reporting - Blog - Global Risk Community2024-03-28T13:24:44Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/reportingThe Evolution of Governance Reportinghttps://globalriskcommunity.com/profiles/blogs/the-evolution-of-governance-reporting2019-12-12T02:24:10.000Z2019-12-12T02:24:10.000ZGlobalRiskCommunityhttps://globalriskcommunity.com/members/GlobalRiskCommunity<div><table style="color:#222222;font-family:'lucida grande', tahoma, helvetica, arial, sans-serif;font-size:12px;font-style:normal;font-weight:normal;letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;" width="98%" cellspacing="0" border="0">
<tbody><tr><td style="font-family:Roboto, RobotoDraft, Helvetica, Arial, sans-serif;margin:0px;" width="100%" bgcolor="#FFFFFF"><div><table width="100%">
<tbody><tr><td style="font-family:Roboto, RobotoDraft, Helvetica, Arial, sans-serif;margin:0px;"><p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;"><a href="https://www.blueprintoneworld.com/" target="_blank" style="color:#1155cc;"><img src="https://ci5.googleusercontent.com/proxy/bLN0U9M3ymBe6oEeutTyiUrEhv3iaaoSUkI02W58eY3gSlplk0dRh8FI7MHWd4m2JEZkVlWZoA7v2QGx33lSYbgwuFGgwSxf51BAv17OwbjgpzrnKEgGqkCvMvPnhr_BRPJbslI=s0-d-e1-ft#{{#staticFileLink}}8028310066,original{{/staticFileLink}}" class="CToWUd" alt="8028310066?profile=original" /></a></span></p>
<p style="margin-bottom:.5em;margin-top:0px;"></p>
<p style="margin-bottom:.5em;margin-top:0px;"></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;">Dear Global Risk Community Member,</span></p>
<p style="margin-bottom:.5em;margin-top:0px;"></p>
<p style="margin-bottom:.5em;margin-top:0px;"></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;">There are few people more central to how an organization runs than those responsible for managing the corporate record.</span></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;">Yet, as organizations have become increasingly international, as they build complex subsidiary structures that need closer attention, and as the compliance burden and risk potential has grown, the roles of those responsible haven’t necessarily evolved.</span></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;">Download “<strong>The Evolution of Governance Reporting</strong>” to discover how with robust reporting through the right governance technologies, your team can better prepare for:</span></p>
<ul style="margin-bottom:.5em;margin-top:0px;">
<li style="margin-left:15px;"><span style="font-size:12pt;">Increased scrutiny</span></li>
<li style="margin-left:15px;"><span style="font-size:12pt;">The demand for transparency</span></li>
<li style="margin-left:15px;"><span style="font-size:12pt;">Changing shape of responsibilities</span></li>
<li style="margin-left:15px;"><span style="font-size:12pt;">Impact of artificial intelligence and machine learning</span></li>
</ul>
<p style="margin-bottom:.5em;margin-top:0px;"></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;"> <a href="https://insights.diligent.com/white-paper/evolution-governance-reporting-corporate-secretaries/?utm_source=globalriskcommunity&utm_medium=emailrental&utm_campaign=globalriskcommunity3&utm_content=whitepaper" target="_blank" style="color:#1155cc;">Download Now!</a></span></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;"> </span></p>
<p style="margin-bottom:.5em;margin-top:0px;"><span style="font-size:12pt;"> <a href="https://insights.diligent.com/white-paper/evolution-governance-reporting-corporate-secretaries/?utm_source=globalriskcommunity&utm_medium=emailrental&utm_campaign=globalriskcommunity3&utm_content=whitepaper" target="_blank" style="color:#1155cc;"><img src="https://ci5.googleusercontent.com/proxy/kSosSExR_ZlUqMQL4W6-Hcq5iL3TZiwrwbcy0AFgCVMRGmiQdgs3mQuaj5rSbwsbMy085J8_UUe2o7wO7K0kJ-OtjM2-NOVEX6awRtiHRgAbgrFtGQnLedp5JcM0tD3B4DpfmsU=s0-d-e1-ft#{{#staticFileLink}}8028310291,original{{/staticFileLink}}" class="CToWUd" alt="8028310291?profile=original" /></a></span></p>
<p style="margin-bottom:.5em;margin-top:0px;"></p>
<p style="margin-bottom:.5em;margin-top:0px;"> </p>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table></div>Flexible Risk Assessments and Effective Reporting in the Banking Industryhttps://globalriskcommunity.com/profiles/blogs/flexible-risk-assessments-and-effective-reporting-in-the-banking2019-04-22T18:00:00.000Z2019-04-22T18:00:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h6><span style="font-size:14pt;">The banking industry is perceived as the most advanced in their understanding and implementation of risk management. Although banks have indeed made huge progress in risk management, two areas all banks can improve is the structure used in conducting their assessments to enable actionable and insightful strategic reporting.</span></h6></div><div class="fusion-separator fusion-full-width-sep sep-none"></div><div class="fusion-text"><p><a href="{{#staticFileLink}}8028296299,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8028296299,original{{/staticFileLink}}" width="350" class="align-right" alt="8028296299?profile=original" /></a>I’ve found that the understanding and implementation of risk management is driven not by industry or size of institution, but rather by its people: boards, executives, their teams and front-line managers keeping their organizations on track to achieve their goals and preventing missteps and scandals in the fast-paced age of the See-Through Economy.</p><p>In an effort to give these two groups some insight into how they can accomplish this, I presented at two conferences for risk managers in the financial industry on new best practices and emerging trends. At the<span> </span><a href="https://www.aba.com/Training/Conferences/Pages/riskmanagement.aspx">American Banking Association’s 2019 Risk Management Conference</a><span> </span>in Austin, TX, I presented on how attendees could get more out of cross-functional risk assessments. A short day later, I dove into effective board reporting at the<span> </span><a href="https://landing.rmahq.org/gcorxiii">Risk Management Association’s GCOR XIII Conference</a><span> </span>in Cambridge, MA.</p><p>In this blog, I’ll recap some of the highlights of these two important, intimately related topics. I’ll also pass along the tools I showed to each session’s attendees to give you a head start on implementing these tips for<span> </span><a href="https://www.logicmanager.com/erm-software/operational-risk-management-software/banks/https://www.logicmanager.com/erm-software/2019/04/22/banking-risk-assessments-reporting/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">risk management in the banking industry</a>.</p><p> </p></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h2><strong>Goals and Challenges in the Banking Industry</strong></h2></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-separator fusion-full-width-sep sep-none"></div><div class="fusion-text"><p>Attendees of ABA and GCOR alike have similar goals and challenges in the financial industry. So first, what are these goals? Protect your bank by identifying, mitigating, and monitoring risks before they manifest and identify new opportunities and capital efficiency.</p><p>What’s the challenge? Today, there’s a lot to protect your bank from – data breaches, reputational damage, non-compliance, a recession, and so much more. So the challenge, in a word, is complexity.</p><p>To paint a small picture of this complexity, think about the main regulatory body your bank has to align with and how many different risk categories they define. What I’ve seen time and time again is banks trying to put together different risk assessments to match up with all these different categories – the FFIEC’s 6 risk categories, the OCC’s 9 risk categories, etc.</p><p>The problem with this approach is if you take one of these categories, say Reputation Risk, and try to ask someone in IT to fill out a risk assessment on this category, they won’t know where to begin. They can only speak to what they know, and most IT professionals haven’t made the connection between what they know and reputation risk.</p><p>A better approach is to attract as many as you can with honey. The honey in this case is cross-functional risk assessments.</p><p> </p></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h2><strong>Get More out of Cross-Functional Risk Assessments</strong></h2></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-separator fusion-full-width-sep sep-none"></div><div class="fusion-text"><p>With cross-functional risk assessments, you’ll be able to gather, re-aggregate, and report on all the information you need to protect your business from a myriad of risks.</p><p>First, my presentation is summarized in our eBook<span> </span><a href="https://www.logicmanager.com/download-better-risk-assessments-financial-ebook/https://www.logicmanager.com/erm-software/2019/04/22/banking-risk-assessments-reporting/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">“5 Steps for Better Risk Assessments: A Special Edition for the Financial Industry,”</a><span> </span>so feel free to download a free copy for an in-depth recap.</p><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><p>For the purposes of this blog, however, I’d like to reiterate three things:</p><p><strong>1) The key to cross-functional risk assessments is taking a multi-disciplinary approach.</strong><span> </span>Risk management is in every employee’s job title, whether they know it not. Having their engagement in the risk assessment process is crucial to achieving an attract-with-honey effect.<span> </span><a href="https://www.logicmanager.com/download-risk-based-approach-wheel/https://www.logicmanager.com/erm-software/2019/04/22/banking-risk-assessments-reporting/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">Download the Risk-Based Approach Wheel I showed ABA attendees here.</a><span> </span>Use it to connect with other professionals in your organization like Audit or Compliance by starting with their priorities and working your way around the risk management cycle from their most preferred starting point<u>!</u></p><p><strong>2) Rethink your risk assessment categories.</strong><span> </span>Instead of creating risk assessments with categories that align specifically with FFIEC or OCC categories, use standards in scoring, naming conventions, and risk libraries to organize them by key departments, key products and services, and key regulations. This way, you’re talking to people about what they know best and getting the most accurate information with the accountability for those risks attached.