ENTERPRISE RISK MANAGEMENT

Risk Awareness 2014

Bank Sahabat Sampoerna – Risk Management
Basic Risk Management
FOR Bank Sahabat Sampoerna

 INTRODUCTION
 OBJECTIVE
 TO GIVE PARTICIPANTS AN OVERVIEW OF RISK

 TO DISCUSS THE PROCESS OF RISK MANAGEMENT IN A

CORPORATION

 TO EXPOSE PARTICIPANTS WITH CORPORATE GOVERNANCE AND

ITS RELATION WITH RISK MANAGEMENT

2
BREAKING THE RISK !

HAVE YOU
LEARNED TO
RIDE A
BYCYCLE?

3
BREAKING THE RISK !

HAVE YOU EVER BEEN

FIXING A ROOF?

4
BREAKING THE RISK !

HAVE YOU EVER BEEN

FALLING IN LOVE?

5
BREAKING THE RISK !

LEARNING TO RIDE A BYCYCLE? – FALLING DOWN,

SCRATCHED, AND HIT BY A CAR

FIXING A ROOF? – FALLING DOWN, INJURED, AND

DIED

FALLING IN LOVE? – BREAK UP, BROKEN HEART,

DIVORCE, AND BECOME ENEMY

6
SESSION 1:
RISK AND CAPITAL ALLOCATION
 BASEL II

Pillar 1 Pillar 2 Pillar 3

Minimum Capital Supervisory Review of Market Discipline

Requirement Internal Control (Structure, (Increased Risk
(Calculation of Risk Processes,& Methods) Disclosure)
Measures)

Managed by Bank Managed by Bank Managed by Market

and Supervisor

Safe & Sound Financial System

1. RISK AND CAPITAL ALLOCATION

TOPICS TO BE DISCUSSED

RISK AND CAPITAL ALLOCATION

 The Relationship Between Risk and Capital
 The Important of Capital
 The Minimum Capital Requirement

9
1. RISK AND CAPITAL ALLOCATION

THE RELATIONSHIP BETWEEN RISK AND

CAPITAL – CONT’D
 RISK is an abstract terminology that
relate to un-certainty

 RISK means a probability of bad outcome

RISK Example:
• Non-Performing Loan
• Fund received from money laundering and for
terrorism financing
• Investment in illiquid marketable securities or the
value is decreasing

10
1. RISK AND CAPITAL ALLOCATION

THE RELATIONSHIP BETWEEN RISK AND

CAPITAL – CONT’D
CAPITAL is a financial resources that
allocated by a bank to cover any possibility of
risk loss in running their business and to
CAPITAL support its business growth (moreover, this is
recognize as Economic Capital)

Example:
 A bank whose doing a business in a higher risk product
and services would have a higher risk profile to be
covered by a higher capital

 A bank with a high lending growth target also need more

capital

11
1. RISK AND CAPITAL ALLOCATION

THE RELATIONSHIP BETWEEN RISK AND

CAPITAL Income Statement
Balance Sheet Interest Income

Trading Interest Expense

MR Book
Net Interest
-/-
Income (NII)
Third
Net-non Interest
Banking Parties Income
CR Book OTHER
Liabilities -/-
RISKS Gross Income

Net- Other operating

Income (expense)
Other
Assets Capital Net- Other
Income (expense)
-/-
Net Income
OR Retained Earning

12
1. RISK AND CAPITAL ALLOCATION

THE RELATIONSHIP BETWEEN RISK AND

CAPITAL – CONT’D
RUN ON BANK AND SYSTEMIC RISK
“Run on Bank” occurs when a bank cannot cover its liabilities, i.e. it
does not hold enough cash to pay the depositors who wish to
withdraw their funds. Bank need more capital in this kind of
circumstances
CREATING
BANK RUMORS OF
DECLARED OTHER BANKS OTHER
BANKRUPT “RUN ON BANKS SYSTEMIC
(BECAUSE OF BANK” DECLARED
THEIR RISK) BANKRUPT RISK !!!

13
1. RISK AND CAPITAL ALLOCATION

THE IMPORTANT OF CAPITAL

THE USE OF CAPITAL:

 Capital is the most important resources to maintain bank
solvability
 Capital is the main resources to absorb bank loss
 Capital is a shareholders bank value/asset

Considering its risks, a bank not free to set its capital

14
1. RISK AND CAPITAL ALLOCATION

THE IMPORTANT OF CAPITAL – CONT’D

CAPITAL STRUCTURE:
Is the way of a bank carries out resources for doing business that
usually come from the combination of equity, long term debt
and bond issuance.
 Tier 1 Capital (core capital primarily from common stock and
discloses reserved/retained earning)
 Tier 2 Capital (supplementary capital)
 Tier 3 Capital – (supplementary capital that only covers market risk)

15
1. RISK AND CAPITAL ALLOCATION

THE MINIMUM CAPITAL REQUIREMENT

BASIC CONCEPT OF MINIMUM CAPITAL REQUIREMENT (according to
BASEL ACCORD):

