Innovation in Operational Risk Management

The 2017 Alexander Hamilton Awards in Operational Risk Management & Insurance recognize three initiatives that raised the bar in creative thinking—and reaped the benefits.

The word “creative” can sometimes have negative connotations in corporate finance and risk management functions. In many of those departments’ areas of responsibility, following the rules is mandatory. Looking for “creative” solutions may be seen to entail skirting those rules.

That said, companies must innovate to stay competitive in the age of globalization and the Internet. Standing still is not an option. That may seem obvious in sales, marketing, and customer service, but it's equally true for internal-facing groups such as finance and risk management. To optimally support the business, finance and risk teams need to think outside the box as a matter of routine. That’s a best practice exemplified by this year's winners of the Alexander Hamilton Awards in Operational Risk Management & Insurance.

For Microsoft, creativity in treasury is a treasured tradition—and one that proved valuable when the company needed to find a new way of reconciling its internal books with the data in its European Market Infrastructure Regulation (EMIR) trade repository. No purpose-built solution was available on the market, so initially senior treasury manager Eric Barka began performing reconciliations manually using spreadsheets. The process was extremely time-consuming, so Barka began looking for a better way.

He had the idea of using a collateral management system to automate the trade repository reconciliations. However, the cost of that software made the option unappealing. As an alternative, he suggested that Microsoft’s collateral agent, Northern Trust, perform the reconciliations for Microsoft. Neither Northern Trust nor its collateral management software vendor, TriOptima, had heard of a corporate outsourcing its trade reconciliations in this way. But Barka persisted.

“Getting all the data loaded correctly from our 20-plus counterparties took a long time, but it’s been worth the effort,” he says. “I have a very clear picture now of the matching, [and] our match rate is very close to 100 percent.”

eBay took a similar approach to a different challenge. The company’s head of captive development and alternative risk financing saw a business opportunity for eBay, and she stepped up to the plate. eBay already offered a money-back guarantee for the rare buyer who receives a product different from the seller’s online description (or doesn’t receive the product at all). But eBay had no extended protection plan for the products sold on its site.

Renee Ziegenfus launched an initiative to change that. She worked with eBay's captive insurer as well as external underwriters to develop a program that could enhance customers’ buying experience. It’s been a complete success. “We launched the first extended protection plan two years ago, and the financial performance of the program is more than validating it,” Ziegenfus says. “Following the success in the U.S., we are expanding the global reach of the program, having recently launched in Australia, where eBay is one of the online market leaders.”

Payroll and HR outsourcer Paychex was motivated to launch its Alexander Hamilton Award-winning project by concerns about the risk of fraud across the more than $700 billion in client funds that it moves each year. It wanted to avoid taking a siloed approach to risk management, although that was how some of its competitors dealt with fraud risk. "We wanted to leverage the expertise of all the groups that fall under the credit risk organizational structure, as well as the systems, external solutions, scorecards, etc.,” explains Todd Wachob, senior risk manager. “The idea was that we would create a risk profile of each customer at on-boarding, and then we'd continuously monitor that risk profile throughout the duration of the customer's relationship with Paychex.”

The company formed an Authentication and Financial Crime Prevention group, which it placed under the credit risk management function. “Most organizations that are similar to Paychex are not approaching fraud in the same way we are,” Wachob says. “I think our unconventional approach is why we've gotten such a good result.”

To learn more about all three of these unconventional projects, read on.


 2017 Alexander Hamilton Bronze Award in Operational Risk Management & Insurance: Microsoft




Streamlined Reconciliations for EMIR Derivatives Reporting

Microsoft faces diverse financial risks around the world, and it uses derivatives to hedge those risks. Thus, when the European Market Infrastructure Regulation (EMIR) took effect in 2013, compliance was mandatory for both of the company’s legal entities that are based in the European Union. Both entities qualify as non-financial counterparties, which means they aren’t subject to clearing requirements, but they do have to report all their derivatives trades to the EU’s global trade repository.

As EMIR approached, Microsoft had the option of self-reporting its position in each of its trades. Instead, it chose to sign delegation agreements so that its counterparty in each transaction would report both sides of the trade. The idea was that delegated reporting would streamline Microsoft’s EMIR compliance, but it also created challenges.