</p><p><strong>3) Re-aggregate risk assessment information to align with big regulator risk categories and more</strong>. With a<span> </span><a href="https://www.logicmanager.com/erm-software/product/risk-taxonomy/">taxonomy</a><span> </span>in place, and by using the standards from #2 above, you can categorize one risk in multiple ways. Let’s say the Marketing Manager identifies someone hacking into the website as a risk. This would be simultaneously categorized as a marketing risk, an external risk, and a reputation risk (one of the OCC’s main categories).</p><p> </p></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last fusion-blend-mode 1_1"><div class="fusion-column-wrapper"><div class="fusion-text"><h2><strong>The Why, How, and What of Effective Board Reports</strong></h2></div></div></div></div></div><div class="fusion-fullwidth fullwidth-box nonhundred-percent-fullwidth non-hundred-percent-height-scrolling"><div class="fusion-builder-row fusion-row"><div class="fusion-layout-column fusion_builder_column fusion_builder_column_1_1 fusion-one-full fusion-column-first fusion-column-last 1_1"><div class="fusion-column-wrapper"><div class="fusion-separator fusion-full-width-sep sep-none"></div><div class="fusion-text"><p>Item number three above has everything to do with developing a flexible reporting structure. With such a structure, you can take any piece of information you’ve gathered from across the enterprise and dig into it in a multitude of ways. This requires an interrelated and standardized structured approach called a “taxonomy”.</p><p>Above we talked about how aligning with the main regulatory bodies adds complexity to managing risk in the financial industry. Another faction of this complexity is aligning with strategic goals set by the board. So, not only are risk managers juggling hundreds of regulations, they also have the board and others calling on them for evidence that their ERM program is effectively supporting the goals they set for the company.</p><p>Risk managers may not at first realize the massive amounts of information already on hand throughout their bank covering all areas of the organization down to the front lines. Without standards and taxonomy to link and relate all the connections across that information, it can be very challenging to portray how operational activities also align with the business’s greater strategic goals. Historically, boards of directors and senior leadership have struggled to engage with risk managers because information is typically not collected and distilled in the most effective way. The boards want to see the bottom line: how risk management is supporting their strategic objectives.</p><p>I’d like to give you a few tips on how you can overcome this challenge and paint the big picture for the board, while distilling this information into a digestible yet insightful format.</p><p>First, the taxonomy I describe above is a great tool for aggregating risk in many different ways. With a flexible categorization structure in place, you can pull reports on risks tied to different departments, products, regulations, or even strategic goals. The board wants concise deliverables providing evidence that the appropriate risk management controls are in place and that they are effective over the risks they are designed to mitigate. They also want to know that these risks are monitored, so that they won’t be the next name in the headlines.</p></div></div></div></div></div><p>Another tip to keep in mind, is to collect information in a way that enables your reports to be flexible. Compiling enterprise-wide risk into<span> </span><a href="https://www.logicmanager.com/erm-software/product/dashboard-reports/https://www.logicmanager.com/erm-software/2019/04/22/banking-risk-assessments-reporting/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">strategic dashboards</a> gives the board a comprehensive look at the “why” of an aggregated view of risk and its implications, and also provides the flexibility to drill into individual risks all the way out to the front-business lines where the risks are known. They are strategic in that the information in the dashboard can be dynamic but the presentation framework remains the same so that board members can quickly zoom in on the insights they need without needing to interpret the structure of how the data was gathered or changing the presentation style that is being used. The board doesn’t need to be overwhelmed with all of the risks at the business activity level, but it is best to have the option to dig deeper and re-aggregate information within the report.</p><p>Once the board has a clear view of their organization’s risk, they can rest assured that your risk management program has their strategic organizational goals in mind. As a result, the board will continue to provide the necessary support for your program.</p><p><span>It was an honor presenting at the ABA and RMA GCOR XIII Conferences, where I got to share and learn from risk professionals in one of the most advanced industries in the risk management fields. I hope attendees, and new readers, found these tips and tools useful!</span></p><p><strong><em>This article was originally posted on <a href="https://www.logicmanager.com/erm-software/2019/04/22/banking-risk-assessments-reporting/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic" target="_blank">LogicManager.com</a></em></strong></p></div></div></div></div></div></div>The Highlights of IMPACT 2017https://globalriskcommunity.com/profiles/blogs/the-highlights-of-impact-20172017-11-29T18:33:22.000Z2017-11-29T18:33:22.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><a href="{{#staticFileLink}}8028266261,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028266261,original{{/staticFileLink}}" class="align-left" alt="8028266261?profile=original" /></a>LogicManager recently hosted IMPACT 2017, our annual ERM conference where risk professionals gather to share their challenges, successes, and insights in the risk management industry. For two days, LogicManager users lead educational sessions on how they’ve made vast improvements to their various risk and governance programs, such as third-party risk management, compliance, audit, and more.</p><p>This year, we heard from a particularly diverse group of experienced professionals hailing from Boston to Hawaii in industries such as banking, energy, and healthcare. While each attendee’s company and program were unique, their advice was universal to developing a strong ERM program that protects, adds values, and drives success.</p><p>Among the countless moments of knowledge sharing, there were a few highlights that stood out to me throughout IMPACT 2017:</p><p></p><h2><strong>Highlight 1: Reputation is everything in today’s see-through economy</strong></h2><p>I opened the conference by addressing an undeniable trend: our <a href="https://www.logicmanager.com/erm-software/2017/11/10/shift-grc-consumers-reputation-ethics/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">see-through economy</a>. Empowered by social media and ever-advancing technologies, consumers have the means to monumentally impact a company’s reputation. This is of serious consequence to the business world considering intangible assets, such as brand and reputation, account for <a href="https://www.forrester.com/report/GRC+Vision+20172022+Customer+Demands+Escalate+As+Regulators+Falter/-/E-RES136452">87% of the net worth of the S&P 500</a>.</p><p>Instead of treating risk management as a means to meeting hard and fast regulations, the CEOs and Boards of every company will need to build their ERM programs in a way that manages reputational risk. This means listening and responding to the needs of customers, not just regulators.</p><p>This theme resonated with many IMPACT attendees. For example, our third-party risk management panelists unanimously agreed that while you can outsource a process, you can’t outsource its risk. Equifax served as a poignant example of companies failing to properly manage their third parties, and suffering immense reputational consequences because of it.</p><p></p><h2><strong>Highlight 2: The increasing importance of cybersecurity</strong></h2><p>Events like <a href="https://www.logicmanager.com/erm-software/2017/05/16/methods-protect-ransomware-attack/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">WannaCry</a>, <a href="https://www.logicmanager.com/erm-software/2017/09/13/equifax-data-breach-point-of-no-return/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">Equifax</a>, and countless other breaches in recent months have awoken companies to the importance of managing cybersecurity risk. I delivered my opening keynote at IMPACT 2017 on the topic of <a href="https://www.logicmanager.com/watch-webinar-manage-cybersecurity-risks/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">operationalizing cybersecurity</a>, that is, aligning the policies you have in place with the risk and procedures that are carried out across the enterprise to manage and report on that risk.</p><p><a href="{{#staticFileLink}}8028266292,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028266292,original{{/staticFileLink}}" class="align-right" alt="8028266292?profile=original" /></a>Many think that more technology is needed to protect their organizations. But if you look at recent events, technology is rarely the root cause of a cyber-related scandal. 81% of breaches leveraged weak or stolen passwords, and only 20% of employees will strengthen their passwords after training. The same is true for following-through on patching, asset management, access rights, and other governance activities with risk-based task management, monitoring and reporting. The weak links in our corporations are now the people, policies, and procedures.</p><p>Fortunately, many attendees spoke towards how they’ve been able to identify gaps between their policies and procedures, and consistently improve their cybersecurity measures.</p><p>Some users shared their experience in the aftermath of <a href="https://www.logicmanager.com/erm-software/2017/09/21/equifax-data-breach-what-businesses-should-be-doing-in-the-aftermath/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">Equifax</a>, which was a big concern for their Boards. One attendee explained how it was important to anticipate the concerns of Board members using LogicManager to gather existing data across many departments and to address those concerns, such as which personnel were impacted, who has access to critical company data, and what their authentication procedures are.</p><p></p><h2><strong>Highlight 3: How to engage the Board of Directors</strong></h2><p>Perhaps one of the hottest topics of discussion at this year’s ERM conference was how to present information to the Board so they can make strategic, risk-based decisions.