Event
•Hard to predict based on historical data
•After the event – many people saw it coming
Stress testing models must assume black swan events to ensure greater
predictive power.
The London “Millennium Bridge”
Incident
Source: http://www.urban75.org/london/
The London “Millennium Bridge”
Incident
London Bridge – Architect Lord Norman Foster
Source: http://www.urban75.org/london/
Agenda
• Setting the stage
<Insert Picture Here>
• The changing landscape
• Key to Enterprise Risk Management
• Deep dive into ERM and Internal Controls
• Recommendations and Conclusions
© 2008 Oracle Corporation – Proprietary and Confidential
13
Key to effective Enterprise Risk
Management
• How Do We Address ERM?
• Risk measurement and management
• Regulatory capital
• Economic capital
• Risk based pricing and compensation
• Stress testing
• Internal controls and mechanisms
• Strategy
• Governance
• Organization structure
• Processes, Policies and Procedures
© 2008 Oracle Corporation – Proprietary and Confidential
14
Agenda
• Setting the stage
<Insert Picture Here>
• The changing landscape
• Key to Enterprise Risk Management
• Deep dive into ERM and Internal Controls
• Recommendations and Conclusions
© 2008 Oracle Corporation – Proprietary and Confidential
15
Regulatory, Economic and Book Capital
Regulatory Capital : Capital that banks are required to hold by their regulator
“The amount of capital a bank must have to stay in business”
Under the Basel II framework – computed based on a prescriptive formula for credit
risk
Economic Capital : Capital that is required commensurate with the risk profile of the
bank
“The amount of capital a bank should have”
Various models to estimate economic capital - stochastic view
Endeavor is to use it for business decisions
Book Capital : Capital that a prudent bank would choose to hold
“The amount of capital a bank that a bank has on its book”
Economic book value – different from accounting concept of book value
Concept of risk appetite
Framework for Capital Estimation
Credit Risk Capital
Market Risk Capital
Operational Risk Capital
Risk Capital –Other Risks
Total Capital
Capital Management
Key Differences – EC and RC
Economic Capital
Focus on deriving numbers useful
for business decisions
Focus on “dotting the “i’s” and
crossing the “t’s”
Doing it Right
Doing it Right & demonstrating
that “we have done it right”
Auditability
Lower focus on auditability
High focus on auditability
Frequency
Continuous Process
Monthly/Quarterly/Year End
focused
Objective
Success Condition
18
Regulatory Capital
Will RC Converge with EC?
Uniformity – Regulatory capital should be based on similar principles
while economic capital can be different
Simplicity – Regulatory capital methods need to be simple while
economic capital models can be sophisticated in tune with the
underlying business
Conservatism: Regulatory capital would be more conservative that
economic capital methods
Substantial “Distance to Travel” before convergence!!
Risk Adjusted Performance Evaluation
Accounting notion of return on assets (ROA), has long been used as a bank-wide performance metric
Shareholders perspective brought in by using return on equity (ROE) instead of ROA
Both of the above performance metrics have two shortfalls namely:
The measures do not take into account “risk”
These measures can only be applied at a bank wide level & not for individual business lines
Risk adjusted performance metrics were hence developed to counter the above shortfalls. Bankers trust a
commercial bank came out with the concept of RAROC (“Risk Adjusted Return On Capital)
Where :
“Expected Loss” is the mean of the loss distribution associated with the portfolio/business line
“Capital” is the capital deployed for the portfolio/business line; it is mostly understood as the “Economic
Capital” for the portfolio/business line & the “Income from Capital” is the additional income generated by
investing that capital
Stress testing – Key to Capital Management
• Demanded as part of Pillar II by most regulators
• Estimation of capital under Pillar I assumes “Steady State” and the estimate may be
“point-in-time” as opposed to a range based on economic cycles (Through the cycle
rating)
• The requirement of capital under “stressed conditions” and “unfavorable events” need to
be understood
• Stress testing can be used to check if the “capital buffer” is sufficient under conditions
described
• Regulators concerned about Procyclicality that may exacerbate an economic crisis
further– stress testing may be a solution
• Rigor in methodology to be demonstrated
Regulatory Expectation
Regulator
Prescription
Basel II
•
NPR
Supervisors expect that banks will manage their regulatory capital position so that they
remain at least adequately capitalized during all phases of the economic cycle.