CAPITAL
------------ ≥ 8%
ATMR (Asset x Risk Weight) + MR +OR

ATMR = AKTIVA TERTIMBANG MENURUT RISIKO

16
THE END OF THIS SECTION

17
Session 2:
BANKING RISK AND REGULATION
2. BANKING RISK AND REGULATION

TOPICS TO BE DISCUSSED

BANKING RISK AND REGULATIONS

 Basel Accord on Risk Management
 Local Regulations on Risk Management
 Regulation on KYC
 Regulation on LPS
 Regulation on Bank Secrecy

19
2. BANKING RISK AND REGULATION

BASEL ACCORD ON RISK MANAGEMENT

WHAT IS BASEL ACCORD?
Refers to the international guidelines issued by the Basel Committee on Banking
Supervision (BCBS) with respect to banking supervision among other including risk
management, internal control, corporate governance and etc. The Basel Committee is
named after the city of Basel, Switzerland.
BANK FOR
INTERNATIONAL SETTLEMENT
(BIS)

BCBS OTHER COMMITTEES

BASEL I ACCORD BASEL II ACCORD

1988 MARKET RISK AMENDMENT 2008
1996

20
2. BANKING RISK AND REGULATION

BASEL ACCORD ON RISK MANAGEMENT – Cont’d

FUNDAMENTAL DIFFERENCES BETWEEN BASEL I AND BASEL II
ACCORD:
BASEL I ACCORD BASEL II ACCORD
Focuses on a single measure Focuses on internal
methodologies
Has a simple approach to risk Has a higher level of risk
sensitivity sensitivity
Uses ‘one size fits all’ approach Is flexible to fit the needs of
to risk and capital different banks

REGULATORY CAPITAL ECONOMIC CAPITAL

21
2. BANKING RISK AND REGULATION

BASEL ACCORD ON RISK MANAGEMENT – Cont’d

COMPARISON BASEL I AND BASEL II ACCORD:
‘GIVEN’ CONCEPT ‘SELF ASSESMENT’ CONCEPT
1988 2004 2006
MINIMUM/REGULATORY MINIMUM CAPITAL
CAPITAL REQUIREMENT PILAR 1
REQUIREMENT
Credit Risk Credit Risk
Market Risk (1996) Market Risk
(market risk amendment 1996) Operational Risk

PILAR 2 SUPERVISORY
REVIEW
Residual Risk

DISCLOSURE
PILAR 3

22
2. BANKING RISK AND REGULATION

LOCAL REGULATION ON RISK MANAGEMENT

PRIMARY OBJECTIVE AND STRATEGIC TASKS OF BI:
Bank Indonesia (BI) acts as central bank to the banking system. It is a state
entity that is independent of government control. BI’s objective is to
maintain the stability of the IDR value, and in meeting this objective it is
responsible for:

 Formulating and implementing monetary policy

 Maintaining and safeguarding a smooth national payment

system

 Regulating and supervising banks.

23
2. BANKING RISK AND REGULATION

LOCAL REGULATION ON RISK MANAGEMENT –

Cont’d
THE COMMON ACTIVITIES OF MANAGING RISK WOULD
INVOLVED: Identification of risk
hold by the banks
assets, position or
future commitments
Control of risk of the
banks through IDENTIFY
mitigation plan &
implementation
(including control the
ALM of the bank)

CONTROL/ MEASURE
MITIGATE

Measurement of risk
Monitor of bank risk identified across
profile from one products, portfolios and
period to the other MONITOR activities and calculate
and compare the bank those risks into the
risk exposure to its capital requirement of
limit set and to the the bank
realization

24
2. BANKING RISK AND REGULATION

LOCAL REGULATION ON RISK MANAGEMENT –

Cont’d

BANK INDONESIA REQUIRED COMMERCIAL BANK TO HAVE RISK MANAGEMENT

FUNCTIONS AS FOLLOWS:
Independent
BOARD OF RISK OVERSIGHT Committee
COMMISIONER COMMITTEE

Usually Consists of members

BOARD OF EXECUTIVE RISK of BoD and Head of
DIRECTOR & COMMITTEE respective risk area
EXECUTIVE

Consists of staff that

BUSINESS UNITS RISK MANAGEMENT UNIT control risks of any
business unit of the
bank

Membership Line
Management Line
Reporting Line

25
2. BANKING RISK AND REGULATION

REGULATION ON KNOW YOUR CUSTOMER

(“KYC”)
KYC – A bank has to implement KYC Principles referring to
international standard (Financial Action Task Force/FATF on
Money Laundering*). According to PBI no.14/27/PBI/2012 a
bank has to perform Anti Money Laundering (AML) and
Combating Terrorist Financing (CTF) implementation

 A bank has to perform Customer Due Diligence (CDD) to identified,

verified and monitor their customer (identity, beneficial owner, source of
fund, average income, and objective of the transaction)

*) Criminal and their associates use the financial system to make payment and transfers of
funds from one account to another, to hide the source and beneficial ownership of money and
to provide storage for bank notes through a safe deposit facility. (Basel Committee).

26
2. BANKING RISK AND REGULATION

REGULATION ON LPS (LEMBAGA PENJAMIN

SIMPANAN)
LPS*) – An Institution that have a function:
 To insure depositor’s fund.
 To actively participate in promoting stability for the
country’s financial system in accordance with its
authorized mandate.
As of 13th October 2008, the maximum amount of deposit insured per
depositor within a single bank is Rp 2 billions.