</p><p><a href="{{#staticFileLink}}8028265686,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028265686,original{{/staticFileLink}}" class="align-left" alt="8028265686?profile=original" /></a>A lot of the advice came down to <a href="https://www.logicmanager.com/erm-software/product/dashboard-reports/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">reporting</a>. One attendee shared that she went from presenting her Board with a 15-page report of the company’s top 25 risks to presenting a 2-page report with the top 10 risks and a heatmap using LogicManager. Many attendees agreed that their reports are easier to read and act on when they incorporate high-level summaries, graphs, and dashboards.</p><p>When <a href="https://www.logicmanager.com/ebook-presenting-erm-to-the-board/?utm_source=GlobalRisk&utm_medium=referral&utm_campaign=Referral%20Traffic">engaging the Board</a>, one presenter said, you have to present risk in a way that resonates with their concerns. The consensus was risk managers need to take the time to understand what matters to their boards, what their goals are, and ultimately, how risks in every area of the business impact those goals.</p><p>One user agreed that although “building tone-at-the-top support is essential” for building an effective, sustainable ERM program, providing actionable results each 90 days is an expected return. Others shared their tips for building this support. One attendee advised creating an analogy between sports and risk management to make the topic more relatable. Another mused over the idea of showing a slide with nothing more than a banana peel on it as an ice breaker to get the conversation started!</p><p></p><h2><strong>Highlight 4: Tips for ERM implementation</strong></h2><p>IMPACT 2017 attendees were in various stages of implementing ERM programs at their companies. Those in the later stages were a great resource for those in earlier stages.</p><p>Here are some of their top tips:</p><ol><li>Have a plan. Start and finish one project at a time. Don’t take on too many tasks right away, and carry your first initiative through to completion.</li><li>Begin with one governance area. When other departments see what you’ve done, they’ll want to be a part of it.</li><li>Consider engaging select leaders, who will then be happy to train others.</li><li>Get to know your business from the inside.</li></ol><p>This last point was presented in a particularly interesting fashion. One presenter compared getting to know a business area to the animated film “How to Tame Your Dragon.” The presenter said, “Once you find out dragons are like puppy dogs, your world is forever changed.”</p><p>The parallel here is that many employees operate in silos, unaware that there are other silos surrounding them, seemingly isolated, but in every way connected to their own. Understanding how the business really works, how these silos are connected, and how they roll up to achieve the company’s core objectives is at the heart of implementing a successful ERM program.</p><p></p><h2><strong>Highlight 5: LogicManager: Looking Ahead</strong></h2><p><a href="{{#staticFileLink}}8028266097,original{{/staticFileLink}}"><img width="350" src="{{#staticFileLink}}8028266097,original{{/staticFileLink}}" class="align-right" alt="8028266097?profile=original" /></a>IMPACT 2017 closed with a look towards the future of LogicManager in 2018 and beyond. The team presented some exciting enhancements to the product inspired by advances in Artificial Intelligence (AI), Robotic Process Automation (RPA) and Business Intelligence (BI) technology and our customers’ needs.</p><p>We gave a live demonstration of the platform’s future, including visibility rules, automation rules, a UI face lift, and more. The goal of these enhancements is to continue to streamline the data collection process, automate manual activities, and make the user experience more intuitive than ever. I speak for all of LogicManager when I say that we’re excited to share more about these advances in future posts and press.</p><p></p><h2><strong>Highlight 6: A unique learning opportunity</strong></h2><p>Perhaps our favorite takeaway from IMPACT 2017 is that our customers saw this conference as a unique learning opportunity. IMPACT is by risk managers, for risk managers. It’s a place for our users to come together and encourage each other to improve.</p><p>As one attendee put it, GRC is a hard, often thankless profession. But IMPACT is a place where risk professionals can collaborate and remind each other that they really are laying the groundwork for a better tomorrow.</p><p>We couldn’t be more excited to hear more insights from our customers at IMPACT 2018!</p></div>"Help! I've got this document to write..."https://globalriskcommunity.com/profiles/blogs/help-i-ve-got-this-document-to-write2016-06-29T12:38:37.000Z2016-06-29T12:38:37.000ZJulian Maynard-Smithhttps://globalriskcommunity.com/members/JulianMaynardSmith<div><p>As a risk professional, you're under a lot of pressure to write documents. Maybe it's a methodology manual, validation report, or other document you’re expected to write for your regulator; a status report for the board; or even that very important email. Whatever it is, some of the following worries probably sound very familiar to you:</p><p>"I've got to write a report and I don't know where to start - what's the best way to do it?"</p><p>"It's taking me ages to edit this Word document - aren't there some clever shortcuts?"</p><p>"I can never find stuff because our shared folder's a nightmare - isn't there a better way to organise our documents?"</p><p>For answers to all these worries, check out the posts at:</p><p><a href="http://www.linkedin.com/today/author/julianms">www.linkedin.com/today/author/julianms</a></p><p>And if you want more advice or staff training, I'll be delighted to help you: if we're already connected on LinkedIn just send me a message that way; and if we're not, feel free to connect by sending an invitation to jfmaynardsmith@gmail.com.</p></div>marcus evans to host the FATCA and Global Tax Compliance Forum for a 4th Yearhttps://globalriskcommunity.com/profiles/blogs/marcus-evans-to-host-the-fatca-and-global-tax-compliance-forum2015-08-31T21:00:00.000Z2015-08-31T21:00:00.000Zmarcus evans N.A. Conferenceshttps://globalriskcommunity.com/members/marcusevansNAConferences<div><p><i>This annual conference provides global tax compliance experts with insight on adopting an internationally accepted standard of tax transparency and compliance.</i></p><p><i> </i></p><p><b>New York City, NY – July 29, 2015</b> <i>–</i> <b>marcus evans</b>, the world’s largest event management group, will host the <b>4th FATCA and Global Tax Compliance Forum</b> on November 4-6, 2015 in New York City. This year's conference will allow for the exchange of valuable insights and strategies to implement new systems to manage reporting demands, create structured reporting frameworks, and anticipate the developments of the Common Reporting Standard in the multinational tax compliance arena.</p><p> </p><p><b>Previous attendees include:</b></p><p>US Internal Revenue Service, Goldman Sachs, Deutsche Bank, BNY Mellon - Corporate Tax, M&T Bank, Quontic Bank, Fidelity Investments, LLC, The Hartford Financial Services Group, Barclays Capital, UBS Investment Bank, The Guardian Life Insurance Company of America, and many others</p><p> </p><p><b>Building Off of Past Years’ Success, the 4th Annual Conference will enable you to:</b></p><ul><li><b>Streamline</b> compliance initiatives by transitioning from a bilateral to multilateral tax cooperation</li><li><b>Leverage</b> international channels of communications to provide an up-to-date commentary on any changes in regulations</li><li><b>Improve</b> system interoperability to reduce reporting errors</li><li><b>Adopt</b> and maintain different reporting schemas, along with their validation rules, to remain up to date with global frameworks</li><li><b>Overcome</b> legal impediments and reduce burdens for Cayman Islands-based financial institutions (FIs) through an intergovernmental approach to FATCA implementation</li></ul><p> </p><p><b>Featuring Case Studies from Leading Professionals, including:</b></p><p>Kevin V. Sullivan, Director - Head of U.S. Information Withholding & Reporting, FATCA and QI Advisory, <b>BNP Paribas S.A.</b></p><p>Méhul Thakkar, Vice President, Corporate Tax, <strong>BNY Mellon</strong></p><p>Nicole M. DeSantis, Senior Vice President/Associate General Counsel, <b>Rabobank, N.A.</b></p><p>Dana Flynn, Group Tax Director, Tax Counsel, <b>UBS AG</b></p><p> </p><p><b>For more information on this conference or to get a complete list of speakers, sessions or past attendees, visit the conference</b> <a href="http://www.marcusevans-conferences-northamerican.com/marcusevans-conferences-event-details.asp?EventID=22353&SectorID=37&utm_source=GRC&utm_medium=PR&utm_campaign=22353_GRC_PR#.VeTBaPlViko" target="_blank">website</a><b>, or email Nicolette Fiordirosa, Marketing & PR Coordinator at</b> <a href="mailto:nicolettef@marcusevansch.com"><b>nicolettef@marcusevansch.com</b></a></p><p> </p><p>About marcus evans</p><p> </p><p><i>marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually, ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.</i></p></div>Marcus Evans to host the Fraud Prevention for Financial Institutions Conference on August 12-13, 2015 in New York, NYhttps://globalriskcommunity.com/profiles/blogs/marcus-evans-to-host-the-fraud-prevention-for-financial2015-05-11T16:46:42.000Z2015-05-11T16:46:42.000ZMonique Filardihttps://globalriskcommunity.com/members/MoniqueFilardi<div><p><i>Fraud Prevention & Financial professionals will join together to share cutting edge strategies and techniques to manage the growing area of fraud risk</i></p><p><i> </i></p><p><b>New York, NY– April 29, 2015</b> <i>–</i> <b>marcus evans</b>, the world’s largest event management group, will host the <b>Fraud Prevention for Financial Institutions Conference</b> on August 12-13, 2015 in New York, NY. This premiere forum will provide a dynamic environment for senior practitioners to: leverage intelligence and analytics to better understand behavioral trends in customers and set personalized controls, weigh the efficacy of current prevention techniques, maintain ongoing communications with regulators and law enforcement as a component of effective continuity plans, and better grasp emerging areas of concern to thwart prospective fraudulent activities.