Escolar Documentos
Profissional Documentos
Cultura Documentos
12/4/2013
PublicInformation
MalaysiaDepositInsuranceCorporation
ANewRoleofEnterpriseRiskManagement(ERM)asan
e oeo
te p se s
a age e t (
) as a
IndependentFunction:ACaseinPointfromMalaysia
22 24April2013
PublicInformation
Contents
Objectives
AbriefbackgroundofMalaysiaDepositInsuranceCorporation
(MDIC)
(M IC)
RegulatorylandscapeofERMinMalaysia
KeyRolesandResponsibilitiesinrelationtoERMinMDIC
ValueaddedIndependentERMFunctionatvariousstagesofthe
ERMProcessinMDIC
ERM P
i MDIC
KeyTakeaways
12/4/2013
PublicInformation
Objectives
PublicInformation
Objectives
To provide a different perspective on the roles and reporting
structure of the Chief Risk Officer (CRO) and the ERM Function as an
independent function
To evaluate the importance of having an independent CRO and ERM
Function
To provide an alternative reporting structure and roles of CRO and
ERM Function in your respective organizations
12/4/2013
PublicInformation
ABriefBackgroundofMDIC
PublicInformation
MDICasaComponentofSafetyNet
FINANCIALSAFETYNET
Prudential
regulationand
supervision
Lenderoflastresort
facilitytoassistbanks
facingtemporary
facing temporary
liquidityproblems
Deposit
insurance
system
Depositinsuranceenhancesdepositors confidence
12/4/2013
PublicInformation
EstablishmentofDepositInsuranceSysteminMalaysia
iii) Th M l i
iii)TheMalaysia
DepositInsurance
CorporationAct2005
enactedbyParliament.
July2005
v)MDICAct2011enacted
byParliament expanded
iv)LaunchofMDIC(locally mandatetoadminister
knownasPIDM)
TakafulandInsurance
establishedtoadminister BenefitsProtectionSystem
thedepositinsurance
(TIPS)
systeminMalaysia.
31December2010
1September2005
ii)DepositInsuranceTaskForce
formedbyCentralBankof
Malaysia studied&compared
bestpracticesofestablished
best practices of established
depositinsurancesystemsinother
countries.
2001
i)FinancialSectorMasterPlan
recommendedtheestablishmentofa
depositinsurancesysteminMalaysia.
MDICwastheDeposit
InsuranceOrganizationfor
2011bytheInternational
AssociationofDeposit
Insurers(IADI)
PublicInformation
WhatProtectiondoesMDICProvide?
MDIC administers2separatefinancial
consumerprotectionschemes
DepositInsuranceSystem
TakafulandInsuranceBenefitsProtectionSystem(TIPS)
Protectsagainstlossof
depositsuptoRM250,000
((USD81,000))
Protectsagainstlossofeligibletakafulandinsurance
benefitsuptotheprescribedlimits
Conventional
Conventional
Deposit
Insurance
Fund
Islamic
Deposit
Insurance
Fund
General
Insurance
Protection
Fund
Life
Insurance
Protection
Fund
Islamic
General
Takaful
Protection
Fund
Family
Solidarityy
Takaful
Protection
Fund
Funding (Combinedexanteandexpostfundingbymemberinstitutions)
Annualpremiumcontributions coverannualoperatingexpensesandbuilddepositandinsurancereservefundsovertime
Expostleviestofundunexpectedlosses governmentcreditlinefacilityforliquidityneedsandandcanraisefundsfrom
thecapitalmarket
Nocomminglingoffunds
12/4/2013
PublicInformation
RegulatoryLandscapeofERMinMalaysia
PublicInformation
KeyERMGuidelinesandStandards
TheCommitteeof
Sponsoring
Organizationsof
g
theTreadway
Commission
(COSO)
FederationofEuropeanRisk
ManagementAssociations(FERMA)
A Risk Management Standard
ARiskManagementStandard
EnterpriseRisk
Management
Integrated
Framework
AS/NZSISO31000:2009
RiskManagement
Ri k M
t Principles
Pi i l
andGuidelines
ISO31000:2009
RiskManagement GuidelinesonPrinciples
andImplementationofRiskManagement
10
12/4/2013
PublicInformation
FinancialStabilityBoardsThematicReviewonRiskGovernance
Recommendations on the CRO:
Set requirements to elevate the CROs stature, authority, and
independence in the firm.