*) Law Number 10 of 1998 on banking mandated that the LPS (or IDIC/Indonesian Deposits
Insurance Corporation as it is known in its English abbreviation) should be established to
protect depositor’s funds. Eventually, on 22 September 2004, the President of Republic of
Indonesia enacted the Republic of Indonesia Law Number 24 concerning IDIC. With regards
to the law, IDIC is established as an independent institution that functions to insure
depositor’s funds and actively participates in maintaining stability in the banking system in
accordance with its authorized mandate.

27
2. BANKING RISK AND REGULATION

REGULATION ON BANK SECRECY

BANK SECRECY – Customer’ information is protected and there
are restrictions for its use.
Based on Law No. 7 and Regulation of Bank Indonesia No. 2/19/PBI/2000
dated September 7, 2000 on Requirements and Procedures for Giving an
Instruction or Written Permit to Open a Bank Secret, bank secrecy shall be
everything connected with information on depositor and their accounts.
Furthermore, banks shall keep the secrecy of information on depositors and
their deposits, except for certain cases*).

*) taxation fraud, court proceeding on criminal case, civil cases between bank and their
customer in the court, a request of legitimate heirs of saving customers who have died and Etc.

28
2. BANKING RISK AND REGULATION

REGULATION ON BANK SECRECY – Cont’d

Sanctions (civil, administrative, or criminal) for violations.
 According Law No. 7: (1992) Whoever intentionally forces banks and their affiliates to provide
information as meant in Article 40 (bank secrecy), without having written request or permit from
executives of Bank Indonesia, shall be liable to imprisonment of 2 (two) years at maximum as
well as a fine of IDR 10.000.000.000 (ten billion Rupiah) at minimum and IDR 200.000.000.000
(two hundred billion Rupiah) at maximum

 Members of the Board of Commissioners, Directors and the employees of banks or other
affiliates intentionally providing information which must be kept in secrecy shall be liable to
imprisonment of 2 (two) years at minimum and 4 (four) years at maximum as well as a fine of IDR
4.000.000.000 (four billion Rupiah) at minimum and IDR 8.000.000.000 (eight billion Rupiah) at
maximum

 The Law No. 7 (1992) also states that members of the Board of Commissioners, Directors, or
employees of the banks who intentionally refuse to provide information which must be made
available shall be liable to imprisonment of 2 (two) years at minimum and 7 (seven) years at
maximum as well as a fine of IDR 4.000.000.000 (four billion Rupiah) at minimum and IDR
5.000.000.000 (five billion Rupiah) at maximum

29
THE END OF THIS SECTION

30
SESSION 3:
TYPE OF RISK IN INDONESIAN BANKS
3. TYPE OF RISKS IN INDONESIA BANKS

TOPICS TO BE DISCUSSED

TYPE OF RISKS IN INDONESIAN BANKS (to be addressed

based on BI regulation)
 Credit Risk
 Market Risk
 Operational Risk
 Liquidity Risk
 Legal Risk
 Reputational Risk
 Strategic Risk
 Compliance Risk

32
 3. TYPE OF RISKS IN INDONESIA BANKS

TYPE OF RISKS IN INDONESIA BANKS

Risk Management is a wide issue in a bank and it involves many type of risks,
the major type of those risks are Credit, Market and Operational:

Balance Sheet Income Statement LEGAL

RISK
Interest Income
MARKET Trading
Interest Expense
RISK Book
-/- STRATEGIC
Net Interest Income (NII)
RISK
OPERATIONAL RISK

Third
Net-non Interest Income
CREDIT Banking Parties
RISK Book Liabilities -/-
Gross Income
REPUTATION
Net- Other operating RISK
Income (expense)
Other Net- Other
Capital Income (expense)
Assets -/- COMPLIANCE
Net Income RISK
LIQUIDITY RISK

33
3. TYPE OF RISKS IN INDONESIA BANKS

CREDIT RISK

Type of Credit Risk:

The risk associated with the possibility that a

SOVEREIGN government of a country fails to pay their debt
obligation either interest or principal

The default risk in the borrowing repayment or debt

CORPORATE obligations issued by companies

A counterparty risk that involve a consumer / retail as a

CONSUMER debtor

34
3. TYPE OF RISKS IN INDONESIA BANKS

CREDIT RISK– Cont’d

Credit Risk in Consumer/Retail Banking Product:

Mortgage Loan Characteristic:
(KPR/KPA) • Collateralized
Secured Products • Longer Term
Car/Motorcycle • Low/Medium yield (Interest
Loan (KPM) Rate)
Other Consumer
Loan
Unsecured Characteristic:
Loan (KTA) • Not Collateralized
Unsecured Products • Shorter Term/recurrent
Credit Cards • High Yield (Interest Rate)

35
3. TYPE OF RISKS IN INDONESIA BANKS

CREDIT RISK– Cont’d

Consumer Credit Risk Mitigation:

 Effective Credit Scoring (Grading
Mortgage Loan
(KPR/KPA)
Model)
Car/Motorcycle  Portfolio Management
Loan (KPM)
 Securitization
Unsecured
Loan (KTA)
 Cash Flow Monitoring /Analysis
Credit Cards
 Collateral (if any)
Other Consumer  Recovery Management (Collection
Loan
Policy)

36
3. TYPE OF RISKS IN INDONESIA BANKS

CREDIT RISK– Cont’d

Portfolio Management in Brief:

BEHAVIOR ANALYSIS CREDIT CONCENTRATION

 Geographical  Geographical
 Occupation  Industry
 Age  Collateral
 Sex  Group Related
 Income Level  Product Type
 Education  Etc
 Etc
37
Credit Risk : Credit Analyst

To conduct proper credit analysis, in line with internal & external policy &
procedure, give recommendation and propose to the person who has Credit
Approval Authority (CAA).

