RSK4802 EXAM PACK 2023

RSK 4802 EXAM PACK 2022 JANUARY /FEBRUARY 2016 QUESTION1.1 ai) Risk management is an important process because it empowers a business with the necessary tools so that it can adequately identify and deal with potential risks. Once a risk has been identified, it is then easy to mitigate it. In addition, risk management provides a business with a basis upon which it can undertake sound decision-making. -For a business, assessment and management of risks is the best way to prepare for eventualities that may come in the way of progress and growth. When a business evaluates its plan for handling potential threats and then develops structures to address them, it improves its odds of becoming a successful entity. In addition, progressive risk management ensures risks of a high priority are dealt with as aggressively as possible. Moreover, the management will have the necessary information that they can use to make informed decisions and ensure that the business remains profitable. Importance of Risk Management plan Risk management plans offer several benefits that make them a worthwhile endeavor for every business. For example, risk management plans help companies to identify the potential risks they may face. Being aware of these risks allows businesses to make plans to avoid specific risks or deal with them when they arise. -Having a risk management plan also makes financial sense because it allows businesses to prepare themselves financially for the most likely problems. It may also increase a business’s appeal to lenders. In addition, risk management plans protect the company’s resources by allowing the company to prioritize risks and plan to deal with each possibility. This conserves important resources, allowing the company to focus on more important tasks such as accomplishing sales goals and more. -Risk management in business can improve the company’s brand by letting employees, customers and other businesses know that the company is responsible and resourceful. Furthermore, risk management plans give companies a chance to gather important information that may be useful for other purposes as well. b)Identify the four main categories of strategies for managing risk -Avoidance -Acceptance -Mitigation -Control c)Briefly explain to Mr Sithole the difference between the following aspects: i)AN INTERPRISE RISK MANAGEMENT FRAMEWORK -The risk management framework relates to the basic structure that is used to address the risks faced by an organization. The purpose of the risk management framework is to assist the organization towards the intergation of risk management into its management process so that it becomes a routine activity ii) A risk policy - A risk policy sets out how the risks, which have been identified by the risk assessment procedure will be managed and controlled. The risk management policy assigns responsibility for performing key tasks, as it establishes accountability with the appropriate managers, defines boundaries and limits as they intend to formalize the reporting structures. The policy should address specific responsibilities of the board, internal audit, external audit, the risk committee, the central risk function, employees and third party contractors towards the implementation of the risk policies iii)Risk management process -According to International Risk Stanadards, ISO 31000(2009),A risk management process is the one that systematically applies management policies, procedures and practices to set the activities intended to establish the context, communicate and consult with stakeholders, and identify, analyze, evaluate, treat ,monitor and review the anticipated risk exposures QUESTION 1.2 Loss prevention requires the identification of the source (or cause) of loss√ and the impact of environmental factors and secondly the elimination of reduction of these effects. √ Two customary approaches are the engineering approach and the human or personal approach. (See P 164 of the prescribed book by Valsamakis) (plus any √√√√√√) human approach √ technique of loss control and reduction of losses in insurance. Supporters of this method believe that the safety attitudes of individuals determine the safety precautions they take. √ The human approach seeks to convince people to want to be safe in order to reduce loss frequency and severity. For example, campaigns encouraging the use of seat belts help promote a safety-conscious society. engineering approach √ approach in loss prevention placing emphasis on physical features of the workplace as a potential cause of injuries. √ For example, if a product is inherently dangerous in design or during manufacture, an insurance company may assign an engineer to analyze the situation and recommend changes that could improve safety and lower insurance premiums.√ Risk reduction can be achieved in different ways (e.g. hazard reduction and loss reduction). Hazard reduction involves reducing the odds that a loss will occur and loss reduction involves reducing the severity of the loss.√ Risk management control procedure emphasizes safety management. Its purpose is to reduce the frequency and severity of potential losses.√ Business firms apply this procedure by posting safety signs, holding safety meetings, and providing cash awards for employees with the best safety records.