Escolar Documentos
Profissional Documentos
Cultura Documentos
the journal
Tackling the key issues in banking and capital markets*
June 2006
1
Contents
Page
Editor’s comments 2
24
Securitisation – an exotic option or a necessity?
Confident in compliance? 32
40
Does identity theft affect your organisation?
Editor’s comments
by Chris Lucas
the journal • Tackling the key issues in banking and capital markets
Chris Lucas
Chairman, Global Banking &
Capital Markets Executive Team
Tel: 44 20 7804 9652
Email: christopher.g.lucas@uk.pwc.com
Welcome to the June 2006 edition of the and over 1,200 commercial banks, months. In ‘Confident in compliance’,
journal. The past few months have seen it seems Russia’s banking sector has Martin Hislop, Jan Willem Kaptein and
some challenging new developments a huge potential for profitable growth. Alex Shapland explore the principal
within the global banking and capital Economic growth, higher real incomes objectives and management of
markets industry. and more purchasing power, as well compliance reporting within a financial
as increasing transparency and market services organisation, as well as
The potential impact of the Markets in openness are generating significant suggesting the key elements needed
Financial Instruments Directive (MiFID) interest in this country’s financial services in a well-structured and effective
on the financial services sector is of such sector. In our country profile ‘Russia’s compliance-reporting framework.
significance that all firms should already banking sector: Huge growth potential
be assessing the impact of the proposed for aggressive players’, Rick Munn, In 2003, the US Federal Trade
requirements on their business. Not Evgeniy Kriventsev and Oleg Mosyazh Commission found that 215,000 reports
only does it present wide-ranging provide an in-depth analysis of the of identity theft and fraud had cost
organisational challenges, affecting key sector and the potential opportunities, Americans at least US$437 million.
areas of the business, but it will also and risks, that exist there. As identity theft attacks become
impact the way markets operate. Firms increasingly more frequent and diverse
need to consider changes to their ‘Regulators across the world face a range across the globe, in ‘Does identity theft
internal procedures and systems, and of unenviable challenges in seeking affect your organisation?’, Mark Vos,
to the procedures by which, and the to interpret and supervise Pillar 2, Jan Schreuder and Philip Riley look
systems through which, they will interface write Richard Barfield, Chris Matten at how identity theft is threatening the
with the new market structure and other and Shyam Venkat in ‘The practical banking industry and explore practical
market participants. In our opening article application of Pillar 2: Understanding measures organisations can take now
entitled, ‘MiFID: European regulation with what supervisors are looking for in a to protect themselves against the risks.
global impact’, Graham O’Connell and bank’s capital assessment’. Regulators’
Matthew Oswald assess some of the expectations, the views and concerns I hope you find this edition of the journal
key requirements of the Directive and of industry participants, and the many of interest. Please do continue to provide
its impact on business strategy and practical considerations are some of us with feedback on the topics you would
operations within the banking industry. the areas tackled in this article. like to see addressed in future editions.
the journal • Tackling the key issues in banking and capital markets
The Markets in Financial Instruments Directive:
European regulation with global impact
4
the journal • Tackling the key issues in banking and capital markets
Graham O’Connell Matthew Oswald
Director, Financial Services Senior Consultant,
Regulatory Practice, UK Financial Services, UK
Tel: 44 20 7212 3826 Tel: 44 20 7804 4230
Email: graham.r.oconnell@uk.pwc.com Email: matthew.c.oswald@uk.pwc.com
Why is MiFID important? (see Figure 1) and services (see Figure 2) investment markets. It is for this reason
and establishes rules around governance, that MiFID should not be considered as
The Markets in Financial Instruments trading, risk, compliance, operations, a ‘compliance’ issue, but as a far more
Directive (MiFID) is one of the most systems, customer documentation and fundamental driver for business change
significant pieces of Financial Services outsourcing (see Figure 3). The main in investment firms and markets.
legislation to be enacted by the European objectives are increasing price
Parliament to date. It will result in a transparency in the markets; increasing A new equity market structure
radical change to market dynamics in awareness of risk amongst customers;
all investment sectors and will require and promoting greater competition In equity markets, MiFID will sweep away
market participants to take fundamental amongst execution venues. The EU has the current concentration rules that
strategic decisions in order to establish deliberately set out to create a framework require trading to be carried out over
an effective operating model in the which will affect the way that business is national exchanges, and will further open
post-MiFID world. Wholesale and retail conducted and change the dynamic of up cross-border trading. In order to
markets will both be significantly affected
and for individual firms the impact will
Figure 1: Investment products covered
be felt in Trading, Research, Fund
Management, Operations, Settlements • Transferable securities
and Compliance. Above all, the • Money market instruments
effectiveness of a firm’s approach to • Units in collective investments
assessing the impact of MiFID and • Options, futures, swaps and any other derivative contracts related to
implementing the required changes will securities, interest rates or yields
have a direct effect on the firm’s future • Options, futures, swaps and any other derivative contracts related to
effectiveness and profitability. commodities that may be settled in cash
• Options, futures, swaps and any other derivative contracts related to
The objective behind commodities that may be settled physically and are traded on a regulated
the regulation market or MTF
• Options, futures, swaps and any other derivative contracts related to climatic
MiFID is a cornerstone of the European
variables, freight rates, emission allowances or inflation rates that may be
Union’s aim to develop a single European
settled in cash
securities market with common standards.