Credit Analyst :
Responsible to review the loan proposal (such as the pro-forma financial statement
calculation, credit risk and its mitigation), conduct Bank Statement calculation and trade
checking, analyze Financial aspect and other quantitative aspects of proposal, calculate
and evaluate the working capital needs of loan proposal, give note the covenant required
in the proposal loan and give recommendation of loan proposal and submit the proposal
to approval authority holder (approval or rejection) for :
 Working capital applications
 Investment applications
Credit Risk : Credit Analyst

Credit Analyst for Indirect Financing :

Responsible to review the loan proposal (such as credit risk and its mitigation), conduct
Bank Statement calculation and trade checking, analyze Financial aspect and other
quantitative aspects of proposal, calculate and evaluate the limit needs of loan proposal,
give note the covenant required in the proposal loan and give recommendation of loan
proposal and submit the proposal to approval authority holder (approval or rejection)
for :
 Indirect financing : e.g. Asset Buy / Joint Financing with Multi Finance,
Cooperative, BPR.
Credit Risk : Collection & Recovery

Responsible to ensure all arrears and non performing loans are properly managed and
can be collected, such as :
 Contact and/or visit the debtors in arrears and non performing loan condition
 Propose to CAA whether the loans will be restructured, registered to auction house
or to the court through counselor/lawyer (legal action)
 Manage the write off, repossessed, foreclosed, and settlement accounts
 To minimize the potential lost from delinquent accounts
 To maintain delinquent account to fall in to the bigger bucket
3. TYPE OF RISKS IN INDONESIA BANKS

MARKET RISK
Category of Market Risk:

The risk of an adverse movement in market prices

GENERAL that are applied across a range of instruments

The risk of an adverse movement in the price of an

SPECIFIC individual security due to factors that only apply to
that security or issuer

41
3. TYPE OF RISKS IN INDONESIA BANKS

MARKET RISK – Cont’d

TYPE OF MARKET RISK

INTEREST The potential loss due to an adverse change

RATE in interest rates.

FOREIGN The potential loss due to an adverse change

EXCHANGE in foreign exchange rates

The potential loss due to an adverse change

EQUITY
in the price of stock and shares

The potential loss from an adverse change

COMMODITY
in commodity prices

42
3. TYPE OF RISKS IN INDONESIA BANKS

MARKET RISK – Cont’d

Interest Rate Risk in The Banking Book

A risk that associated with the interest rate that occur as a natural
consequences of banks underlying businesses (funding-lending)
Balance Sheet
Trading
Book
Lending
(Long Term)
- less elastic to Third Funding
interest rate Banking Parties (Short Term)
movement Book Liabilities - very elastic to
interest rate
movement)

Other Capital
Assets

43
3. TYPE OF RISKS IN INDONESIA BANKS

MARKET RISK – Cont’d

Treasury Activities in Brief

 Treasury Management

 Interest-rate Management

 Asset - Liability Management

 Hedging Advice and Treasury Solutions Derivatives

 Market Risk Analysis

44
3. TYPE OF RISKS IN INDONESIA BANKS

MARKET RISK – Cont’d

General Products & Services Related to Market Risk

INTEREST Loans, Bonds, Interest rate Swap, Interest rate related
RATE derivative products

FOREIGN Forex related products, Forex related derivative

EXCHANGE products

EQUITY Equity, Equity based Derivatives

COMMODITY Commodity, Commodity based derivatives

45
3. TYPE OF RISKS IN INDONESIA BANKS

OPERATIONAL RISK
Operational Risk Events
Operational risk addressed by its frequency and impact.

High frequency/High impact – A bank is incurring with this type of

HI - HI event most likely be bankrupt. For Capital allocation purposes,
this risk event type is not considered

High frequency/Low impact – These events are managed to

HI - LO improve business efficiency and tend to be readily understood
and are viewed as the cost of doing business
Low frequency/High impact – These events’ nature is the least
LO - HI understood and the most difficult to predict and have the
potential to do severe damage
Low frequency/Low impact – Banks will ignore these type of
LO - LO events because they would cost more to manage and monitor
than the losses they incur

46
3. TYPE OF RISKS IN INDONESIA BANKS

OPERATIONAL RISK –Cont’d

Operational Risk Loss
RISK LOSS DEFINITION DATA & ANALYSIS
 The loss incurred as a bank
EXPECTED carries out its normal Assumptions
business
LOSS  It can be simply defined as
the cost of doing business Statistical Methods (Mean)

 The loss that occurs  Available internal data

significantly above the  External data from other
level accepted as expected banks
UN-EXPECTED loss  Data from operational risk
LOSS  It results from the scenarios
unexpected or extreme
events that a bank assumes Statistical Methods
could occur (Standard Deviation)

