October 24, 2012
2012 Financial Services Audit Committee Forum
Banking and Capital Markets
Welcome Russ Mallett Partner, Leader BCM Assurance Practice, PwC
2012 Financial Services Audit Committee Forum | BCM
1
Agenda
October 24, 2012
Technical accounting update 2:00-3:00pm Break 3:00-3:15pm Risk management hot topics 3:15-4:05pm Regulatory update 4:05-5:00pm
2012 Financial Services Audit Committee Forum | BCM
2
Technical accounting update Chip Currie (Moderator) Partner, US BCM Practice, PwC
Rob Enticott Partner, US BCM Practice, PwC
Dan Palomaki Managing Director, Accounting Policy, Citigroup
Randy Shearer Financial Reporting and Policy Executive, Bank of America
2012 Financial Services Audit Committee Forum | BCM
3
Agenda
• Current hot topics • Financial instruments project • Standard setting – trends and the future
2012 Financial Services Audit Committee Forum | BCM
4
Current hot topics
• Allowance for loan losses • Troubled debt restructurings • SEC comment letter trends
2012 Financial Services Audit Committee Forum | BCM
5
Financial instruments: Classification and measurement Debt investments (FASB’s tentative approach and IFRS 9 adjusted for joint decisions) Classify based on: • Business strategy • Instrument characteristics
Amortized cost Primary objective is to hold to collect contractual cash flows
Fair value through OCI
Primary objective is to hold to collect contractual cash flows or (“and”- per IASB) realize fair value changes
Fair value through net income Default category
• No bifurcation of hybrid instruments Reclassification if business strategy changes
2012 Financial Services Audit Committee Forum | BCM
6
Financial instruments: Impairment
• Three bucket model – IASB • Current Expected Credit Loss Model (“CECL”) – FASB - Purchased and originated (unless credit impaired) - No threshold for impairment trigger - Considers multiple possible outcomes - Single measurement model for loans and debt securities - Practical expedient for certain debt securities - Interest income model generally unchanged (unless purchased credit impaired)
- Purchase credit impaired – simplified model from today
2012 Financial Services Audit Committee Forum | BCM
7
Standard settings – trends and the future
• Disclosure framework • Providing more information • Year-end activities
2012 Financial Services Audit Committee Forum | BCM
8
Break
2012 Financial Services Audit Committee Forum | BCM
9
Risk management hot topics Fernando De La Mora (Moderator) Partner, Leader FS Risk Management Practice, PwC
Richard Reynolds Partner, US BCM Internal Audit Practice, PwC
Douglas Roeder Managing Director, FS Regulatory Practice, PwC
2012 Financial Services Audit Committee Forum | BCM
10
Agenda
• Regulatory expectations related to getting “strong” in risk management – what does it mean and challenges?
• Risk management expectations for large systemic financial institutions – governance requirements • What’s expected by the Board? – effective challenge, approvals and expertise
• Reporting risk to the Board – sample practices and reporting • “Strong” Internal Audit
2012 Financial Services Audit Committee Forum | BCM
11
Key elements for “getting to strong”
A strong risk management function is core to safe and sound banking. While risk management encompasses multiple levels, starting with the business management, this overview addresses what is commonly referred to as the “second line of defense.”
• Committed and financially knowledgeable Board of Directors who hire capable senior managers, set direction for risk taking, tolerance and culture, stay well informed, and provide credible challenge to management • Well defined ERM framework fit for the institution, overtly supported by the CEO and Board, that: - Incorporates the critical components of a strong risk management system, and - Provides assurance that risk taking activities are proactively controlled so that volatility to earnings, capital and reputation is within risk tolerance levels • Highly effective CRO with supporting depth of talent in the risk organization with responsibility to ensure that appropriate risk management infrastructure is in place (policies, operating procedures, lines of business talent levels and appropriate reporting mechanisms)
• Organizational/reporting structure is independent of the business • Demonstrated capability to create timely MIS for the enterprise and all categories of risk, including the ability to identify emerging issues and trends • A visible risk culture that embraces credible challenge, proactively addresses issues and expects their timely resolution 2012 Financial Services Audit Committee Forum | BCM
12
Key elements for “getting to strong” Strong initiatives are oriented to promote and enforce cultural attributes that support effective risk management by embedding risk in strategic planning and performing evaluation and redesigning risk operating model. Validate & Refine
Strategy & risk appetite
Top-down process Alignment of risk appetite, budgets and limits Comprehensive risk analysis included in business reviews Risk-based incentives
The roadmap presents broad initiatives of proposed enhancements.
