UNIT 1: PRINCIPLES OF RISK MANAGEMENT

Risk:

Risk is defined as the possible harm associated with a situation – the product of impact and probability.
Risk Management:

• Practice of using processes, methods and tools for quantifying and managing these risks and
uncertainties.
• Risk management focuses on identifying what could go wrong, evaluating which risks should be
dealt with and implementing strategies to address those risks

Risk V/S Uncertainty:

Variability that can be quantified in terms of probabilities is best thought of as risk; but variability that
cannot be quantified at all is best thought of simply as ‘uncertainty’

Risk Management Framework:

External Sources of Risk:

I. Economic Risk
II. Political Risk
III. Technological Risk
IV. Risk from the Competitive Environment, Social and Market Forces
V. Shocks and Natural Events
VI. Risks from Stakeholders and Third Parties
VII. Environmental, Social, and Governance (ESG) Risks

COSO Framework:

• The Committee of Sponsoring Organizations of the Treadway Commission.

• Argues that ESG issues are central to a company’s risk decision making and need to be integrated
into an enterprise-wide risk management system.
• The guidance includes methods to overcome ESG-related risk challenges, including identifying and
assessing the severity of risks with uncertain financial consequences

Assessing External Sources of Risk:

 I. PESTLE Analysis
II. Business Continuity Planning
III. Business Process Analysis

Internal Drivers of Risk:

• Strategic Risk
o The current or prospective risk to earnings and capital arising from changes in the
business environment and from adverse business decisions, improper implementation of
decisions or lack of responsiveness to changes in the business environment.
• Operational Risk
o The risk of loss resulting from inadequate or failed internal processes, people, and
systems or from external events.
• Financial Risk
o Credit Risk: Failure of a counterparty or issuer to meet its obligation
o Market Risk: Loss arising from changes in the value of financial instruments
o Liquidity Risk: Risk that a firm has insufficient cash to meet its cash obligations

Assessing Internal Drivers of Risk:

• Risk Assessment Workshops

• Discussion with External Auditors
• Stress Testing
• Scenario Analysis

Risk Culture:

• System of values and behaviors present throughout an organization that shape risk decisions.
• Influences the decisions of management and employees, even if they are not consciously weighing
risks and benefits

Conduct Risk:

The risk that the firm’s behavior will result in poor outcomes for customers.

Risk Appetite:

Risk appetite (or risk tolerance) is the type and amount of risk that a firm is willing to accept in the pursuit
of its business objectives.

Inherent (Gross) Risk:

Inherent risk, also called gross risk, is an assessment of risk without considering the beneficial effects of
mitigating controls.

Residual (Net) Risk:

Residual risk, also referred to as net risk, is the firm’s exposure after having taken mitigating controls into
account.

Risk Profile:
 • A firm’s risk profile is made up of the type and intensity of the risks to which it is exposed.
• It consists of
o the nature of the threats faced by an organisation,
o the likelihood of adverse effects occurring,
o the level of disruption and costs associated with each type of risk.

Risk Mitigation:

• It refers to the efforts made to reduce either the impact or the likelihood of the risk.
• Techniques of Risk Mitigation:
o ensuring that appropriate insurance policies are in place
o upgrading processes and IT systems to control an operational risk better
o hedging against a market risk
o holding collateral against a credit risk

Specific Risk in Financial Services:

• Operational Risk: Failed internal processes, people and systems or from external events.
• Credit Risk: Failure of a counterparty or issuer to meet its obligations.
• Market and Asset Liquidity Risk: Changes in the value or demand of financial instruments.
• Funding Liquidity Risk: Risk that a firm cannot obtain the necessary funds
• Interest Rate Risk: Exposure of a firm’s financial condition to adverse movements in interest rates.

UNIT 2: INTERNATIONAL RISK REGULATIONS

Bank for International Settlements:

• Established in 1930 with Headquarters in Basel, Switzerland

• An organization which serves as a bank for central banks and fosters international monetary and
financial cooperation.
• Its customers are central banks and international organizations.
• It does not accept deposits from or provide financial services to individuals or corporate entities.

Bank Run:

• A situation where mass panic-driven demand to withdraw cash deposits cannot possibly be
satisfied immediately.
• A run on a single bank can cause serious instability elsewhere in the financial system if depositors
lose faith in banks in general, even healthy ones, and begin trying to withdraw their deposits from
across the industry
• The spread of this fear is called ‘contagion.’ It leads to a phenomenon known as ‘systemic risk’,
which, if left unchecked, can bring down the entire banking industry
Economic v/s Regulatory Capital:

• Economic capital is a bank’s best estimate of the capital it needs to manage its own risk profile.
• Regulatory capital is a mandatory level of capital which a regulator requires a bank to hold
Basel Committee on Banking Supervision (BCBS):

• The BCBS is the primary global standard-setter for the prudential regulation of banks and provides
a forum for cooperation on banking supervisory matters.
• Its mandate is to strengthen the regulation, supervision and practices of banks worldwide with
the purpose of enhancing financial stability.
• The Basel Accord by BCBS stipulates the minimum capital ratios that should be maintained by
banks in member countries. The minimum set of risks for which capital ratios are to be maintained
are credit, market, and operational risks.
• The Committee seeks to achieve its aims by:
o setting minimum standards for the regulation and supervision of banks
o by sharing supervisory issues, approaches and techniques to promote common
understanding and to improve cross-border cooperation
o by exchanging information on developments in the banking sector and financial markets
to help identify current or emerging risks for the global financial system.