47
3. TYPE OF RISKS IN INDONESIA BANKS

OPERATIONAL RISK – Cont’d

Operational Risk Type

INTERNAL PROCESS RISK SYSTEM RISK

 The risk associated with the failure  The risk associated with the use of
of a bank’s processes or procedures technology and systems

HUMAN/PEOPLE RISK EXTERNAL RISK

 The risk associated with an  The risk associated with events
employee of a bank occurring that are beyond the
direct control of the bank

48
3. TYPE OF RISKS IN INDONESIA BANKS

OPERATIONAL RISK –Cont’d

Examples of Operational Risk

INTERNAL PROCESS RISK SYSTEM RISK
 Lack of Control (weak internal audit)  Data corruption
 Misselling  Programming error
 KYC checking  Service Interruption
 Transaction error  System suitability; etc.

EXTERNAL RISK
HUMAN/PEOPLE RISK
 Internal Fraud  External fraud and Theft
 Labor dispute  Fire
 Healthy and safety issues  Natural Disasters
 Poor staff training; etc.  Terrorism
 Riots and Civil Protest; etc.

49
3. TYPE OF RISKS IN INDONESIA BANKS

OPERATIONAL RISK –Cont’d

Reporting of Operational Risk Incidents

Risk Management Unit would not be able to do Operational Risk Management
without data supporting from all business units within the bank. All Bank
Personnel have the obligation to report any loss events or near miss events in
Their area to Operational Risk Management Unit.

Some examples of common operational risk incidents:

 Duplication
 Failed transaction (due to various reason)
 Administrative error
 Overcharging
 Theft,
 Card/ATM frauds
 Occupational health & safety accidents
 Damage to building or equipment
 Etc.

50
3. TYPE OF RISKS IN INDONESIA BANKS

LIQUIDITY RISK
A risk that caused by the inability of a bank to settle liabilities on their due
date.

The important of liquidity Risk:

When a bank cannot cover its liabilities (does not hold enough cash to pay the
depositors who wish to draw their funds especially if there is a “run on bank”
or “rush” then) then they started to a have a liquidity problem that may bring
them to the closure. This even may resulted an economic shocks through
Systemic Risk.

51
3. TYPE OF RISKS IN INDONESIA BANKS

LIQUIDITY RISK – Cont’d

Type of Liquid Assets

 Cash

 Government Bonds

 Corporate Bonds

 Negotiable Certificate Deposits

 Etc.

52
3. TYPE OF RISKS IN INDONESIA BANKS

LEGAL RISK
A risk that arising from legal weaknesses, resulting from legal actions,
absence of supporting provisions in law and regulations, or weakness of
legally binding provisions, such as the failure to comply with legal
requirements for contracts and loopholes in the binding collateral.
The following are some of the legal risk examples:
 Wrong or negligence in the drafting and preparing legal documents for
the bank’s business activities
 Not ensuring a bank act as a proper legal operating entity accordance to
the prevailing rules and regulations
 Dispute with its customer/supplier on the interpretation of their
agreement

53
3. TYPE OF RISKS IN INDONESIA BANKS

REPUTATIONAL RISK
A risk that occur because of negative publicity concerning the operations of
a bank or negative perceptions of a bank

The following are some of the bank reputational risk examples:

 Complaints from bank customer in the newspaper/magazine
 Short of liquidity and it becomes publicly known
 Board of Directors reputation

54
3. TYPE OF RISKS IN INDONESIA BANKS

STRATEGIC RISK
A risk that occur by poor setting and implementation of bank strategy, poor
business decision making, or a lack of responsiveness to external changes.

The following are some of the bank strategic risk examples:

 Performance are far below the target set out in the business plan
 External changes are not measured properly by the management and
have significant impact to the performance of the bank
 Board of Directors executed new business but then it did not work well

55
3. TYPE OF RISKS IN INDONESIA BANKS

COMPLIANCE RISK
A risk that arising from the failure of a bank to comply with or implement
laws, regulations and other applicable legal provisions.
Some of the compliance activities:
 Monitor bank operations and activities to comply with the Bank
Indonesia regulations
 Prepare compliance report to Bank Indonesia, Board of Directors and
Board of Commissioners
 Liaison with Bank Indonesia audit team
 Monitor implementation of the good governance of the bank
Impact of Compliance Risk to the Bank:
Bank would get sanctions if not comply with Bank Indonesia or other
regulation that range from fines and ultimately to the revocation of the
offending ban’s license.
56
THE END OF THIS SECTION

57
SESSION 4:
RISK MANAGEMENT ACCOUNTABILITY
AND PROCESS
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

INTERMEZZO

In the risk situation, what we going to do?

