Professional Documents
Culture Documents
Dolores Atallo
Firm Director, Deloitte
April , 2011
1
Today’s Discussion
Introduction and Session Objectives
Q&A
2
Introductions and Session Objectives
Financial Institutions are facing more pressure than ever before from new
Financial Regulatory Reform and more stringent standards and limitations on
certain business activities.
Part of that increased scrutiny focuses on the new product and strategic initiative
oversight processes, including:
Consideration of regulatory compliance requirements
Creating/enhancing a robust new product process
Drivers of new product opportunities
The role of risk management practices in strategic and new product initiatives
3
New Product Governance
4
Defining a “New Product”
5
New Product Regulatory Guidance and Industry Perspective
Remarks by Federal Reserve Board Governor Susan Schmidt Bies (2004)
•New products include products or services being offered to, or activities being
conducted for the first time in, a new market or to a new category of customers or
counterparties. For example, a product traditionally marketed to institutional
customers that is being rolled out to retail customers generally should be reviewed
as a new product.
•When in doubt about whether a product, service or activity warrants review as a new
product, financial firms should err on the side of conservatism and route the proposal
through the new-product approval process.
6
New Product Regulatory Guidance and Industry Perspective
Standard & Poor’s Rating Criteria and Best Practices ERM For Financial Institutions
•The NPA process should be clearly documented in the risk management policy
handbook and should clearly articulate the steps required for approval.
•There should be a specified time period of no longer than six months after the
transaction is initially approved for trading, after which its reviewed for consistency.
All transactions that go through the NPA process should be documented and tracked
Industry through secure databases and electronic media.
Practices for
New Product •No proposed transaction should be expected to trade without a model validation and
Oversight/ vetting by Risk Management and a clear understand of the risk profile of the
transaction and its implications on the overall risk appetite of the firm and its
Approval reputation.
•The CRO must be a member of the NPA committee and should be granted the
authority to sign off on all transactions. The NPA committee should include senior
individuals from all the decision support areas, namely, Operations, Legal, Tax, Audit,
Accounting, Risk Systems, Risk Analytics, Compliance, and Documentation, as well
as the representatives of the business units.
Source: Standard & Poors, Enterprise Risk Management for Financial Institutions, Ratings Criteria and Best Practices November 2005
7
New Product Regulatory Guidance and Industry Perspective
NASD and FINRA Complex Product Guidelines
Sources: 1 NASD Notice to Members 05-59, “Structured Products - NASD Provides Guidance Concerning the Sale of Structured Products,” September 2005 8
2 FINRA Regulatory Notice 10-09, “FINRA Reminds Firms of Their Sales Practice Obligations With Reverse Exchangeable Securities” February 2010
New Product Regulatory Guidance and Industry Perspective
US Treasury Department Report on Financial Regulatory Reform
Source: US Treasury Department Report on “Financial Regulatory Reform–A New Foundation: Rebuilding Financial Supervision and Regulation” in June 2009
9
New Product Approval Policy: Setting the Tone
10
New Product Approval Policy (Illustrative)
Illustrative
Board of Directors
Policy Requirements
Scope/ Description
Policy Policy Policy *Related Appendices
Roles & Resp. Definitions*
Objectives (Policy Statement & Exceptions* Admin. Polices **
Scope) *New Product Approval Process
Definition of a New
Product Glossary NPA Form
Listing of
Approved
Products
11
The Role of the New Product Approval Committee (NPA)
The NPA Charter should reflect the objectives, scope of authority, duties and
practices of the Committee and can include the following components:
• Committee Authority
• Decision vs. Information
• Duties
• Committee Protocols
• Agenda
• Minutes
• Meeting frequency
• Membership (Voting and Non-voting)
Illustrative
Approve/Ratify Establish
NPC Charter
13
New Product Approval: Supporting the Business Case
• Define sponsorship process for submission
– Who can submit a new product for approval?
– What documentation is required?
• Assess profitability
– Key Metrics
• Cost to market, Capital impact, Projected P&L
• Approval authority
– Role and responsibilities
• NPA Committee, Senior Management, Board of Directors
14
New Product Approval Form (Illustrative)
Product/Initiative Description
Describe the product/initiative:
Describe the Strategic Objectives of the product/initiative?
What process changes are being impacted by this product/initiative?
What people changes are being impacted by this product/initiative?
What technology changes are being impacted by this product/initiative?
Risk Summary
# Risk Risk? Provide brief explanation below for both No and Yes:
Category
• Final Approval
Upon the recommendation of the New Executive Management Committee BOD
Product Committee, approves new (Approval)
products and services to be offered Final
• Recommendations for Approval Approval
Oversees the New Product Approval New Product Recommended for Approval For Some
New Products
Process/Policy
Reviews New Product documentation
to ensure full evaluation of risk is
performed.
Makes Recommendations on New
Products to Enterprise Risk Committee.
Risk leaders sign off after vetting of New Product Committee
new product and New Product Committee (Review and Approval)
meeting is complete.
• Completion of New Product Form
Works with business line to solicit input
on potential benefits and risks of new SBU Introduces New Product
product.
Should ensure that all necessary
documentation is collected and
researched to complete New Product
Form.
Sponsoring Business Unit
(Pitches New Product)
17
Drivers/Triggers for the New Product Approval Committee
• New Regulation, i.e.:
– Dodd-Frank Act
• The “Volcker” Rule
– Will cause banks to exit certain proprietary businesses/products
• Compensation and Governance
• Living Wills/Basel III
– Capital Impacts of products and services
18
Critical Success Factors for a Robust New Product Approval Process
• The Board of Directors should ratify product changes and in cases of changes in
strategy have approval authority.