√ QUESTION 2.2 You are the Chief Risk Officer of ABC Bank. You have been requested to do a presentation to the South African Reserve Bank in which you are required to identify and describe the role players in your bank’s compliance process. Write a short report in which you identify and describe these role players (15) IDENTIFICATION OF KEY ROLE-PLAYERS Although the ultimate accountability for compliance with the legal and regulatory requirements rests with the Board of Directors, compliance is a multi-disciplinary process in which, at the bare minimum, the following role players should be involved: - Board of Director -Audit Committee -Chief executive officer/ executive management Committee -Line management and/or Boards for Divisions and Subsidiaries - Internal Audit Function - Compliance function - External audit function - All employees and -Regulators (General guidelines for the roles and responsibilities of each of these role players, with specific reference to compliance) are as follows: Board of Directors The Board is appointed by and accountable to its shareholders to lead, control and monitor the business of the Group and to provide effective corporate governance, with the specific responsibility to oversee compliance with regulatory requirements. Audit Committee A special sub-committee of the Board is established to oversee compliance matters. This Committee is a very important part of the whole compliance system and monitors compliance at the highest level. Chief executive officer/ executive management Committee (EXCO) EXCO is appointed by the Board to manage the business within an acceptable risk profile ad to achieve sustainable profits. Its specific responsibility regarding compliance must be to ensure that risk processes, with regard to regulatory requirements, are implemented. Line management and/or Boards for Divisions and Subsidiaries They accept the responsibility for the risks undertaken in their divisions and/or subsidiaries within the confined of the overall risk control framework of the business. Their specific responsibility regarding compliance includes the business. Their specific responsibility regarding compliance includes the implementation of compliance procedures to ensure adherence to relevant regulatory requirements. Internal Audit Function Although there is common ground between Compliance and Internal Audit functions, the focus of the respective functions are different. The role of Internal Audit in this regard, is to review the existence and adequacy of management control systems to ensure proper compliance with the laid down policies, plans, procedures, and regulatory requirements. As a result of the work of Internal Audit, the Compliance Function can, in certain circumstances rely on work of Internal Audit, instead of carrying out compliance reviews on their own. On the other hand, Internal Audit can consult with the Compliance function in identifying high-risk areas the planning of audits. Compliance function The CF is an independent function, which is associated with all aspects of compliance, including the monitoring of the compliance risk process. It is imperative that the Compliance officer has the necessary rights and powers to fulfil this role impartially and effectively. Further responsibilities of the Compliance Officer can be divided into the following aspects: - Standard setting  Providing advice  Monitoring  Maintaining external relations  Resolving issues of non-compliance  Training  Assisting with ad hoc investigations External audit function The external Auditors are required to review the risk processes as part of their statutory audit duties imposed on them by the Companies Act, Banks Act and any other applicable legislation. All employees Employees are the primary role-players in the process of complying with regulatory requirements. The specific responsibilities are to be conversant with, and implement the specific requirements by promulgated by the relevant Regulators. Regulators The role played by the Regulator naturally depends on the specific business and environment in which it functions. In general, the main objective of the Regulators is to maintain stability in the specific environment by providing guidelines and ensuring compliance therewith. Regular interactions between the specific Regulator and the aforementioned role-players are imperative in order to enhance a mutual understanding of the different perspectives on compliance matters Conclussion COMPLIANCE is more than just manuals, checklists and procedures. The extent to which the importance of compliance is correctly perceived will depend on the effectiveness of the interaction between the different role-players described. This can only be achieved if each role-player fully understands their individual roles (mandates). QUESTION3.1 REFER TO KING IV REPORT QUESTION3.2 REFER TO KING IV REPORT QUESTION3.3 List three grounds on which the director of a company may be held personally liable to the company for damages, loss or costs sustained by the company as a direct or indirect consequence of certain actions by the director. (6) - Acting for or on behalf of the company despite knowing that he lacked authority to do so; or -Agreeing to carrying on the business of the company while knowing that it is prohibited under section 22 (a company may not carry its business recklessly with gross negligence with intent to defraud any person or for any fraudulent purpose or trade under insolvent circumstances); or - Being party to an act or omission by the company despite knowing that it was calculated to defraud a creditor, employee or shareholder of the company, or had fraudulent purposes; or -Having signed, or consented to the publication of a financial statement that was false and misleading in a material respect, or a publication of a prospectus that contained an “untrue statement”, knowing that or with reckless disregard as to whether the statement was false, misleading or untrue; or - If a director took part in a meeting (formal or informal) and failed to vote against for example: - Issuing any unauthorised shares, financial assistance and knowing it is in contravention of the Act QUESTION3.4 It is crucial that banks have strong corporate governance”. Evaluate this statement and provide reasons for your view. Financial institutions, particularly banks are a critical component of any economy√. They provide financing for commercial enterprises, basic financial services to the population at large and provide access to payment systems. The importance of banks to national economies is demonstrated by the fact that banking is virtually universally a regulated industry and that banks have some recourse to government particularly √ through the Central banks. It is therefore of crucial importance that banks maintain strong corporate governance. Corporate governance provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Corporate governance