Control environment en incidenten bij Financiële instellingen
Round Table Charco & Dique 6 februari 2014
Jaap van Dijk 1
Ter keuze aan de deelnemers: Presentatie doorlopen en korte Q&A / discussie Gelijk naar de laatste slide en na korte
inleiding alleen maar Q&A / discussie
2
Finance & Control in the Financial Services Industry is Risk (y) Business By Jaap van Dijk CFO / CRO SNS Property Finance
2 December 2008
Finance & Control in the Financial Service Industry is a Risk(y) Business Evolution of Risk Management within SNS Property Finance The role of risk models (and the importance of a solid
datawarehouse) Independent position of Risk Management Position of the Finance function next to Risk Management (or... IFRS next to Basel II) Who is primary responsible for F&C and RM in the Board of Management? Conclusions 4
The evolution of Risk Management within SNS Property Finance 1989: Dutch communities founded Bouwfonds as a property developer and finance vehicle 2000: ABN AMRO acquired Bouwfonds (no risk function yet) 2003: building up a risk management function (2003; 3 fte, 2004; 4 fte, 2005; 11 fte, 2006; 13 fte, 2007; 16 fte and 2008 20 fte) 2006: SNS Reaal acquired Bouwfonds Property Finance, the financing subsidiary of Bouwfonds
2007 – 2008: strengthen the risk organisation, qualify for IRB foundation in assessing credit risks Key organisation characteristics: risk managers in the business for individual credit analysis (15 fte) and at corporate level for risk policies and portfolio analysis (5 fte) 5
Risk Management has an independent governance position CFO SNS Bank, chairman of the SNS PF Credit Risk Committee Credit Committee
Board of Management SNSPF CEO
Chief BU NL
Business Unit
Chief BU Int
Business Unit
CFO
Corp. RM
F&CD
functional hierarchic
Business RM
Business RM 6
The Risk Culture at most companies In most organizations the identification and management of risk is highly fragmented, so the board and the CEO find it hard to engage in a meaningful and informed analysis; the CEO usualy ends up relying on his or her gut instinct Lacks knowledge and risk vocabulary to engage in dialogue with management
Board Seeks strategic dialogue about risk but must rely on intuition
CEO Understands the risks but has little influence on decision making
Treasurer’s office
CRO
CFO
Business Unit
Business Unit
Uses sophisticated management tools, but only for short-term risk
Lack the sophistication to understand, much less measure, their own risks
Has narrow and siloed view of risk, often focusing on compliance
Business Unit Buelher, K., Freeman, A. & Hulme, R. (2008). Owning the right risks. Harvard Business review (september), 108.
7
The analist’s views Traditionally we report our portfolio size to measure our growth, the analists focus on the Risk Weighted Assets and determine criteria
against these RWA SNSPF mid 2008: Portfolio outstanding € 13 bln versus reported RWA of € 11,6 bln; criterium is (xy) bps loan loss charge versus RWA
8
Teaming of Finance and Risk Accounting for the past and manage the future Report on last years result but also on the development of
embedded value Account for risk appetite and the cost of capital associated with the risk profile ( e.g. in annual reports)
Or: promote managing on sustainable profits rather than short term results 9
Who is (or should be) responsible for F&C and RM within a Board? Multiple choice (please discuss): a) The CFO for both functions
b) The CFO for F&C and a CRO for RM c) The CRO for both functions d) The CEO for both functions e) There is no organisation template, it depends on the quality of leadership
10
What does CRO actually stand for? Multiple choice (please discuss): a) Chief Risk Officer
b) Chief Reward Officer c) Chief Risk/Reward Officer d) Chief Raspoetin Officer
11
Conclusions For financial institutions with a sound risk management practise and well tuned F&C and RM -departments there are no bad risks, just
bad prices (and this is true for any company) Risks that you can not properly assess (i.e. do not understand), you just do not accept Management reportings as well as external reportings mix
accounting for results with accounting for the risk profile; it is up to the F&C departments to live up to this new reality
12
Risicomanagement in tijden van crisis (en voor en na) Leen Paape e.a. november 2009
• De oorzaak van de crisis ligt in de basis in de VS: afgelopen decennium geen reële welvaartsgroei, want economische groei ging gepaard met forse stijging schulden. Te weinig besef van de prijs van risico; waardoor de Madoff’s van deze wereld de ruimte kregen • De financiële sector is te groot geworden (van 4% van GDP naar 8%; op het hoogtepunt kwam 46% van de earnings van de financiële sector) • September 2008 Balkenende/Bos/Wellink: wat ‘daar’ (VS) was gebeurd, kon hier niet gebeuren. De Nederlandse economie stond er goed voor, was in goede handen en zou de slechte omstandigheden doorstaan • En kort daarna moest aan bijna alle grote financiële instellingen staatssteun worden verleend… 13
Risicomanagement in tijden van crisis (2)
Er zijn geen onafhankelijke, deskundige, schone handen meer om de oorzaken vast te stellen c.q. de schuldigen / zondaars aan te
wijzen…. De usual suspects: a) de rating agencies b) de toezichthouders en c) de media ‘Het zijn risicomanagers, risicomanagementconsultants en andere
gebakken lucht verkopers die de zeepbel verder hebben helpen opblazen en daarmee mede aan de basis lagen van de toenemende tolerantie voor en zin in het nemen van meer en meer risico door investeringsbanken’ 14
Risicomanagement in tijden van crisis (3) Antwoord na de savings & loancrisis in de 80-er jaren: COSO I (In Control framework).
Later in COSO II nam risicomanagement een centralere rol in. Risicomanagement: kwantitatief kreeg de overhand, bood meeste zicht op capital relief (advanced measurement approach Basel II) Paape cs: organisaties bestaan uit eilanden / silo’s, de kunst is de juiste mensen en disciplines bij elkaar te brengen om overeenstemming te krijgen over paradigma’s en uitgangspunten (voorbeeld”: risk appetite, wat is een acceptabel risico?). Het gaat meer om mensen dan om modellen 15
Risicomanagement in tijden van crisis (4) Gary Neil, Confessions of a riskmanager, The Economist, 7 augustus 2008: The pressure on the risk department to keep up and approve transactions was immense….At the root of it all, was –and still is- a deeply ingrained flaw in the decision making process. In contrast to the law, where two sides make an equaland opposite argument that is fairly judged, in banks there is always a bias to one side of the argument. The business line was more focused on getting a transaction approved than on identifying the risks in what is was proposing. The risk factors were a small part of the presentation and always ‘mitigated’. This made it hard to discourage transactions. If a risk manager said no, he was immediately on a collision course with the business line. The risk thinking therefore leaned towards giving the benefit of doubt to the risk takers.
Nouriel Roubini, The Crisis and how to deal with it, The New York Review of Books, 11 juni 2009: We relied on internal risk management models, but nobody listened to risk managers when the risk takers were making all the profits in the banks.
16
Thema’s / dilemma’s
Zorgvuldigheid versus ‘buikgevoel’
Angst – durf
Vertrouwen – controle
Governance – leiderschap
Kwantitatief – kwalitatief
Substance - Form
Transparantie – vertrouwelijkheid
Gedragsregels - cultuur
Volledigheid - relevantie van info (de bomen en het bos)
Jack Welch: the system always beats you
Jan Hommen: it takes two to hire and one to fire
Emiel van Lennep: de goede inspecteur (van Financiën, vgl. riskmanager) is niet degene die het beste ‘nee’ kan roepen, maar die op de juiste momenten ‘ja’ zegt
Korte termijn – lange termijn doelstellingen
Macht – gezag
Verantwoordelijkheid – aansprakelijkheid
17