Direct reporting line to the CEO and a distinct role from other
executive functions and business line responsibilities (e.g. no dual
hatting).
Involve in activities and decisions (from a risk perspective) that may
p
affect the firms p
prospective
risk p
profile
Source:FinancialStabilityBoard,ThematicReviewonRiskGovernance PeerReviewReport,
12February2013
11
PublicInformation
PrimaryLegislativeandRegulatoryRequirements
forERMinMalaysia
Regulatory Body
Guidelines
Companies
CentralBankofMalaysia
RiskGovernance
FinancialInstitutions
Securities Commission
SecuritiesCommission
Malaysian Code on
MalaysianCodeon
CorporateGovernance
BursaMalaysia(Malaysias
StockExchange)
CorporateGovernance
PublicListed Companies
Guide TowardsBoardroom
Excellence
BursaMalaysia(Malaysias
StockExchange)
GuidelinesforDirectorsof
PublicListed Companies
ListedIssuers Statementon
RiskManagement&Internal
Controll
12
12
12/4/2013
PublicInformation
SalientFeaturesofRiskGovernanceGuidelines
issuedbyCentralBankofMalaysia
SeniorManagementoversight
Principle 3: Senior management is responsible for ensuring that the daytoday
orgnizationss activities is consistent with the risk strategy,
strategy
management of the orgnization
including risk appetite, and policies approved by the board.
Riskmanagementandinternalcontrols
Principle 6: Financial institutions must establish an independent senior risk
executive role with distinct responsibility for the risk management function and
the organizations risk management framework across the entire organization.
Principle 7: Financial institutions must establish and maintain an effective risk
management function with sufficient authority, stature, independence,
resources to the board.
Principle 8: Effective implementation of the risk management framework must
be reinforced with an effective compliance function and subjected to an
independent internal audit review.
13
PublicInformation
TraditionalvsIndependentRolesofCRO/ERMFunction
intheContextofMalaysia
Parties/Reporting
Line
TraditionalRoles
IndependentRoles
Board
Ultimateownersofrisk
Ultimateownersofrisk
BoardAudit
Committee(AC)/Risk
Management
Committee(RMC)
Assisttheboard toprovide
oversightontherisk
management
Assisttheboard toprovide
oversightontheriskmanagement
Management
Daytoday managementof
riskactivities
Daytoday managementofrisk
activities
ERMFunction
Partofmanagement
functions
Independentfromexecutive
functionsanddoes nothaveany
managementorfinancial
responsibilityfunctions
Reporting
CFO/CEO
AdministrativelytotheCEO;
FunctionallytotheAC/RMC
14
14
12/4/2013
PublicInformation
KeyRolesandResponsibilitiesinRelation
toERMinMDIC
15
PublicInformation
GovernanceofMDIC
MDICreportstoParliamentthroughMinisterofFinance.
BoardofDirectorsstructure:
GovernorofCentralBankofMalaysia(exofficio).
SecretaryGeneralofTreasury(exofficio).
Notmorethan6membersfromthepublicandprivatesectors
appointedbyMinisterofFinance.
CEO:
16
AppointedbyMinisterofFinanceontherecommendationoftheBoardof
Directors.
NotamemberoftheBoardofDirectors.