should also provide proper incentives for the board and management to pursue objectives that are in the interests of the company and shareholders and should facilitate effective monitoring, thereby encouraging firms to use resources more efficiently. From a financial industry perspective, corporate governance involves the manner in which the business and affairs of the individual institutions are governed by their boards of directors and senior management affecting how banks: -Set corporate objectives (including generating economic returns for owners)√  Run the day-to-day operations of the bank;√  Consider the interest of recognized stakeholders, private and public;√  Align corporate activities and behaviors with the expectation that banks will operate in a safe and sound manner, and in compliance with the applicable laws and regulations;√ Protect the interests of depositors. √ In the financial sector, corporate governance should take in account the interest of other stakeholders (not only the shareholders of the company or owners). These include depositors, savers, life insurance, policy holders, regulators etc. as well as the general stability of the financial system due to the systemic nature of many players. At the same time it is important to avoid any moral hazard by not diminishing the responsibility of private stakeholders. It is therefore the responsibility of the board of directors under supervision of the shareholders, to set the tone and in particular to define the strategy, risk profile and risk appetite of the institutions it is governing. ADDITINAL FACTS OR SECOND JUDGEMENT A lack of good and strong corporate governance can lead to a banking crisis that in turn can be the catalyst for what can ultimately be an economic recession. Sound corporate governance considers the interests of all stakeholders including depositors and others whose interest may not always be factored. Therefore, banking regulators must determine that individual banks are conducting their business in a way that benefits all stakeholders not just shareholders. Should there not be effective and strong governance lead by the Board down, the business units will tend to regulate risk to achieve their own required levels as a profit centre whilst not appreciating the downside to the organisation as the look towards short term results, inadequate corporate governance stops the board from supervising down to those units. This leads to inadequate internal control by the internal audit department of the group with little or no external supervision of the group. The structure becomes non transparent which in turn leads to no responsibility been taken or oblique responsibility at best. Good strong corporate governance brings about stability and the successful functioning of the financial system. It promotes the taking of appropriate risk and the pricing of that risk. This greases the financial engine and fuels the economy. Leverage is a required catalyst for business and thus the livelihood of the general man in the street. Bad governance and the failure of those “too big to fail” impacts on the lives of everyone. But more importantly the contrary is also true, good governance of the banking sector instills confidence to lend and to borrow, prices these functions appropriately and thus fuels growth which is so important for employment and hence the social benefits that this brings to the wellbeing of mankind. MAY/JUNE 2016 QUESTION 1 You act as a consultant on corporate governance matters and have recently received the following enquiries: Enquiry 1 The 4 executive directors of a mining company have to visit new prospects in Africa due to logistical problems they will have to travel together on certain routes in view of fierce completion on the market, this strategic trip will not be publicized. Enquiry 1 • Not good CG practice • Risk in travelling together that corporate knowledge may be destroyed • What succession planning in place • What impact on the company and share price if information is disclosed in advance or not disclosed and something happen. Risk disclosure -The board should ensure that there are processes in place allowing complete, timely, relevant,accurate and accessible risk disclosure to stakeholders. -In its statement in the integrated report, the board should disclose for the period under review any undue, unexpected or unusual risks it has taken in the pursuit of reward as well as any material losses and the causes of the losses. -This disclosure should be made with due regard to the company’s commercially privileged information. -In disclosing material losses, the board should endeavor to quantify and disclose the impact that these losses have on the company and the responses and interventions implemented by the board and management to prevent recurrence of the losses. -The board should disclose any current, imminent or envisaged risk that may threaten the long- term sustainability of the company. -The board should also disclose its views on the effectiveness of the company’s risk management processes in the integrated report. -Executive director involvement in the day-to-day management of the company or being in the fulltime salaried employment of the company, or both defines the director as executive. -Executive directors should carefully manage the conflict btw their management responsibilities and their fiduciary duties as directors in the best interest of the company. (Enquiry 2 Mr. Lincoln act as an executive chairperson of his company and sits on the remuneration committee Lincoln is a shareholder in the company, his son acts as the CEO of the company, which is listed on the JSE, the enquiry was received from a minority shareholder. With regard to the chairman serving on other committees • Not good CG • Chairperson should be non-executive and independent • Independent directors and CEO on remuneration committee • Family ties on board, although not disallowed, must be clear with no interference -The chairman should not be a member of the audit committee; -The chairman should not chair the remuneration committee but may be a member of it; -The