Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada...

37
Canad Canada Deposit Insurance Corporation Société d’assurance- dépôt du Canada CDIC Canad Canada Deposit Insurance Corporation Société d’assurance- dépôt du Canada CDIC Protecting Your Protecting Your Deposits Deposits CDIC’s Experience in Implementing ERM J.P. Sabourin President and Chief Executive Officer CDIC April 2004 April 2004

Transcript of Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada...

Page 1: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Protecting Your DepositsProtecting Your Deposits

CDIC’s Experience in Implementing ERM

J.P. Sabourin

President and Chief Executive Officer

CDICApril 2004April 2004

Page 2: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Presentation Outline

CDIC’s ERM definition

CDIC’s rationale / objectives for implementing ERM

CDIC’s ERM implementation approach Initial steps Work currently being undertaken Future steps

ERM benefits / value derived to date

CDIC’s “Lessons Learned” in implementing ERM

Page 3: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC CDIC ERM Definition

ERM

The comprehensive, systematic and disciplined process by which CDIC identifies, assesses, manages, monitors and reports on, at any point in time, the significant risks inherent in its objects, strategies, plans and affairs

Page 4: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Rationale

CDIC is subject to Treasury Board of Canada ERM Guidelines

Risk Management is one of four components of the CDIC Standards “in control” framework

Page 5: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC “In Control” Concept

The demonstration that CDIC’s affairs are:Subject to effective governanceBeing managed in accordance with ongoing, appropriate and effective strategic and risk management processesBeing conducted in an appropriate control environment

and

Significant weaknesses (related thereto) are being identified and appropriate and timely action is being taken to address them

Page 6: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Objectives

Demonstrate that:CDIC has identified / understands / is managing its significant risksRisk decisions are:

Explicitly integrated into CDIC’s strategic and day-to-day decision making

Subject to good corporate governanceBeing supported by an appropriate control

environment

Page 7: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Objectives (cont’d)

Facilitate:

Validation of CDIC’s strategies / plans / initiatives

Prioritization of CDIC’s strategies / plans / initiatives

Effective resource allocation

Page 8: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Initial ERM Implementation Steps

Built an ERM foundation

Conducted a corporate-level risk assessment

Profiled corporate risk management culture

Page 9: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Foundation

Created CRO position to develop CDIC’s ERM approach / coordinate ERM implementation

Developed ERM implementation plan

Formed an executive management-level ERM Committee to validate ERM approach and results

Formalized Board ERM policy

Page 10: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Policy

Formalizes ERM role of the CDIC Board / Management

Forms one of 19 principles under the CDIC Board Governance Policy

Developed to reflect:CDIC’s statutory requirementsCDIC StandardsOther ERM “best practices”

Page 11: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Board ERM Responsibilities

Understand CDIC’s significant risks

Establish RM policies related thereto

Regularly review RM policies (evergreen)

Obtain reasonable assurance re:CDIC’s ERM processAdherence with RM policies

Page 12: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Management ERM Responsibilities

Identify risks

Assess their significance

Develop RM policies for the Board

Regularly review RM policies (evergreen)

Manage risks within RM policies

Report to the Board re:Significant risks / management of significant risksERM process

Page 13: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Corporate-Level Risk Assessment

ERM Committee:

Updated catalogue of inherent corporate risks / risk categories / definitions / risk examples / corporate risk management practices

Assessed residual risk exposures (likelihood of occurrence of each risk taking into consideration risk management practices and its potential impact should it occur)

Page 14: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Risk Assessment (cont’d)

ERM Committee:Assessed each risk risk exposure as “reasonable”, “cautionary” or “concern” (including supporting rationale)Identified “owners” for each riskWhere applicable, identified initiatives to enhance the management of each riskValidated that risk management initiatives are in line with Corporate Plan

Page 15: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Corporate Risk Categories

Insurance Risk: CDIC’s risk of loss (or costs incurred in the event of an intervention) associated with insuring depositsFinancial Risk: The risk associated with managing CDIC’s assets and liabilities, both on- and off-balance sheetOperational Risk: The risk of loss, to which CDIC is exposed that is attributable to the possibility of disruptions in its operations caused by human performance, the inadequacy or failure of processes or technology, and external eventsReputational Risk: The risk of impairment of the credibility of, and confidence in, CDIC