Establish & communicate Promote Lagging MIS
Organizational complexity
Constraints & challenges Imprecise risk measures
Regulation & competition
Culture
Accountability Transparency Attention to detail Collegial tension Equal stature Continuous improvements
1. Risk operating model (governance & organization, roles & responsibilities, policies & resources) 2. Risk appetite & limits 3. Culture & incentives 4. Risk reengineering
5. Infrastructure upgrade
Market dynamics
Promote
Manage change
Operating model
Enforce
6. Risk reporting
Organization and governance Practices and processes People and infrastructure
Design & execute 2012 Financial Services Audit Committee Forum | BCM
13
Risk management operating model priorities Ongoing industry initiatives to enhance effectiveness and efficiency of risk management can be aligned to the key areas of our framework Effectiveness enhancements
Organization and governance Values and incentives
Risk management processes
Reporting and Infrastructure
Efficiency enhancements
Organizational structure
• Restructure risk management organization to be in line with business model and consistent with the three lines of defense structure • Balance corporate and LOB risk functions
• Create utilities functions within Risk to consolidate Risk Analytics, Basel II, Risk Reporting and Risk Data Architecture, etc.
Roles and responsibilities
• Establish clear roles and responsibilities (corporate risk vs. BU risk; across risk, finance, treasury and BUs)
• Monitor time allocation to risk management activities (business as usual, projects and special requests, etc.,)
Committee structure
• Realign committee structure and mandates to promote decision-making, accountability and escalation of issues
• Realign committee membership to enhance efficiency and avoid overlaps
Policies and values
• Refine incentives structure to incorporate risk dimension
• Streamline policies and procedures to set common tone and consistent communication
Planning
• Develop corporate level risk appetite along with detailed limit structure by BU/risk • Embed risk and capital considerations in strategic planning and budgeting
Execution
• Implement stress testing as ‘business and usual’ process to augment existing risk analytics
Evaluation
• Implement BU performance reviews • Incorporate periodic reviews of the business model vs. the risk management process, resources and infrastructure
Reporting
• Develop integrated reporting framework that provides a common portfolio view of risk, performance and capital information
• Develop inventory of current risk reports to identify opportunities to consolidate and eliminate redundant or unused reporting
Infrastructure
• Implement common, underlying infrastructure that integrates risk, finance, capital and liquidity information • Technology to facilitate "real-time basis" analysis and to test various "what-if" scenarios
• Develop inventory of current risk and finance systems / databases to identify opportunities to consolidate and eliminate redundant tools
Resources
• Staff development, training and certification programs
2012 Financial Services Audit Committee Forum | BCM
• Standardize processes and methodologies for risk analytics and risk-based capital calculations (e.g. economic capital, stress testing, Basel, ALLL, etc.,)
14
Governance – getting to strong The new SIFI standards mandate a Board-level risk committee with enterprise mandate and a strong independent CRO Establishment of Board-level Risk Committee (BHCs > $10bn) • Responsible for oversight of enterprise-wide risk management
Key highlights
• Chaired by independent director • At least one member with ‘risk expertise’ • Formal approved charter and documentation (agenda, meeting notes,
etc.) Board-level risk committee
Enhanced Chief Risk Officer (CRO) role • CRO with ‘risk expertise’ suitable for the institution’s size and complexity • Joint reporting line to the CEO & Risk Committee of the Board
Approval requirements Enhanced CRO role
• Board-level reporting for liquidity risk management and other areas • Capital Plan approval by the Board
Impact: Approval requirements
• SIFIs will have to modify/upgrade risk governance and ERM programs • Smaller BHCs will have to significantly augment their risk governance • Clarify mandate delineation for Audit and Risk Committees of the Board
2012 Financial Services Audit Committee Forum | BCM
15
Governance – getting to strong Most SIFIs have established a Board risk committee, but there are gaps in mandate delineation and CRO formal reporting
Board Risk Committee Is there a Board Risk Committee?
YES
NO
Chief Risk Officer
Does it provide oversight for all risks?
Risk
Finance Credit
Audit
Is there a Does the CRO feedback loop report to the between the CEO? Audit and Risk Committees? Joint Joint members sessions
YES
NO
Formal reporting line to Board Risk Committee? YES
Company A
Company B
Company C
Company D
Company E
Company F
Company G
Company H
NO
2012 Financial Services Audit Committee Forum | BCM
16
CCAR Board expectations The bank holding company’s Board of Directors is required to: 1.
Approve the bank holding company’s capital plan
2.
Approve risk tolerance levels and alignment to capital planning goals/targets
3.
Review effectiveness of the holding company’s processes for assessing capital adequacy in relation to the risks being assumed
4.