chairman should be a member of the nomination committee and may also be its chairman; -The chairman should not chair the risk committee but may be a member of it; There should be a successive plan for the position of the chairman. Committees Audit, risk, nomination and remuneration committees should be establishedThe Companies Act also requires a social and ethics committee and King3 principles should also apply. Board committees should have: • Terms of Reference approved by the board that are reviewed annually • Composition and terms of reference should be disclosed in the integrated report • Composition should comprise a majority of non-executive directors of which the majority should be independent (risk-committee may have a mixed composition) • The chairman should not participate in incentive schemes, benchmarks used, retention schemes, justification for salaries above from medians, material ex-grata payments, executive employment policies and max potential dilution from incentive awards. • Shareholders should vote a non-binding vote on the company’s remuneration policy • The board should determine executive directors’ remuneration in accordance with the policy put to shareholders Enquiry 3 Enquiry 3 The company has awarded shares and options on shares to its non-executive directors the option prices are well below market prices Remuneration disclosure and shareholders Votes • Not good CG • Award of shares and options to non-executive directors prohibited as remuneration should not be listed to share performance • Option prices should be market related King3 requires disclosure of the remuneration of each individual director and senior executives. Guidance is given on remuneration and policy and practices, incl that nonexecutives should not receive share options. King3 recommends that remuneration policies be put to the shareholders for a nonbinding advisory vote and the board should determine the remuneration of the executive directors in line with policy. Share-based and other long-term incentive schemes The remuneration committee should regularly review incentive schemes to ensure their continued contribution to shareholder value. The committee should guide against unjustified windfalls and in appropriate gains from the operation sharebased incentive. Participation in the share incentive schemes should be restricted to employees and directors and should have appropriate limits for individual participation, which should be disclosed. All share-based incentives, incl options and restricted or conditional shares, whether settled in cash or in shares, should align the interests of executives with those of shareholders and should link reward to performance over the long term. Consistency in granting of share incentive awards and options, generally yearly, is desirable as it reduces the risk of unanticipated outcomes that arise out of share price volatility and cyclical factor, allows the underwater options or excessive windfall gains, the price at which shares are issued under a scheme should not be less than the mid-market price or volume weighted average price immediately preceding the grant of the shares under the scheme. Enquiry 4 Mr. Clinton is a non-executive director of the company and attends the monthly management tender committee meetings, a newspaper reported that Mr. Clinton did not recuse himself from a meeting which awarded a major contract to his niece. • Not good CG • Non-executive director should be independent and not involved in the management of the company. • Recuse not an issue in view of the above • Association with beneficiary should be properly disclosed • Investigate whether proper tender procedures were followed Conflict of interest Managing conflict of interest -It is not sufficient merely to table a register of interests. -All interest and external legal requirements must be met. The chairman must as affected directors to recuse themselves from discussions and decisions in which they have a conflict, unless they are requested to provide specific input,in which event they should not be party to the decision. N.B:Enquiry 1-4 Additional valid comments accepted. Bonus mark(s) for specific King references QUESTION2 This report addresses four areas of corporate governance that the Group considered closely linked to recent failures: 1 remuneration/incentive systems; 2 risk management practices; 3 the performance of boards; and 4 the exercise of shareholder rights. The four areas are also closely related: if remuneration has been excessive and/ or not structured properly, why have the boards allowed this state of affairs to occur? If risk management has failed to manage risk oriented remuneration systems, why have the boards apparently stood back or are we expecting simply too much of boards in large complex companies which are to a great extent themselves a product of board and shareholder decisions? Why have shareholders not been able to ensure accountability? It also covers the issue of implementation of existing corporate governance standards. 1. Remuneration/incentive systems However depending on the characteristics of the company, remuneration and incentive systems that should be the focus of board (and sometimes regulatory) oversight need to be considered broadly and not just focused on the chief executive officer and board members. • The governance of remuneration/incentive systems have often failed because decisions and negotiations are not carried out at arm s length. Managers and others ‟ have had too much influence over the level and conditions for performance based remuneration with the board unable or incapable of exercising objective, independent judgment. • In many cases it is striking how the link between performance and remuneration is very weak or difficult to establish. For example, companies have often used general measures of stock price rather than the relative performance of the individual firm. Factors not within the control of the CEO have often been emphasised. • Remuneration schemes are often overly complicated or obscure in ways that camouflage the situation. This is particularly the case with hard