Preconditions for Effective Implementation of Framework:

I. Sound and sustainable macroeconomic policies.

II. A well-established framework for financial stability policy formulation.
III. A well-developed public infrastructure.
IV. A clear framework for financial crisis management, recovery and resolution.
V. Mechanisms for providing an appropriate level of systemic protection or public safety net.
VI. Effective market discipline.

Core Principles for Effective Banking Supervision:

Supervisory Powers, Responsibilities and Functions:

I. Principle 1 – Responsibilities, objectives, and powers
II. Principle 2 – Independence, accountability, resourcing, and legal protection for supervisors
III. Principle 3 – Cooperation and collaboration
IV. Principle 4 – Permissible activities
V. Principle 5 – Licensing criteria
VI. Principle 6 – Transfer of significant ownership
VII. Principle 7 – Major acquisitions
VIII. Principle 8 – Supervisory approach
IX. Principle 9 – Supervisory techniques and tools
X. Principle 10 – Supervisory reporting
XI. Principle 11 – Corrective and sanctioning powers of supervisors
XII. Principle 12 – Consolidated supervision
XIII. Principle 13 – Home-host relationships
RICPLTMSSSCCH
Prudential Regulations and Requirements:
XIV. Principle 14 – Corporate governance
XV. Principle 15 – Risk management process
XVI. Principle 16 – Capital adequacy
 XVII. Principle 17 – Credit risk
XVIII. Principle 18 – Problem assets, provisions, and reserves
XIX. Principle 19 – Concentration risk and large exposure limits
XX. Principle 20 – Transactions with related parties
XXI. Principle 21 – Country and transfer risks
XXII. Principle 22 – Market risks
XXIII. Principle 23 – Interest rate risk in the banking book
XXIV. Principle 24 – Liquidity risk
XXV. Principle 25 – Operational risk
XXVI. Principle 26 – Internal control and audit
XXVII. Principle 27– Financial reporting and external audit
XXVIII. Principle 28 – Disclosure and transparency
XXIX. Principle 29 – Abuse of financial services
CRCCPCTCMILOIFDA

Pillars of Capital Adequacy:

• Pillar 1: Minimum Regulatory Capital Requirements

The rules in the Basel Capital Accord that define the minimum levels of regulatory capital
to risk weighted assets
• Pillar 2: Supervisory Review Process
The supervisory review pillar of the Basel Capital Accord, which requires supervisors to
undertake a qualitative review of a bank’s capital allocation techniques and compliance
with relevant standards
• Pillar 3: Market Discipline
The disclosure requirements of the Basel Capital Accord, which facilitate market
discipline.

The Internal Capital Adequacy Assessment Process (ICAAP):

It is a formalized process for meeting the Basel Pillar 2 requirements and requires a firm to:

• assess its risks and their mitigants

• subject the results to rigorous stress testing
• determine an appropriate level of capital for those risks.
Key Elements of ICAAP Framework:

• The Firm’s Risk Exposure

o Credit, Market and Operational Risks
o Liquidity Risk
o Insurance Risk
o Concentration Risk
o Residual Risk
o Securitization Risk
o Business (Strategic) Risk
o Interest Rate Risk
 o Pension Obligation Risk
• The Firm’s View on the Adequacy of its Risk Management Processes
• The Firm’s Financial and Capital Plans
• Stress and Scenario Test Applied by the Firm to its Risk and Financial Plan
• The Firm’s Capital Adequacy
• The Use Test (Extent to which ICAAP is embedded in the firm)
• Setting the Regulatory Capital Level

Home and Host Regulation:

• It focuses on potential issues with international banks’ solvency, liquidity, and foreign exchange
positions, and requires the ‘home or parent regulators to communicate closely with the host
regulators in countries where the bank has branches, subsidiaries or joint ventures
• This principle does not imply any lessening of host authorities’ responsibilities for supervising
foreign bank establishments that operate in their territories, but it is recognised that the full
implementation of the home/host principle may lead to some extension of parent responsibility.
The Concordat on Cross-Border Banking Supervision Principles:

I. All international banks should be supervised by a home country authority that capably performs
consolidated supervision
II. The creation of a cross-border banking establishment should receive the prior consent of both the
host country and the home country authority.
III. Home country authorities should possess the right to gather information from their cross-border
banking establishments.
IV. If the host country authority determines that any of these three standards is not being met, it
could impose restrictive measures or prohibit the establishment of banking offices.

PRINCIPLE BASED REGULATIONS

Statutory Approach vs Principle Based Approach:

• One approach is based on specific legal rules which must be obeyed. This is known as the
‘statutory approach.’
• The other approach is to set out in more general terms the types of behaviors that are expected
of firms and individuals. This is known as the ‘principles-based approach.’

