Dodge the Bullet: Joining Forces between Risk and Finance to Address Strategic Business Risks
1. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
PETER DEANS
CHIEF RISK OFFICER
DODGE THE BULLET:
ADDRESSSING STRATEGIC BUSINESS RISKS
CFO SUMMIT 2019 PRESENTATION
GOLD COAST, QLD 29 MARCH 2019
2. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
COMPLEX OPERATING ENVIRONMENT A LOT OF RISKS TO MANAGE
22
REGULATORY
o Multiple Regulators
o Basel III & IV
o AML/CTF
o Data Security/Privacy
o Ethics and Culture
o Macro Prudential
MACRO ENVIRONMENT
o Economic Uncertainty
o Market Volatility
o China / Emerging Markets
o Asset Bubbles
o Monetary Policy
CLIENTS & PRODUCTS
o Complex Product Suites
o Conduct Risk
o Responsible Lending
TECHNOLOGY & DATA
ANALYTICS
o Fin Tech / Data Analytics
o Cybercrime
o Outsourcing / New Technologies
o Cloud Strategies
o Robotics
Many, Many Challenges
3. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 24461633
COMBINING AND ANALYSING ALL ASPECTS OF STRATEGIC RISK
o important to have functional areas / committees that
have accountability for identification and
management of all risks
o important to regularly discuss the external
environment
o from operational, business and strategic initiatives
and other changes
o risk management needs to be continually refined as new
material risks emerge and new risk measurement tools &
techniques become available
4. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 2446164
FOCUS NEEDED FOR SUCCESS IN MANAGEMENT OF EMERGING RISKS
Organisation Design
Incorporating Changing
Organisational Risk
Profile
Rapid Change in Risk
Categories
External Environment
o important to have functional areas and forums
that have clear accountability for identification
of changing, new & emerging risks
o from operational changes and business /
strategic initiatives
o risk profile can change rapidly in less well
understood and newer risk classes such as risk
culture, outsourcing risk and technology risks
o important to be aware of and regularly discuss the
external environment
5. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
CHALLENGES & OBJECTIVES
5
OBJECTIVES
Focus Board and Management on
key strategic business risks
Develop plans to address both
threats and opportunities identified
Improve business reliance through
the proactive assessment of all
risks
CHALLENGES
Identification of strategic and
systemic risks
Understanding the
interconnectivity of risks
Separating operational risks
from strategic business risks
6. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
Dynamic Risk
Assessment
BOQ completed an assessment process
known as Dynamic Risk Assessment
(DRA) to identify and assess strategic
risks.
The process included workshop
facilitation and questionnaire completion
with the ‘top 100’ senior leadership team.
The DRA process identified and
assessed 16 strategic risks, including
recognition of the interconnectivity (risk
clusters).
The findings and actions in place to
manage the risk clusters were reported to
the Executive Committee and Board Risk
Committee.
Strategic Risk
Review
A review of the strategic risks was
completed in conjunction with external
research to recognise if any other risks
were relevant to the Group.
A number of additional risks were
reviewed and considered , the updated
list was then discussed with the Executive
Committee.
Executive Committee workshop held to
review the identified strategic risks and
consider their prioritisation and ongoing
review/monitoring.
Outcomes of the workshop inform future
scenario planning and identify the key
risks for ongoing monitoring.
Executive
Review
(ongoing)
Ongoing Executive review of the strategic
risks is planned to occurs every twelve
months
The review includes consideration of the
existing risks as well as identification of
new risks.
Outcomes of the reviews is used to inform
scenario planning and Executive/ Board
reporting and monitoring.
66
BOQ’S RESPONSE
7. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
KEY EMERGING & STRATEGIC RISKS
77
Dynamic Risk Assessment – Key Risks and Risk Clusters Strategic Risk Review – Key Risks and Risk Clusters
Sovereign
risk Liquidity &
funding
(for BOQ)
Liquidity
/ Funding
Cluster
Talent
Capacity
to invest
Talent /
Investment
Cluster
Cyber risk /
Cyber
security
Data safety
IT systems (inc.
disaster recovery &
resilience
Cyber
Security /
Data Risk
Cluster
Culture &
conduct
Increased
regulatory
expectation
Conduct /
Reputation
Cluster
Climate change
Social / political
landscape
Technological
disruption
Energy price
shock
Illustrative
8. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 24461688
RISK CULTURE – NO SILVER BULLET
FOCUS AREA APPROACH / TOOLS
Risk Appetite
• Institutionalise risk appetite framework
• Strategy fully aligned
Management Awareness
& Accountabilities
• Reward and recognition aligned
• Clear risk and compliance accountabilities
• BEAR (and consequential changes)
Process - Customer Management,
Product & Distribution
• Organisational design
• Strong management reporting
Risk & Compliance Oversight
• 3 Lines of Defence
• Independent resourcing & reporting
Communication
• Strong ‘tone from the top’
• Risk culture conversations
9. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 24461699
BOQ’S INTEGRATED APPROACH TO ETHICS & RISK CULTURE
Communicati
on Strategy
Risk Culture
Survey
Ethics
Committee
Face to Face
Ethics
Training
Vision,
Values &
Strategic
Priorities
Banking &
Finance
Oath
10. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
Establish Risk Appetite
Institutionalize Risk Appetite
Monitoring and Reviewing Risk Exposures
Reviewing / Resetting Risk Appetite
o Periodically (at least annually) review and - if necessary - reset Risk Appetite
o Changes in the external business environment and economic conditions necessitate regularly reviewing Risk Appetite
o Organizational changes, such as M&A driven changes or underperformance in one or more businesses or portfolios, may
warrant a review
1010
BOQ APPROACH TO RISK APPETITE
o Assess strategic objectives, economic environment and risk implications
o Agree strategy is within Risk Appetite
o Determine Risk Metrics (quantitative boundaries)
o Determine qualitative risk characteristics & boundaries (ie what we want to do / what we don't want to do)
o Based on the Board-approved Risk Appetite Statement, Business Units prepare individual Risk Appetite Statements
o BU Risk Appetite Statements should also be quantitative and qualitative
o Risk Management frameworks need to support the approved BU Risk Appetite Statements
o Formal limits are established based on the approved BU Risk Appetite Statements
o Reporting of risk exposures against desired Risk Profile and Risk Metrics on a regular basis
o Confirming adherence to qualitative statements on a regular basis
o Avoiding / mitigating unwanted risks
o Monitoring emerging risks and opportunities
11. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
DISCLAIMER
The views expressed in this presentation are the views of the presenters and do not necessarily reflect the
views and opinions of any other person, including Bank of Queensland Limited.
Peter Deans
Chief Risk Officer
BOQ | L6 100 Skyring Terrace Newstead QLD 4006 |
t:
e:
Twitter:
Linkedin:
07 3212 3914 m: 0402 222 193
peter.deans@boq.com.au
@deans_risk
peter-deans/22/642/783
12. Bank of Queensland Limited ABN 32 009 656 740 AFSL and Australian Credit Licence 244616
Thank You