</p><p><b>Featuring case studies from leading financial experts, including likes from:</b></p><p><b> </b></p><p><b>Kenneth Jones,</b> Head of Fraud Risk Management-Americas, UBS Wealth Management</p><p><b>Laurel Sykes,</b> SVP, Chief Risk Officer, CRCM, Montecito Bank & Trust</p><p><b>Amy Wagg,</b> Director, Fraud Strategy & Performance Management, BMO Financial Group</p><p><b>Philip Bartlett,</b> Inspector in Charge, New York Division, U.S. Postal Inspection Service</p><p><b>Clyde Langley,</b> VP- Fraud Prevention & Investigations, Charles Schwab</p><p><b> </b></p><p><b>Attending this peer-driven focused conference will enable you to:</b></p><ul><li><b>Create</b> employee value through the establishment of customer trust as a corporate standard to manifest a security-aware culture</li><li><b>Utilize</b> analytics to set new controls that better protect the financial institution and its customers from fraud</li><li><b>Formalize</b> industry standards for information sharing to promote earlier detection and accelerate investigations</li><li><b>Leverage</b> multi-sourced intelligence to verify customer activity as an early prevention/ detection methodology</li><li><b>Invest</b> in effective detection and prevention technologies now to avoid losses later</li></ul><p> </p><p><b>For more information on this conference, or to get a complete list of speakers, sessions or past attendees, check out the conference website</b> <a href="http://www.marcusevans-conferences-northamerican.com/marcusevans-conferences-event-details.asp?EventID=22113&SectorID=2&utm_source=pressrelease&utm_medium=chc712&utm_campaign=22113_#.VT6ZnNJViko"><b>here</b></a> <b>or email Monique Filardi, Marketing & PR Coordinator at</b> <a href="mailto:moniquef@marcusevansch.com">moniquef@marcusevansch.com</a></p><p><b> </b></p><p><b>About marcus evans</b></p><p><i>marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually; ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.</i></p></div>What to Present to Your Risk Committeehttps://globalriskcommunity.com/profiles/blogs/what-to-present-to-your-risk-committee2015-03-03T23:00:00.000Z2015-03-03T23:00:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p>The RIMS Risk Management Society (LogicManager’s co-author for the RIMS Risk Maturity Model) <a href="https://www.rims.org/Riskknowledge/RiskKnowledgeMain.aspx?keyword=riskcommitteeadv">promotes the adoption of Risk Committees</a> for organizations looking to formalize their enterprise risk management processes.</p><p>With more organizations adopting risk committees or similar governance groups, the question remains: What should risk managers present to their risk committee; or conversely, what should risk committees ask that their managers present to them?</p><p>Forrester Research, <a href="https://www.forrester.com/Measure+GRC+Performance+To+Show+Processes+And+Data+Reliability/fulltext/-/E-RES117863">in their report on measuring GRC and ERM performance</a>, identifies over 30 metrics for organizations use to assess the health of their risk management programs. Here are the 3 examples you should adopt immediately for your enterprise risk management program.</p><p> </p><h3>Level of Engagement in the Risk Management Process</h3><p>Arguably, the level of stakeholder engagement is the best indicator to capture impact your program is having on the company’s risk exposure. Without engagement, both from the front line and from senior management, your program is just another silo.</p><p>Engagement can be measured a number of different ways. You can look at how often reports are provided to leadership, how many employees are trained in the ERM process, or how frequently front line managers are updating their risk and mitigation environments. While the method may vary by organization, the goal should be to reach out to approximately 15-30% of the overall employee base according to your industry.</p><p>Try tracking how many individuals are involved in the risk management process, and measure that number against the 10-20% benchmark. If you’re substantially below, it might be time to increase the scope of your risk assessment process to collect more data.</p><div class="mceTemp"><dl id="attachment_5371" class="wp-caption aligncenter"><dt class="wp-caption-dt"><a href="http://www.logicmanager.com/wp-content/uploads/2015/03/ERM-Risk-Committee-Engagement.png"><img class="wp-image-5371 size-medium" src="http://www.logicmanager.com/wp-content/uploads/2015/03/ERM-Risk-Committee-Engagement-500x317.png" alt="ERM Risk Committee Engagement" width="500" height="317" /></a></dt><dd class="wp-caption-dd"><em><strong>*from LogicManager</strong></em></dd></dl></div><p><em><strong> </strong></em></p><p> </p><h3>Risk Remediation Activates Approved for Implementation</h3><p>Very simply, this metric captures what you are doing to manage the most critical risks you’ve identified. You should know what project has been approved, who is responsible for its execution, and the approximate date the mitigation activity will go into effect.</p><p>If your risk management program isn’t tracking a similar metric or doesn’t have responsibility for executing these activities, keep in mind that nearly all approved governance activities are practices in mitigation. Whether it’s a policy change or procurement of new security software, your risk management program should be able to provide context to which project is of the highest priority, and doing so will provide your program clout from a strategic decision making perspective.</p><div class="mceTemp"><dl id="attachment_5372" class="wp-caption aligncenter"><dt class="wp-caption-dt"><a href="http://www.logicmanager.com/wp-content/uploads/2015/03/Risk-Mitigation-Committee.png"><img class="wp-image-5372 size-medium" src="http://www.logicmanager.com/wp-content/uploads/2015/03/Risk-Mitigation-Committee-500x368.png" alt="From the LogicManager GRC Health Check Report" width="500" height="368" /></a></dt><dd class="wp-caption-dd"><em><strong>*from LogicManager</strong></em></dd></dl></div><h3>Upcoming Risk Management Activities</h3><p>We’ve covered a few indicators that demonstrate what your program has done and is doing, but what about what it will do? What activities are on the radar for your risk management team? Who will you be working with? Risk management is built on 90 days wins, so knowing what’s next is of the utmost important in establishing the viability and sustainability of any risk management program.</p><p>The risk management committee should be able to provide guidance and feedback on what other departments may be struggling with. There are countless examples of how risk management may be able to assist and integrate with the governance silos of your enterprise, the risk committee should help you establish which one is of the greatest priority.</p><p> </p><div class="mceTemp"><dl id="attachment_5373" class="wp-caption aligncenter"><dt class="wp-caption-dt"><a href="http://www.logicmanager.com/wp-content/uploads/2015/03/Risk-Assessment-Schedule.png"><img class="wp-image-5373 size-medium" src="http://www.logicmanager.com/wp-content/uploads/2015/03/Risk-Assessment-Schedule-500x341.png" alt="From the LogicManager GRC Health Check Report" width="500" height="341" /></a></dt><dd class="wp-caption-dd"><em><strong>*from LogicManager</strong></em></dd></dl></div><p><em>LogicManager’s customers are provided a health check that can measure the effectiveness of their program in even the first month of implementation. <a href="http://www.logicmanager.com/ebook-presenting-erm-to-the-board">Download our reporting to the board eBook</a> for more examples or check out our ERM Healthcheck Plugin. You can learn more about our <a href="http://www.logicmanager.com/erm-software/product/" target="_blank">ERM software here</a>.</em></p></div>Analyze the Impact of Volcker on Non-US and Smaller Bankshttps://globalriskcommunity.com/profiles/blogs/analyze-the-impact-of-volcker-on-non-us-and-smaller-banks2015-01-28T19:45:26.000Z2015-01-28T19:45:26.000Zmarcus evans N.A. Conferenceshttps://globalriskcommunity.com/members/marcusevansNAConferences<div><p><i>Interview with William Meehan, Executive Director, Capital Markets Trading Compliance at CIBC</i></p><p>The Volcker rule was published in December 2013 by US regulators and requires banks with over $10B trading assets and liabilities to prove that they are not participating in proprietary trading through the reporting requirements. It is a new regulation which has limited guidance from the regulators, causing confusion among banks. At the current time, the main focus for banks is to better understand the Volcker rule and learn how to efficiently collect and analyze data in order to comply with the regulation before the deadline.</p><p>Mr. Meehan, Executive Director, Capital Markets Trading Compliance at CIBC recently spoke with GFMI about key topics to be discussed at their upcoming <b>Strategic and Operational Challenges within Volcker Rule Compliance Conference, March 9-11, 2015 in New York, NY.</b></p><p></p><p> </p><p><b>What are the key challenges surrounding Volcker implementation at the moment?</b></p><p><b>WM:</b> Building new metrics, identifying ownership of monitoring processes (Compliance, Risk, Business, other), training personnel and finalizing policies and procedures. </p><p> </p><p><b>How does the Volcker rule affect foreign institutions operating in the US? </b></p><p><b>WM:</b> If you’re operating in the US, you will be subject to one or more of the 5 US regulatory agencies that passed the Volcker rule. So you will have to comply just like US banks of similar size as your institution. There is an exemption for trading foreign government obligations but that is not necessarily sufficient for a global bank that trades the debt of its home country (France) but also trades in debt of nearby countries where it has a large presence (England). So another exemption will be needed to continue in the business of proprietarily trading those foreign debt obligations. Of course there is always cross border cultural issues when US regulations go beyond US borders and affects the trading of foreign operations when the company is not a US company.</p><p> </p><p><b>What are the implications for smaller and community banks?</b></p><p><b>WM:</b> Volcker is not a one size fits all regulation as the regulators devised tiered compliance programs based on the size of a banks’ Total Consolidated Assets and Gross Trading Assets and Liabilities.