Key remediation actions UBS presentation Nov 17, 2014

UBS presentation
Key remediation actions
Nov 17, 2014
Group-wide actions
• Integration of Compliance and Operational Risk Control We have integrated Compliance and Operational Risk Control.
The key benefits of the integration will be:
− Achieving a stronger defense mechanism based on preventative measures, thereby reducing the likelihood and impact of a
significant event. This will be achieved through combining skills across Risk, Compliance and Control and realigning
activities appropriately across 1st & 2nd line of defense.
− Becoming forward looking to identify and action potential significant risks and issues early. This will be achieved by
focusing the view of consequential risk management on forward looking risk identification and industrializing the use of
data analysis underpinned by technology.
− Establishing one firm-wide consistent Risk & Control Framework to enable strengthened controls to be efficiently delivered.
This will include the streamlining and enhancing of risk control assessments and operating seamless 'top down' and
'bottom up' risk & control assessment continuum.
− Establishing clear accountability & prioritization, including the definition of clear roles and responsibilities for consequential
risk management to mitigate execution risks.
• Increased Monitoring and Surveillance We continue to enhance overall M&S capabilities to identify and detect improper
business and employee practices. This works is focused across six work streams:
• 1) Strengthening cross border monitoring, 2) Enhanced employee intelligence capabilities which consolidates multiple
data points of individuals, 3) Electronic communications monitoring, 4) Enhanced monitoring of audio communications
relating to benchmark submissions, 5) IB trade surveillance, 6) Unauthorised trading detection in the IB.
• Enhanced whistleblowing process
− We have enhanced the whistleblowing process, re-issued the Whistleblowing Protection policy for Employees, and
increased communications on the program.
− The case management process has been optimized to reduce the time for cases to be reviewed and closed.
• Personal Account Dealing
− The Personal Account Dealing policy has been revised to ensure that consistent, enhanced global standards are put in place
and generally only UBS accounts are allowed for UBS employees to monitor own trading activity
1
Specific Investment Bank actions
• Policy and Conduct:
− We have significantly updated the Fixed Income, Rates and Credit Handbook (Code of Conduct) and published and
circulated the new Handbook to employees. Enhanced and new sections cover communication, behaviour, and market
and client conduct.
− We have completed mandatory conduct training for all IB Sales and Trading staff with over 2,600 staff having attended the
live sessions. The new conduct training now forms part of the induction for all new IB Sales and Trading staff.
− We have banned the use of personal mobile devices on trading floors globally.
− We have been industry leaders in setting new procedures to ensure appropriate usage of chat rooms as a form of
communication, including closure of chat rooms (ca 50%), banning of social chat and implementation of new policy
including room owners, moderators and guidance on usage.
• Systems and Organisation:
⁻ We have consolidated analytical surveillance activities into a single C&ORC Function to enhance our controls and to
integrate into our trade surveillance infrastructure.
⁻ We have increased staffing levels to enhance management oversight.
⁻ We have further strengthened our infrastructure to ensure segregation of duties to avoid any conflicts of interest.
• Process and Control:
− We are continuing to roll out a new Employee Conduct Risk dashboard regionally.
− We have issued guidance on completion of Trade Entry Error reports to ensure errors are reviewed and escalated in a timely
manner.
− We are introducing new procedures to ensure enhanced regular review of key front-to-back controls.
− We have defined, and are in the process of implementing, a new set of metrics to enhance our management information
in relation to our usage of third-party brokers
• In control in business campaign (launched in July 2012)
− Group wide awareness campaign highlighting the importance of risk control and the responsibility of the individual as a risk
manager.
2
Lessons Learned: Improving Control Environment and Culture
Considering the lessons learned from the financial crisis and other internal and external events, UBS has taken
a range of measures to improve the firm's risk management and control processes and drive the right
behaviors to protect the firm's reputation and achieve the strategic goals.
2008 - 2011
2012 -> ongoing
2013 -> ongoing
2014 -> ongoing
• Refresh of the code of business
conduct and ethics
• Introduction of Group Significant
Operational Risk Issues (GSORIs)
• Creation of the Master List of
Significant Issues (MLSI)
• Risk Effectiveness program
• Enhanced remuneration framework
– introduction of deferred
compensation and forfeiture of
compensation
• Enhanced Operational Risk
Framework (ORF2)
• Master List of Significant Issues
Managing Director
ownership and independent
assurance
• Strengthening front-to-back
control accountabilities through the
Chief Operating Officers
• Investment Bank Unauthorized
Trading Accident remediation
including
behavioral program
• Risk embedded in performance and
compensation
• Enhanced Supervision
• In Control In Business
communication campaign
• Performance Management
assessment and promotions
• Enhanced Incidents and
Consequences process
• Independent management testing
of key controls
• Development of an
intelligence capability – enhanced
monitoring
• Libor Lessons learned initiatives on
the 2nd line of defense
• Enhanced investigation framework
• Whistleblowing communication
campaign
• Comprehensive program on
leadership and behaviors
• Market Conduct Enhancement
Program
• Enhancements to the
whistleblowing process
• Integration of Compliance and
Operational Risk Control
• Conduct Risk
• FX Spot Review and associated
controls and governance
remediation
Control Remediation
Increasing Complementary Focus on Behavioral Aspects
Strengthening the culture takes time – programs are in progress
3
Lessons Learned: Improving Control Environment and Culture
Measures and programs
CONTROLS
•
Enhanced Operational Risk Framework (ORF2)