• A bank may choose to have scenarios apply to an entire portfolio, or it may identify scenarios
specific to various sub portfolio.
• The severity of the stress scenarios should be consistent with the periodic economic downturns
experienced in the bank’s market areas.
• The scope of stress testing analysis should be broad and include all material portfolios.
• The time horizon of the analysis should be consistent with the specifics of the scenario on key
performance measures.
Basel II Pillar 1
• Paragraphs 435 -437, highlights requirements for stressing risk parameters like PD, LGD &
EAD under downturn economic conditions.
• Stress testing to include impact of a deterioration in the credit quality of the protection
providers.
• Basel II Pillar 2 Principal
• Banks should have a process for assessing their overall capital adequacy in relation to their
risk profile and a strategy for maintaining their capital levels.
“ In assessing capital adequacy, bank management needs to be mindful of the particular
stage of the business cycle in which the bank is operating. Rigorous, forward-looking
stress testing that identifies possible events or changes in market conditions that could
adversely impact the bank should be performed.”
Regulatory Expectation: CRD – FSA - BIPRU
Regulator
Prescription
FSA Guidelines,
CP06/3
“A firm must have in place sound stress testing processes for use in the assessment of its
capital adequacy. Stress testing must involve identifying possible events or future changes in
economic conditions that could have unfavorable effects on the firm’s credit exposures and
assessment of the firm’s ability to withstand such changes.”
FSA Guidelines,
CP06/3
“The CRD requires firms to perform this stress-test but is silent on what they should do with
the results. CP05/3 (BIPRU) made the superequivalent proposal that the amount that results
from the stress-test be held as an additional capital requirement. In response to the feedback
to CP05/3, we now propose that the stress-test be used as the starting point of a discussion
with firms as to whether they have adequate contingency plans to manage their capital
(relative to their Pillar 1 capital requirements) through a recession (now defined as a
recession roughly equal in severity to the early 1990s recession).”
Design of Stress Tests - Critical
• Based on past events (9-11, market crash of 1987, financial crisis of 2008)
• Plausible scenarios/identification of a set of appropriate risk factors in the
specific context of the portfolio:
• Realistic
• Corresponds to the approach and portfolio of exposures
• Informative and valuable to risk management objectives
• Design of “Perfect Storms”
• Simultaneous occurrence of multiple events/scenarios
• Bottoms-up: Stressing PDs, Transition matrices, top ten accounts
• Top-Down: Stressing GDP and other macro economic variables
© 2008 Oracle Corporation – Proprietary and Confidential
Integrating Internal controls
• Internal control is a process, effected by an entity’s
board of directors, management and other personnel
and designed to encompass the following key
elements•
•
•
•
Strategy
Governance
Organization structure
Policies, procedures and processes
© 2008 Oracle Corporation – Proprietary and Confidential
25
ERM frameworks for internal control
• UK - The Combined Code (2003) and Turnbull (2005)
• US – Committee of Sponsoring Organizations (COSO) ERM (2004)
• Australia/New Zealand 4360 Standard on Risk Management 1999, 2004
• South Africa– King II Report (2002)
• Federation of European Risk Management Association (FERMA) (2004)
• Basel II (2004)
© 2008 Oracle Corporation – Proprietary and Confidential
26
The COSO ERM framework
•The eight components of the
framework are interrelated.
Monitoring
Information and
communication
Internal
environment
Objective
setting
ERM
Framework
Control
activities
Event
identification
Risk
response
© 2008 Oracle Corporation – Proprietary and Confidential
Risk
assessment
•It considers activities at all
levels of the organization.
