- Green Growth
- Your Consultant
|Pham Do Nhat Vinh - Director, Head of FS Risk Consulting, KPMG Tax and Advisory Limited|
Since then, KPMG has conducted a number workshops, CRO forums with regulators as well as senior bankers and risk practitioners where stakeholders could share their challenges and ideas on the implementation of the circular, as well as their thoughts on the resources required for such implementation.
Maybe an even more important question has been raised about what impacts or changes we might expect to see in the coming years, once the regulation is put in place, and how the banking business will be shaped by the circular.
Firstly, we would like to thank all participants for sharing their practical views on the banking industry.
Based on these exchanges and our knowledge of the industry, as well as relevant KPMG studies, the aim of this article is to provide an overview of the changes that might happen in the coming time.
|Source: KPMG, Risk and ICAAP benchmarking survey 2017|
We have seen in recent times that many banks have increased capital due to stricter capital adequacy requirements set by Circular No.41/2016/TT-NHNN, which requires banks to have adequate capital reserved for credit risk, market risk, and operational risk (Pillar 1 risks). When Circular 13 comes into effect, in few years’ time banks will need to have sufficient capital to cover other material risks, namely Pillar 2 risks. As stated in Circular 13, after performing a stress test, banks will be required to meet minimum a CAR requirements of 8 per cent. Therefore, it is reasonable that banks are incentivised to draw up a capital raising plan for such additional capital need.
This projection is also in line with KPMG studies in other markets. In a recent KPMG study on capital impact due to ICAAP, it was seen that almost all banks have increased capital requirements compared to their previous ICAAP.
In fact, we have seen capital set aside for Pilar 2 risks in several banks could range from 16 to more than 20 per cent of the bank’s capital requirements and even account for a proportion which is larger than the sum of capital required to cover both operational and market risks. Banks having a thin capital buffer will likely raise capital quite soon.
|Source: KPMG, Never again? Risk management in banking beyond the credit crisis, 2008|
Corporate governance in general and banking governance in particular are a crucial foundation to build up and maintain reputation and public trust. In the last five years, many serious events took place, resulting in negative consequences and significant public costs. Such failures could lead the market to lose confidence in the banking system and potentially trigger bank run at a systemic scale, which could disfuctionalise the banking system. Hidden and complicated cross-ownership and poor corporate governance are among the top reasons for such collapses. In short, checks and balances are not appropriately in place.
According to KPMG’ 2008 global survey (Never Again? Risk management in banking beyond the credit crisis), the majority of chief risk officers (CROs), risk professionals, and other senior managers taking the survey acknowledge that the industry as a whole has an inadequate framework for controlling risk. 50 per cent of respondents say poor risk governance contributed to the credit crisis.
Almost 10 years later, a KPMG analysis of Risk governance on systemically important banks (SIBs) has also shown that there are more formal assessments of effectiveness at a financial institution with a more-developed approach to risk governance, and risk culture is reported to the Board Risk Committee. Remuneration and risk culture are linked, and there is some co-ordination between the Audit Committee and Risk Committee by means of joint meetings. In isolation, these items are beneficial. Taken together, they improve the overall risk governance of the institution.
|KPMG, Risk governance: A benchmarking analysis of systemically important banks, 2016|
Interestingly, almost all of these aspects are quite well regulated in Circular 13, which implies a clear message to promote a healthy corporate governance and mitigate the risk of conflict of interests. Committees at board level and at executive level should be clearly and separately set up.
In order to comply with Circular 13, banks are expected to enhance risk governance in line with international practices, which is a big challenge. As a result, the board should strengthen its oversight and let the executive management team implement and manage its day-to-day business under its oversight. There should be no “dual hatting” in risk management and it should be independent from other executive functions and business responsibilities. As regulated, banks will need to set up a proper three-line defense and revise important board committees, including risk committee, HR committee, and executive-level councils including ALCO and capital ones. The internal control system will also need to be reshaped.
Undoubtedly, credit risk is still the biggest part of risk management, but since Circular 13 formally put down many requirements for liquidity management and operational management, banks will pay much more attention to these risks. From KPMG Vietnam’s observations, many banks now want to develop more sophisticated Asset and Liability Management (ALM) as well as a proper operational framework in the near future. Banks are growing more aware of the important contribution of controlling liquidity risks and the necessity to have a good contingent funding plan to maintain their viability in case of crisis.
Operational risk, model risk, data security, and business continuity plans should take a higher priority on the agenda of CROs, especially as more IT solutions, automation, and risk models are adapted in banking operations. These things are also mentioned in Circular 13.
CHANGING RELATIONSHIP OF 3Cs
This relationship among the 3Cs-CEO, CFO, and CRO-will be more integrated. Integration here refers to interdependence of risk appetite, capital plan, and business plan.
In addition, changes required for governance structure, working relationship between the Board Risk committee, the Asset Liability Committee (ALCO), and the Capital management council would also lead to several changes of the relationship between the 3Cs.
The development of risk appetite needs to be integrated into business and plans for the next three consecutive years. To do this, banks need to enhance their projection capacity and their ability to cope with many “what if” scenarios. As such, the changing role of the CRO needs to be paid attention to. The CRO’s role is not limited to traditional tasks such as compliance management, but is expected to see more involvement of risk in strategic business decisions, according to Circular 13, for example the use of risk-adjusted measures for business decisions.
In fact, more CROs and CFOs have realised silo management and weak linkages between risk management and financial management. This could potentially lead to many issues, such as data and reporting issues or inefficient investment in banking solutions.
RISK-BASED APPROACH IN INTERNAL AUDIT
The development of IA should be kept in pace with the development of governance and risk management. Compliance audit is an important purpose, but risk-based audit will be the trend to be seen in the near future, thus motivating banks to enhance the quality and nature of IA activities. Changes in the way that banks develop audit plans driven by analytics and material assessment are to be expected.
In conclusion, the implementation of Circular 13 should not be seen as a “ticking the box” exercise that does not bring any considerable value to banks, but shuold rather be seen as compliance costs. It will take time for the principles mentioned in the regulation to be embedded and operationalised in banking activities. Until then, the changes and impacts outlined above will contribute great value to banks and strengthen their competitive advantages.