• Financial contracts for difference
MiFID itself is a harmonised set of
Conduct of Business requirements • Derivative instruments for the transfer of Credit risk
Source: PricewaterhouseCoopers
which covers all investment products
the journal • Tackling the key issues in banking and capital markets
The Markets in Financial Instruments Directive: continued
the journal • Tackling the key issues in banking and capital markets
7
will be a market-led solution to the The effect of MiFID on Buy The introduction of MiFID will require
consolidation of price reporting. Side firms these firms to either change global
Consequently, there will be increased systems and controls to address
competition amongst data vendors, A key objective of MiFID is to increase European regulation, or else they will
MTFs, exchanges and investment banks awareness of risk and improve need to decouple their global processes
to establish themselves as the accepted transparency in the trading and advice and establish stand-alone systems and
source of centralised price publication process. Consequently, all investment procedures for their European operations.
and trade data. firms dealing with customers will need In addition, there are certain aspects of
to retain more customer documentation the new rules that may be seen as
How to demonstrate Best including revised customer agreements, ‘extraterritorial’, requiring the MiFID rules
Execution enhanced ‘Know Your Customer’ data, to be addressed outside the EU region.
more information on trading costs and In particular, the outsourcing rules will
Another significant issue in trading all post-transaction reporting. Customers mean that EU investment firms that
investment products under MiFID will will be asked to agree to the firm’s outsource any ‘critical or important
be the need to demonstrate ‘Best execution policy and must also be operational functions’ to a service
Execution’. Even in equity markets, advised where a firm is not ‘reasonably provider in a ‘third country’ may only do
the need to consider price, cost, speed, confident’ that its conflict management so if the service provider is regulated in
reliability and likelihood of execution in process will be effective in a specific that country and is subject to prudential
relation to the nature of the order and the instance. In addition, firms will be required regulation. Even then there will need to
nature of the client will prove challenging. to reclassify all their customers and must be a co-operation agreement between
To do so in illiquid or open outcry give those customers the option of the investment firm’s regulator and the
markets will be extremely difficult and changing their classification in specific service provider’s regulator.
this is an area that will require an circumstances. Whilst this is intended to
effective market solution which brings empower customers to a greater extent, Implementing a common
regulators along with it. There is also many firms feel that customers will take standard
a concern that there may not be a a negative view of the additional
consistent approach in the application paperwork and data requests. In order to create a level playing field,
of this requirement for all jurisdictions. much of this Directive will be
Whilst some regulators may take a broad The effect outside the implemented as ‘regulation’, meaning
approach to this issue based on a EU region that national regulators will have very
generic policy issued by the firm, others little opportunity to interpret the EU
may require firms to demonstrate Many of the firms that will be most requirements to fit their local market
adherence on a trade-by-trade basis, affected by these changes are global conditions. Therefore, even in territories
which will prove costly and unwieldy. businesses with 24 hour trading books where many of the MiFID concepts
and worldwide systems and processes. already exist, the local regulator will
the journal • Tackling the key issues in banking and capital markets
The Markets in Financial Instruments Directive: continued
3 months
the journal • Tackling the key issues in banking and capital markets
9
the journal • Tackling the key issues in banking and capital markets
Russia’s banking sector: Huge growth
potential for aggressive players
10
the journal • Tackling the key issues in banking and capital markets
Rick Munn Evgeniy Kriventsev Oleg Mosyazh
Industry Leader, Financial Services, Senior Manager, Financial Services, Manager, Financial Services Marketing,
Russia Russia Russia
Tel: 7 495 967 6342 Tel: 7 495 967 6373 Tel: 7 495 967 6074
Email: rick.munn@ru.pwc.com Email: evgeniy.kriventsev@ru.pwc.com Email: oleg.mosyazh@ru.pwc.com
11
the journal • Tackling the key issues in banking and capital markets
Russia’s banking sector continued
12
The Central Bank banks only began offering credit cards Russian banking system. While the share
to individual customers in 2005. Overall, of retail deposits as a percentage of total
The Central Bank of the Russian plastic in Russia has limited use: 94% liabilities of Russian banks has remained
Federation is the main regulator of of operations are used for cash relatively stable since the beginning
the banking sector. In addition to its withdrawals, while in European countries of 2003, the share of retail loans as
supervisory and licensing role, the 50% of plastic card operations are to compared to total assets grew almost
Central Bank also sets out the rules and pay for goods and services. three times over the same period from
procedures for making bank transactions, 6.6% to 17.5%. In monetary terms,
the reporting requirements for banks Retail banking boom the growth of retail lending is even more
and rules for making settlements in impressive: from $3.6 billion outstanding
Russia. It is also responsible for many Economic growth, higher real incomes in early 2003 to $40 billion outstanding in
aspects of monetary policy of the and, consequently, more purchasing early 2006. In the third quarter of 2005,
Russian Federation. power are having a positive effect on growth of retail loans outgrew growth of
retail banking in Russia. Close to retail deposits for the first time and this
Growth potential $100 billion worth of retail deposits was trend will most likely continue over the
recorded by the end of 2005 – equal to next couple of years.
Even though the Russian banking sector around one third of total liabilities in the
has seen rapid growth in retail lending,
the retail lending share in GDP in Russia
Figure 2: Retail loans to GDP ratio (%): Russia vs. selected economies
at the beginning of 2006 was only 5% –
far behind that in developed countries
%
(around 50% in Eurozone countries,
80
over 65% in the USA and over 70% in
70.5%
the UK). To further illustrate, the share 70 65.6%
of mortgage lending in GDP in Russia is 60.7%
60 56.9%
53.8%
as low as 1% (55% in the USA and over
50
30% in Eurozone countries). Given the 45.0%
the journal • Tackling the key issues in banking and capital markets
13
PricewaterhouseCoopers estimates that Thin capitalisation Eurobond issues were for between
over 1.7 million cars were sold in Russia $150 and $500 million, but several large
in 2005, totalling $22 billion in value. Thin capitalisation of Russian banks is banks, such as Sberbank, Gazprombank
Although in unit terms this was only a key problem, which could slow down and Vneshtorgbank, had a range of bond
a 7% rise on the figures for 2004, the the further development of the banking issues worth over $1 billion.