•The objectives can be viewed
in the context of four
categories•Strategic
•Operations
•Reporting
•Compliance
•A strong system of internal
control
is
essential
to
effective
enterprise
risk
management.
27
Agenda
• Setting the stage
<Insert Picture Here>
• The changing landscape
• Key to Enterprise Risk Management
• Deep dive into ERM
• Recommendations and Conclusions
© 2008 Oracle Corporation – Proprietary and Confidential
28
Six principles for effective ERM
implementation
•
•
•
•
•
•
Ensure Top Management Commitment
Holistic view of risk management, compliance and
controls
Bridge the Islands
Ensure Data Quality
Design an Appropriate Technology Architecture
Cost- benefit analysis
© 2008 Oracle Corporation – Proprietary and Confidential
29
1. Management Commitment
Management to see benefits of compliance – else will
be treated as a cost of doing business
Source:
www.cartoonbank.com
30
2. Holistic view
IFRS / IAS 32,39
• Harmonizing & Upgrading
of accounting standards
• Valuation methodology
• Disclosure & presentation
of financial statements
SOX & IFRS / IAS 32,39
• Internal Controls over
recording, validating &
accounting
• Presentation,
Disclosure & Financial
reporting
SOX & Operational Risk
• Risk & Control identification
& assessment
• Key Risk Indicators
• Scenario & Risk
Management
• Reporting
Basel II Credit, Operations
& Market Risk & IFRS /
IAS 32.39
• MTM / Valuation of assets,
instruments, Collaterals
• NPA & default definition
• Hedging treatment
• Reconciliation of risk &
finance data
Basel II – Credit , Market &
Operations Risk
• Capital Adequacy
• Supervisory Review and
Market Disclosure
• Improved Risk management
31
SOX Selection 404
• CEO / CFO certification on
accuracy & reliability of
Financial Statement
• Management assessment
& audition attestation
COSO Framework
• ERM program
• Risk assessment and
response
• Internal control
• Monitoring and reporting
AML & Operational Risk
• AML operational process
• Surveillance & detection
of suspicious transactions
• Scenarios
• Reporting
3. Bridge the Islands …
Traditional Approach
BDRP
IT
Security
Enterprise Wide Approach
External Audit,
Regulators
Customer
Service
Internal Audit
Independent validation
OpRisk Function
Facilitator and
validator
Compliance
HR
Corporate
Communications
Controllers
Security
Line of Business
Primary
Responsibility for OR
Facilities
Mgt
Legal
Audit
Individual
LoB
Mgt
32
Insurance
Specialist Departments
Legal, Compliance, HR,
Insurance…
4. Ensure Data Quality
Source:
www.cartoonbank.com
33
5. Appropriate technology architecture
Performance Management
Capital Allocation/Attribution
Capital Computation
Exposure Measurement
Monitoring
Assessment
Controls
Technology Sophistication
34
Coverage
Loss Estimates
6. Cost Benefit Analysis
Source:
www.cartoonbank.com
35
Amount of fines
Potential benefit and cost
2004
4.53 billion USD
2003
4.21 billion USD
2002
2.95 billion USD
Source: Forbes – Wall Street Fine
Tracker
Capital
10
10
10
10
Borrowings
90
100
110
120
Total assets
100
110
120
130
Average cost of
borrowings
4%
4%
4%
4%
Average yield on
loans
7%
7%
7%
7%
Average costs
1%
1%
1%
1%
Interest Income
7.0
7.7
8.4
9.1
Interest Expenses
3.6
4.0
4.4
4.8
Other Expenses
1.0
1.1
1.2
1.3
Net Income
2.4
2.6
2.8
3.0
Return on Equity
24%
26%
28%
30%
Time
Substantial impact on RoE and profitability in the long term
Thank you
Mr. Ravi Varadachari
Practice Leader – Risk Management & Compliance
[email protected]
+1 917 502 9480
© 2008 Oracle Corporation – Proprietary and Confidential
37