“It’s fine and dandy that we’ve delegated reporting to our trading counterparty, but ultimately Microsoft is responsible for making sure information about the trade is actually provided to the global trade repository by the day after the trade, or ‘T+1,’” says Eric Barka, senior treasury manager on the investment operations team at Microsoft. “As soon as EMIR took effect, it became very important for us to reconcile our internal book against what we could see in the trade repository.”

Several factors compounded the complexity of these reconciliations. One was the vast volume of data involved; EMIR requires more than 100 fields to be reported for each trade. Another factor was the structure that the reconciliations had to follow.

“We had to perform a reconciliation for every single asset class,” Barka says. “We’re talking credit, interest rates, FX, commodities, etc. Instead of doing one reconciliation, we had to do six of them across each of our two legal entities. In addition, those two entities are also subject to annual audits by the Irish regulator, which involve a comparison of our internal book with the trade repository. We have to make sure our trade counts are there, between the different asset classes, and we have to adjust the notionals into a euro notional.”

"As soon as EMIR took effect, it became very important for us to reconcile our internal book against what we could see in the trade repository." --Eric Barka, Senior Treasury Manager, Investment Operations, MicrosoftThere wasn’t a widely available solution for performing these types of trade repository reconciliations, so despite the complexity, Barka started managing reconciliations in spreadsheets. “Pulling the data from multiple data sources was not efficient, but I did the best I could with the tools at hand,” he explains. Barka would perform this very manual reconciliation once a week, at minimum, and it took many hours each time. He began looking for solutions that could automate the process. He heard through the grapevine that Microsoft’s collateral agent, Northern Trust, was running a solution called triResolve from TriOptima. In addition to collateral management and other services, triResolve can perform automated trade repository reconciliations.

Barka inquired about purchasing triResolve for Microsoft’s use, but the software was prohibitively expensive. As an alternative, he asked Northern Trust whether it could use triResolve to perform reconciliations on Microsoft’s behalf. He also spoke directly with TriOptima about this possibility. Neither the bank nor the software vendor had ever seen a corporate entity outsource its trade reconciliations to a financial institution, but after some persuading by Barka, they agreed to pilot just such an arrangement.

“It took a while to get the pilot up and running,” Barka reports, “but eventually the Northern Trust Collateral Management team was able to extract a snapshot from the global trade repository for each of our legal entities in the EU. They then uploaded our internal book, and triResolve did the reconciliations. We got a nice report with a dashboard that showed all our counterparties and the proportion of trades for which the internal book matched the trade repository.”

Microsoft, Northern Trust, and TriOptima all agreed that the pilot was a success, so Microsoft began outsourcing its trade reconciliations to the collateral agent. The vast majority of the company’s derivatives trades in Europe are hedges of FX risk, for which Northern Trust is not the custodian. However, because Microsoft has to calculate daily exposures for collateral management under its various ISDA (International Swaps and Derivatives Association) agreements, it’s not much additional work for the company to send Northern Trust a trade file every day.

“The file includes around 1,500 positions, mostly FX options,” Barka reports. “Northern Trust loads that file into their collateral management engine, and they add in all the OTC [over-the-counter] derivatives they book that are traded internally among different Microsoft entities.”

Northern Trust sends this information to triResolve, as well as data from the global trade repository. Microsoft gets a reconciliation report twice a week that lists all the company’s counterparties for each type of derivative, then shows the trade count and the match rate between Microsoft’s files and the trade repository’s records. This high-level information appears in a dashboard. Below the dashboard, the report lists each trade for which all the key fields match. Below that, it shows trades that matched with some differences in key fields, and at the bottom it lists the unmatched trades.

If there are any unmatched trades, Barka works to determine the cause and then resolve the problem. Previously, he had little time for anything other than the reconciliation process. Now it takes him an hour or two per week.

“I have a very clear picture now of the matching, but it took a long time to get here,” Barka says. “In particular, we had to work hard to whip our back-loaded trades into shape. There were issues with mapping, with getting our data from our external managers to flow in properly. We also had to pressure some of our counterparties to back-load their trades by saying that if they didn’t do that to help us satisfy our EMIR reporting requirements, we wouldn’t trade with them anymore.