Consumer Protection:

Behaviours and arrangements that indirectly affect customer outcomes

I. Conduct its business with integrity.
II. Conduct its business with due skill, care and diligence.
III. Take reasonable care to organise and control its affairs responsibly and effectively, with adequate
risk management systems.
IV. Maintain adequate financial resources.
V. Observe proper standards of market conduct.
 Behaviours and arrangements that directly affect customer outcomes
VI. Pay due regard to the interests of its customers and treat them fairly.
VII. Pay due regard to the information needs of its clients, and communicate information to them in
a way which is clear, fair and not misleading.
VIII. Manage conflicts of interest fairly, both between itself and its customers and between a customer
and another client.
IX. Take reasonable care to ensure the suitability of its advice and discretionary decisions for any
customer who is entitled to rely upon its judgment.
X. Arrange adequate protection for clients’ assets when it is responsible for them.

The last one covers the relationship between a firm and its regulator(s):
XI. Deal with its regulators in an open cooperative way, and must disclose to the appropriate
regulator anything relating to the firm of which that regulator would reasonably expect notice.

Business Standards:

• guidelines on communicating with clients

• client asset guidance, including requirements for segregation of client money into separate
accounts from those used for the company’s own funds
• market conduct, setting out guidance for the wholesale and professional markets
• training and competence requirements for staff in financial services.

Regulatory Standards:

• requirements on the provision of information that firms need to supply to the regulator
• rights of access that a regulator has to each firm that it regulates
• the frequency of regulatory reviews and risk assessment visits.
• levying fines for misconduct
• forcing firms to compensate customers
• requiring firms to appoint a third-party expert at their own expense to investigate issues
• removing a firm’s licence to operate.

UNIT 3: OPERATIONAL RISK

Operational Risk:

• The risk of loss resulting from inadequate or failed internal processes, people and systems or from
external events.
• It covers legal risks but excludes reputational risks.
Crucial Elements of Effective Operational Risk Management Framework:

• Clear risk oversight by the board and senior management

• A strong operational risk culture
 • A strong internal control culture, including:
o Clear lines of responsibility
o Segregation of duties
• Effective internal reporting
• Contingency planning

Operational Risk Category:

Financial Crime:

Rules and Regulations:

• Prohibit certain undesirable practitioner behavior:

o Insider Information
o Market Manipulation
• Oblige financial services firm to monitor financial transactions:
o Money Laundering
 o Terrorist Financing
Insider Information Market Abuse:

• Insider Dealing
• Improper Disclosure
• Improper Dissemination

Money Laundering:

• The process of turning ‘dirty’ money (money derived from criminal activities) into money which
appears to be from legitimate origins.
• Steps involved in Money Laundering:
o Placement: Introduction of dirty money into the financial system
o Layering: Moving the placed money around the system
o Integration: The ultimate beneficiary appears to be holding legitimate funds

Terrorist Financing:

• Activities that provide financial support to terrorists or terrorist groups.

• A person generally commits an offence if he enters, or is linked with, an arrangement that
facilitates the retention or control of terrorist funds.

Set of Risk Management Responses by Firms:

• Educating staff on the risks to society, firm, and individual.

• Putting systems and controls in place to mitigate the risk of occurrence.
• Monitoring staff compliance with the internal rules and the external legal and regulatory
stipulations.
• Escalating behavioral exceptions to a specific individual or committee for investigation
• Penalizing contravention with the rules and if necessary, informing the relevant authorities

Consequences of Operational Risk:

• Reputational Risk
• Compliance Risk
• Credit Risk
• Market Risk
• Liquidity Risk
• Investment Risk

Operational Risk Policy:

• The operational risk policy is a document which outlines a firm’s strategy and objectives for
operational risk management.
• It provides a ‘roadmap’ to move the organization from what might be a fragmented, non-strategic
approach to operational risk management, to a comprehensive, firmwide methodology that uses
a common risk language throughout the organization.
• Defines the operational risk methodology, or framework, within which the firm will operate
 • It involves:
o defining the firm’s operational risk appetite
o defining the methodology used to identify and categorize the operational risks
o defining the methodology used to measure and assess the significance of the identified
risks
o assigning responsibility to line managers for owning the mitigating actions required
o assigning responsibility for monitoring the effects of the mitigating actions
o establishing the reporting and escalating mechanisms for risk issues to all levels of the
organization in order to ensure transparency and aid the decision-making process.
Areas Addressed by an Operational Risk Policy:

• Identification of Key Officers

• Roles and Responsibilities
• Segregation of Duties
• Cross-Functional Involvement and Agreement
Operational Risk Framework:

• Identification and Assessment of Risk

o Self-Assessment
o Key Risk Indicators
o Risk and Control Assessment Workshop
o Loss Data Casual Trend Analysis
o External Loss Data
o Audit Reviews
• Management of Risk and Reduction of Potential Impact and Likelihood of Occurrence
o early identify the risk before it occurs
o establish clear ownership for the risk, and ensure that the owner is able to put proper
controls in place
o set up and monitor appropriate risk indicators, and act before they ever reach their
predefined danger limits.

