Macquarie First South Securities

Risk Management and Operations

Fawzia Suliman

October 2014

STRICTLY CONFIDENTIAL

Operations in a Stockbroking business

Are we making enough money

Settlements /
Trade Support

Key man dependencies

Non compliance with JSE regulations

Inaccurate reporting

Labour issues

HR

Finance
Fraudulent transactions

Keeping good people

Non compliance with Companies Act

Non compliance with company

policies & procedures

Client misdeals / errors

BORM

IT

Trading Systems going down

FSB investigations e.g. Money laundering

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 2

Contents
01

Processes & Procedures: Operational Risk Management Framework

02

Risk Culture

12

03

People: Staff retention

16

STRICTLY CONFIDENTIAL

01

Operational Risk Management Framework

STRICTLY CONFIDENTIAL

What is Operational Risk?

Operational Risk arises from execution of day-to-day business functions; it exists in all businesses
It is...

It isnt...

The risk of loss due to a breakdown in a process or procedure...

People: data entry error results in an

incorrect trade captured or incorrect payment
to a client
Systems: network failure results in inability
to execute a trade, or close a deal

Controls: an inadequate control allows

someone to personally profit from a
transaction

Defined risks such as...

MARKET RISK
CREDIT RISK
COMPLIANCE RISK
STRATEGIC RISK
REPUTATIONAL RISK

These risk are typically managed through Policies,

Procedures and Controls

Natural Disaster: rendering an office

building unsafe
However, the risk that one of these procedures or controls
Occupational Health & Safety: an
employee sustains a broken arm after
slipping down a flight of stairs

STRICTLY CONFIDENTIAL MACQUARIE

could fail is an Operational

Risk

PAGE 5

Who is involved in managing operational risk in

Macquarie?
Three lines of defence

LINE 1
Business Groups

LINE 2
RMG Ops Risk

LINE 3
Internal Audit

RMG Ops Risk

Compliance
Market
Data
Credit
Policy
Risk

Business Groups own

the risk
Business heads appoint
dedicated Business
Operational Risk
managers (BORMs)
BORMs manage the risk
using the Operational
Risk management
Framework (ORMF)

STRICTLY CONFIDENTIAL MACQUARIE

RMG
is an independent
centralised team
RMG provides tools and
guidance to ensure risk
management
effectiveness and
consistency across the
Business Groups
RMG Op Risk focuses
on the management of
operational Risk

Internal Audit provides

independent assurance
to the Board Audit
Committee (BAC) that
the ORMF is operating
effectively, including
business implementation
and RMG Op Risk
oversight

PAGE 6

Macquarie Operational Risk Framework

Operational Risk Framework

Risk
identification,
analysis and
acceptance
decision

STRICTLY CONFIDENTIAL MACQUARIE

Execution and
monitoring of risk
management
practices

Reporting and
escalation of risk
information on a
routine and
exception basis

PAGE 7

Key Mandatory Elements of the Framework

New product / business

approval process (NPA)

Operational Risk Policies

Business Operational Risk

Managers (BORMs)

STRICTLY CONFIDENTIAL MACQUARIE

Incident Reporting

Operational Risk self

Assessment (ORSA) and
Control Assurance

PAGE 8

New Product/Business Approvals

A policy to ensure operational risks inherent in a new product or business are identified,
addressed and mitigated before implementation
Highlights
All risks associated with the particular product, business or change are required to be clearly
documented. This will allow all other areas to adapt current internal controls / or new increased
limits
The future management of this risks must be considered and planned by the business
The process is not a one-size fits all process but as a general rule the below groups would likely sign off:
Risk Management Group (RMG)
Finance
Tax Division
Legal
BORM
Group Head
All new products must be approved on the Document Approval System (DAS)

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 9

ORSA & Control Assurance

Working closely with the support function to understand and ensure that appropriate controls are
in place and are effective
Control Assurance
Controls Assurance, which involves the testing of critical controls within the business, is undertaken
on a regular basis
The future management of these risks must be considered and planned by the business
Operational Risk Self Assessment (ORSA)
A six monthly self assessment is designed to help the business increase its understanding of the
operational risk it faces

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 10

Incident Reporting - Identification

There are two main types of incidents that should be reported and escalated:
1.

Operational Risk incidents

An operational risk incident is an event leading to an unexpected outcome due to inadequate or failed
processes, people and systems, or due to external circumstances. Incidents which, at a minimum, must
be reported include:
Operations Risk incidents resulting in an actual or potential gross loss or gain of AUD$10,000 or
more, including incidents averted (i.e. near misses) or those with non financial impacts of similar
severity
Incidents which could have significant negative reputational or internal consequences, or which
represent a material regulatory breach

2.

Regulatory and compliance incidents

Actual, potential or suspected breaches of laws or regulations.; this includes any incident which is likely
to result in a failure to meet client, market, regulator, contractual or management expectations or market
practice standards; or may or will affect Macquaries ability to meet its regulatory obligations
a material exception to internal or Macquarie-wide policies established to prevent or minimise the risks of
such a breach or
A situation that may or will impact Macquaries reputation internally or externally

.
.

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 11

Business Management & BORM

Macquaries first line of defence is its people with management setting expectation of the
standards to be met
1.