<b> </b> Smaller banks only need to have a Standard Compliance program versus the Enhanced Compliance program for the bigger banks that are over $50 billion in total US consolidated assets. This means smaller banks (under $50 million) don’t need a CEO attestation and other Board and Senior Management escalation and accountability provisions. Also, banks under $10 billion in trading assets and liabilities do not need to build metrics until December 2016. Even then, they only have to produce upon request—providing a great deal of extra time to comply. However, if they will be using exemptions such as Underwriting, Market Making or Risk Mitigating hedging, they will need to build a few metrics to have evidence that they meet the requirements of the exemption come June of 2015. Smaller Technology, Risk Management and Compliance staffs make this challenging but the amount of trading desks that are in scope and the complexities of those trading desks and products should be equally reduced. </p><p>Some really small banks may even qualify for the less restrictive Simplified Compliance Program which involves adding references to the regulation in their existing policies and procedures. Lastly, banks that do not engage in covered activities (proprietary trading and investment in a hedge fund) do not need to establish a compliance program which was a change in response to concerns from community banks to the Proposed Rule which contained more burdensome requirements for such banks.</p><p> </p><p><b>Do you believe that meeting reporting and compliance deadlines is a more difficult task for foreign and smaller institutions?</b></p><p><b> </b><b>WM:</b> I don’t believe whether you are foreign or US is a factor. Some foreign banks have such a large footprint and large staffs that they can handle the reporting and compliance deadlines just as easily as the big US banks. Smaller banks or banks that did not already have in place a robust and scalable footprint of the Volcker requirements will have a bigger implementation challenge in the technology, resourcing and procedures areas. </p><p> </p><p><b>What would you gain from attending this conference?</b></p><p><b> </b><b>WM:</b> A better understanding of how firms are dealing with specific implementation challenges. Where are firms in terms of meeting the deadlines and what deadlines may be delayed. What, if any, parts of Volcker may be up for legislative or regulatory relief prior to the deadlines.</p><p><b> </b></p><p>This <b>GFMI</b> conference provides financial institutions with the opportunity to better understand the Volcker rule and develop strategies in order to build compliance programs and meet compliance deadlines. On site, heads of Volcker Compliance, Dodd-Frank and Trading Compliance from financial institutions will be able to clarify ambiguous elements of the rule, overcome their own operational challenges and manage data after its collection.</p><p> </p><p>For more information, please click here to download the <a href="http://www.123contactform.com/form-1262458/CMU140WMintvw">conference agenda</a> or contact Tyler Kelch, Assistant Marketing Manager, GFMI at 312-894-6310 or <a href="mailto:tylerke@global-fmi.com">tylerke@global-fmi.com</a></p><p><i>Bill Meehan is an Executive Director of Capital Markets Compliance at CIBC World Markets, Corp. and Co-Editor of <b>OTC Derivatives Regulation Under Dodd Frank</b>, a practitioner’s guide covering all aspects of Dodd Frank swap regulations In his current role at CIBC, Mr. Meehan is responsible for Dodd Frank Volcker and Swap Dealer regulations in addition to providing multi-asset coverage of the sales, trading and syndicate desks for Equities, Fixed Income, FX and Commodities. Prior to his current role , Mr. Meehan was the Head of Equities Compliance at MF Global Inc. Prior to that, he worked at Bank of America Merrill Lynch in a senior Equity Derivatives Compliance role. </i></p><p><i>Mr. Meehan is a member of the SIFMA Equity Markets &Trading Committee, the SIFMA Swap Dealer Committee and the Cross Border Working Group. He holds the following FINRA licenses, Series 3,4,7,24 and 87. Mr. Meehan earned his B.A. in Political Science from Saint Peter’s University where he was a Spur Honor Society recipient and received his J.D. from Fordham University Law School. He is a member of the State Bar of New York.</i></p><p><b>About Global Financial Markets Intelligence</b></p><p>GFMI is a specialized provider of content-led conferences for the financial markets. Carefully researched with leading financial market experts, our focused quality events deliver key bottom-line value through targeted presentations, interactive discussions and high-level networking opportunities. </p></div>File an FBAR or Find Yourself Behind Barshttps://globalriskcommunity.com/profiles/blogs/file-an-fbar-or-find-yourself-behind-bars2014-04-28T12:00:48.000Z2014-04-28T12:00:48.000ZJames McCallumhttps://globalriskcommunity.com/members/JamesMcCallum<div><div class="separator" style="clear:both;text-align:center;"><a href="http://1.bp.blogspot.com/-NJs3WoO30VE/UzGXLstEUDI/AAAAAAAAEv0/kOWO1hx87hU/s1600/fbar+screen.png" style="clear:left;float:left;margin-bottom:1em;margin-right:1em;"><img border="0" src="http://1.bp.blogspot.com/-NJs3WoO30VE/UzGXLstEUDI/AAAAAAAAEv0/kOWO1hx87hU/s1600/fbar+screen.png" height="320" width="192" alt="fbar+screen.png" /></a></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">A few years ago the IRS offered a tax amnesty program for US citizens who failed to declare assets held in foreign bank accounts. This came on the heels of a highly publicized legal action against UBS. The IRS forced the Swiss based bank to turn over the account information of US citizens. The IRS was clamping down on tax evaders, exploiting the protection of Switzerland's bank secrecy laws to hide income and assets. The IRS was looking to determine if FBARs had been filed by the banks American clients.</span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">Individuals and corporations with assets greater then $10,000 held in foreign bank accounts must file a Foreign Bank Account Report (FBAR) with the IRS or face potential legal action.</span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">UBS counted 52,000 US citizens as private banking clients. It would be safe to assume that most of those accounts had balances greater then the $10,000 declaration threshold. </span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">Any US investor participating in a foreign based fund partnership or investment vehicle must also file an FBAR. High Net Worth (HNW) investors and their tax advisers should conduct due diligence on private bankers and asset managers to confirm that FBARs and appropriate declarations and forms have been filed by investment partnerships and their administrators. HNW tax advisers should contact the chief compliance officer at the fund to request an attestation letter stating that the fund is in full compliance with foreign bank reporting requirements.</span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">Bernie Madoff and Sir Allen Stanford may look good in orange prison jumpsuits but that doesn't mean it will look good on you. Don't become a slave to fashion. Get compliant. Check with your tax adviser to make sure FBARs are filed.</span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">Get compliant and file an FBAR with Sum2's AML SAR Filing BSA Reporting App. The app is used by financial institutions, compliance professionals and industry service providers to comply with Anti-Money Laundering (AML) best practice provisions and regulations. Protect your clients and your business from money laundering risk with this critical compliance application.</span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">Since 2002, Sum2's AML compliance products have helped investment managers, broker dealers, MSB's, banks and credit unions comply with the AML provisions of The Patriot Act, BSA Reporting and OECD best practices. </span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;">Get AML aware. Download AML SAR Filing / BSA Reporting App on Google Play</span>.</div><div style="text-align:justify;"></div><div><div><table cellspacing="0" class="tr-caption-container" style="margin-left:auto;margin-right:auto;"><tbody><tr><td style="text-align:center;"><a href="https://play.google.com/store/apps/details?id=com.rtken23.Sum2LLC.pacosar" style="clear:left;margin-bottom:1em;margin-left:auto;margin-right:auto;"><img alt="https://play.google.com/store/apps/details?id=com.rtken23.Sum2LLC.pacosar" border="0" src="http://3.bp.blogspot.com/-oCAoKr1I4wc/UzGcNIWr9fI/AAAAAAAAEwE/Cuc3k10zEPU/s1600/aml+sar+app+cover+100.png" /></a></td></tr><tr><td class="tr-caption" style="text-align:center;"><a href="https://play.google.com/store/apps/details?id=com.rtken23.Sum2LLC.pacosar">Get AML Aware</a></td></tr></tbody></table><div><span style="font-family:Arial, Helvetica, sans-serif;text-align:justify;">Risk: AML, FBAR, legal, compliance, tax, reputation, criminal prosecution, IRS, OECD, Patriot Act, MSB, private banking, hedge funds, CPA, UBS, Credit Unions, SAR filing, BSA Reporting</span></div><div><br /><div style="text-align:justify;"><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div><span style="font-family:Arial, Helvetica, sans-serif;"><br /></span></div></div></div></div></div>RMORSA Part 5: Risk Reporting & Communicationhttps://globalriskcommunity.com/profiles/blogs/rmorsa-part-5-risk-reporting-communication2013-10-11T18:00:46.000Z2013-10-11T18:00:46.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><a href="{{#staticFileLink}}8028228084,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8028228084,original{{/staticFileLink}}" width="300" class="align-right" alt="8028228084?profile=original" /></a>Having <a href="http://www.riskmanagementmonitor.com/rmorsa-part-2-risk-identification-and-prioritization/">standardized risk assessments</a> and well documented <a href="http://www.riskmanagementmonitor.com/rmorsa-part-4-risk-monitoring-control-action-plans/">mitigation and monitoring activities</a> will equip your organization with a lot of risk intelligence. The question becomes, how do you report all of this information to your board and communicate it to your commissioner in a way that demonstrates the value of your ERM program? First, risk managers must be able to demonstrate how risks across the organization roll-up to impact the Board’s strategic objectives; and second, ERM functions must track key metrics to validate the effectiveness of a formalized risk management approach.</p><p><b>Reporting on Critical Risks</b></p><p>Due to the limitations of spreadsheets, risk managers often have to choose between presenting actionable data that is too granular for the board, or presenting a high level summary, such as a top 10 risk report, which lacks the context of how risk within business process activities relate to the objectives that senior leadership and the board require. However, a common <a href="http://logicmanager.com/erm-software/product/risk-taxonomy/">risk taxonomy</a> allows organizations to gather risk intelligence at the business process level, and aggregate it to a high level for senior leadership.</p><p>For the top risks across the organization, often risk managers must provide the more detailed underlying data, such as which business areas are involved, what their individual risk profile of the risk is, what the mitigation strategy is, and how the risk is being monitored.