cost of the cars bought grew by 21%. sector and its growth rate. The Central
One factor for this growth was better Bank requires strong compliance with its Asset securitisation is still relatively
car loans. According to different regulatory requirements, including capital new for Russian banks, and due to
estimates for 2004, 15–20% of car sales adequacy ratios. From time to time this undeveloped related legislation in Russia,
with, total value of $2.7–3.7 billion were imposes certain limitations on the market players have to issue asset-backed
made on credit, while in 2005 the share business of even large Russian financial securities on foreign exchanges. For
of cars sold on credit grew to 25–28% institutions. At the same time, large local example, Bank Soyuz, which in 2005
and reached $5-6 billion. Motor industry investors are often relatively relaxed made the first Russian securitisation
figures and analysts forecast that up about making significant investments in of its car loans for $50 million and Home
to 60% of cars will be sold on credit the banking business since investments Credit & Finance Bank (HCFB), which
in 2008–2009. in natural resources extraction, retail and made the first Russian securitisation of
consumer sector, currently provides them rouble-denominated consumer loans.
Experts estimate that Russian mortgage with higher returns. Foreign investments Both these transactions were placed
lending is more than doubling each year. into the Russian banking are still quite abroad, on the Irish Stock Exchange.
If, at the beginning of 2005, mortgage limited. Therefore, Russian banks are
loans totalled $2 billion, experts believe actively looking for alternative solutions Even though a lot of activity was seen from
that the $20 billion threshold will be to capitalisation problems, including Russian companies in 2005, attracting
broken by 2008. The main factors international placements of subordinated more than $10 billion through public
preventing faster development of this loan participation notes. floatations, so far no Russian bank has
type of lending are relatively high interest made an initial public offering (IPO). Yet
rates at between 9% and 14%, and a International financing many banks have already announced their
high initial own investment requirement plans to float shares in 2006, including the
of at least 20% of the property value. Increased transparency and stability of large Vneshtorgbank and Rosbank.
the Russian banking system has allowed
An explosive growth of retail lending may Russian banks some access to longer and Foreign capital
affect the quality of credit portfolios of less expensive international financing.
the banks. Currently, relatively high-loan With 89 federal regions, 144 million
losses on retail loans are compensated Eurobonds are still the most popular citizens with growing incomes, 13 cities
by high interest rates. Banks generally mechanism among Russian banks for with a population of over 1 million and
obtain above the market margin on attracting funds, bringing tens of billions 168 cities of over 100,000 people,
lending to individuals. of dollars at 7–8% into the Russian Russia is an attractive market for
banking system, in 2005. Generally, foreign players.
the journal • Tackling the key issues in banking and capital markets
Russia’s banking sector continued
14
There are 133 credit organisations of Impexbank for $550 million, announced Consolidation and
with foreign participation in Russia. in February 2006. We are sure to see regional expansion
International credit organisations are several more such deals in the near future.
increasingly interested in the Russian More regulation, tougher competition
banking sector. In 2005, the number One of the most active investors in the and increased capital requirements in
of banks with 100% foreign capital rose Russian banking sector is the European the financial services market have
from 33 to 42. Simultaneously, the share Bank for Reconstruction and steadily cut down the number of banks
of foreign capital in the Russian banking Development (EBRD). It currently has in Russia over several years. In 1996,
sector also grew. If in early 2005 foreign holdings in 23 Russian banks, mainly Russia had 2,538 banks; 1,253 banks
banks’ share was less than 8%, in investing in the share capital of regional held licences for banking operations
January 2006 it was over 11%, banks. Its investment level in 2004–2005 in 2006 (see Figure 3).
according to the Central Bank statistics. was around $500 million per year and
However, banks with foreign participation according to statements by the bank’s Along with foreign banks purchasing
are not among the leaders in Russia at representatives, it will stay around that stakes in Russian banks, Russian banks
the moment. Only three banks with level in 2006. are also active in the mergers and
foreign capital featured in the top 20
Russian banks, by assets, as at
1 November 2005: International Moscow Figure 3: Number of banks in Russia: 1996–2006
Bank, Raiffeisenbank Austria and
Number
Citibank, occupying eighth, eleventh
3000
and fifteenth places, respectively.
2530
2500
Recently, foreign banks have stepped up
acquisitions of stakes in Russian banks. 2029
2000
The most visible recent deals were; 1697
GE Consumer Finance’s acquisition 1500 1476
1349 1311 1319 1329 1329 1299
of Deltabank for $100 million in 2004; 1253
the journal • Tackling the key issues in banking and capital markets
15
the journal • Tackling the key issues in banking and capital markets
The practical application of Pillar 2:
Understanding what supervisors are looking for in
a bank’s capital assessment
16
the journal • Tackling the key issues in banking and capital markets
Richard Barfield Chris Matten Shyam Venkat
Director, Valuation & Strategy, Partner, Banking and Capital Partner, Advisory, Financial Risk
UK Markets Industry Group, Singapore Management, US
Tel: 44 20 7804 6658 Tel: 65 6236 3878 Tel: 1 646 471 8296
Email: richard.barfield@uk.pwc.com Email: chris.matten@sg.pwc.com Email: shyam.venkat@us.pwc.com
17
The fog enveloping the practical The regulators’ approach matters for What the FSA expects
application of Pillar 2 of the Basel II banks because the supervisor’s role
framework is beginning to clear. Over the is to form a view on an appropriate The key principles underpinning the
last few months, regulators including the Pillar 2 buffer above the Pillar 1 capital FSA’s approach are that supervisory
UK Financial Services Authority (FSA) minimum. For some institutions this is guidance will be kept to a minimum
have been developing their approach likely to be a significant amount of and that the ICAAP should reflect what
to assessing a bank’s process for linking additional capital. The key input to this the firm does for its own purposes (see
its capital to its risk profile. The FSA is assessment will be the bank’s Internal Figure 1 overleaf). These same principles
arguably one of the most advanced in its Capital Adequacy Assessment Process – apply in the CEBS guidance to
thinking on this issue and the FSA’s lead the ICAAP1. In developing its approach supervisors in the European Union (EU).