Ensure that any deficiencies in the firm’s processes for assessing capital adequacy are appropriately remediated
5.
Such decisions should also include an assessment of limitations risk measurement and management practices supporting risk evaluation and loss and revenue forecasting
6.
The information the Board reviews should include representation of weaknesses and uncertainties within the capital plan, enabling the Board to have the perspective to effectively understand and challenge reported results. The Board should give full consideration to the impact of those weaknesses in their capital decisions
2012 Financial Services Audit Committee Forum | BCM
17
Risk reporting – getting to strong An integrated reporting framework provides a common view of risk, performance and capital information Stakeholders
Frequency
2012 Financial Services Audit Committee Forum | BCM
Distribution
•LoB 1 (risk, performance, capital and liquidity) •LoB 2 ….
• Support committee decisions • Limits monitoring at granular level (product, portfolio/desk etc.) • LoB level planning, budgeting and periodic performance evaluation • Tactical business decisions at product/LoB
Production
•Risk (credit, market, ops) •Treasury (ALM, capital, funding) •Finance (budget, performance)
• Ongoing monitoring of risk and performance data • Daily/weekly reports containing granular data • Formal as well as ad-hoc reports • User ability to customize reports through queries/ and slicing data
Format/ data views
Functional risk areas/ LoBs
Line of business views
• Overall risk management, risk appetite and risk limits by LoB, and risk types • Strategic planning, budgeting • New products and M&A • Periodic performance review
Reporting process
Consistency
Functional views
• Aggregated horizontal and vertical views (by LoB, by risk and aggregate) • Integrated risk, performance, capital and liquidity information • Summarized view from more granular functional/LoB reports
Data quality
Timeliness
Senior management views • Monthly packages • Dashboards • Ad-hoc reports
• Review and approval of • Easy to understand, summary strategic decisions including information of overall overall risk appetite, company company view strategy and M&A • Focus on analysis, • Periodic review of overall risk interpretation and take-aways profile of the company and its rather than pure data alignment to target risk appetite
Reporting considerations
Reliability
Senior management
Board view • Quarterly package • Annual risk assessment
Decisions supported
Completeness
Board
Main attributes of reports
Reporting structure
18
The bar has been raised for internal audit effectiveness The case for change
According to the OCC’s paper on Attributes of a Strong Internal Audit Function: The challenges facing the internal audit (IA) functions of large banks have increased over the past several years, particularly since the beginning of the financial crisis in 2006. These include: • The complexity and velocity of risk facing the banking system have increased. • Bank products and processes have significantly changed. New bank products and markets are more complex. Enterprise and line of business (LOB) risk management have greatly expanded. Senior Deputy Comptroller Brosnan has stated, “because of the importance of large banks to our economy and the capital markets, we have learned that it is not sufficient to have a ‘satisfactory’ IA function. Today, the expectation is that all large banks need to build and maintain strong IA functions.”
Furthermore, boards and management are expecting internal audit to play a pivotal risk oversight role and be their eyes and ears on the ground.
2012 Financial Services Audit Committee Forum | BCM
19
Key attributes of a high-performing internal audit function The case for change
• Expectations for “block and tackle” compliance-based auditing are met with ease
• Internal Audit is viewed as an independent, trusted advisor to executive level management and the board on risk and control issues • Internal Audit is leading the sharing of best practices across the company • Operating groups regularly call internal audit for perspectives on leading practices • Internal Audit is at the forefront of providing assurance to management regarding the execution of significant company initiatives • Internal Audit is well prepared to pass an External Quality Assessment and targeted regulatory examination • Communication processes have been streamlined by leveraging technology, reducing overall cycle time • Compliance testing is more efficient, reducing overall costs
2012 Financial Services Audit Committee Forum | BCM
20
As audit departments address these heightened expectations, a number of common areas for improvement across the industry are emerging Key trends in internal audit best practices
1.
Dynamic risk assessment and planning
2. Auditing strategic and business risks 3. Continuous monitoring and emerging risk identification 4. Leveraging data throughout the audit lifecycle 5. Convergence with other risk partners 6. Skills assessment and training 7.
Executive and board reporting
8. Audit efficiency
2012 Financial Services Audit Committee Forum | BCM
21
Regulatory update David Sapin (Moderator) Principal, FS Regulatory Practice, PwC
Dan Weiss Principal, FS Regulatory Practice, PwC
Richard Paulson Managing Director, US BCM Practice, PwC
Amanda Cox Director, FS Regulatory Practice, PwC
2012 Financial Services Audit Committee Forum | BCM
22
www.pwc.com/us/banking
© 2012 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.