</p><p>The most commonly used method to determine top key risks is to rank risks based on the score from their assessment, this aggregate will depict which risks pose the most immediate danger to the enterprise, and should be reported on regularly. The second method uses your common language, root cause library to identify systemic risks. These are risks that have been identified by multiple departments, and may be more easily addressed with corporate wide policies or procedures rather than point solutions. And now that you have a complete and transparent mitigation library, you can publish out effective controls from one department to another, reducing overlapping activities in your organization and leveraging the practices in departments that are the most effective in managing risk.</p><p><b>The State of ERM</b></p><p>When demonstrating the value of your ERM program, take a step back to evaluate just how many risks have been identified, and how well risks are being evaluated and mitigated. The common standards established by an ERM program will significantly enhance your risk identification process by allowing you to prioritize efforts to the most important risks that have the least assurance of control effectiveness. You might find that over the past several quarters, the gap between the number of risks identified and those that have been addressed has grown. This isn’t a concern, but rather a sign that your organization has a clear path forward and is beginning to understand its entire risk universe.</p><p>You can also track your progress with the ERM guidelines outlined in the <a href="http://www.rims.org/ERM/Pages/RiskMaturityModel.aspx">RIMS Risk Maturity Model</a><i>. </i>Providing your executives, board or commissioner with a bi-annual report on the maturity of your ERM program will show which areas you've improved upon and what areas need focus going forward. The Model provides a repeatable process that enables internal audit to validate its quality and effectiveness. This same Model also has the benefit of enabling you to benchmark your program against others in your industry, providing a transparent, third party evaluation of where your organization stands.</p></div>Risk Dashboardshttps://globalriskcommunity.com/profiles/blogs/risk-dashboards2013-03-25T04:13:55.000Z2013-03-25T04:13:55.000ZMartin Davieshttps://globalriskcommunity.com/members/MartinDavies92<div><div style="font:13.33px/12px 'Trebuchet MS', Trebuchet, Verdana, sans-serif;text-align:justify;color:#000000;text-transform:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:normal;background-color:#FFFFFF;"><span style="line-height:24px;font-size:13px;">A recent debate between risk analysts on how to report risk, resulted in several suggestions but the discussion was reduced to comparing one chart type with another. </span> <span style="line-height:24px;font-size:13px;">Reporting risk really needs to be more holistic and it should take in a wider perspective of alternate measures of uncertainty found in a firm.</span></div><div style="font:13.33px/12px 'Trebuchet MS', Trebuchet, Verdana, sans-serif;text-align:justify;color:#000000;text-transform:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:normal;background-color:#FFFFFF;"> </div><div style="font:13.33px/12px 'Trebuchet MS', Trebuchet, Verdana, sans-serif;text-align:justify;color:#000000;text-transform:none;text-indent:0px;letter-spacing:normal;word-spacing:0px;white-space:normal;background-color:#FFFFFF;"><span style="line-height:24px;font-size:13px;">Risk Dashboards achieve this end and we'll take a look at a couple of them in this blog [ <span style="color:#0000ff;"><a href="http://causalcapital.blogspot.sg/2013/03/risk-dashboards.html" target="_blank"><span style="color:#0000ff;">CLICK LINK</span></a></span></span> <span style="line-height:24px;font-size:13px;">] ...</span></div></div>Risk Leadership - Should a Board have a Risk Committee?https://globalriskcommunity.com/profiles/blogs/risk-leadership-should-a-board-have-a-risk-committee2012-09-13T01:23:51.000Z2012-09-13T01:23:51.000ZBryan Whitefieldhttps://globalriskcommunity.com/members/BryanWhitefield<div><p></p><p><b>In November 2009 I contemplated </b><a href="http://www.rmpartners.com.au/risk-management-blog/entry/should-audit-and-risk-committees-be-separate.html" target="_blank"><b>"Should Board Audit and Risk Committees be Separate?"</b></a><b> </b> <b>and today I question "Should a Board have a risk committee at all?"</b></p><p></p><p>In 2009 I concluded:</p><ul><li><b>Management's responsibility</b> is to identify, manage and report on risk with a predefined risk appetite which has been established in consultation with the oversight body, most commonly a Board of Directors or an Advisory Board.</li></ul><ul><li><b>The Board</b> has an <b><i>"assurer role"</i></b> to provide stakeholders with assurance that management has done their job on risk.</li></ul><ul><li><b>The Board</b> has a <b><i>"mentoring role"</i></b> to provide oversight of the risk management process.</li></ul><ul><li>Therefore <b><i>there should be separate Audit and Risk committees</i></b> fulfilling different roles, in particular for larger organisations with much larger amounts of information to process.</li></ul><p> </p><p>Since 2009 a few things have caught my attention that have caused me to consider whether the Board should have a risk committee at all. An example is APRA's requirement for Boards "... to understand the risks of the institution, including its legal and prudential obligations, and to ensure that the institution is managed in an appropriate way taking into account these risks."<br clear="none" /><br clear="none" />Although APRA's requirement only applies to organisations they regulate, I believe it is applicable to all boards. How then can a Board delegate risk to a sub-committee of the Board? Surely it is necessary for each and every director to understand the risk profile of the organisation.</p><p> </p><p>My advice to Boards is:</p><p></p><ul><li>Have a <b>Board Assurance Committee</b> which, through audits and other means, is responsible for ensuring the risk management framework put in place by management is appropriate and working, just as it does with all the other key processes of the business.</li></ul><p> </p><ul><li><b>The Board collectively should be in discussion with management</b> to ensure the Board and Management understand the implications of strategic, business unit and major project risk profiles presented to the Board and whether or not risk levels are within the risk appetite set by the Board and Management.</li></ul><p> </p><p><a href="http://www.rmpartners.com.au/">www.rmpartners.com.au</a></p><p> </p></div>Risk charting and bubble chartshttps://globalriskcommunity.com/profiles/blogs/risk-charting-and-bubble-charts2012-08-18T04:30:00.000Z2012-08-18T04:30:00.000ZMartin Davieshttps://globalriskcommunity.com/members/MartinDavies92<div><p><span style="font-family:arial, helvetica, sans-serif;" class="font-size-2">Perhaps ten years ago, reporting risk profiles or organisational threats was a challenging thing to do for many risk analysts on the job and while the majority of risk reports were fundamentally ordinary, it became apparent quite quickly that a simple list of hazards was never going to cut it.</span><br /> <br /> <span style="font-family:arial, helvetica, sans-serif;" class="font-size-2">In this blog we look at an emerging era of risk reporting.</span></p><p><span style="font-family:arial, helvetica, sans-serif;" class="font-size-2"><span style="color:#0000ff;"><a href="http://causalcapital.blogspot.sg/2012/08/risk-charting-and-bubble-charts.html" target="_blank"><span style="color:#0000ff;">Click here to continue reading</span></a></span><br /></span></p></div>SOX Compliance with ERM: Managing the Risk of Misstatementshttps://globalriskcommunity.com/profiles/blogs/sarbanes-oxley-sox-with-erm-turning-lemons-into-lemonade2012-06-12T12:00:00.000Z2012-06-12T12:00:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p>First, what is <a href="http://www.logicmanager.com/grc-software/sox-financial-compliance/">Sarbanes-Oxley (SOX) 404 compliance</a>? It is the legal requirement for public companies that senior management state that their company's financial reporting is accurate. Sounds simple? The expense and the value are all in the execution. How is that done? Simply put, the flow of information from the financial reports themselves is traced and connected to the activities that generate that information and the resources that are depended upon to generate that information. That sounds like, and can be, a very difficult and time consuming process, but that is where Enterprise Risk Management steps in to manage the complexity.</p><p><strong>How <a href="http://www.logicmanager.com/erm-software/product/" title="ERM Software">ERM Software</a> benefits SOX</strong></p><p>An ERM approach to <a href="http://www.logicmanager.com/grc-software/sox-financial-compliance/">SOX 404 compliance</a> will dramatically reduce control maintenance and compliance testing activities as well as reduce your external audit fees. What in specific you ask?</p><ol><li><strong>Setting priorities</strong> - Most organizations find it difficult to determine objectively and systematically across business silos what makes an operational control "key" or prioritize test activities based on materiality of the risk of the control they are evaluating. <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-assessment-templates/" title="Risk assessments">Risk assessments</a> identify which risks, and which controls over those risks within each business process are scored the highest.</li><li><strong>Joining IT SOX and SOX compliance at the activity level</strong> - Any automated financial control depends on an underlying IT system to run and be accurate. Most organizations evaluate <a href="http://www.logicmanager.com/grc-software/it-security-risk-management/">IT SOX compliance</a> by one group and the <a href="http://www.logicmanager.com/grc-software/sox-financial-compliance/">internal controls over financial reporting</a> in another without a direct connection between the two. Connecting the specifics of all the touch points in IT and vendor management to a control dramatically reduces the scope of work for what needs to be tested. For example, if an IT resource to a material control has not changed within the past year, there is no need for retesting. But most organizations not being able to connect IT to key controls end up testing for SOX compliance too many applications because their IT group cannot determine what specific controls depend on what parts of their IT infrastructure. The result is not only wasted resources internally, but wasted expense paying external auditors large fees do check and recheck this redundancy!