Operation Risk Management Framework:

• Identification
• Measurement and Assessment
• Management and Control
• Monitoring
• Reporting
• Operational Risk Policy
1. Operational Risk Identification:
• Identifying and categorizing operational risks helps firms to establish their risk profile and appetite
for risk.
• A useful method could be to categorize risks based on people, process, system, and external
events.
Methods:

• Self-Assessment Risk Identification

o Typically involves a checklist of the risks that a particular area of the firm faces.
o Managers and staffs are required to score each risk. The risks are usually scored by
probability and impact.
o Brainstorming can also be done. This enables a debate to occur and a consensus to
emerge on the impacts and likelihoods assigned to each risk
o Limitations:
▪ It is subjective
▪ Combining the scores can be difficult
• Application of Risk Categorization
o People
o Process
o System
o External Events
2. Operational Risk Assessment and Measurement:
• Both are concerned with understanding the likelihood of risks occurring and their potential impact
on the business.
• Reasons form assessment and measurement:
o Establish a quantitative baseline for improving the control environment
o Provide an incentive for risk management and the development of a strong risk culture
o Improve management decision-making
o Satisfy regulators and shareholders that a firm is adopting a proactive and transparent
approach to risk management
o Assess the financial risk exposure

Risk Measurement:

• Risk measurement describes the use of quantitative techniques to understand the size of a
firm’s or business area’s risk profile.
• These techniques include statistically modelling the frequency and impact of risk events and
making statistical predictions of the future risk profile

Risk Assessment:

• Risk assessment makes use of whatever objective data there is (such as the output of a
measurement exercise) and uses human judgment to estimate the impact on the business.
• Where there is no objective data, subjective human experience alone is used.

Methods of Risk Assessment:

Impact and Likelihood Assessment

• Meaning:
o This enables risks to be ranked in order of their severity.
o The assessment may be subjective or objective.
 • Steps involved:
o Likelihood Probability Rating: Range of probabilities that correspond to a rating.
o Impact Loss Rating: The impact of the risk is the potential loss if the risk occur
Risk Score = Likelihood Score * Impact Score
o After getting the score, a heat map is prepared
• Advantages:
o It provides a simple method for viewing the range of risks the business faces
o It provides an evaluation of the effectiveness of the control environment.
o It focuses management attention on the most important risks
o It can be used with minimal hard data
o It can capture a wide range of risk possibilities
o It encourages a risk-aware culture and a more transparent risk environment.
• Disadvantages:
o It is oversimplistic
o It might be very subjective.

Scenario Analysis:

• It is a ‘top-down’ method of highlighting potential risk combinations in order to allow

preventative action to be taken
• It uses the experience of business professionals to capture possible scenarios that have
occurred in the past, or may result in loss in the future

Bottom-Up Analysis

• Meaning:
o This approach seeks to analyze the individual risks and adequacy of controls across
business processes.
o It builds up a detailed profile of the risks that occur in each area, aggregating them
to provide overall measures of exposure for departments, divisions or the firm as a
whole
o It uses the experience of line managers and staff, coupled with loss data as its source
of information, so the resultant measures contain both qualitative and quantitative
elements.
• Advantages:
o It addresses risk and control issues at the process level
o Accountability and responsibility for risk management can be clearly defined.
o It encourages a more transparent and risk aware culture
o It encourages continuous improvement.
o It can improve the quality of management information
• Disadvantages:
o It takes time to implement
o It can be subjectively influenced by managers
o Aggregating risks ‘upwards’ is not straight-forward
Key Risks Indicators:

• Objective measurement criteria that measure a firm’s ongoing risk status.

• Advantages
o They allow trends to be monitored and can therefore be used to anticipate problems.
o They allow limits of acceptability to be established.
o They can provide a basis for objective risk measurement.
• Disadvantages:
o They can cause skewed business performance if managers start ‘managing to their KRIs’
in an attempt to enhance their bonus ratings

Historical Data Loss:

• Loss data evaluation is important in mapping the actual losses experienced by the firm back to a
sensible categorization system.
• Once the data has been collected (from either internal or external sources) it can be used in the
measurement process, using benchmarking or statistical methods.

Practical Constraints:

• Data collection constraints: Data not available

• Cultural constraints: Managers think it is unnecessary
• Resource and cost constraints: Underestimate the amount of time and resources
• Indicator constraints: Difficult to design risk indicator

3. Managing Operational Risk:

• Risk management refers to activities and decisions that are intended to control, reduce, eliminate
or optimize a risk.
• Risk Register Formation:
o objectives, processes or products affected by this risk
o description of risk
o risk ranking
o lead person or department
o action plan
o target and completion dates
o sources of assurance and oversight (which may or may not be the lead person)
o mitigating controls, their effectiveness, and owner(s)

Methods:

• Transfer of Risk: Insurance

• Mitigation of Risk: Introduction of Key Control

Risk Mitigation:

• Controls:
o Preventive Control: Before the happening
 o Detective Controls: After the happening
• Business Continuity Planning or Disaster Recovery
o BCP: Deals with premises and people aspects
o DR: Deals with IT and Infrastructure
• Outsourcing
• Insurance
• Information and Cyber Security
• Physical Security
• Risk Awareness Training
• Data Protection

Operational Loss Data:

• Escalation Thresholds
These can be defined so that losses of various amounts are escalated to pre-defined levels within
the organization. This enables the relevant governance bodies to monitor losses across the firm
and to direct resources to areas that move outside their risk appetite or tolerance.
• Loss Casual Analysis
If the underlying cause(s) of a loss can be understood, then there is a greater chance of preventing
a similar occurrence of the same issue elsewhere in the firm.