Page 16: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Insurance Risk

Insurance Power Risk: The risk that CDIC does not have the necessary powers to support the management of its insurance risk in accordance with CDIC’s statutory objectsUnderwriting Risk: The risk that CDIC accepts a new member institution with an unacceptable level of insurance riskAssessment Risk: The risk that CDIC does not systematically or promptly identify, member institutions that pose a potentially high level of insurance riskIntervention Risk: The risk that CDIC does not respond appropriately to members that pose an unacceptable level of insurance risk

Page 17: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Financial Risk

Liquidity Risk: The risk that funds will not be available to CDIC to honour its cash obligations (both on- and off- balance sheet) as they ariseMarket Risk: The risk of loss attributable to adverse changes in the values of financial instruments and other investments or assets owned directly or indirectly by CDIC, whether on- or off- balance sheet, as a result of changes in market rates or pricesCredit Risk: The risk of loss attributable to counterparties failing to honour their obligations, whether on- or off- balance sheet, to CDIC

Page 18: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Operational Risk

People Risk: The risk resulting from inadequacies in the competencies, capacity or performance of CDIC personnelInformation Risk: The risk that timely, accurate and relevant information is not available to facilitate informed decision making and/or the exercise of effective oversightTechnology Risk: The risk that CDIC’s technology does not appropriately support the achievement of its objectives, strategies, plans and affairs (including the management of the risks related thereto)

Page 19: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Operational Risk (cont’d)

Process Risk: The risk resulting from the incorrect execution of, a breakdown in, or a gap in, a process, policy, procedure or controlCompliance Risk: The risk that CDIC fails to comply with statutory requirements and relevant guidelines governing its affairs as a Crown corporation, and its internal policiesLegal Risk: The risk that legal matters adversely impact CDIC’s ability to achieve its objects, strategies and plansOutsourcing Risk: The risk associated with CDIC engaging third parties to perform services on its behalf

Page 20: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Operational Risk (cont’d)

Business Continuity Risk: The risk that a disruption impacting CDIC’s personnel, information, premises, technology or operations will impede its ability to achieve its objects, conduct its affairs, or implement its strategies and plansSecurity Risk: The risk that CDIC fails to ensure the safety of its people, the security of its assets, and the security and confidentiality of its information

Page 21: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Reputational Risk

External Communication Risk: The risk of not communicating necessary information, or communicating in an inappropriate manner, or that communication is misinterpreted by the intended audienceExternal Relationships Risk: The risk that dealings with external parties are not adequate to promote the interests of CDIC, or are conducted in an appropriate manner

Page 22: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Significance Criteria

Likelihood = probability of occurrence using a five-point qualitative scale

Impact = potential impact (using a five-point qualitative scale) of an occurrence on CDIC’s:

Achievement of its mandateFinancial positionReputation

Page 23: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Corporate Risk Significance Map

Impact / Likelihood Vote Results

F

G

O

LK N

C D

A IB HQ

R

P

J

E

M

1

2

3

4

5

1 2 3 4 5

Likelihood

Imp

act

Severe

Negligible

Remote Certain

Page 24: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Risk Management Culture

Management profiled CDIC’s corporate-level risk management culture

4 areas X 5 questions per area = 20 questions

M a na g e m e n t's U nd e rs ta nd in g o f itsR e sp on s ib ilitie s , A cco u n tab ilit ies

a n d A u th o rit ies

C D IC 's E nv iro n m e n t S u p po rtingth e M an a ge m e nt o fits C o rp ora te R isks

M a n ag e m en t's C a p ab ility /C a p ac ity to M a n ag e its

C o rp o ra te R isks

M a n a ge m e nt's R iskM o n ito ring a nd

Im p le m e nta tion o f C h a ng es

C D IC 's C o rp o ra te R iskM a na g em e nt C u ltu re

P ro file

Page 25: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Management Understanding

1. We understand CDIC’s objects and strategies2. CDIC has plans in place to achieve its objects and

strategies3. We know the major risks and challenges related to

achieving CDIC’s objects and strategies4. We understand our responsibilities, accountabilities

and authorities5. Realistic targets and indicators are in place to assess

CDIC’s performance in achieving its objects and strategies

Page 26: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Supporting Environment