16
12/4/2013
PublicInformation
TheERMOversightStructureinMDIC
BoardofDirectors
Auditand
Consulting
Consulting
Services
Audit
Committee
ERMCommitteeiscomposed
ofheadsofkeyfunctionsand
ischairedbytheCEO
ERM
Committee
StrategicPlanningand
ERM(PERM)WorkingCommitteeis
composedofrepresentatives
fromalldivisionsand
ischairedbytheGMofStrategicPlanningDivision
PERM
Committee
ERM Division*
ERMDivision
ERM
Division
provides
secretariat
services
tothese
committees
RiskOwners
Communications
andPublicAffairs
Financeand
Administration
Human
Capital
Insurance,
Risk
Assessment
and
Monitoring
Intervention
andFailure
Resolution
Legal
Policyand
International
Strategic
Planning
*The CROreportsfunctionallytotheBoardviatheACandadministrativelytotheCEO.
17
PublicInformation
OtherERMRelatedRequirementsinMDIC
ERM Charter: sets out the mission, accountability & responsibility, ERM
oversight structure, independence & objectivity, authority, and quality
assurance & continuous improvements.
MDICss commitment to sound risk
ERM Policy: declares and affirms MDIC
management and reaffirms the roles and responsibilities of the Board, Audit
Committee, ERM Committee, CRO and Management on ERM.
ERM Procedure: sets out the ERM Framework and defines a consistent process
for identifying, assessing, evaluating, treating, monitoring and communicating
the significant risks faced by the Corporation.
ERM Effectiveness Assessment Framework:
Framework aims to measure the effectiveness
of the current ERM programme and practices against the spectrum of maturity
levels of ERM practices.
18
12/4/2013
PublicInformation
ValueaddedIndependentERMFunction
atVariousStagesof
theERMProcessinMDIC
19
PublicInformation
TheERMProcessinMDIC
1.EstablishtheContext
(Objectives;RiskImpact;and
RiskAppetite/Tolerance)
5.MonitortheEffectiveness
ofRiskActionPlans
ImplementedandReassess
theImpactonRiskRating
ERMRiskAssessment
2.Corporateand
Framework
DivisionalRisk
Assessment
3.RiskTreatmentOptionSelection
y
andPreliminaryRiskActionPlans
Preparation
4.Followuponthe
ImplementationofRisk
l
i
f i k
ActionPlans
20
10
12/4/2013
PublicInformation
Phase1:EstablishtheContext
Objectives
RiskAppetite/Tolerance
Risk Parameter:
Factors
Mandate
Vision
Mission
RISK APPETITE/
TOLERANCE:
Corporate
Values
StrategicThrusts
CorporateObjectives
CorporateInitiatives
INRAM
Policyand
Interna
tional
IFR
Human
Capital
Strategic
Planning
Auditand
Consulting
Services
Communica
tionsand
PublicAffairs
Public
Affairs
FINAD
Legal
CEOsOffice
RiskParameters
RISK CAPACITY:
Level of risk MDIC
could not afford to
accept/tolerate
Financial
Factors
Financial Loss
Non-Financial
Factors (Internal )
Employees
Achievement of
Corporate
Initiatives
Operational
Requirements
and Continuity
Non-Financial
Factors (External)
Financial
Soundness of
MIs
Risk
Parameter:
Impact
4
Critical
3
Major
2
Minor
1
Insignificant
Public
Confidence /
Reputation
ERM
21
PublicInformation
Phase2:CorporateandDivisionalRiskAssessment
RISKIDENTIFICATION
1
IdentifytheCorporateandDivisionalriskanddescribetheunderlyingriskevents
RISKASSESSMENTANDANALYSIS
2
Determinetheconsequences
Determinethegrosslikelihood(Unlikely,Low,Moderate,High)
4
5
6
Determinethegrossimpact(Insignificant,Minor,Major,Critical)
Determinegrossriskrating(WellManaged,Concern,ExtraordinaryEvents,SeriousConcern)
RISKEVALUATION
7
8
9
10
Identifycurrentcontrolsandcontroltypes(Preventive,Detective,Corrective)
Determinecontroleffectiveness
Determine