Complementing current Operational Risk assessments with sub divisional Front to Back risk assessments
Key controls continue to be embedded into the Chief Operating Officer dashboards and run the bank operations
Control assessment process embedded within strategic change programme design phase
Positive regulatory assessment received of Enhanced Operational Risk Framework implementation

Independent management testing of key
controls


Introduction of independent management testing of key controls and full testing of relevant population of bank
Complementary to the internal control testing and provides an additional level of assurance

Commenced development of an 'intelligence
capability' – enhanced monitoring

The 'intelligence capability' contains 3 elements:

Development and implementation of a capability to link disparate information from multiple sources at
employee level

Enhancements to electronic communications monitoring and discovery capabilities

Enhancement of alert generation capabilities

Libor Lessons learned initiatives on the 2nd line
of defense


The assessment of current measures in place – ensuring that they are completed and embedded in the firm
Clarification of control expectations for the 2nd line of defense for conduct, regulatory and reputations risks

FX Controls and Governance Review

•

Investment Bank 'Look Across' Review

Group Internal Audit and Operational Risk Control review of the Front to Back control and governance aspects of the FX
spot business including
- FX Business Profile and Organizational set up
- Front Office supervision / Performance Review
- Control Function Processes
In addition the applicability of FX remediation actions against other Investment Bank Business lines is conducted to
determine where control enhancements can be leveraged to mitigate against threats to the wider organisation.
A firm wide risk assessment, the "Look Across Process" was conducted in Q4 2013 to test the hypothesis that markets
and businesses which share some of the same attributes common to LIBOR and FOREX events could also be susceptible
to market misconduct
4
Lessons Learned: Improving Control Environment and Culture
Measures and programs



PROCESS
•
Introduction of Group Significant Operational Risk Issues
(GSORIs)
Creation of the Master List of Significant Issues (MLSI)
Master List of Significant Issues Managing Director
ownership and independent assurance
Strengthening front-to-back control accountabilities through
the Chief Operating Officers





Identification of the key operational risks for the firm and establishment of effective remediation
Clear ownership with individual Group Executive Board members
Common rating scale in place across the firm
Level 4 and 5 issues assigned to MDs and included in Performance Management objectives
Independent assurance of associated remediation by GIA for all risk issues and actions impacting the firm


Revised mandate for Chief Operating Officers to re-emphasize the Front to Back control responsibility
Chief Operating Officers dashboards introduced to provide visibility of the Front to Back control environment

Investment Bank Unauthorized Trading Accident
remediation including behavioral program


Completion of complex and broad remediation program on time
Included a behavioral program led by the Investment Bank Executive Committee

Risk and Behaviors embedded in performance and
compensation

Process to embed control function feedback into the performance assessment and compensation processes

Enhanced Investigations framework

Common approach and governance for level 4 and 5 investigations

Conduct Risk

Develop an approach to identification, assessment and reporting of Conduct Risk across the firm
5
Lessons Learned: Improving Control Environment and Culture
Measures and programs
Refresh of the Code of business conduct and
ethics





Enhanced supervision






Whistleblowing
CULTURE

Communications programs
In control In Business



The Code reflects principles and practices that are binding for all of UBS's employees and Board members to follow
unreservedly
It is available on the intranet in 10 languages
Online training is also available
Implemented training activities to ensure that it is properly understood and correctly applied
Critical initiative to set and embed higher expectations of supervisors across all functions.
Group Executive Board approved the "Principles of Good Supervision" (2H12) and self assessment completed by each
function
Online mandatory training modules introduced for both supervisors and non-supervisors
"In Control In Business" (ICIB) is a Group-wide internal communications campaign designed to help establish a stronger
risk culture across the firm
"In Control In Business" campaign was launched in June 2012
"Principles of Good Supervision" were published and reinforced through "In Control In Business" campaign


Whistleblowing policy has been reviewed to confirm it adequately covers ethical matters
A campaign around whistleblowing procedures was launched by the Chairman and Group CEO to encourage staff to
raise concerns

Comprehensive program on leadership and
behaviors



Program set-up in 1Q13
Tone from the top – engagement and reinforcement actions are being implemented across the firm
Key behaviors defined and rolled out to the firm. All 60000 employees touched.

Performance Management assessment and
promotions




Key behaviors embedded in the Performance Management/comp process
Enhanced Incident and Consequences process
Promotion proposals assessed against behavior / disciplinary actions
Senior leadership using "Master List of Significant Issues" assurance work as a factor in compensation decisions

Compliance and Operational Risk Control
Integration

Move of Compliance to Risk Control and integration with Operational Risk Control to consolidate the second line of
defence for consequential risk
Positioning the Compliance organization as a control function within the firm

6