59
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

TOPICS TO BE DISCUSSED
RISK MANAGEMENT ACCOUNTABILITY
RISK MANAGEMENT PROCESS
a. Identify Risk Identify Analyze &
Measures
b. Analyze and Measure Risk
c. Control/Mitigate Risks
d. Monitor/Report Risks Monitor/ Control &
Report Mitigate

60
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK MANAGEMENT ACCOUNTABILITY

Layer 1 – Business Units “Your Business, Your
Controls, Your Performance”
Business Units are responsible for managing operational,
compliance and strategic business risk for their business and
the processes they own. Business units are risk owners
Layer 2 – Related Directors / Divisions / Groups with
supported by Risk Management & Compliance
“Governance & Strategy”
Risk Management and Compliance units support the Risk
Champion on their risk strategy and philosophy, support
business decisions within the Bank’s risk appetite and
facilitate the embedding of the Bank’s operational risk
framework and culture within the Bank’s businesses.
Layer 3 – Internal and External Audit “Independent
“Thus, Risk is Everybody's Oversight”
Business” Internal/External Audit is responsible for reviewing risk
management framework and Business Unit practices for risk
management and internal controls.

61
 Kerangka Kerja : Three line of defense
Sebagai pengendali dan bentuk pengelolaan risiko di Bank

 First Line of Defense adalah semua karyawan dimana harus memastikan manajemen risiko yang efektif atas risiko
yang berada di lingkup dan tanggung jawab secara langsung
 Second Line of Defense terdiri dari pemilik risiko termasuk Direktur yang bertanggung jawab terhadap tipe-tipe
risiko masing-masing didukung oleh fungsi pengendalian mereka masing-masing .
 Third Line of Defense merupakan pengendali risiko independen yang dilakukan oleh fungsi Internal Audit.
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK IDENTIFICATION
 Risk management process begins with the identification of risk event
and loss, process & procedure, service, related risk indicators and the
current control that is applied through a self assessment
questionnaire mechanism such as:
 Where and when the failure happened?
 Why the failure happened?
 What kind of control has been taken and why failed?
 What is the action plan to reduce the impact?
 How to avoid and prevent it from the same case in the future?

63
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK IDENTIFICATION –Cont’d

SOURCE OF DATA (among others):
 Hazard or incident logs or register
 Audit report
 Customer complaints
 Past staff or client survey

DATA GATHERING METHODOLOGY

 Brain Storming with staff/external stakeholder
 Research result data
 Interview with related parties
 Internal and external surveys

64
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK MEASUREMENT

RISK = PROBABILITY X IMPACT

RISK ANALYSIS ELEMENTS
 Identify the current strategy and system control that mitigate risks
and increase opportunity
 Determine impact of negative consequence or opportunity
 Determine probability of negative consequence or opportunity
 Estimate risk level by combining impact and probability
 Put attention and identify all of the uncertainties in doing the
estimation

65
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK MEASUREMENT- Cont’d

RISK ANALYSIS MATRIX

IMPACT
SIGNIFICANT MAJOR MINOR
PROBABILITY

FREQUENT

POSSIBLE

RARE

HIGH RISK MEDIUM RISK LOW RISK

66
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK MONITORING
MONITORING
 Bank Management responsible in monitoring process
 The followings are the risk monitoring activities:
 Routine internal and external audit
 Customer survey (including customer complaint)
 Monitoring the security, system, audit trail and trend analysis
 Routine reporting

67
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK MONITORING - Cont’d

REPORTING
 Reporting process is the last step of risk management process.
 Type of reports related to risk:
 Periodical Report (daily, weekly, monthly or yearly based on need)
 Audit report
 Risk event report (including “nearly miss events” for operational risk)
 Report to comply with regulation

68
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK CONTROL
 Mitigation and control of identified and measured risk is the main
activity in risk management process.
 Mitigation process and control risk consist of the following:
 System design
 Segregation of duties and clear lines of responsibilities
 Improve security
 Effective communication
 Clear incentive
 Business continuity Plan

The control level should be in accordance with the risk level in the
respective process.

69
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK CONTROL - Cont’d

 End-to-end mapping process is one of the most popular
method in risk control (especially in operational risk), and one
of the most popular technique for this is the Six Sigma

SIX SIGMA* is a statistical methodology to measure and increase quality

and business efficiency and the underlying process.

* Developed by Motorola in1980.

70
4. RISK MANAGEMENT ACCOUNTABILITY AND PROCESS

RISK MANAGEMENT PROCESS

BENEFITS OF BETTER RISK MANAGEMENT
 Better internal understanding of risk
 Support the strategic business unit, and understand the risk as well as the
allocated capital.
 Have greater understanding on the implication of risk and return
 Have an update, comprehensive and integrated views towards the global
exposure
 Have a deeper understanding on the operational risk and the risk coverage
through insurance

 Added value to shareholders

 Income volatility would decrease if the risk management is better
understood and protect equity value
 The decrease of income volatility would drive to an efficient cost of fund
 Efficient capital allocation would cause to higher return and lower risk

71
THE END OF THIS SECTION

72
SESSION 5:
ORGANIZATION OF RISK MANAGEMENT IN
BANK (based on Bank Indonesia Regulation)
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

TOPICS TO BE DISCUSSED
ORGANIZATION OF RISK MANAGEMENT IN BANK
 General Framework of Risk Management Organization
 Risk Management Committee
 Risk Management Unit
 Risk Management Vs Business Opportunity

74
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

GENERAL FRAMEWORK OF RISK MANAGEMENT

ORGANIZATION
 RISK MANAGEMENT ORGANIZATION STRUCTURE. To implement an
effective risk management, a bank has to establish an organization
structure that fit with their business objective and policy, size and
complexity, as well as their capability