UNIT 4: CREDIT RISK

Credit Risk:

• Credit risk is the risk of loss caused by the failure of a counterparty or issuer to meet its obligations.
• Credit risk exists in two broad forms:
o Counterparty Risk: It is the risk that a counterparty fails to fulfil its contractual obligations
o Issuer Risk: This is the risk that the issuer of the instrument could default on its obligations
Concentration Risk:

It arises through an uneven distribution of exposures to:

• individual issuers or counterparty (Single name concentration)

• within industry sectors and geographical regions (Sectorial Concentration)

Settlement Risk:

The risk that an expected payment of an asset/ security or cash will not be made on time or at all.

Pre-Settlement Risk:

The risk that an institution defaults prior to settlement when the instrument has a positive economic value
to the other party.
Systemic Risk:

• It refers to a possible breakdown of the entire financial system rather than simply the failure of
an individual firm.
• It exists because of the close interlinkages between the different parts of the financial system.

Credit Risk Measurement Techniques:

• Credit Exposure
o It is the amount that can potentially be lost if a debtor defaults on its obligations.
o It is used to quantitatively assess the severity of credit risk from:
▪ Counterparties
▪ Portfolios
o It consists of two parts:
▪ Current Exposure: Current obligation outstanding
▪ Potential Future Exposure: An estimate of the likely loss at some point in future
• Credit Risk Premium:
o A credit risk premium is the difference between the interest rate a firm pays when it
borrows and the interest rate on a default-free security.
o The premium is the extra compensation the market or financial institution requires for
lending to a firm that has a risk of defaulting
• Credit Rating:
o A credit rating is an expression of a firm’s creditworthiness and financial health.
o An independent credit rating agency will assign a credit rating to companies based on
numeric and non-numeric factors.

Merits of Credit Rating:

• Credit ratings are a useful method for lenders to assess the creditworthiness of a borrower.
• Sovereign credit ratings consider the overall economic and political conditions of a country.
• Credit ratings, debt ratings or bond ratings are also issued to individual companies and to specific
financial instruments.
• Long-term ratings analyze and assess a company’s ability to meet its responsibilities with respect
to all its securities issued.
• Short-term ratings focus on the specific securities’ ability to perform, given the company’s current
financial condition and general industry performance conditions.
• The ratings agencies play a useful part in helping firms assess the credit risks of worldwide
companies.

Demerits of Credit Rating:

• Companies have not been downgraded fast enough

• Rating agencies have been criticized for having too familiar a relationship with company
management, possibly opening themselves to undue influence.
• Any business model that allows the receiver of a rating to pay for it, and not the user, may
encourage conflicts of interest on the part of the rating agency.
• Certain credit rating agencies have made errors in rating some structured products
Counterparty Credit Risk and Applications in Practice:
Expected Loss:

Expected loss (EL) = PD x EAD x LGD

where:
o PD = Probability of Default (%)
o EAD = Exposure at Default (Amount)
o LGD = Loss Given Default (%)
Loss Given Default:

The estimated loss that a firm would incur at a specific time if a counterparty defaulted.

Probability of Default:

• The estimated likelihood that a counterparty will default on an obligation.

• The bank will estimate the probability of default using historical experience and empirical
evidence.
• The higher the default probability estimate, the higher the interest rate the lender will charge the
borrower to compensate for the higher default risk.
Exposure at Default:

• The exposure at default (EAD) is the amount which a bank will be exposed to in the future at the
point of a potential default.
• This amount may not be the amount they are exposed to ‘now.’
• In many cases it will be the same, but for certain facilities, the EAD will include an estimate of
future lending before default.
• EAD will also depend on the maturity, or ‘time to completion,’ of the loan arrangements.
• The longer the time to maturity, the larger is the probability that the credit quality will decrease.

Recovery Rate:
Recovery Rate = 100% - Loss Given Default

Credit Event:

• An adverse change such as bankruptcy, insolvency, receivership, material adverse restructuring

of debt, or failure to meet payment obligations when due.
• It can also be simply a credit rating downgrade.

Wrong Way Risk:

• The the risk that occurs when ‘exposure to a counterparty is adversely correlated with the credit
quality of that counterparty’.
• Example: A situation where securities issued by a counterparty, or its related entities are accepted
as collateral against the risk of that counterparty defaulting. This is because the nearer to default
the counterparty moves, the lower the value of its equities and hence the less they provide the
required cover against default.
Non-Performing Assets:

• Non-performing assets are loans whose repayments are not being made on time.
• Once a payment becomes late (usually 90 days), the loan is classified as non-performing.