</li><li><strong><strong>Assurance</strong><span> -</span></strong> Having everything in one place and connected through a <a href="http://www.logicmanager.com/erm-software/product/risk-taxonomy/" title="risk taxonomy">risk taxonomy</a> makes automated fact checking easy. Combined with the setting of priorities in point #1 above ensures you that your organization's most material issues are covered by appropriate controls and testing is up-to-date so that management has full transparency and confidence in making their attestations. </li><li><strong>Saving money</strong> - Removing the unnecessary redundancy and overlap between IT SOX and SOX business controls reduces <a href="http://www.logicmanager.com/erm-software/product/monitor/" title="testing activities">SOX compliance testing</a> and sign-off of testing activities. Finally it reduces the external audit fees companies are paying to review all of this unnecessary redundancy and overlap. Look up your company's audit fees disclosed in your organization's 10k to see what a 15-20% reduction of that number is worth to your company each year. Multiply that number by 2 times to get a sense of the time your organization is putting in preparing for that audit and supporting that audit. </li></ol><p><strong>How SOX compliance with ERM benefits the enterprise</strong></p><p>CFOs need greater transparency into operational activities, not just financial reporting accuracy. In the process of achieving SOX compliance, a lot of valuable information is collected that should be used to help other functional areas and bring value to the rest of the organization far beyond just SOX.</p><p>By using your ERM software to streamline SOX compliance, like <a href="http://www.logicmanager.com/erm-software/2012/06/28/erm-and-six-degrees-of-separation/">the six degrees of separation theory</a>, all the relationships between the activities and the effects of the outcome of these activities can be used for other purposes like business continuity, IT access rights auditing, user defined application management, PCI compliance, and so much more. Not only does this result in a reduction of all these other activities by 40-60% due to the reuse of information, but short term cost savings are just the beginning as all this information becomes connected to board strategy and performance management goal achievement at virtually no additional cost or time commitment. The result is better business decisions and better performance management.</p><p><strong><a href="http://www.logicmanager.com/erm-software/knowledge-center/risk-governance-success-story/" title="Watch this video to learn from others">Watch this 5 min video for a case study</a></strong> on how others add value to their existing SOX programs and reduce the time to get their work done.</p></div>Risk Leadership - Creating Risk Championshttps://globalriskcommunity.com/profiles/blogs/risk-leadership-creating-risk-champions2012-05-23T04:56:57.000Z2012-05-23T04:56:57.000ZBryan Whitefieldhttps://globalriskcommunity.com/members/BryanWhitefield<div><p> <br />One approach for embedding a risk management culture across your enterprise is to develop a team of risk champions within your business. What should you expect of them and how should you equip them?</p><p> </p><p>The answers to these questions are not straight forward. When you are dealing with cultural change the strategies that work best will depend on a myriad of elements that have occurred or will be occurring in your organisation. Here are some practical questions to ask yourself that will help you to decide how to develop your team of risk champions:</p><p><b>Quality</b> - <b><i>How skilled and resourceful in risk management do you want your champions to be?</i></b> Do you expect them to conduct top quality risk assessments in their sphere of influence or do you want them to be aware of when a top quality risk assessment is needed and where to find the assistance to get one done? Do you want them to be well versed in articulating risks in their risk reporting to management or do you simply want them to be aware of the requirements for risk reporting? How skilled are they now and how skilled do you want them to be in 3 months, 6 months, 12 months and 2 years from now?</p><p><b>Quantity</b> - <b><i>How far do you want your champions to roam?</i></b> Is the frontline culture of your organisation strong on managing risk associated with day-to-day tasks or is there an urgent need to change the culture of frontline staff? If the frontline is not the problem, perhaps it is middle management and their lack of application of risk-based decision making that you want to tackle. Cultural change at the frontline will require potentially many more champions than if your challenge is with middle management.</p><p><b>Performance</b> - <b><i>Are you planning an informal relationship or is the need so great you need to include specific elements of accountability?</i></b> How does this fit with the culture of your organisation? Do you have the skills and resources available to you to "win over" your champions through an informal relationship that will result in a strong performance by them?</p><p><b>Leadership</b> - <b><i>How are you going to lead your team of champions?</i></b> Will you form a key operational group that has strong input into the risk reporting process of the business or will you leave them to operate within their businesses and only bring them together periodically for communication and consultation on developments in the risk management space?</p><p> </p><p><a href="http://www.rmpartners.com.au/">www.rmpartners.com.au</a></p><p> </p></div>5 Steps for Better Risk Assessmentshttps://globalriskcommunity.com/profiles/blogs/5-steps-for-better-risk-assessments2011-10-21T07:00:00.000Z2011-10-21T07:00:00.000ZSteven Minskyhttps://globalriskcommunity.com/members/StevenMinsky<div><p><span style="color:#333333;">Risk managers are charged with ensuring transparency, alignment, and forward looking views throughout the organization. The way this is achieved is through risk assessments. </span></p><p><span style="color:#333333;">Successful enterprise risk assessments can be a powerful tool for board and management level strategic decision making by connecting business activities to goals and identifying the risks that threaten to derail these strategic objectives. An unsuccessful risk assessment is little more than a form over substance activity that lacks context and actionable results. </span></p><p><span style="color:#333333;"><b>So, how do you implement a successful enterprise risk assessment</b>? </span></p><p><span style="color:#333333;">The key is being able to compare information across functions and levels while keeping one comprehensive risk picture.</span></p><ol><li><span style="color:#333333;"><b>Standardize your <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-assessment-templates/" target="_blank">Risk Assessments Templates</a></b> - Activities like vendor management, business continuity, compliance, IT, financial reporting, operations, internal audit, and others are all informal risk assessments. When these assessments are carried out on the same standards and assumptions, defined in a taxonomy, they can be compared and utilized cross-functionally.</span></li><li><span style="color:#333333;"><b>Common Root Cause <a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-identification/" target="_blank">Risk Identification</a> Approach</b> - Risk managers should provide a common root cause risk library to process owners so that when multiple areas chose the same risk, systemic risks as well as upstream and downstream dependencies can easily be identified and mitigated. This method also identifies areas that would benefit from centralized controls so the extra work of maintaining separate activity level controls is eliminated.</span></li><li><span style="color:#333333;"><b><a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/performance-management-with-erm/" target="_blank">Performance Management</a>: Alignment of Activities, Goals and Risks</b> - Risk managers need to tie root cause risks to strategic goals and trace these same risks through the process areas that they affect in order to determine which activities will roll-up to impact organizational objectives. Once these connections are made clear, risk managers are able to prioritize the effectiveness of controls, so that resources and focus are allocated to the issues that will yield the greatest benefit to the organization.</span></li><li><span style="color:#333333;"><b><a href="http://www.logicmanager.com/erm-software/product/dashboard-reports/" target="_blank">ERM Reporting</a>: Group Information for Multiple Stakeholders</b> - Because assessments are conducted on the same standards and assumptions and risks are identified at a root cause level from a common library, process owners can do one risk assessment, and the information can be sliced, diced, and aggregated to serve multiple purposes. It will provide a functional insight for the process owner, tie into governance areas like vendor management, and serve a strategic purpose by rolling-up into board level objectives.</span></li><li><span style="color:#333333;"><b><a href="http://www.logicmanager.com/erm-software/knowledge-center/best-practice-articles/risk-appetite-risk-tolerance-residual-risk/" target="_blank">Risk Appetite</a>: Timing and Trends</b> - Risk assessments must be conducted on a regular basis and when approaching business changes, new initiatives, or high risk issues. Being able to view the trends over time gives the organization's static risk profile context and a reference point so that necessary actions can be taken when you start seeing small changes in your risk profile before things get out of tolerance.</span></li></ol><p><br /> <font color="#333333"><span>To see these best practices in action to uncover changes in risk to prioritize controls, tests and business metrics, </span><a href="http://www.logicmanager.com/streamline-governance-activities-erm-video">watch this 5 minute video.</a></font></p></div>Venue Assigned for the ERM in the Banking Industry Conference!https://globalriskcommunity.com/profiles/blogs/venue-assigned-for-the-erm-in2011-06-23T20:20:35.000Z2011-06-23T20:20:35.000ZMichele Westergaardhttps://globalriskcommunity.com/members/MicheleWestergaard<div><p>Join over 16 industry leading experts at the Hilton Times Square in New York City, NY from July 14-15, 2011. Venue information here: <a href="http://www1.hilton.com/en_US/hi/hotel/NYCTSHF-Hilton-Times-Square-New-York/index.do">http://www1.hilton.com/en_US/hi/hotel/NYCTSHF-Hilton-Times-Square-New-York/index.do</a><br /><br />This practical, hands-on event will enable delegates to benchmark their ERM strategies against their peers, and is a “must-attend” conference for banks to stay ahead of the game by developing a comprehensive ERM program.