Shom Bhattacharya

1
"The CRO's Dilemma Keeping Board-Level Risk
Assessment Honest Without Hanging Yourself"
PRMIA

• Shom Bhattacharya
• Group Chief Risk Officer
• Allied Irish Banks, p.l.c.

PRMIA London Chapter 23rd October, 2007
2
AIB Group Profile

• One of two leading Irish banks
• International footprint - UK, USA Poland
• Assets Euro 158 billion
• Market Capitalization Euro 20 billion
• ROE 29 (y/e 12/06)
• 23,000 staff
• Retail, Corporate, commercial, investment
  banking, asset management, trading
• Group CRO reporting to CEO Member Group Exec
  Committee, with one enterprise risk team

2
3
Overview

• Board-level Risk Assessment as part of an
  end-to-end ERM process
• As a Rallying Point in building an
  action-oriented risk agenda
• How to avoid becoming the most unpopular man in
  the bank
• The connection to Capital
• Challenges and Opportunities

3
4
Common Challenges for a CRO

• How do you rally a firm around the Risk Agenda ?
• How do you get engagement and consensus on risk
  issues/priorities across a complex,
  multi-jurisdictional institution?
• How do you engage the Board in a meaningful way
  without over-burdening Non Executive Directors
  with data?
• How do you prove to Regulators that you have
  end-to-end thinking on risk management?
• Tail Risks-how do you get people to take low
  probability events seriously? (e.g., Pandemic)
• Board-level Risk Assessment

4
5
What is Board-level Risk Assessment?

• Many forms and formats content and presentation
• can be varied
• Essential Elements
• Clear Exposition of the Top Risks of the Bank in
  plain English. This is a communication device!
• Simple measurement that many audiences can relate
  to, not just risk professionals
• Bias to Action!
• Assurance to the Board

5
6
What is Board-level Risk Assessment?
6
7
Where does Board-level Risk Assessment Fit in
an ERM Framework?
7
Enterprise Risk Management Framework
8
What is most effective process to build the Risk
Assessment?

• Depends on your firm and the culture of the firm
• How we do it at AIB-engagement with Divisional
  and Functional Management Boards
• SARTS Key Risks Top Risks
• Enterprise Risk Assessment Day (who should attend
  and how is it best conducted)

8
9
3 Examples of Top RisksFor Illustration Purposes
Only (Not a Real Case)

• Credit Risk
• 2. Financial Crime (including Fraud)
• 3. Breach of Regulation or Law

9
10
The Risk Factors

• Severity/Impact
• Probability
• Confidence in Controls
• Residual Risk
• Management Actions/Mitigants
• Change in Economic Capital Usage

10
11
Not a Real Case For Illustration Purposes Only
Scale 1-5 where 5 is High based on Risk
Appetite definition
11
12
Not a Real Case For Illustration Purposes Only
Scale 1-5 where 5 is high based on Risk
Appetite definition
12
13
Not a Real Case For Illustration Purposes Only
Scale 1-5 where 5 is high based on Risk
Appetite definition
13
14
The Link to Capital
Capital not the panacea to all the worlds
problems!
Risk Event
Reserves/ Provisions
Absorption in Earnings Buffer
Mitigation or Risk Transfer Strategies
Capital already Indented
Op Risk Credit Risk Market Risk
(avoid double counting)
Incremental Capital (under ICAAP)
Material Risk Assessment as part of ICAAP
14
15
Striking the Right Balance

• Environmental Factors vs. Internal Factors (e.g.
  risks in trading or markets activities)
• How to explain a Low Confidence in Controls to
  a business or a function
• Role of Economic Capital
• Is this potent in the hands of the Regulator?

15
16
Conclusion

• Board-level Risk Assessment well accepted and
  embedded at AIB
• Vigorous debate and ownerships at divisional
  level
• Feedback and communication back to business on
  enterprise Top Risks is important

16