Credit Limit:

• Credit limits are maximum limits for all aspects of credit exposure set by financial institutions.
• Firms need to establish overall credit limits at the level of:
o Individual Borrowers
o Counterparties
o Group of Connected Counterparty

Limitations of Credit Risk Measurement:

• Using simplified calculation of potential exposure.

• A lack of recognition of the time-period of credit risk
• A lack of recognition of portfolio diversification
• Financial institutions use probabilities which are a best ‘guestimate’ of the future

Credit Risk Protection and Mitigation:

I. Underwriting Standards
II. Guarantees
III. Credit Limits
IV. Netting Arrangements
V. Collateral
VI. Diversification
VII. Insurance and Credit Derivatives

Credit Default Swaps:

• A credit default swap (CDS) is a financial derivative that allows an investor to swap or offset their
credit risk with that of another investor.
• To swap the risk of default, the lender buys a CDS from another investor who agrees to reimburse
them if the borrower defaults
• They are attractive because they allow financial institutions to:
o Buy (or sell) a form of insurance to mitigate their (or the other party’s) credit risk
o Improve their portfolio diversification by reducing undesirable credit risk concentrations
o Customize their credit exposure to another party without having a direct relationship
o Transfer credit risk without adversely affecting the customer relationship.
Collateralized Debt Obligations:

• A collateralized debt obligation is a complex structured finance product that is backed by a pool
of loans and other assets.
• These underlying assets serve as collateral if the loan goes into default.
• Though risky and not for all investors, CDOs are a viable tool for shifting risk and freeing up capital.
Central Counterparties (CCPs):

• The guarantor of contracts normally, but not necessarily, for exchange-traded products, usually
the clearing house of an exchange.
• The clearing house acts as the guarantor of all transactions, limiting the exposure of its clearing
members by protecting them from defaults
• CCPs also boost the scope for netting among the members of an exchange
• They obtain resources through capital supplied by:
o Their members
o Fees generated by the exchange
o Other parties not having direct relationship with the market

Haircut:

• During the process of Securities Lending and Borrowing the lending firm might ask for a higher
value of collateral to safeguard himself against the volatility. This higher amount is known as
haircut.
• The haircut will depend on the volatility of the asset serving as collateral.

Credit Risk Management:

• The credit risk management function is responsible for ensuring that the firm’s credit risk is
effectively managed, although it will not own any risk itself.
• This means implementing a sound credit risk management policy to manage credit risk in a
company-wide context and includes:
o Owning the credit policy and ensuring that it is adhered to
o Setting, monitoring, and reviewing credit limits
o Assessing potential credit risk events
o Ensuring decisions on granting credit are made independently of the trading areas
o Measuring and monitoring daily credit exposure.
o Performing credit analysis by counterparty, country, sector, and instrument

Reporting and Escalation Tools:

• Procedures and information systems to monitor the condition of individual and grouped
counterparties across the bank’s various portfolios
• These procedures need to define criteria for identifying and escalating potential counterparty
credit issues to senior management

Basel Key Stages:

• Basel states that the board of directors should have responsibility for approving and periodically
reviewing (at least annually) the firm’s credit risk strategy and significant credit risk policies.
• Senior management should have responsibility for implementing the credit risk strategy approved
by the board of directors and for developing policies and procedures for identifying, measuring,
monitoring, and controlling credit risk.
 • credit policies must be communicated throughout the organization, implemented through
appropriate procedures, monitored, and periodically revised to take into account changing
internal and external circumstances.
• Banks should have methodologies/models that enable them to quantify the risk involved in
exposures to individual borrowers or counterparties

Managing and Measuring Credit Risk:

• Credit Scoring System:

o For individual, credit scoring includes a questionnaire which is scrored
o It includes the following:
▪ Age
▪ Credit History
▪ Occupation
▪ Years in Current Job
▪ Home Ownership
• Factor Inputs:
o In applying credit scores to firms, banks will use financial, non-financial and other inputs:
▪ Financial inputs will include an assessment of each firm’s
• Earnings,
• Cash flow,
• Asset values,
• Liquidity,
• Leverage,
• Financial size and
• Debt capacity
▪ Non-financial inputs will include a view of each firm’s:
• Management quality
• Governance structure
• Industry characteristics
• Country risk
• Credit rating.
▪ Extraordinary inputs might include:
• Court actions
• Other one-off factors that emerge from time to time and which could
impact the firm’s ability to honor its commitments
• Stress Testing:
o Stress testing involves identifying possible events or future changes in economic
conditions that could have unfavorable effects on a bank’s credit exposures and assessing
the bank’s ability to withstand such change.
o Areas for stress testing which the BIS recommends that banks could examine are:
▪ Economic or industry downturns
▪ Interest rate and other market movements
▪ Market-risk events
 ▪ Liquidity conditions
• Segmentation:
o Banks have to provide regulators with PD, LGD, and EAD statistics for clearly
differentiated segments of their portfolios.
o Segmentation should be based on:
▪ Credit scores (or some equivalent measure)
▪ The time that the transaction has been on the bank’s books.
• External Ratings:
o External ratings can be useful in assessing the risk associated
• Credit Limits:
o Credit limit can be set based on industry or geographical location.
• Internal Credit Rating
o A well-structured internal risk rating system is a good means of differentiating the degree
of credit risk in the different credit exposures of a bank.
o This allows more accurate determination of the overall characteristics of the credit
portfolio, concentrations, problem credits and the adequacy of loan loss reserves
• Impairment:
o Impairment is done based of following evidences:
▪ Information about significant financial difficulties of the borrower
▪ An actual breach of contract
▪ A high probability of bankruptcy or other financial reorganization of the borrower
▪ The granting by the lender to the borrower, for economic or legal reasons relating
to the borrower’s financial difficulties, of a concession that the lender would not
otherwise consider
• Provisioning:
o Loan impairment will result in a loss for the lending firm, and the firm therefore needs to
set aside an allowance for this loss in its accounts
• Key Performance Indicators:
o Number of debtors past due date
o Client breaching covenants
o Client downgrades