<br /><br />Hear from:<br />FDIC<br />KeyBank<br />PNC Financial Services Group<br />Bank of Montreal<br />HSBC Bank<br />TD Bank Financial Group<br />SunTrust Bank<br />State Street Corporation<br />Union Bank<br />Fifth Third Bank<br />The Hunington National Bank<br />US Treasury Department<br />BOK Financial<br />Hyde Park Savings Bank</p><p>For more information or to <b>RECEIVE A DISCOUNTED RATE BY REGISTERING BY June 28, 2011</b> return this email to <a href="mailto:Michelew@marcusevansch.com">Michelew@marcusevansch.com</a>.</p><p><br />Register Online at: <a href="http://www.marcusevans.com/marcusevans-conferences-event-bookingoption.asp?eventID=17898">http://www.marcusevans.com/marcusevans-conferences-event-bookingoption.asp?eventID=17898</a>§orID=2&enquiry=brochure</p></div>Risk Leadership: Risk Reporting - The Need to Knowhttps://globalriskcommunity.com/profiles/blogs/risk-leadership-risk-reporting2011-06-07T11:38:27.000Z2011-06-07T11:38:27.000ZBryan Whitefieldhttps://globalriskcommunity.com/members/BryanWhitefield<div><p><b>Risk Leadership: Risk Reporting</b> <b>- The Need to Know</b><br /> <b><br /></b> A question often asked is how broadly or how deeply do we need to design risk reporting in our risk management frameworks. Of course there is no easy answer. Let me give you a short anecdote before I give you my usual few dot points on the topic. <br /> <br /> I was at a UNSW Australian School of Business "Meet the CEO" forum featuring David Thodey, CEO of Telstra late last year. David was asked what his greatest issue was in managing such a large organisation and he answered with words to the effect: <i>Ensuring that I hear the issues I need to know about from the extremities of the organisation through all the other issues that are being raised with me</i>. He went on to say: "You have to create a culture where it's okay to tell the truth, good and bad. Unless you create that culture of greater transparency, you can't fix issues". I wanted to yell out from the crowd of 400+ that risk management and, in particular, risk reporting should be in his mix to create that culture. <br /> <br /> It is a fundamentally important question in risk management to ask how best to ensure a culture where the people with "the need to know" are "in the know". <b><br /> <br /> Here are my tips: <br /> <br /></b> * Business Planning - If you don't do anything else, ensure that managers that report regularly against budgets or business plans also report on risk to their budgets or plans using risk terminology. <br /> <br /> * ERM or Operational Risk Committees - A fantastic way for emerging risks to surface in an organisation is via operational risk committees. OHS Risk Committees worked for safety issues, so why not ERM or Operational Risk Committees for organisational risk reporting? So, either broaden the responsibilities of the Safety Risk Committee or form an ERM or Operational Risk Committee and have them report on risks identified, progress on risk treatments and any newly identified risks. <br /> <br /> * Risk and Opportunity Hotline - I have not seen this explicitly anywhere, however, the concept has forerunners in "whistleblower" and "idea" hotlines. Put simply, advertise to staff there is a hotline for general staff to inform us of their thoughts, without prejudice, on the emerging risks and opportunities of the organisation. Move it from "whistleblower", which is more akin to staff alerting you to shut the barn door just after the horse has bolted, to a respected avenue for staff to alert us about "risky behaviour". Move it from "ideas" to identification of opportunities that fit within our advertised risk appetite.</p><p><strong>Bryan Whitefield</strong> <br /> <strong>Director, Risk Management Partners</strong> <br /> <a href="mailto:bwhitefield@rmpartners.com.au"><strong>bwhitefield@rmpartners.com.au</strong></a></p><p><a href="http://www.rmpartners.com.au/" target="_blank" title="Risk Management Partners"><strong>www.rmpartners.com.au</strong></a></p></div>Interview with Michael Fadil, SVP, Corporate Risk Management at SunTrust Bankhttps://globalriskcommunity.com/profiles/blogs/interview-with-michael-fadil2011-05-06T15:33:57.000Z2011-05-06T15:33:57.000ZMichele Westergaardhttps://globalriskcommunity.com/members/MicheleWestergaard<div>In the wake of the financial crisis, banks are thinking more strategically than ever before about how to maximize value from their risk management programs. Risk Management has emerged as the clear choice for banks that want to gain a more advanced risk view and utilize the benefits of ERM to improve business performance in both the short and long term.Michael Fadil, SVP, Corporate Risk Management at SunTrust Bank is a speaker at the upcoming Enterprise Risk Management in the Banking Industry Conference taking place on July 14-15, 2011 in New York City, NY.Michael joined SunTrust in May 2006 and is currently work on special projects for the Chief Risk Officer after working for 4 ½ years as the Head of Risk Analytics, overseeing Wholesale Transaction Modeling, Economic Capital and Portfolio Modeling, Allowance for Loan and Lease Losses, Commercial Portfolio Loss Forecasting, Corporate-Wide Stress Testing, and Model Validation. Michael took the time to answer a few questions in relation to the upcoming conference. All responses represent the view of the Mr. Fadil and not necessarily those of SunTrust Bank.What, in your opinion, are the key points of a bank ‘living will’?Michael Fadil: The NPR outlines basically six areas that each plan needs to address: the strategic analysis of the components, the governance structure for resolution planning, the organizational structure, MIS, the interconnections and interdependencies within the company, and supervisory / regulatory information. One theme that does weave through all aspects of the plan is the issue of interconnectedness. This comes in many forms, interconnection of businesses, legal entities, systems, people, processes and internal financing arrangements. Additionally, adding to the complexity is that most of the interconnectedness of each of the above is intertwined with the other dimensions. Having an ability to understand and clearly articulate this multi-dimensional interconnectedness will be important to adequately deal with each of the six major sections.On a different note, given the complexity of the above challenges, being able to update the plans when required, but no less than annually, also requires balancing the amount, organization, and presentation of the living will plans with a plan that is sustainable must be well understood.What role will living wills play in sound risk governance and risk management?MF: A bank’s Recovery and Resolution plan is a way to articulate and document that a financial institution understands the intricacies of the interconnected nature of businesses in the organization. In theory, most institutions should have 80 – 95% of the information being requested. The reality is that even though most do, it is spread across dozens of key individuals across the institution and not well organized.Recently, during the great recession, the inability of many institutions to easily understand the interconnectedness of businesses probably exacerbated the negative impact on the institutions themselves and on the entire global financial system. The process of organizing this information centrally and clearly articulating how all of the pieces are interconnected will help ensure that an institution understands the complexnature of various aspects of the business and thereby advance risk management and governance at most financial institutions. A key question that remains outstanding, however, is what standard of documentation will be considered appropriate and will that level be so high where the costs outweigh the benefits that a financial institution will receive.How tough a hurdle is it that living wills must receive approval by both the FDIC and the Federal Reserve Board?MF: The approval hurdle from the FDIC and Federal Reserve Board remains to be seen. The NPR does articulate “minimum content” requirements but beyond that it only states that the plans must be “credible.” One of the issues that many banks and industry groups have brought up is that the standards for submission of a successful plan are vague and overly broad and need to be made more objective.How effective, overall, will living wills be – can even the best, most timely plans anticipate the next crisis?MF: One needs to separate the Recovery Plan component of living wills from the Resolution Plan component. Few, if any, would assert that the Resolution Plan will help anticipate the next crisis. Some, however, will make that assertion regarding the Recovery Plan.I would argue that in and of itself, the Recovery Plan will not and should not necessarily be effective with regard to anticipating the next crises; rather, it will ensure that financial institutions are anticipating how they would think about the organization as a crisis begins to become evident. I would describe the Recovery Plan as a well articulated understanding of each business, the value of the business in various scenarios, and how the business is interconnected to any legal entity or other business, with regard to financial arrangements, people, systems, and processes across the institution, especially in those instances where people, systems and processes are shared. This type of detailed understanding should create a well-understood escalation process that articulates the way in which an institution will manage during the height of a future crisis.This in conjunction with other practices that have gain renewed emphasis in the past 3 years (for example stress testing, capital planning, and contingent liquidity planning) should help individual banks and the financial industry in aggregate negotiate the next crisis better; however, it probably will not help specifically better anticipate the next crisis.The marcus evans Enterprise Risk Management in the Banking Industry Conference will take place on July 14-15, 2011 in New York City, NY. To learn more, please visit: <a href="http://www.marcusevansch.com/ERMBankInterview">http://www.marcusevansch.com/ERMBankInterview</a>For further information, please contact:Michele WestergaardTelephone: 312 540 3000 ext 6625Fax: 312 552 2155Email: michelew@marcusevansch.com</div>