6. CDIC’s management style and behaviour supports the open flow of information about the management of CDIC’s affairs and any significant risk issues

7. Risk identification, assessment and management are built into the management of CDIC’s affairs

8. CDIC’s Code of Conduct and Ethical Behaviour is practised throughout the organization

9. CDIC’s communication supports the management of its risks and the achievement of its objects and strategies

10. Performance assessments are aligned with the prudent, appropriate and effective management of CDIC’s risks

Page 27: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Capability / Capacity

11. CDIC has sufficient personnel with the right knowledge and skills to achieve its objects and strategies

12. CDIC is appropriately structured to effectively and efficiently achieve its objects and strategies

13. CDIC has sufficient financial, technological and other resources to achieve its objects and strategies

14. Appropriate people make decisions about significant risks impacting CDIC’s affairs in a timely manner

15. CDIC has sufficient, relevant and timely information available to achieve its objects and strategies

Page 28: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Implementing Change

16. CDIC’s environment is monitored regularly to see if we need to adjust our Corporate Risk Framework, strategies and plans

17. CDIC monitors its performance against its targets and indicators

18. Resource and information needs are reassessed as CDIC’s objects, strategies or plans change, or as risk issues are identified

19. Risk management practices are periodically assessed as to their continued appropriateness and effectiveness

20. Follow up procedures are in place to ensure that needed changes or actions occur

Page 29: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Risk Assessment Methodology

CDIC Management team individually interviewed to identify:

Inherent corporate risks Risk management practices

ERM Committee collectively: Confirmed corporate risk catalogue Assessed each risk Assessed corporate risk management culture

Results reported to CDIC Audit Committee

Process validated by Internal Audit

Page 30: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Current ERM Implementation Steps

Developing ERM Board reporting package

For each “Insurance Risk”:Further documenting risk management practicesDeveloping Board policies / risk tolerances

Further integrating ERM and strategic planningValidating CDIC’s catalogue of corporate risks

against its environmental scanning results

Page 31: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Future ERM Implementation Steps

Document risk management practices / develop Board policies for remaining risksConduct risk (and risk management culture) assessments for remaining risks and for each business functionValidate initial corporate risk (and risk management culture) assessmentsInitiate regular ERM Board reportingFully coordinate ERM and strategic management

so that risk decisions are explicitly integrated into strategic and day-to-day decision making

Page 32: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Benefits to Date

Clarified Management’s collective understanding of risks and the risk management practicesEvidenced that CDIC is aware of, and is managing its significant corporate risksConfirmed:

CDIC’s Corporate Plan is focused on the right initiatives

Resources are allocated to areas of greatest concernA strong corporate risk management culture

Page 33: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC ERM Lessons Learned

Implementing ERM is like filming a long / complex movie

Hire a director (CRO)Have a clear story (ERM implementation plan)Engage studio executives (Board Governance / ERM

Policy)Engage actors (ERM Committee / Management)Film one scene at a time (Corporate-level risk

assessment)Keep camera focused (ERM implementation plan)

Page 34: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC More ERM Lessons Learned

Risks are like an onionThey have many layers

Each risk has many sub-risks - which in turn have many sub-risks

Cutting through too quickly can cause tears Don’t try to do everything at once - peel layer-by-layer It is easier to peel the outer layers before you peel the

inner layers - CDIC started with a corporate-level risk assessment and is now conducting risk assessments at a more detailed level

Page 35: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Closing Remarks

ERM is not a “one time” project but a continuous process that needs to be:

Ingrained into your strategic and daily decision-making

Subject to effective corporate governanceSupported by an appropriate control environment

It is complex - so keep it simple

Page 36: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC

Questions?

Page 37: Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt du Canada CDIC Canada Canada Deposit Insurance Corporation Société d’assurance-dépôt.

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC

CanadaCanada DepositInsurance Corporation

Société d’assurance-dépôt du Canada

CDIC Protecting Your DepositsProtecting Your Deposits

CDIC’s Experience in Implementing ERM

J.P. Sabourin

President and Chief Executive Officer

CDICApril 2004April 2004