Best practice: Be patient.“Getting all the data loaded correctly from our 20-plus counterparties took a long time, but it’s been worth the effort,” he adds. “When we first started reconciliations, the match rate was between 30 and 40 percent. Two years later, through back-loading of trades and fixing the mapping, the delegated reporting shows our match rate is very close to 100 percent, across the board.”

In addition to improving the efficiency of reconciliations, outsourcing the process to Northern Trust has improved Microsoft’s confidence that all its derivatives trades are being reported in compliance with EMIR. George Zinn, Microsoft’s treasurer and corporate vice president, says, “This reconciliation process has provided good insight to our overall match rates as well as insight into how our counterparties are doing with the delegated reporting.”


 2017 Alexander Hamilton Silver Award in Operational Risk Management & Insurance: Paychex




A Holistic Approach to Fraud Prevention

Every company faces challenges in keeping its information and financials secure, but fraud-prevention activities are especially top-of-mind at payroll and HR outsourcing firm Paychex. The company moves over $700 billion in client funds annually. “We draw money out of a client’s account and then pay its employees via direct deposit,” says Todd Wachob, senior risk manager over credit and fraud. “We also remit payroll taxes to the various tax agencies across the country. The amount we’re drawing from customer accounts is soft credit exposure.”

Due to the nature of the business, payroll companies encounter a wide array of fraud schemes. Fraudsters use a variety of tactics to access confidential information and initiate fraudulent transactions. As Paychex grew, the fraud attempts it faced became more numerous. In response, management formed an Authentication and Financial Crime Prevention (AFCP) team, which they placed within the credit risk management function.

“We wanted to leverage the expertise of all the groups that fall under the credit risk organizational structure, as well as the systems, external solutions, scorecards, etc.,” Wachob says. “The idea was that we would create a risk profile of each customer at on-boarding, and then we’d continuously monitor that risk profile throughout the duration of the customer’s relationship with Paychex.”

Wachob believes that credit risk management is a logical fit for the fraud function. “The credit folks are looking at credit line establishment, exposure allowances, and whether a client qualifies for a certain service,” he says. “The fraud team is looking at client transactions with a suspicious eye, to make sure they aren’t fraudulent. But at the end of the day, both teams are vetting customers; they’re just doing it in different ways.”

The Paychex AFCP team was designed to serve as the company’s single point of contact for all fraud-related issues. They work with internal employees and banking partners to prevent losses. They serve as the company’s interface to clients on all issues related to payroll fraud and information security. The AFCP team also provides investigative support to law enforcement anytime a Paychex client experiences a fraud attempt.

Best practice: Extend risk management responsibilities across the company.Once the team was established, their first order of business was to fully integrate fraud detection and prevention into the company’s overall credit risk management processes. They worked with corporate risk managers and IT to develop an automated process that monitors all customer transactions and escalates the most risky for manual review. The resulting system uses a combination of third-party and internal client historical data for information that may raise concerns about specific customers. It also models client behaviors to identify transactions that fall outside the norm.

“Anything unusual is kicked out for manual review,” Wachob says. “A recent change to the client’s credit history might trigger an alert. A particular transaction might be unusually high for that client, or might not match the client’s usual payments in some other way. Whatever the cause, a trigger will drive a transaction into manual review by either the credit risk management organization or a fraud group that is doing KYC [know your customer] or AML [anti-money laundering] work.”

This system significantly improved fraud prevention, but the AFCP team didn’t rest on its laurels. “We’ve always believed that if we’re going to be successful managing this exposure, we need to build a risk-minded corporate culture,” Wachob says. “We need all Paychex employees—whether they’re in risk management, sales, customer service, or treasury—to understand their role in risk management.”

The AFCP team began offering fraud-prevention training to Paychex employees, and began developing a network of field agents—one in every Paychex office across the company—who would serve as the risk management point person for their location. Local managers recommended individuals for these positions; most worked in a client-facing role such as customer service.

“The field agents are responsible for making sure that everyone in their office is familiar with our corporate risk procedures, and that they understand the red flags that identify transactions which need to be brought to the attention of the risk management organization,” Wachob explains. “We also provide these field agents with information on emerging fraud trends.” The field agent program is working well, Wachob reports: “About 25 percent of fraudulent transactions are caught by people in the field before they’re captured by our automated fraud-prevention solution.”