Controlling Concentration Risk:

• A bank needs to make sure it knows the relationships between the various counterparties it deals
with to ensure that they are not part of a wider corporate group, despite having different names.
• The bank could hold equities in the firms, have lent stock to them, be managing assets on their
behalf and so on.

UNIT 5: MARKET RISK

Market Risk:

Market risk can be defined as: ‘The risk of loss arising from changes in the value of financial instruments.
Market Risk Factors:

• Direct market risk factors are those that directly reflect the performance of a company, such as
the health of its balance sheet, its vision and strength of its management team.
• Indirect market risk factors are those that indirectly affect the performance of a company, such
as interest rate levels, economic events, political, sector sentiment and environmental effects

Division of Market Risk:

• Volatility Risk:
o The risk of price movements that are more uncertain than usual affecting the pricing of
products.
• Market Liquidity Risk:
o This is the risk of loss through not being able to trade in a market or obtain a price on a
desired product when required.
o Market liquidity risk can occur in a market due to either a lack of supply or demand or a
shortage of market makers.
• Currency Risk:
o This is caused by adverse movements in exchange rates.
o It affects any portfolio or instrument with cash flows denominated in a currency other
than the firm's base currency.
• Basis Risk:
o This occurs when one risk exposure is hedged with an offsetting exposure in another
instrument that behaves in a similar, but not identical, manner.
o Basis risk exists to the extent that the two positions do not exactly mirror each other.
• Interest Rate Risk:
o This is caused by adverse movements in interest rates and will directly affect fixed income
securities, futures, options and forwards.
o It may also indirectly affect other instruments.
• Commodity Price Risk:
o This is the risk of an adverse price movement in the value of a commodity.
o The risk drivers are different since the supply is concentrated in the hands of a few.
o Other fundamentals affecting a commodity’s price include the ease and cost of storage,
which varies considerably across the commodity market
• Equity Price Risk
o Capital Risk: Share price may fall
o Income Risk: No dividend income

Boundary Risk:

• These boundary issues mean that it is not straightforward to analyze exactly which factors are
causing which movements.
• It is difficult to set up cause and effect relationship between different types of factors causing
different risks since they all are inter related.

Techniques of Market Risk Management:

 • Hedging
• Market Risk Limits
• Diversification
• High Frequency Trading

Market Risk Management Function:

• Ownership of the firm’s market risk management policy

• Proactive management involvement in market risk issues
• Defined escalation procedures to deal with rising trading loss and market risk limit breaches
• Independent validation of market pricing and adequacy of var models
• Ensuring that var is not used alone, but is combined with stress testing and scenario analysis
• Independent daily monitoring of risk utilization

Measures of Central Tendency:

• Mean: Average value of all the data

• Median: The middle item
• Mode: Most frequently occurring item

Measures of Dispersion:

• Range: Distribution of Values around Median

• Inter-Quartile Deviation: Distribution of Values around Median
• Quartile Deviation: Distribution of Values around Median
• Variance: Distribution of Values around Mean
• Standard Deviation: Distribution of Values around Mean

Applications of Dispersion and Variance:

• The variance of a set of stock returns provides a measure of the returns’ dispersion and is used to
calculate the beta of the stock.
• The variability of returns generated by an asset or portfolio – its volatility – is a measure of its risk.
• The more volatile an investment’s return is, the greater is the standard deviation.
• Low standard deviation implies low risk; high standard deviation implies high risk

Distribution Analysis:

Distribution analysis is a statistical means of using historical data to predict future events and relies on an
understanding of probability distributions – of which one such distribution is the ‘normal distribution

Confidence Intervals:
Investment returns from primary instruments, based on market factors, are often assumed to be normally
distributed. By making this assumption, it is possible to create a model that will predict the future
performance of the instrument to a given level of probability, which is linked to the number of standard
deviations away from the mean at which we ‘read off’ our answer from the graph. This probability is also
known as the 'confidence interval'.