19
Strategic Initiative Oversight
Strategic Risk Oversight Key Considerations
• Recognize strategy, strategic planning and assessment as an on going cycle
– Build in touch points
• Integrate existing risk practices into the strategic planning and assessment
process
– Consider risk by category
– Establish metrics/limits for on going monitoring
– Align strategic initiatives with committee oversight
21
Strategic Risk Management Considerations
Use of scenario analysis and stress testing which flow into an early warning system and a
Extreme event disaster and contingency plan
management
Ability to mitigate risk and keep an adequate amount of catastrophe reinsurance
Risk and economic Capacity to develop and use accurate risk and economic models
capital models Capability to validate the data and results of these models
22
Risk Assessment of Strategic Business Objectives and Initiatives
Key activities
Review 3-5 year business plan, Based on information gathered, create Develop likely and worst case
business objectives, company goals customized and company-specific risk scenarios from key external
and strategies profile risks
Gather research, documents, to identify Develop risk ranking criteria (impact, On going discussion to
potential strategic initiatives vulnerability, speed of onset) prioritize key strategic and
Document and prioritize strategic emerging risks for scenarios
initiatives Develop monitoring roadmap
for tracking strategic initiatives
milestones and periodic status
reporting
23
Tools For Assessing Strategic Risk
• Peer Benchmarking
• Consider performing a benchmarking analysis against industry peers
• Executive Workshops
• Identify risks against strategic objectives
• Critically evaluate strengths and weakness and target weakness
• Reassess regularly
• Top down risk assessment
• Identify and prioritize top 10 risks to the organization to achieving objectives
• Scenario analysis
• Stress test business plans for relevant threat scenarios (e.g., economic downturn, cat and large losses,
competitive pressures, etc.)
• ERM’s should focus on preparation of risk mitigation strategies that are designed to support senior
management’s business plan
• Work closely with the finance and investment and functions to demonstrate the sensitivity of business plans to
external factors, underlying assumptions and unanticipated variance in assumptions.
• Provide research and analysis on external trends that would inform senior management decision making
regarding areas of growth or investment
• Risk Selection
• Assess and react to short term and long term market conditions to choose which risks to take and which to retain:
• Consider using Risk Reward analysis or just combined ratio targets
• Cycle Management (Credit, Interest Rate or Equity Market Cycles)
• Strategic trade-offs in Investment Selection
• Assess risks based on risks embedded in products
• Recognize long term view of risk adjusted returns of investment choices
24
Enterprise Risk Management can Facilitate Strategic Risk
Oversight and the New Product Approval Process
Management actions
Risk/Reward frontier
• ERM processes can be used to assess how specific
management actions move the company on the
Reward
risk/reward frontier:
– Providing a cost benefit analysis of specific risk
mitigation activities
– Determining the set of activities to be deployed
in the event of an extreme risk event
Risk
= same reward with lower risk Capital allocations
= higher reward with same risk
• Management can use ERM to determine the most
= higher reward with appropriately
efficient allocation of capital across the organization:
higher risk
– Using models to determine necessary levels of
Strategy capital to support each business and its risk
• ERM provides a framework for assessing the
benefits and risks of various strategic decisions: Communication
– Identifying the potential risks inherent in a new • The insights gained through robust ERM practices
strategy allow management to communicate more effectively
– Determining the changes in control frameworks, about risk:
governance, and reporting required to support a – Designing clearer and more informative risk
new strategy disclosures that go beyond the minimum
– Measuring the impact of strategic decisions on requirements to better inform stakeholders
company value on a risk-adjusted basis – Developing more robust risk reporting
frameworks 25
Questions & Answers
Presenter Biography
Dolores Atallo is a Firm Director and a tenured leader in the Governance Risk And Regulatory Strategy financial services
practice focusing on Enterprise Risk Management (ERM), Corporate Governance, Enterprise, Credit and Operational Risk.
Currently, she is the Co-Lead of the Deloitte Financial Reform Center of Excellence and the US Leader for Living Wills. She
also serves as the National Relationship Leader for the Federal Home Loan Bank System.
Dolores has extensive experience assisting clients in building, enhancing and integrating their risk management practices
from the Board of Directors to the business process level. She advises the firm’s financial services clients on full life cycle
risk management projects, by designing and enhancing ERM programs that assess risk as business impact and analyze
opportunities to efficiently leverage risk, control and compliance initiatives. In this role, she advises board members and
senior management in matters of governance practices, committee charters and structures, articulation of risk appetite,
thresholds, metrics and risk program branding, linkage to strategy, cultural integration and program implementation,
including training and facilitation.
Prior to joining Deloitte & Touche in 1996, Dolores was a charter member of Coopers & Lybrand’s In-Control Services
Practice, an early adopter among the Big Four to focus on the linkage between governance, risk management, internal
controls and regulatory compliance. She specialized in risk management and regulatory services for the financial services
industry and also served as the global leader for COSO training.
Dolores speaks and publishes extensively on topics related to enterprise risk management most recently for the Federal
Financial Institutions Examination Council (FFIEC), Fiduciary Investment Risk Management Association (FIRMA), the
Professional Risk Managers International Association (PRMIA) and International Financial Services Association (IFSA).
27
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering
accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a
substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may
affect your business. Before making any decision or taking any action that may affect your business, you should consult a
qualified professional advisor.
Deloitte, its affiliates and related entities shall not be responsible for any loss sustained by any person who relies on this
presentation.
A member firm of
Copyright ©2011 Deloitte Development LLC. All rights reserved. Deloitte Touche Tohmatsu 28