to value pension schemes. They are also asymmetric with limited downside risk thereby encouraging excessive risk taking. Transparency needs to be improved which goes beyond simply more disclosure that has improved in recent years. Corporations should be able to explain the main characteristics of their performance related remuneration programs in concise and non-technical terms. This should include the total cost of the program; the performance criteria used, and; how remuneration is adjusted for related risks. • The goal needs to be remuneration/incentive systems that encourage long term performance and this will require instruments that pay-out after the longer term performance has been realised. These might include share rather than cash payments with lock-up provisions, claw backs, deferred compensation etc. It is important to assess the programme ex-post. Such schemes are complex and it is not likely that legal limits such as caps and some fiscal measures will be able to achieve this purpose. There is also a risk of a shift towards excessive fixed remuneration components that would weaken alignment of incentives with the long term success of the company. • The tax system has an important influence on both the level and structure of compensation but whether the outcomes are desirable for the perspective of corporate governance is often far from clear. Further analysis is often required. - Steps must therefore be taken to ensure that remuneration is established through a sound governance process where the roles and responsibilities of those involved, including consultants and independent directors, are clearly defined and separated. Any remuneration consultants might need to be hired by the nonexecutive members of the board rather than by management. Executive board members should not participate since they have an inherent conflict of interest. • It should be considered good practice that remuneration policies are submitted to the annual meeting and as appropriate subject to shareholder approval. • Financial institutions are advised to follow the Principles for Sound Compensation Practices issued by the Financial Stability Forum 2. Risk management practices; Effective risk management is a key element of good corporate governance in financial and non-financial companies. Risk management failures in financial companies can have important implications for systemic risk. However, failures in non-financial companies can also involve major externalities and social costs. Nevertheless, national risk standards are still in a very high level form and may not give good guidance to companies, investors and stakeholders. • Risk management is integral to corporate strategy not just in companies avoiding losses but also in being able to seize new opportunities. However, excessive emphasis appears to have been given to financial risk and internal controls for the purpose of corporate reporting and to the board s responsibilities via the audit ‟ committee. This orientation is much too expost. Linking risk management to strategy is more forward oriented and also introduces an important role for stress testing. • The financial crisis shows that risk management needs to be an enterprise-wide undertaking and not just practiced in particular product/market lines. Indeed, with the current level of outsourcing, the economic borders of the firm might be wider than its legal form. • The board bears primary responsibility for strategy and for associated risk management. However, good risk management must be practiced throughout the organisation and be a part of the way it does business. Boards must therefore monitor the structure of the company and its culture and also ensure a reliable and relevant flow of information (the assurance perspective) to the board about the implementation of its strategy and the associated risks. • Particularly in financial institutions, a separate channel of risk reporting to the board such as via a chief risk officer is warranted in the same way as internal audit reports separately to the audit committee and not just to the CEO. It is not clear that risk management belongs to the duties of the audit committee, although it should inform itself about risk management in the company. • Reflecting the lack of adequate standards, disclosure of foreseeable risks is often poor and can be mechanical and boiler plate in nature (e.g. a list of umpteen possible risks). More important is adequate disclosure about the mechanisms of risk management and the risk management culture. • Remuneration and incentive systems have important implications for risk taking and therefore need to be monitored and perhaps even influenced by the risk management system. 3. The performance of boards The judgment that the financial crisis has shown that the ideal of boards as capable of objective independent judgment and therefore an effective monitor of management is not correct: they have often not been tried. Board member competence is certainly important but there is no necessary trade-off between independence and competence. • Boards in many cases appear to remain captured by their own histories and by management so that they may be reactive rather than proactive. Individual members are seldom changed by being voted out of office by shareholders (with the exception of jurisdictions and companies characterised by block shareholders) indicating significant path dependency. • A case can be made for separating the CEO from the Chairman position in single tier boards. Disclosure is important: where the functions of the CEO and Chair of the board are not separated, companies should explain the reasons for choosing their leadership structure and disclose the corporate governance arrangements which they put in place to avoid that this structure jeopardises the effectiveness and independence of the board. This should also be the case where a controlling shareholder holds the post of chair. • There might be a need to strengthen the legal duties of board members and to improve enforcement possibilities. • In the banking sector, there is a good public policy case for strengthening risk reporting lines to the board and for extending the “fit and proper person” test to cover the skills and independence of a potential board member. 