hml risk transformation
TRANSCRIPT
Service range
• Financial services prime
and subprime UK residential
mortgages.
• RSS2- rating special
servicing
• Over £43bn residential and
commercial mortgages
currently under management
in UK and Ireland
• 1,300 employees based
across 3 UK sites, including
a 450 seat call centre
handling up to 13,000 calls
per day
© HML 2010. All rights reserved. 4
Journey
“The greatest antidote to worry….is preparation.
The more you try to envisage what might happen
and what your best response and options are, the
more you are able to allay your fears for the
future.”
John Glenn, Astronaut
We recognised that there were gaps in our approach to
Operational Risk Management…..
•Silo operational risk
processes.
• Key Risks identification
disconnected from
performance & objectives
• KRI’s definition – partial
• Policy documents –
limited governance and
assurance
• Lack of enabling
technology
• Poor alignment to strategy
Our approach, closed gaps and enabled us to meet our
challenges...
• Increased resources for
assurance activity and “deep
dive” work
• Risk integrated with Strategy
• Comprehensive set of Key
Risks & Controls
• Robust enabling technology to
support the risk management
framework
• Comprehensive policy suite
• Maturity model &
effectiveness BSC to set
change agenda
9 © HML 2010. All rights reserved. © HML 2010. All rights reserved. 9
Risk Management
Remember that all models are wrong; the
practical question is how wrong do they have to
be to not be useful.”
George E. P. Box ( Statistician)
Risk Role in HML’s Strategic Execution
10
To provide excellence in risk management to support the sustainable
achievement of HML’s strategic objectives within its defined risk
appetite.
ADVICE OVERSIGHT CHALLENGE
Oversight, Challenge & Functional Leadership
Passionate focus on supporting
business excellence
Continuous improvement in risk
management practices
Business focused advice and
oversight which adds value
Delivered through highly skilled and positively motivated risk people, within an overall approach respected and valued by the business.
Risk Management Approach
Risk Management Systems and Controls reduce risk, minimise losses and provide peace of mind
that a robust and effective control framework is in place.
The HML enterprise wide risk framework and supporting structure is designed to promote a risk aware culture and to help ensure that effective procedures are in place to identify, assess, measure and monitor risk across HML. The objective is to provide:
Clear accountability for the management
of risks.
Independent oversight and
challenge of the management of risk
Integration of risk management as part
of day to day business
11 © HML 2009. All rights reserved.
Focus on integrated Governance, Risk & Compliance
© HML 2009. All rights reserved. 12
RISK Extent of uncertainty around achievement of business objectives. Risk management being the process of identifying, sourcing, measuring, mitigating and monitoring risk. Purpose being to: - reduce to acceptable level variability in pursuit of opportunities - minimising impact of extreme events - take prudent risks that HML can manage successfully as it creates value.
GOVERNANCE Process by which ELT & SLG set overall business objectives and oversee progress towards those objectives.
COMPLIANCE Process that ensures HML adheres to its internal policies, and that policies and procedures established to comply with applicable laws and regulations are performing as intended.
Internal Environment
Objective Setting
Aligned activities
Control activities
Info & communication
Monitoring
Event identification
Risk assessment
Risk response
Risk Identification and Assessment
The ERM framework is used to understand the links between what we want
to do, what could stop us, and how we manage and monitor performance.
All the data is held in our bespoke software solution ‘Insight’.
13
Performance Risk Controls Indicators
Key Risks Objectives Key Controls Key Indicators
What are we trying to achieve?
What threats will stop us achieve our objectives?
What process do we need to control and what is the
right level of control?
How do we monitor changes in performance, risk and controls
effectiveness?
Control Effectiveness
The Control Self Assessment (CSA) quarterly certification process was
introduced in Q4 2009
The process involves all key controls across all divisions being reviewed,
capturing:-
• the control purpose
• an assessment of the effectiveness of the control
• documentation of proof to support the certification
14
Key Controls
Certification
-Type
- Assessment score
- Expected performance
-Certified effectiveness
- Improvement action
Line 1 challenge
Line 2 validation
Direct Operational Losses by Year
• The improvement in performance is
illustrated and there has been a 93%
reduction in the value of losses that have
occurred during 2010 compared with
those that occurred during 2008.
• From 2007, there has been a 56%
reduction in the volume of losses that
occurred during 2010 compared with
those that occurred during 2008. In
addition, the severity of losses has
reduced over the years and, for the
losses that occurred during 2010, 97% of
the volume of these were for individual
amounts that were less than £1k.
The graphs opposite show the operational
losses paid out from January 2007 - September
2011, by value and volume in the year the error
occurred.
Audit Actions
The graphs are based on all issues
raised from internal audits, external
reviews and internal compliance and
assurance reviews
The percentage of issues that are rated
Significant / High risk has decreased
year on year since 2008. In 2008 24%
of issues were rated Significant or High.
This reduced to 14% in 2009 and again
to 10% in 2010. So far in 2011 the % of
high issues stands at 5% of the total
issues added.
The percentage of issues rated medium
risk has also decreased from 48% in
2008 to 45% in 2011.
17
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2008 2009 2010 2011
% of issues added each year by Grade
Low / Efficiency
Medium
Significant / High