control effectiveness (High,Moderate,Ineffective)
(High Moderate Ineffective)
Reevaluatethegrossriskrating
11
Determineresidualriskrating(WellManaged,Concern,ExtraordinaryEvents,SeriousConcern)
Determineresidualrisktrend(Increase,Decrease,Stable)
12
RiskMap,RiskProfileandRiskRegisters
22
11
12/4/2013
PublicInformation
Phase3:RiskTreatmentOptionSelectionand
PreliminaryRiskActionPlansPreparation
1
Identifyriskownerandcoowners
y
Identifyrisktreatmentoptions
Determinerationaleforrisktreatment
optionsselected
Preparepreliminaryriskactionplans
RevisebytheCEO/ERMCommittee
/
TabletotheACforendorsement
23
PublicInformation
Phase4:FollowupontheImplementationofRisk
ActionPlans
1
Reviewtheimplementationstatusof
agreedriskactionplans
Assessviabilitytocompletewithinthe
expectedenddate
Reviewtheriskactionplans
Measuretheimplementationstatus
EndorsebytheCEO/ERMCommittee
E d
b th CEO/ERM C
itt
UpdatetheAContheimplementationstatus
24
12
12/4/2013
PublicInformation
Phase5:MonitortheEffectivenessofRiskActionPlan
ImplementedandReassesstheImpactonRiskRating
1
Reassesstheimplementationstatus
Updatethecontrols
Reassessthecontroleffectiveness
Reassesstheresidualriskrating
EndorsebytheCEO/ERMCommittee
UpdatetheAContheimplementationstatus
andrevisedriskrating
25
PublicInformation
BoardRiskPolicies
BoardRiskPolicy
1.0Definition
2.0Policy
2.1BoardofDirectors
Oversight
2.2BoardsExpectations
3.0RiskPolicyReview
13
12/4/2013
PublicInformation
CorporatewideBoardRiskReport
To outline the current controls, processes and
Management oversight in place in managing the
respective risk category.
BoardRiskReport
1 0 Definition
1.0Definition
2.0RiskOwner
3.0BackgroundoftheRisk
4.0CurrentInternalControls,
Practices,andOversight
OverRiskExposure
5.0OverallAssessmentofthe
Risk,ConclusionandRisk
ActionPlans
whetherManagementismeetingtheexpectations
oftheBoardRiskPolices;and
thestatusofkeyinitiativestobetakentolowerthe
residualriskforeachoftheriskcategories/subrisk
categories.
27
PublicInformation
TheSynergies ERM,StrategicPlanningandInternalAudit
ERM
keyactivities
StrategicPlanningkey
activities
Strategicsettingand
planning
EnvironmentalScan&
RiskIdentification
external
and internal
externalandinternal
Corporate Planning
CorporatePlanning
process
Strategicdirection
andKeyPerformance
Indicators
Corporateperformance
management Balanced
Scorecard
Divisionalbusinessplans
andperformance
reporting
Monitoringand
reportingtoEMC,AC
andBoard
3yearAuditPlan
Strategic
managementaudit
HighlevelRiskIdentification&
Assessment AnnualERM
Workshop
OngoingRiskAssessment,
Monitoring&Review
Quarterlymonitoringand
trackingofActionPlans
AnnualReviewofERMpolicies
andguidelines
3yearAuditPlan
ERM audit
ValidateControls
p
IdentifiedinRiskprofile
InternalAuditkeyactivities
RepresentationstoBoardand
Management
RiskbasedAuditPlanning
RiskbasedAuditing
28
14
12/4/2013
PublicInformation
KeyTakeaways
29
PublicInformation
KeyTakeaways
Compare the roles of CRO and ERM Function of your respective
organizations to MDIC.
Evaluate the importance of having an independent CRO and ERM
Function for your respective organizations in providing
independent and unbiased advice on significant risks and ERM
related matters in the decision making process.
Select the best reporting structure and roles of the CRO to create
value to the Board of Directors in discharging its responsibilities
and in providing oversight on the significant risks.
30
15
12/4/2013
PublicInformation
ThankYou
31
16