provides banks with useful insights into to Pillar 2, the UK FSA has expressed As such, the FSA does not make
what other supervisors may expect under certain expectations regarding a economic capital a specific requirement.
Pillar 2. firm’s ICAAP. However, it does insist that the ICAAP
should be a core management tool and
Spare a thought for the regulators. For many institutions, economic capital therefore a firm is likely to come unstuck
Regulators across the world face a range will have a role to play. A survey of more if it treats its ICAAP as purely a
of unenviable challenges in seeking to than 200 banks and other financial regulatory exercise.
interpret and supervise Pillar 2. These services firms from around the world,
include the translation of qualitative risk which was carried out for the recent The onus will be on the institution to
assessments into quantitative capital PricewaterhouseCoopers/Economist convince regulators that it holds
requirements. More broadly, they must Intelligence Unit (EIU) briefing on sufficient capital for the risks that it runs
decide how to strike the right balance economic capital, found that 44% of within the context of its strategy and the
between providing appropriate guidance the participants already use it and a external environment. To decide whether
and being suitably non-prescriptive in further 13% plan to implement it in the they are convinced, regulators will
keeping with what is a principles- rather next year2. The same report noted that undertake desk reviews and site visits
than a rules-based framework. Such 50% of the world’s top 50 banks already and engage in dialogue with
hurdles need to be overcome in order include economic capital disclosures in management. While the numbers will of
to oversee an industry that ranges from their annual reports (this is up from just course be important, the demonstrable
large, international banks to small mutual over 20%, four years ago). rigour of the ICAAP process in its own
societies, stockbrokers and asset right and its integration into the
managers, and whose firms have diverse management of the institution are likely
approaches to managing risk and capital. to be equally of interest to the regulators.
1 This is the acronym adopted by the Committee of European Banking Supervisors (CEBS) to describe this part of Basel II
2 ‘Effective capital management: Economic capital as an industry standard?’ (www.pwc.com/financialservices)
the journal • Tackling the key issues in banking and capital markets
The practical application of Pillar 2: continued
18
Lingering challenges
Figure 1: FSA expectations of a firm’s ICAAP
One challenge for regulators will be
• Clearly described and evidenced ICAAP process to decide how to make valid peer
• Comprehensive coverage of material risks comparisons when risk capital
• Quality of management and track record of delivery frameworks vary so much between
• Business as usual capital particular institutions. The difficulty
– Conservatism in Pillar 1 and Pillar 2 in establishing comparable figures
– Perspective of how it will behave through a cycle means that judgement will inevitably
• ‘Simple and intuitive presentation’ play a major role in benchmarking
capital levels. An analysis of the public
– Clear top-down view
disclosures of economic capital by the
– Clear statement of assumptions
world’s largest 50 banks brings home
– Differences between Basel II and risk capital for Pillar 1 risks
this point as well.
Source: FSA presentations November 2005
Under current conditions capital
adequacy does not appear to be an
issue. PricewaterhouseCoopers analysis
Figure 2: Relative capital levels
of the disclosures from the nine users
Index of economic capital in the top 20 global
250 banks show that at the end of 2004
they held significantly more Tier 1 book
200 capital than economic (risk) capital –
see Figure 2. Three of the nine carried
150 practically double their economic
capital in terms of Tier 1 (a proxy for
100 shareholders’ funds). Their economic
capital was also significantly less than
50 minimum regulatory capital under the
cruder measure of 8% of Basel I risk
0 weighted assets. (For smaller institutions
CSG JPM Chase HVB Citigroup Deutsche Barclays ABN Fortis BoA
the gap may be narrower because they
Minimum regulatory capital (8% of RWA) Tier 1 capital
tend to be less diversified and therefore
Economic capital (indexed to 100)
more risky).
Source: 2004 company accounts, analyst presentations and PwC analysis
Note: The Bank of America comparator figures appear low due to high economic capital at year-end 2004 as a result of
the merger with Fleet First Boston.
the journal • Tackling the key issues in banking and capital markets
19
the journal • Tackling the key issues in banking and capital markets
The practical application of Pillar 2: continued
20
Source: PricewaterhouseCoopers
Concerns will also vary from institution
to institution. At a high level, the main
requirements; how much safety buffer it the new Basel accord, Pillar 1 is a industry misgivings over the FSA’s
wishes to hold to protect its reputation; minimum capital requirement. An approach include a reluctance to see:
capital for acquisitions, and so on. important counter-argument from
• a requirement for one-off ad hoc
regulators will be that the models are
The expectations and concerns of exercises prepared largely for the
relatively new – many have not be tested
industry participants regarding Pillar 2 regulator;
through sharp economic changes – and
will of course vary depending on where that a degree of conservatism is needed,
• conservatism for its own sake in
they stand. One could reasonably expect particularly when the comparative
capital estimation (many believe that
banks whose economic capital is lower economic capital results are predicated
the Basel II formulae already include
than Pillar 1 capital to argue strongly that upon correlation assumptions that are
adequate conservatism in the
their regulatory capital under Basel II not easily observable.
calculation of Pillar 1 capital); and
should be less than Pillar 1. This is
because most economic capital models At a high level, common industry
• stress tests used to determine
cover many additional risks other than expectations are that the FSA’s
additive capital estimates (the view
the three covered by Pillar 1: market, assessment of an ICAAP should
being that stress tests test the
credit and operational. However, under incorporate:
resilience of capital).
the journal • Tackling the key issues in banking and capital markets
21
Operational ✔✔ ✔✔ ✔
One non–EU supervisor used a ‘Dear
CEO’ letter last year to suggest to its
Business ✔✔ ✔ ✔✔
major banks that they should adopt
economic capital and described in some
Reputation – ✔✔✔ ✔
detail how it should be applied.