 INDEPENDENT FUNCTION. A bank organization structure must be construct

in such away to make sure that the risk taking unit is independent from
the internal control unit (internal audit), and independent from the risk
management unit

 RMC and RMU. In connection with the development of the existing

organization structure, a bank should develop Risk Management
Committee (RMC) and Risk Management Unit (RMU)

75
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

GENERAL FRAMEWORK OF RISK MANAGEMENT

ORGANIZATION – cont’d
Application or Risk Management Structure in a Bank
BOC

Risk Management
BOD
Committee (“RMC”)

Line Compliance Risk Director

Management Director

Business Units Compliance Unit Risk Management Unit

(“RMU”)

Management Line Reporting Line Membership Line

76
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

RISK MANAGEMENT COMMITTEE

Structure.
RMC members is consists of majority director and executive. Membership
of RMC can be a permanent membership or temporary membership based
on the Bank’s need

Role & Responsibility

 For a bank who has three (3) directors, majority means two (2) of the three
(3) directors & one (1) of them should be a Compliance Director
 Bank is required to appoint Compliance Director as a permanent member
of RMC
 Recommendations submitted by the RMC must reflect an agreement
among the committee members
 Executive in the RMC should be one level below director and headed either
the operational unit and/or RMU
 The membership of the above executive in the RMC can be arrange to suit
with the subject of the Risk Management Committee meeting
77
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

RISK MANAGEMENT UNIT

Structure
 RMU organization structure should accordance with the size and
complexity of the bank business and its risk
 For larger bank ( in terms of total asset) and higher business complexity,
the RMU organization structure should reflect bank business
characteristics
 The RMU (and the head) have direct reporting to the President Director
or the appointed Director (Chief Risk Officer)

 The RMU must be independent from the Operational Unit (risk-taking

unit) and the Internal Control Unit

 The Operational Unit is required to inform the risk exposure in their unit
to the RMU periodically

78
Organization Chart
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

RISK MANAGEMENT UNIT – Cont’d

Role & Responsibility
 Monitor the implementation of risk management strategy that was
recommended by the RMC and approved by Board of Directors
 Monitor the whole risk position/exposure by risk type & functional
 Perform stress testing to understand the impact of risk management
policy & strategy implementation in the respective operational unit
 Review a new product/service submitted by a certain unit in the Bank
 Recommend the maximum risk exposure that should be maintained by
the Bank to its operational units
 Evaluate the accuracy & validity of data that is used by the Bank to
measure their risk by using an internal model
 Create and submit risk profile report to the President Director and the
RMC periodically (at least quarterly)

80
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

RISK MANAGEMENT VS BUSINESS OPPORTUNITY

Recently, Risk management involves the responsibility of ensuring that
business are efficient. It is concerned to increase the content of value-added
activities in any given process. Fundamentally, these value-adding creative
activities should be aligned with market opportunity for optimal enterprise
performance.

OLD PARADIGM NEW PARADIGM

 Limited strategic scope  Support Strategy & plan
 Negative Perception  Positive Perception
(shutting off the opportunity) (seizing opportunities)
 Fragmented  Integrated
 Ad hoc risk assessment, evaluation  Continuous risk assessment,
and management evaluation and management
 Cost based  Value based
 Etc.  Etc.

81
5. ORGANIZATION OF RISK MANAGEMENT IN BANK

RISK MANAGEMENT VS BUSINESS OPPORTUNITY –

cont’d

OLD PARADIGM NEW PARADIGM

RISK MANAGEMENT RISK MANAGEMENT
= =
COST OF DOING BUSINESS EFFICIENCY
+
INCREASE VALUE ADDED
+
CREATE BUSINESS
OPPORTUNITY

82
THE END OF THIS SECTION

83
SESSION 6:
CORPORATE GOVERNANCE AND RISK
MANAGEMENT
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

TOPICS TO BE DISCUSSED
CORPORATE GOVERNANCE AND RISK MANAGEMENT
 Definition and Understanding of Good Corporate
Governance
 Good Corporate Governance Framework
 Good Corporate Governance practice in Retail Banking
Activities

85
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

DEFINITION AND UNDERSTANDING OF GOOD

CORPORATE GOVERNANCE
GOOD CORPORATE GOVERNANCE & RISK MANAGEMENT
 AN EFFECTIVE RISK MANAGEMENT NEEDS A VERY STRONG FOUNDATION OF GOOD
CORPORATE GOVERNANCE

GOOD
CORPORATE
GOVERNANCE
TRANSPARANCY

ACCOUNTABILITY
RISK
RESPONSIBILITY MANAGEMENT

INDEPENDENCY

FAIRNESS

86
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

DEFINITION AND UNDERSTANDING OF GOOD

CORPORATE GOVERNANCE – Cont’d
CORPORATE GOVERNANCE BY DEFINITION
 A set of rules that define the relationship between shareholders,
managers, creditors, the government, employees and other internal
and external stakeholders in respect to their rights and
responsibilities or the systems by which companies are directed and
controlled

(source: Cardbury Committee of United Kingdom)