4. The exercise of shareholder rights Shareholders have tended to be reactive rather than proactive and seldom challenge boards in sufficient number to make a difference. An ineffective monitoring by shareholders has been experienced both in widely held companies and in the companies with more concentrated ownership. In some instances, shareholders have been equally concerned with short termism as have managers and traders, neglecting the effect of excessive risk taking policies. • The share of institutional investors continues to increase but their voting behaviour suggests reluctance on the part of many to play an active role. When compelled to vote the reaction often appears to be mechanical. One of the reasons for inactivity appears to be important conflicts of interest and incentive structures linked to some structural weaknesses in the corporate governance of these investors. • It should be regarded as good practice for institutional investors acting in a fiduciary capacity to disclose their voting records in order to make more transparent any conflicts of interest and how they are being managed. • Institutional investors (and others) should not be discouraged from acting together in individual shareholders meeting, both through consultation before the meeting and the presentation of common proposal, provided that they do not intend to obtain the control of the company. • Even though barriers to voting (e.g., share blocking) do not fully explain low voting participation, they are still significant namely with regards to cross-borders voting. Measures should be taken, both by regulators and by all the institutions involved in the voting chain (issuers, custodians, etc.) to remove remaining obstacles and to encourage the use of flexible voting mechanisms such as electronic voting. • Institutional shareholders acting in a fiduciary capacity should be required to publish their voting records so as to provide more information to their beneficiaries. • As the share of institutional shareholders increases, greater attention has turned to proxy advisors and to the potential for conflicts of interest. It is also claimed that there is a danger of “one size fits all” voting advice. • The role of alternative investors (private equity finds and activist hedge fund), which have been active investors in recent years, should not be hampered as a sideeffect of regulatory reforms which might be developed to address the specific issues that have created problems. • Effective enforcement of shareholders rights is still an open issue both in ‟ systems with strong private litigation traditions and in systems more based on public enforcement mechanisms. Stronger complementarity between private and public enforcement instruments could contribute to create a more favourable framework for active informed shareholders. b) “It is crucial that banks have strong corporate governance”. Evaluate this statement and provide reasons for your view. Financial institutions, particularly banks are a critical component of any economy√. They provide financing for commercial enterprises, basic financial services to the population at large and provide access to payment systems. The importance of banks to national economies is demonstrated by the fact that banking is virtually universally a regulated industry and that banks have some recourse to government particularly √ through the Central banks. It is therefore of crucial importance that banks maintain strong corporate governance. Corporate governance provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Corporate governance should also provide proper incentives for the board and management to pursue objectives that are in the interests of the company and shareholders and should facilitate effective monitoring, thereby encouraging firms to use resources more efficiently. From a financial industry perspective, corporate governance involves the manner in which the business and affairs of the individual institutions are governed by their boards of directors and senior management affecting how banks: -Set corporate objectives (including generating economic returns for owners)√  Run the day-to-day operations of the bank;√  Consider the interest of recognized stakeholders, private and public;√  Align corporate activities and behaviors with the expectation that banks will operate in a safe and sound manner, and in compliance with the applicable laws and regulations;√ Protect the interests of depositors. √ In the financial sector, corporate governance should take in account the interest of other stakeholders (not only the shareholders of the company or owners). These include depositors, savers, life insurance, policy holders, regulators etc. as well as the general stability of the financial system due to the systemic nature of many players. At the same time it is important to avoid any moral hazard by not diminishing the responsibility of private stakeholders. It is therefore the responsibility of the board of directors under supervision of the shareholders, to set the tone and in particular to define the strategy, risk profile and risk appetite of the institutions it is governing. ADDITINAL FACTS OR SECOND JUDGEMENT A lack of good and strong corporate governance can lead to a banking crisis that in turn can be the catalyst for what can ultimately be an economic recession. Sound corporate governance considers the interests of all stakeholders including depositors and others whose interest may not always be factored. Therefore, banking regulators must determine that individual banks are conducting their business in a way that benefits all stakeholders not just shareholders. Should there not be effective and strong governance lead by the Board down, the business units will tend to regulate risk to achieve their own required levels as a profit centre whilst not appreciating the downside to the organisation as the look towards short term results, inadequate corporate governance stops the