Understandably there was strong Liquidity ✔ ✔✔ ✔✔
industry push-back. In their view, the
regulator had strayed too far into internal Interest rate risk ✔✔✔ ✔ ✔
management matters. Within the United
States, regulatory agencies such as the
Federal Reserve have led the way in Source: PricewaterhouseCoopers
the journal • Tackling the key issues in banking and capital markets
The practical application of Pillar 2: continued
22
Onus on firms
Figure 6: Risk-based capital management – key stages through the process
The move from a formulaic capital
calculation to risk- and principles-based
prudential regulation marks a sea change Design Build Integrate Validate
for banks. Pillar 2 of Basel II puts the
burden of proof firmly on firms themselves • Business case • Risk appetite • Embed in • Business case
to convince the regulator that they hold • Selection of • Technical guidance management • Selection of
approach, processes approach,
sufficient capital. A key part of the methodologies
• Model selection
– Strategic planning methodologies
‘evidence’ will come from demonstrating and models • Process design and budgeting and models
• Policy and – Strategy – Performance • Policy and
the thoroughness of the process and budgeting
framework measurement framework
ensuring that capital calculations are development performance development
reporting – Data quality
seen through the eyes of management, • Management – Pricing • Management
awareness – Risk adjusted awareness
and reflect its thinking. • High level
performance – Portfolio
• High level
measures management
programme programme
plan/roadmap – Compensation – Compensation plan/roadmap
Clearly this is a challenge, even in some
– External – External
larger institutions that have been slow to communication communications
plan • Internal
embark on economic capital initiatives.
• Prototype economic communication
However, it also provides an opportunity capital model and change
management
to integrate regulatory compliance into a • IT and data
architecture • Benefits realisation
broader and more sophisticated risk-based
• Capital planning
capital framework, capable of supporting • Integration plan
enhanced decision-making and assuring
stakeholders that the institution is robust
Source: PricewaterhouseCoopers RBCM service offer
and properly managed.
In response to the challenge, a global implementation and validation. Figure 6 Our focus, as we are sure yours is, is
team at PricewaterhouseCoopers has describes the principal components of about creating business benefits for our
developed a comprehensive new service our service offering which is supported clients. There is much more to risk-
offering called ‘Risk-based Capital by detailed, practical methodologies. It based capital management than models.
Management’3 to assist clients to link also provides a useful checklist of key
risk and capital. Our approach supports stages to consider in complementing
clients from design through to detailed risk-based capital management.
3 ‘Risk-based capital management’, an overview guide published by PricewaterhouseCoopers. To download a copy please visit www.pwc.com/banking
the journal • Tackling the key issues in banking and capital markets
23
the journal • Tackling the key issues in banking and capital markets
Securitisation – an exotic option
or a necessity?
24
the journal • Tackling the key issues in banking and capital markets
Peter Jeffrey Frank Serravalli & David Lukach Michael Codling
Head of PricewaterhouseCoopers Co-Heads of PricewaterhouseCoopers US Banking Leader, Australia & Head of
European Securitisation Group Securitisation Group PricewaterhouseCoopers Australian
Securitisation Group
Tel: 44 20 7212 5214 1 646 471 2669 – frank.serravalli@us.pwc.com Tel: 61 8266 3034
Email: peter.c.jeffrey@uk.pwc.com 1 646 471 3150 – david.m.lukach@us.pwc.com Email: michael.codling@au.pwc.com
25
An expanding market there are also good reasons as to why In other parts of the world, Australia has
this trend is set to continue, and they a mature mortgage securitisation market
Mention ‘securitisation’ and one will be addressed later in this article. and is just beginning to develop other
often thinks of on-off balance sheet, asset classes. Japan has a domestic
manipulation, Enron and Parmalat; others Securitisation techniques were developed market, and some other Asian countries
think of smart investment bankers, in the US in the 1980s, and has become a have experimented with securitisation.
obscure language and high fees. mature and significant sector of the capital We have recently seen the first deals in
markets. In Europe, a few securitisation Russia and the Middle East.
It is undoubtedly true that securitisation transactions were undertaken in the
is complex, but equally true that it is 1980s, but it was not until the late 1990s Many types of receivables and assets,
an increasingly important tool for many that the market exploded. As can be that will generate future receivables,
companies, both within and outside the seen from Figure 1 below, it has been have been securitised. Some of these
financial services sector. We believe growing ever since at an increasing rate. are listed in Figure 2.
€ Billions
150
120
90
60
30
0
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
2001 2002 2003 2004 2005
Source: Dealogic, Thornson Financial, J.P. Morgan Securities Inc., Structured Finance International-Compiled by European securitisation Forum
the journal • Tackling the key issues in banking and capital markets
Securitisation – an exotic option or a necessity? continued
26
the journal • Tackling the key issues in banking and capital markets
27
the journal • Tackling the key issues in banking and capital markets
Securitisation – an exotic option or a necessity? continued
28
the journal • Tackling the key issues in banking and capital markets
29
the journal • Tackling the key issues in banking and capital markets
Securitisation – an exotic option or a necessity? continued
30
the journal • Tackling the key issues in banking and capital markets
31
the journal • Tackling the key issues in banking and capital markets
Confident in compliance?