The AFCP team simultaneously encouraged salespeople to support corporate fraud prevention. “We asked them to bring to our attention anything that makes them uncomfortable,” Wachob says. “We don’t want salespeople spending the bulk of their time managing risk, but they need to let us know if they notice a red flag so that we can help them vet clients that might be problematic. That supports corporate fraud prevention, and it saves the salespeople from spending time on a deal that may ultimately lead to a chargeback.”

Finally, the AFCP group initiated a series of partnerships with external organizations. Paychex hired several former law enforcement personnel to help build out a network of contacts within the law enforcement community, as well as developing institutional knowledge about law enforcement practices. “If one of our clients is affected by a fraud event, we want to make sure they have access to a law enforcement contact who will work closely with them,” Wachob says. “I think the fact that we have been a good partner to law enforcement has helped when we’ve asked them to pursue cases.”

Paychex has also built relationships with a number of financial institutions, to help ensure that accounts are locked down and assets are frozen as soon as possible whenever a fraud question arises.

This structured, yet broad, approach to fraud prevention has worked well. Since the launch of the AFCP group, the company’s overall credit losses have remained fairly steady, but the proportion of those losses that are attributable to fraud has fallen by almost half—while the number of fraud attempts has nearly doubled.

Best practice: Think outside the box.Wachob attributes the project’s success to the AFCP team’s willingness to think outside the box. “Don’t be afraid to be somewhat unconventional in your thinking,” he advises. “Most organizations that are similar to Paychex are not approaching fraud in the same way we are. I think our unconventional approach is why we’ve gotten such a good result.”

Paychex continues to innovate in fraud prevention. The company is continuously evaluating cutting-edge technologies that are not normally associated with the payroll industry. One example is biometric solutions such as voice-recognition technologies. “That may not be something we need today, but we always look out five years,” Wachob concludes. “What seems like science fiction now may be widespread in the near future. We’re always looking forward, because if a threat emerges, we want to be able to respond right away.”


2017 Alexander Hamilton Gold Award in Operational Risk Management & Insurance: eBay





Protection Plans Demonstrate the Value Treasury Can Add

Online shopping is easy and efficient—but, for some, it's also intimidating. Using an Internet marketplace such as eBay, consumers have at their fingertips access to items they would have to search high and low for in the brick-and-mortar world. However, when they buy those items, they do so sight unseen. Making a purchase requires the consumer to trust not only that the seller will deliver the product as described online, but also that the product quality will meet expectations.

To build trust in the first of those areas, eBay has long offered its eBay Money Back Guarantee. “It basically provides assurance that a buyer will receive the product as explained in the product description,” says Renee Ziegenfus, head of captive development and alternative risk financing for eBay. “If a seller offers an iPhone 6 and says that it’s been refurbished and is in working condition, then what arrives needs to meet that description. If it doesn’t, eBay will intervene. And if the buyer and seller can’t come to some agreement, eBay will make sure the buyer is made whole.”

Several years ago, the company saw the opportunity to further foster trust between buyers and sellers by offering customers an extended protection plan. “Suppose someone buys a used TV on eBay,” Ziegenfus says. “Our eBay Money Back Guarantee assures them that the TV they receive will be the one they bought. But if the TV stops working after a couple months, the eBay Money Back Guarantee doesn’t cover that.”

Ziegenfus and her colleagues knew that eBay wouldn’t be able to verify the lasting condition of the more than 1 billion items in inventory on its marketplace. “We don’t know whether that used TV will continue to work for two more years,” she says. “But we know from a risk perspective that the vast majority of transactions on eBay are solid. We felt we had the information to develop an extended protection plan that, for a small fraction more than the purchase price, would provide the buyer recourse if the TV stops working.”

The company decided to launch the program in the motor vehicle space, but offering extended protection for auto purchases was problematic. “A majority of the vehicles sold on eBay are sold directly by dealers, who often offer a service contract,” Ziegenfus explains. “As one of the leading online retailers of auto parts and accessories, our eBay Motors team really wanted to solve for this market. However, no extended protection plan existed in the market for motor vehicle parts and accessories. Electronics were covered. Appliances were covered. But motor parts and accessories were not.”