board from supervising down to those units. This leads to inadequate internal control by the internal audit department of the group with little or no external supervision of the group. The structure becomes non transparent which in turn leads to no responsibility been taken or oblique responsibility at best. Good strong corporate governance brings about stability and the successful functioning of the financial system. It promotes the taking of appropriate risk and the pricing of that risk. This greases the financial engine and fuels the economy. Leverage is a required catalyst for business and thus the livelihood of the general man in the street. Bad governance and the failure of those “too big to fail” impacts on the lives of everyone. But more importantly the contrary is also true, good governance of the banking sector instills confidence to lend and to borrow, prices these functions appropriately and thus fuels growth which is so important for employment and hence the social benefits that this brings to the wellbeing of mankind. c) Read the following article and identify the corporate governance failures that took place at UBS. -The Board did not provide the structure through which the objectives of the company and the means of attaining those objectives were set. It is not clear that specific incentives for the board and management to pursue objectives that are in the interests of the company and shareholders were set. There is no evidence that the board of directors, under supervision of the shareholders, defined the strategy, risk profile and risk appetite of the bank. -They pursued a strong growth strategy without specifically addressing the additional risk. They argued that it will not increase the risk substantially. There was no specific decision by the board either to develop business in or to increase exposure to subprime markets. (Lack of leadership and direction). However there was a growth of certain businesses that did, as part of their activities, invest in or increase UBS s exposure to the US subprime sector by virtue of investments in ‟ securities referencing the sector. In undertaking the transactions, the traders benefited from the banks allocation of funds that did not take risk into account. In ‟ combination with the bonus system, traders were thus encouraged to take large positions. - The strategy to acquire mortgage based assets (mainly US subprime) and then to package them for resale (holding them in themeantime i.e. warehousing) was approved without the bank establishing the balance sheet size as a limiting metric. (Top down setting of hard limits and risk weighted asset targets on each business line did not take place until Q3 and Q4 2007.) - The transactions were very big - each transaction was frequently in excess of USD 1billion, normally requiring specific approval. -The approval of the transactions was only ex-post. - As much as 60 per cent of the collateralised debt obligations (CDO) were in factretained on UBS s own books. ‟ There was neither monitoring of counter party risk nor analysis of risks in the subprime market, the credit rating being accepted at face value. Worse, as the retained tranches were regarded as safe and fully hedged, they were netted to zero in the value at risk (VAR) calculations used by UBS for risk management. -Worries about the subprime market did not penetrate higher levels of management. - Other business lines also involved in exposure to subprime but senior management and the board was not informed of the total exposure of UBS to the sector. Additional analysis for one mark - The problem at UBS was that top management was too complacent, wrongly believing that everything was under control, given that the numerous risk reports, internal audits and external reviews almost always ended in a positive conclusion. The bank did not lack risk consciousness; it lacked healthy mistrust, independent judgment and strength of leadership. Thus it happened that although problems in the subprime market had been identified early on, the Group Executive Board and the Board of Directors did nothing, because the internal calculations and assurances coming from lower levels in the organization constantly confirmed that the UBS Investment Bank was sufficiently well-protected to deal with a downturn. For too long, management remained blinded by the high credit ratings assigned to its proprietary positions, even as other banks started to recognize that such ratings were deceptive. QUESTION 3 a) Your role, specific responsibilities and reporting structures in UBS Bank. (7) In your role as compliance officer you are foremost responsible to provide guidance and recommendations regarding the bank s regulatory responsibilities. In ‟ addition regulators view the compliance officer as an important extension of their monitoring structures. The compliance officer must act proactively and constructively and assist line management in running an efficient and profitable business, without violating statutory, regulatory and supervisory requirements. He needs to gain the support of line management without jeopardizing his independence. According to the Compliance Institute of South Africa (Handbook for Members 2008:23), the primary role of a compliance officer is the effective management of compliance risk, including: -Setting organisation-wide policy and standards for compliance (students should add some comments specific to UBS Bank). - Providing advice on compliance related matters (students should add some comments specific to UBS Bank; for example divisional and group advice). -Compiling or updating of a compliance manual with sufficient references to relevant operational manuals. - Establishing and maintaining a compliance culture, in conjunction with line management, within the company which contributes to the overall objective of prudent risk management of the company. -Establishing and maintaining working relationships with relevant stakeholders. The stakeholders of a bank include the government, regulators, consumers, investors and depositors, financial service providers, management, employees and compliance