32
the journal • Tackling the key issues in banking and capital markets
Martin Hislop Jan Willem Kaptein Alex Shapland
Senior Manager, Risk Assurance Manager, FS Regulatory Director, Financial Services
Services, UK Compliance, The Netherlands Regulatory Practice, UK
Tel: 44 20 7804 1126 Tel: 31 10 407 6392 Tel: 44 20 7213 8618
Email: martin.hislop@uk.pwc.com Email: jan.willem.kaptein@nl.pwc.com Email: alex.shapland@uk.pwc.com
33
Recent changes in laws and regulations, Many organisations that have identified Benefits of an enhanced
together with scrutiny of key supervisors limitations in their current compliance reporting framework
in the US and EU are driving an increased monitoring and reporting capabilities are
focus on the compliance function. now seeking to improve their compliance Effective management information
Boards and CEOs seeking to discharge intelligence through new or enhanced enhances the governance structure
their accountabilities1 increasingly place reporting processes. This article explores by increasing the ability of key recipients
compliance on their agendas. But what what it takes to establish a leading edge to execute their duties by informing,
does it take for the organisation to compliance reporting framework that facilitating discussion across layers of
respond to such scrutiny with confidence? better informs the Board, challenges the management and supporting decision
compliance network and more effectively making. In addition, accountabilities can
This responsibility falls primarily on the engages the business on matters be more effectively allocated and issues
Head of Compliance, for whom a key of compliance. can be more formally addressed.
obligation is to provide information
regarding compliance of the business A good compliance management
with relevant laws and regulations – How confident is management in
information (MI) framework benefits
a complex, and often arduous, task understanding the:
preparers (e.g. opportunity to highlight
when the business spans several obstacles and seek support in resolving
• Impact of compliance on the
territories and regulatory jurisdictions. these, report achievements) and
organisations reputation;
In turn, Heads of Compliance are recipients (e.g. better informed decision
seeking more assurance and a higher making, confidence in understanding
• Relationships held with
level of confidence about: the business).
key regulators;
• How effective business processes If risk based, rather than being driven
• Effectiveness of compliance
are at managing compliance risks; wholly off of detailed regulatory
systems and controls; and
requirements, the compliance framework
• The performance of the can be applied effectively across many
• Direct costs arising from
compliance function; regulatory jurisdictions, while the focus of
compliance-related incidents?
information generated is better aligned
• The escalation and communication
with risk-based ambitions of the business.
of compliance matters.
1 Compliance and the compliance function in banks (p. 9), Basel Committee on Banking Supervision, April 2005. (http://www.bis.org/publ/bcbs113.pdf)
the journal • Tackling the key issues in banking and capital markets
Confident in compliance? continued
34
Ultimately, compliance reporting should The ability to effectively assess these Historical incidents – taking ownership
provide senior management with a regular matters relies on the way in which an of and responding to incidents that
and reliable view on responses to issues organisation identifies, validates and crystallise is an aspect reasonably well
and incidents arising, and how these reports on compliance matters that are addressed in most organisations. A view
impact the: ultimately regarded as significant at of past track record is essential to
group (or regional) level. maintain support for remediation efforts
and to respond to lessons learned.
the journal • Tackling the key issues in banking and capital markets
35
ts Wh Em Data sources
en diate at
e w
tr d
er are e
i
m
What we m inc
gin xpos
e
e
the journal • Tackling the key issues in banking and capital markets
Confident in compliance? continued
36
segment and by category of risk. Identifying and targeting compliance risk: However, an element of value added
This orientates users of the MI report • In-house legal: summary of litigation editing and formatting will be required to
with the overall context against which cases underway/resolved (responding translate the core data into information
specifics are reported; to compliance incidents); tailored and fit for purpose. This is
particularly relevant when devising the
• Compliance monitoring: May be • Operational risk: summary of direct form and content suitable for high profile
conducted in part by Internal Audit, losses incurred (as a result of reports, such as to regional committees or
or the business, but the coverage compliance incidents); the group board of global organisations.
and results will highlight exceptions.
Some exceptions may be of sufficient • Business: Overview of customer Developing the compliance
impact, or drive themes of weakness, complaints in the context of business reporting framework
to report; and volumes; results of peer-to-peer
control reviews (of a compliance A number of key factors will determine
• Business advice and support: The nature); and the overarching design of the reporting
day-to-day value added role of framework (see Figure 3):
compliance gives exposure to the • External data sources such as
changing business environment. As regulators, new/data search Recipients of information: The various
such, an overview of areas such as organisations and legal and advisory stakeholders in the compliance
significant business changes, results firms: provide useful summaries of information chain who are to receive
of regulator visits and outcomes of changing regulatory environment, information (Board, Sub-Committee,
business monitoring, can be obtained. such as emerging regulation and Head of Group Compliance, Regional
directives, current regulatory hot Heads of Compliance) will drive the
Data sources typically topics and press announcement number of reports to be prepared.
maintained outside of affecting peer organisations. The purpose of these reports will drive
compliance the information that should be included,
Corroboration: in terms of content, or level of
Accessing data from sources external • Internal audit: summary of high-risk consolidation.