Ziegenfus began discussing the possibility with prospective underwriters, including companies that eBay already worked with and other key players in the market. “Sometimes it was cold-calling,” she says. “Other times, I received a warm introduction. Either way, this product didn’t exist in the market, so it was going to require ingenuity and some creative underwriting. It was a program that didn’t have a playbook. But as we got input from more and more prospective partners, we began to understand what kind of product might make sense.”

Best practice: Be persistent.Prospective underwriters were understandably concerned about insuring the longevity of products from sellers they didn’t know. eBay’s Money Back Guarantee provided some insight into the quality of the products sold on its marketplace. “It showed us that the risk of transactions going sideways is very, very low,” Ziegenfus says.

To further ease underwriters’ concerns, eBay’s captive insurer agreed to take on half the risk. The captive mostly insures the company’s internal risks, so it didn’t have the staffing or underwriting expertise it would have needed to bring the entire extended protection program in-house. But the treasury team developed a structure by which premiums and risk are mutually shared through a reinsurance agreement.

“It made sense to leverage the broad expertise of a major underwriter of these types of programs,” Ziegenfus says, “but we’re demonstrating our commitment to the protection plans by sharing in the risk. In finding a partner, it really helped that our captive has just as much skin in the game as we would be asking from our underwriter.”

eBay wanted to partner with a company that had a breadth of both expertise and geographic reach. “It took our prospective partners a while to get comfortable with the risk, but eBay does an enormous amount of business, and some underwriters found this an enticing opportunity,” Ziegenfus explains. “At first, our prospective partners weren’t ready to cover as much of our inventory as we needed them to cover. We continued discussing it until we eventually got them there.”

The program launched with auto parts and accessories, then extended to jewelry and watches several months later, and subsequently added home and garden products. The extended protection plan is offered on new, used, and refurbished goods. It isn’t available on items being sold for salvage, nor for consumable goods such as windshield wipers. Brand-new sellers are also excluded. To qualify, a seller must exceed a minimum feedback score and a minimum number of responses. Still, about one-third of all products for sale on eBay in the United States can be covered by extended protection plans. When a product breaks and the buyer, working with the eBay team, determines it cannot be repaired, the buyer will receive an eBay gift card allowing him or her to purchase a replacement product immediately.

Now, when a buyer makes a qualified purchase, he or she receives an offer of protection plans with a range of durations. The available durations depend on the type of products they’re covering. Ziegenfus and her colleagues looked at what types of protection plans eBay’s competitors—both online and brick-and-mortar—were offering. The actuarial analysis was challenging, especially on the product classes that had no history of extended warranties.

“Actuaries tend to be very conservative,” Ziegenfus notes, “and eBay buyers tend to be very price-sensitive. Some of our initial proposals priced the plans too high to make economic sense for our buyers, so we had to look at what else we could do. One approach we took was to shorten durations so that the prices made more sense. For example, some brick-and-mortar jewelry stores offer a lifetime warranty. We couldn’t do that, but we extended it as long as we could, which was three years for jewelry and watches.”

Ziegenfus would like to further extend the length of some of the extended protection plans, but she’s pleased with the reach of the program. “We have a pretty low threshold for transactions to qualify,” she says. “We’ve tried to cast as wide a net as possible to cover as much of our inventory as we can.” She’s also pleased with the results.

Best practice: Work closely with the business to find appropriate solutions.“We launched the first extended protection plan two years ago, and the financial performance of the program is more than validating it,” Ziegenfus says. “We priced the plans expecting a certain loss ratio, and what we’re actually seeing is a fraction of that. Following the initial success in the U.S., we are expanding the global reach of the program, having recently launched in Australia, where eBay is one of the online market leaders.”

Ziegenfus sees the treasury team as the perfect organization to bridge the gap between eBay’s business units and the protection plans’ underwriters. “This project showcases the relationship between eBay treasury and the business,” she says. “We are jointly working with our underwriter to manage fraud, mitigate risk, and identify transactions that don’t smell right. We understand what our partner is feeling in terms of losses because the treasury team—through our captive—shares in that. And we’re focused on making sure the whole experience, from purchase to claims, is the best customer experience possible.

“We know that eBay is a safe ecosystem,” she concludes. “This program gives us the ability to extend that comfort level to our customers.”


Page 1 of 7

Advertisement. Closing in 15 seconds.