officers. The compliance officer will ensure, as far as possible, that each role player fully understand their individual roles (mandate). The effectiveness of the interaction between the different role-players will affect the extent to which the importance of compliance is correctly perceived within the Bank. -The role of the compliance officer includes the provision of assistance to minimize the damage to the company s reputation/image. ‟ - Promoting a compliance culture through effective training programmes and compliance awareness campaigns. Everyone in the organisation should be aware of the impact of non-compliance to laws, rules and regulations within the Bank. -Continuously monitor the level of compliance at the Bank, preferably through Compliance Risk Management Plans approved for the different business units. Any compliance breaches will be reported to Group EXCO and the Board as and when occurred. A target may, for example, be set to achieve a zero threshold for compliance breaches. - Reports to the Board, audit committee, line management and regulators - Finally the compliance officer must attend to the recommendations from the Board, audit committee, line management and regulators, as and when identified. b) Your responsibilities in the compliance process and how you interact with the banking supervisor (Registrar of Banks). (8) The Board should be made aware of the importance of an effective compliance function. It is essential to protect the organization from business, regulatory and reputation risks. A strong compliance function will also become a factor of increasing importance, which will define and set the organization apart from its competition. - Organizations should, therefore, have effective compliance risk management programmes (processes) that are appropriately tailored to the organization s risk ‟ profiles. UBS Bank may suffer serious legal or regulatory sanctions, financial loss, or loss to reputation as a result of its failure to comply with all applicable laws, regulations, and codes of conduct and standards of good practice. - The manner in which compliance risk management programmes are implemented and the type of oversight needed for that programme can vary considerably depending on the scope and complexity of the organisation s ‟ activities. The compliance risk management process consists of several phases, namely: 1. Compliance risk identification. -The compliance officer assists management in identifying the regulatory requirements that apply to the bank. The next step involves the analysis of the regulatory requirements that have been identified together with the regulatory universe of the bank. 2. Compliance risk assessment. -However Once the identification and analysis of the regulatory requirements have been compiled, they must be prioritized by rating each regulatory requirement according to their risk. Two variables are used in the assessment, namely: (a) Seriousness: the potential negative impact of non-compliance which is made up of the following three elements. i. Inability to operate: possible withdrawal of regulatory approval or licence to conduct business. ii. Monetary impact: the potential monetary loss as a result of fines imposed by the regulator due to non-compliance. The higher the potential fine, the greater the seriousness iii. Impact on image: the extent that non-compliance will contribute to the negative impact on stakeholders (regulators, investors, depositors, consumers, employees, etc.). The greater the potential negative impact, the greater the seriousness. (b) Probability: the likelihood that non-compliance with a specific regulatory requirement might occur. It is determined by the effectiveness of the controls that were implemented. The assessment will include: i. Newness of the regulatory requirement: likelihood of non-compliance to new legislation is higher. ii. Complexity of the regulatory requirement: more complex, more in-depth interpretation and understanding. iii. Policies/procedures/processes: i.e. existence/effectiveness of procedures. iv. People: effectiveness of staff implementing systems, etc. v. Systems/technology: effectiveness of systems. 3. Compliance risk management -However Once the above mentioned two phases have been finalised, control measures must be designed and implemented to ensure that the regulatory requirements are complied with. The control measures can be categorized as follows: -Policies and procedures  People  Information technology systems The control measures should be recorded in the risk management plan with an implementation date. A typical risk management plan will include; section number and heading; the regulatory requirement; analysis of the regulatory requirement; risk rating; control measures; monitoring plans and; monitoring report. 4. Compliance risk monitoring. Once the control measures have been developed and implemented, these measures must be monitored to determine: -Firstly, whether they are being complied with. - Secondly, whether they are effective. The planned compliance monitoring plan should be recorded in the risk management plan. Part of the monitoring phase is to develop an effective review process to evaluate the implementation of the Compliance Risk Management Plan and secondly to report findings of the review process to the relevant role-players. The level at which the compliance officer monitors compliance differ from situation to situation, but in general it could be overview-based or detailedorientated. In the case of an overview-based approach, the compliance officer will focus on exception reports and the follow-up of detailed non-compliance issues. This approach is acceptable as long as the reports are produced timeously and are accurate and comprehensive enough to cover all the business activities. The choice will be influenced by the maturity stage of the compliance function. On-going/ routine monitoring could include the following activities: -Checklists -Complaints review -Non-compliance reporting/tracking procedure -Dashboard/ Issues log -Walking around/Physical checks Management information systems/exception reports