Senior Management oversight and Accountability

2.

Business Operational Risk Manager (BORM)

Identify, record and assess operational risk and report issues

Perform or co-ordinate testing of key controls ensuring effectiveness
Escalate and report issues, where appropriate, outside the Group
Identify opportunities for process improvements to address systematic issues

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 12

02
Risk Culture

STRICTLY CONFIDENTIAL

Creating an Effective Risk Culture

Common elements of an effective Risk Culture*

Committed leadership
Horizontal information sharing
Vertical escalation of threats and fears
Continuous and constructive challenging of the organisations actions and preconceptions
Active learning from mistakes
Incentives that reward thinking about the whole organisation
An effective governance structure

Access to Authority

A Chief Risk Officer (CRO) with extensive influence

Communication of risk tolerance to the organisation and external parties

Evidence of management objectives linked to risk management objectives

* Common Elements as identified by the Institute of International Finance (IIF)

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 14

Creating an Effective Risk Culture

COMMITTED LEADERSHIP
Integrity, respect and risk are common themes in all forums
Leaders demonstrate & communicate appropriate behaviours
Open door / no door and open plan offices
BUILDING CAPABILITY

Ensuring staff have the skills to

engage in the right behaviours
Embracing our diversity
Managing expectations with effective
communication
Empowerment - Emotional
intelligence and personal power
Self management and Accountability
Performance Management
guidelines

ORGANISATIONAL GOVERNANCE

Benchmarking against Macquarie

Policies & Procedures
Sharepoint site for MFS policies
BORM function established
Incident escalation & reporting
Manco & Opco forums seen as
opportunities for sharing risk related
matters
Active learning from mistakes
Monthly ROC meetings
ORSA completed bi-annually

INCENTIVES & CONSEQUENCE

MNGT

KPIs
Disciplinary processes
Risk Key Performance indicators
Business led penalty systems

Muffins & coffee for

latecomers

Self payment for nonattendance at training

Office clown award

Constantly working on getting the
balance right

LESSONS LEARNED SESSIONS

Post incident review by Opco forum
Messages cascaded down to teams
Active learning from mistakes
STRICTLY CONFIDENTIAL MACQUARIE

PAGE 15

Creating an Effective Risk Culture

INNOVATIONS FORUM
THINKING OUTSIDE THE BOX

Back Office
Strategy
Day

TEAMS RECEIVE FEEDBACK ON THE QUALITY

OF THEIR PRESENTATIONS
ACTIVE LEARNING

Innovation
Projects

Innovation
Forum

Innovation forum meets once a month

Project teams present Innovative solutions to existing problems
Focus is on improving efficiency, reducing costs and mitigating risks
Teams encouraged to think about problems in the whole organisation
Opco forum approves selected projects
Incentives given to teams once project is successfully implemented
Creating a culture of mutual respect between colleagues

STRICTLY CONFIDENTIAL MACQUARIE

THE ENTIRE BACK OFFICE IS ENCOURAGED

TO CHALLENGE THE CURRENT PROCESSES IN
PLACE & GET REWARDED FOR DOING THIS
SUCCESSFULLY!!
CHALLENGE THE CURRENT STATUS QUO

FEEDBACK IS GIVEN AS TO WHY A PROPOSAL

WAS UNSUCCESFUL
ACTIVE LEARNING
NON-CONTRIBUTING MEMBERS ARE
CHALLENGED BY THEIR TEAMS AND CAN BE
EXCLUDED FROM SHARING IN THE INCENTIVE
AWARD
ACCOUNTABILITY

TEAMS COMPRISE STAFF FROM DIFFERENT

DEPARTMENTS
ENCOURAGE HORIZONTAL INFORMATION
SHARING

PAGE 16

03
Staff Retention

STRICTLY CONFIDENTIAL

Developing our Retention strategy

Strategy to be a Discerning employer: Creating a leadership culture
focused on people achieving their potential through Opportunity, Empowerment and Accountability

Opportunity
Recruitment from within,
promotions & career growth
opportunities.
- Sales Traders and Sales given

Account Management, as well as

Domestic and Global Sales
Responsibilities (including US
sales)
- EAs promoted to BORM &
Corporate Access
- Guest Relations staff promoted
to Accounts Payable

Options for personal and

professional development
Exposure to other parts of the
business
Being observed, coached and
mentored

Empowerment
Access to global Macquarie
leadership programs
Access to local leadership
programs for senior and midtier management
Access to further studies
Engagement for ideas/
thoughts/ views before
decisions and changes are
communicated
Ability to innovate
improvements and bring them
to reality within the business
Assisting in the development of
others
Confirmation what they do
makes a difference

Accountability
KPIs
Development expectations/
timelines
Ongoing/ immediate feedback
Information on business
performance
Clarity of strategy and sharing
Not tolerating low performers/
breaches
Positive feedback and
attribution to positive internal/
external results
Ownership of projects and
involvement in task forces

There is nothing more unequal than the equal treatment of unequal people Thomas Jefferson
STRICTLY CONFIDENTIAL MACQUARIE

PAGE 18

Questions...

STRICTLY CONFIDENTIAL MACQUARIE

PAGE 19