87
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

DEFINITION AND UNDERSTANDING OF GOOD

CORPORATE GOVERNANCE – Cont’d
REGULATION ON GOOD CORPORATE GOVERNANCE
 Sarbanes-Oxley Act
 Stipulation of Coordinating Minister of Economy (Keputusan Menko
Bidang Perekonomian) No: KEP/49/M.EKON/11/2004
 Bank Indonesia Regulation No. 8/4/PBI/2006 and No. 8/14/PBI/2006
 Stipulation of Minister of Government Owned Company (Keputusan
Menteri BUMN) No. KEP-117/M-MBU/2002

88
 6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

DEFINITION UNDERSTANDING OF GOOD

CORPORATE GOVERNANCE – Cont’d
BENEFIT OF GOOD CORPORATE GOVERNANCE
GOOD CORPORATE GOVERNANCE could create a sustainable bank towards
improving market confidence of the bank reputation and in the long Run could
improve bank performance, lower down their cost of fund and effective in
doing business and at the end could fulfill their stakeholders needs.

Good Bank
Good STRONGER
Corporate Image Market Bank
Governance confidence
Corporate
In a long run…
Governance
Poor Bank Poor
Corporate WEAKER
Image Market Bank
Governance confidence

89
 6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

DEFINITION AND UNDERSTANDING OF GOOD

CORPORATE GOVERNANCE – Cont’d
BENEFIT OF GOOD CORPORATE GOVERNANCE – Cont’d

STRONGER
BANK
FUNDING
INCREASE EFFICIENCY & FULFILL
In a long run… STAKEHOLDERS
PERFORMANCE BUSINESS
EFFECTIVITY NEEDS
WEAKER
BANK

90
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK

BASIC PRINCIPLES TO IMPLEMENT GOOD CORPORATE
GOVERNANCE
STAKEHOLDERS

STRATEGIC OBJECTIVES & VALUES

OVERSIGHT BOARD

CLEAR
LINES
OF MANAGEMENT
COMPENSATION
RESPONSI-
BILITY
INT. & EXT.
AUDIT
TRANSPARANCY
91
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK –

Cont’d

GOOD CORPORATE GOVERNANCE COVERAGE

I
C N BOC COMMITTEES BOD SHAREHOLDERS REGULATORS
O T
V
E
E E
R R x
A N T DEBTORS
RELATED
G INTERNAL RISK LEGAL/ PARTIES
A AUDIT MANAGEMENT COMPLIANCE E
E
L R
O N CREDITORS
EXTERNAL
N AUDITOR
A
internal
G L
external
C
G OUTSOURCING VENDORS

92
 6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK –

Cont’d

GOOD CORPORATE GOVERNANCE FRAMEWORK

basic principles Definition of GCG: Set of
relationships among the BOD,
BOC, Shareholders and
T ransparency Stakeholders of an institution
COMMON
OBJECTIVE

A ccountability

R esponsibility

I ndependency

F airness

93
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK –

Cont’d
 Issuance of annual report, in accordance with the
regulations from Capital Market Control Agency and Bank
Indonesia (including the good governance practices ).
Transparency  Periodical financial report, including annual, semi annual and
Provide important and
relevant information quarterly financial reports.
timely, clear, accurate
and easy to access  Transparency of information, clear, accurate among others
conflict of interest transaction and information or decision of
capital investments.
 Disclosure of other important information to the stakeholders
are publication of shareholders meeting, public expose etc.

94
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK –

Cont’d
 Determine function, implementation and responsibility of
Accountability respective structure and the whole bank transparently
Responsible to their and in accordance with the vision, mission, bank’s goal
performance and strategy
transparently,  Implement the internal control system effectively.
properly with a right
and measurable  Has a balance score card and reward & punishment
management. system.
 Implement a good business ethic and code of conduct

 Adhere to the regulation such as Law on limited

Responsibility company, capital market and other regulation from
Adhere to the related government bodies such as Bank Indonesia,
regulation and law
and implement social Minister of Finance, etc
responsibility as part  Implement Corporate Social Responsibility (CSR)
of the good corporate activities among others pay attention and develop
citizens community

95
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK –

Cont’d

 Management should be implemented professionally and

Independency objectively without conflict of interest and intervention, so
Manage the company that the decision can be taken objectively.
Independently so
there is no  To make sure that majority of the member of the Board of
intervention from Commissionaires are independent, so they can present
other party. objectivity and new perspective from outside which are
important for a healthy corporate governance

Fairness  Make sure equitability in fulfilling stakeholders right

Concern on according to regulation
Shareholder and  Treat employee in the same manner without differences
other stakeholder
needs and treat them on races, religion, gender, and other thing that not relates
equally to the performance

96
6. CORPORATE GOVERNANCE AND RISK MANAGEMENT

GOOD CORPORATE GOVERNANCE FRAMEWORK –

Cont’d

GOOD CORPORATE GOVERNANCE PRACTICES IN RETAIL

BANKING ACTIVITIES
 Follow and understand our role and responsibility
 Follow the bank internal rules and regulation
 Comply with general banking regulation (e.g. Transparency in product
information to customer, Bank Secrecy and KYC)
 Incorporated the bank mission, vision and values in daily working
activity
 Cooperate and work in ethical manner

97
THE END OF THIS SECTION

98
 THANK YOU
Hariseno Acharyama, CRMA
Risk Management Head
PT. Bank Sahabat Sampoerna

99