to compliance will improve the overall audit issues (of compliance nature);
context of the messages that can be Aggregation levels: Fitting the reporting
reported. This can be achieved in two • Operational risk: results of risk/self framework to the organisational structure
ways: targeting specific compliance risk assessments (where compliance will drive out the number of aggregation
areas (e.g. in terms of Key Risk Indicators) aspects can be segregated). levels required (country level to regional;
or to provide a completeness check, or regional to group).
corroboration, from a source Creating information from data – Once
‘independent’ of compliance. Examples new reporting processes are established, Touch points with the business: Ideally,
of available data are likely to include: accessing data becomes routine. the aggregation levels will align to the
key touch points that compliance has
the journal • Tackling the key issues in banking and capital markets
37
Practical Challenges
Figure 3: Overview, management information framework
Information flows and Aggregation process In our experience, the key practical
key recipients
Executive challenges to be addressed include:
Board
Compliance Information
Stakeholder management:
Committee
Stakeholders reside at several levels of
the organisation, in different business
Head of Group units and various geographies driving
Touch points with the business
Compliance
different interests.
MI
Coordinator/
resource Group > Aggregation is aimed at providing Agreeing a standard for reporting
information required to exercise compliance in a global organisation
oversight of compliance risks,
BU/Regional
or relevant to support strategic is problematic as there are varying
decision-making
Compliance regulatory regimes (e.g. principle vs
Head Regional > Aggregation focuses on
information of high-level impact rules based).
on a country basis, which is
thus relevant at a regional level
Country Country Constraints in data collection: Several
Data difficulties will be faced initially, such as
Source: PricewaterhouseCoopers
sensitivity of data obtained from other
parts of the organisation, limitations
with the business (local management, this matter, however, it is crucial that in the format or structure of existing
business unit/divisional committees), whatever approach is taken enables data, frequency of data updates and
allowing information to be consolidated those who work with it to pull meaningful confidence in the quality and integrity
to support these key business data in an efficient manner, while of data.
communications. maintaining a suitable audit trail.
Determining what matters to report:
Manual or automated: The degree of Supporting resources: Determining how Recipients of MI will generally be senior
automation sought in collating of data and many resources are required to support management, while providers of
formatting aggregated information will the reporting process (e.g. preparation information will be at the operational
drive the speed of reporting and amount of meaningful summaries from raw data, level. The resulting conflicts in what
of effort required to maintain the reporting editing of reports to top level is considered ‘important’ must be
process. The degree of automation and management) and where they should overcome to ensure information reported
available data warehousing depends on reside (centrally vs distributed) will is relevant and informative, as well
the way the reporting process is run. shape where ownership sits and how retaining efficiency.
There is no ‘one size fits all’ solution to the information flows reside.
the journal • Tackling the key issues in banking and capital markets
Confident in compliance? continued
38
So what next?
Your organisation may be one of those
already engaged in creating an enhanced
risk-based compliance reporting
framework. If it is not, senior
management would do well to consider
the following questions:
the journal • Tackling the key issues in banking and capital markets
39
the journal • Tackling the key issues in banking and capital markets
Does identity theft affect your organisation?
40
the journal • Tackling the key issues in banking and capital markets
Mark Vos Jan Schreuder Philip Riley
Director, Business Assurance, Partner, Business Assurance, Executive, Investigations and
Australia Australia Forensic Services, Australia
Tel: 61 8266 7739 Tel: 61 8266 1059 Tel: 61 8266 3158
Email: mark.vos@pwc.au.com Email: jan.schreuder@pwc.au.com Email: philip.riley@pwc.au.com
41
Evolving threat information technology, particularly the identity information used to identify
Internet, has simply widened the range an individual includes driver’s licence
Reputation damage can be fatal to an of opportunities for the identity thief. details, mother’s maiden name, date of
organisation. Last year, a company in birth and home address. Also frequently
the United States had to close its doors, The number of reported identity theft used as identifiers are telephone bills
due to the reputation fallout from a single incidents has been increasing rapidly and utility bills.
identity theft incident. Once it was over the past few years (see Figure 1).
reported that a number of identities were Banks are no longer the prime target – This information is widely collected and
stolen from the organisation, few were cyber criminals are attacking an ever- stored by organisations, and in turn often
prepared to do business with it as it could broader range of institutions. targeted in identity theft crimes.
not be trusted to secure customer data.
If your organisation processes and/or Nola Watson, head of Corporate Risk
The manipulation, misuse or outright stores customer or personnel data, Services at Insurance Australia Group,
theft of identity has long been part of the the chances are that you too are already says: ‘There is intrinsic value associated
repertoire of criminals. The advent of a target for identity theft. Common with identity information, whether it
relates to customers or personnel.
Each organisation should be aware of
Figure 1: Number of reported identity theft incidents in the USA the identity information they store and
the value associated with it, and ensure
Number of incidents that there are adequate controls
260,000 protecting it.’
250,000
Cyber criminals use a combination
240,000
of orthodox methods (such as bribing
230,000
a call centre staff member to physically
220,000
obtain information) and electronic tools
210,000
(such as keystroke loggers) to access,
200,000 manipulate and exploit identity
190,000 information. These range from planting
2003 2004 2005
individuals as staff in organisations,
Year
to launching attacks from the other
Source: USA Federal Trade Commission – 2006 side of the world via the Internet.
the journal • Tackling the key issues in banking and capital markets
Does identity theft affect your organisation? continued
42
the journal • Tackling the key issues in banking and capital markets
43
We often read about successful What is the best response? The lack of cooperation among
identity theft attacks on organisations. organisations on identity theft could also
The perception is that such attacks Consistent and cooperative approaches increase the risk of regulators imposing
are focused on banks, but the following to this intricate and escalating problem additional conditions. It is therefore
headlines show that the problem extends will assist in preparing both the appropriate for organisations, industry
far beyond the finance sector. community and organisations for the bodies, governments, law-enforcement
potential dangers. agencies and the community to work
‘Virus-infected computer compromises together in dealing with identity theft.
personal information for about 2,500’ Identity theft threatens all parties This might include:
The Gazette, Feb 2006 involved in Internet or electronic
transactions and carries the potential • Sharing threat research about
‘12,000 notified about names and to cause significant damage to groups identity theft;
Social Security numbers on recovered that hold personal information online.
stolen computer’ In turn, organisations that provide trusted • Industry forums on recommended
Duluth News Tribune, Jan 2006 services on the Internet are dependent standards for dealing with identity theft;
on each other for maintaining customer
‘226,000 notified about personal confidence in this new channel. For • Community working groups that
data on stolen laptop’ example, if a major bank was to fall provide recommended standards
Wired News, Jan 2006 victim to a successful identity theft crime for users;
via Internet banking, this could affect the
‘Personal and financial information of • Development of industry education
entire trust model of Internet banking in
some university donors may be at risk’ and awareness programs; and
the industry, not just for the bank that
The Observer Online, Jan 2006 was victim to the crime, but for any bank
• International cooperation across
providing Internet banking services.
‘Estimated 40 million credit card governments and law-enforcement
numbers possibly compromised’ agencies.
The problem of identity theft is beyond
Security Focus, Oct 2005 the capacity of any one organisation
Internally, there are a number of things
to manage. Moreover, cyber crime tends
organisations can do. As identity theft
‘Personal information for 700 patients to flourish when threats are treated
attacks increase and become more
possibly compromised’ discretely, rather than addressed through
diverse, it is important to directly align
post-gazette.com, Jan 2006 uniform, cross-industry solutions.
the mitigation approaches to their
By working together in the cause of
associated risks.
national and international ‘target-
hardening’, organisations can play Many organisations are developing
an effective role in making the Internet risk-based decision analysis processes
a relatively unprofitable place for to enable them to allocate security
cyber criminals to do business.
the journal • Tackling the key issues in banking and capital markets
Does identity theft affect your organisation? continued
44
resources and prioritise security projects. This process is cyclical, and never stops. To be effective, the security risk analysis
A crucial component of the risk-based From development awareness in an processes have to be integrated with the
decision analysis is an organisation’s organisation in relation to identity theft organisation’s overall risk framework.
risk and value map, which compares crimes, to responding to an incident, This is vital to ensure buy-in from the
the expected annualised costs of it is important to address the risks in business, including senior management.
security events before and after the each phase of the life cycle, and ensure
security investment. that they are understood and either As organisations open up their
accepted or addressed. technology systems to customers
The risk-based decision analysis to improve services, their traditional
must link into an organisation’s risk Some organisations are extending this defences are broken down. The challenge
management life cycle. An example concept further by establishing security is to maintain security while moving away
of the identity theft risk management as a separate profit centre and calculating from traditional perimeter security models
life cycle is shown in Figure 2: a return on security, i.e. the return on the where only employees can access
capital invested in security activities. company data. The key to success
is to establish robust data classification
models, as well as strong identity
Figure 2: Identity theft risk management life cycle
management processes and systems,
as this will allow an organisation to take
different mitigation strategies depending
Awareness
on the value, criticality and sensitivity of
Lessons the information within an organisation,
Learned commensurate with the risks.
Remediate Assess
Incident
Source: PricewaterhouseCoopers
the journal • Tackling the key issues in banking and capital markets
45
Other practical measures organisations employees, suppliers and other business initial assessment as to whether the risks
can adopt are to: partners, security is as much about should be accepted or mitigated, as they
appropriate inclusion – allowing are the ones who own the information.
• Develop, publish, and implement access to the right people – as it is
a privacy policy; about prevention. When the organisation makes a decision
on how the risks are to be treated,
• Only store essential data; Identity theft requires a whole-of- it should be both the business units
business solution, tailored to the (for business processes-related issues)
• Do not store customer data that particular risks an organisation faces. and the information technology team
is only required temporarily; There is little point having the most (for technology related issues)
sophisticated firewall available if the responsibility to mitigate these risks.
• Ensure call centre customer logs
business faces a greater risk from
do not hold personal data;
someone removing a box of files from
the premises.
• Limit employee access to data;
the journal • Tackling the key issues in banking and capital markets
Contact details
Editor-in-chief Editor
The Markets in Financial Instruments Directive: European regulation with global impact
the journal • Tackling the key issues in banking and capital markets
The practical application of Pillar 2
Confident in compliance?
the journal • Tackling the key issues in banking and capital markets
Contact details continued
The journal is supported by the Global Banking and Capital Markets Executive Team
the journal • Tackling the key issues in banking and capital markets
PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services for public and private clients. More than 130,000 people
in 148 countries connect their thinking, experience and solutions to build public trust and enhance value for clients and their stakeholders.
‘PricewaterhouseCoopers’ refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
The banking and capital markets journal is produced to address key issues affecting the banking and capital markets industry. If you would like any of your colleagues
added to the mailing list, or if you do not wish to receive further editions, please write, fax or e-mail: Carly Taylor, PricewaterhouseCoopers, Southwark Towers,
32 London Bridge Street, London SE1 9SY. Fax number: (44) 20 7212 4152 E-mail: carly.taylor@uk.pwc.com
© 2006 PricewaterhouseCoopers LLP. All rights reserved. ‘PricewaterhouseCoopers’ refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United
Kingdom) or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
Designed by studioec4 18018 (06/06)
the journal • Tackling the key issues in banking and capital markets
www.pwc.com