Fat Tailed Distribution:

A fat-tailed distribution is a probability distribution that exhibits a large skewness or kurtosis, relative to
that of either a normal distribution or an exponential distribution

Risk Measurement and Control Concept:

I. Probability
II. Volatility
III. Regression: It is a statistical tool for the investigation of relationships between variables
IV. Correlation Coefficient
a. Alpha: the extent of any outperformance against its benchmark, ie, the difference
between a fund’s expected returns, based on its beta, and its actual returns.
b. Beta: In terms of correlation with the market, BETA is used to describe the relationship of
its returns with that of the financial market as a whole
V. Optimization
• Optimization refers to portfolio construction techniques that obtain the best expected
returns from the right mix of correlations and variances.
• Portfolio optimization is often called mean-variance (MV) optimization.
• The term mean refers to the mean or the expected return of the investment and the
variance is the measure of the risk associated with the portfolio.
Value-at-Risk (VaR) Approach:

• Value-at-Risk (VaR) is a widely used measure that, in simple terms, expresses the maximum loss
that can occur with a specified confidence over a specified period.
• Because there is uncertainty about how much could be lost over the specified time horizon, the
VaR measure includes the level of confidence that the specified loss will not be exceeded.

VaR Limit Setting and Monitoring:

• VaR is widely used by banks, securities firms and investment managers to estimate portfolio
market risk.
• The market risk function will set VaR limits.
• It will then monitor them to ensure that traders or fund managers do not exceed them
• Advantages:
o It provides a statistical probability of potential loss
o It can be readily understood by non-risk managers
o It translates all risks in a portfolio into a common standard, allowing a comparison of risks
between asset classes and, hence, the quantification of firm-wide, cross-product
exposure

Var Validation and Back Testing:

 • Model Risk: VaR models can break down if the assumptions that they are based upon are violated
or are simply found to be untrue.
• It is important with any model to validate its assumptions and test its output accuracy as far as
possible
• Back testing is the practice of comparing the actual daily trading exposure to the previously
predicted VaR figure.
• It is a test of reliability of the VaR methodology and ensures that the approach is of sufficient
quality

Three Different Approaches to VaR:

I. Historical Simulation
• This method uses historic analysis of the portfolio’s risk factor values to estimate its risk
exposure in the future.
• Steps Involved:
o Identify the risk factors that affect the returns of the portfolio
o Select a sample of actual historic risk factor changes over a given period of time
o Systematically apply each of those daily changes to the current value of each risk
factor, revaluing the current portfolio as many times as the number of days in the
historical sample
o List out all the resulting portfolio values, ordered by value and, assuming the
required VaR is at the 95% confidence level, identify the value that represents the
fifth percentile of the distribution in the left-hand tail.
• Advantages:
o Simple enough to communicate easily to non-specialists
o No need to make any assumption about the distribution of the portfolio’s returns
o There is also no need to estimate the volatilities and correlations between the
various assets in the portfolio. This is because the distribution, the volatilities and
the correlations are implicitly captured by the actual daily values of the portfolio’s
assets over time.
• Disadvantages:
o It assumes that history will repeat itself, which is clearly often not the case.
II. The Parametric Approach:
• This approach assumes that portfolio returns are normally distributed, and uses the
standard deviation (volatility) of the returns to ‘plot the graph’ and hence derive the VaR
figure at the required confidence level.
• Advantages:
o It is the simplest methodology used to compute VaR.
o A limited amount of input data is required,
o Since there are no simulations involved, minimal computation time is required
• Disadvantages:
o If the actual returns are not actually normally distributed, as is assumed, then
clearly the results will be inaccurate.
o It cannot be used with securities such as options, because returns from these
instruments do not follow a normal distribution.
 III. Monte Carlo Simulation:
• The third method involves developing a model (ie, a set of equations) for future stock
price returns and then running multiple hypothetical values through the model to obtain
a distribution of return values.
• The process of generating hypothetical trials involves producing random numbers in a
‘controlled’ fashion, dictated by whichever distribution is felt to be most representative
for the portfolio.
• Instead of picking a return from the historical series of the asset and assuming that this
return can recur in the next time interval, we generate a random number that will be used
to estimate the return of the asset
• Advantages:
o It can be used to produce VaR for non-normally distributed instruments such as
options
• Disadvantages:
o Too much computing power that is required to perform all the simulations, and
thus the time it takes to run the simulations.

Scenario and Stress Testing:

• A stress test alters one variable at a time to analyze its effect on the rest of the portfolio.
• Scenario analysis looks at how the portfolio behaves under conditions of multiple changes.
• Scenarios can either be invented or they can be based on previous external factors.
• Scenario analysis and stress tests should be both quantitative and qualitative
• Scenario analysis and stress testing should, be conducted on an institution-wide basis, taking into
account the effects of unusual changes in market and non-market risk factors.
• Scenario analysis and stress testing would enable the board and senior management to better
assess the potential impact of various market-related changes on the institution’s earnings and
capital position.

UNIT 6: INVESTMENT RISK

Inflation:

• It as an overall general upward price movement of goods and services in an economy.

• It is the reduction in what can be bought over time with a fixed quantity of curency.

Nominal Return v/s Real Return:

• The nominal return on an investment is simply the return it gives, unadjusted for inflation.
• The real return is the return the investment provides an investor after stripping out the effects of
inflation.

Total Return:

• Return from Income

• Capital Gains
Holding Period Return:

• Holding period return is the total return on an asset or portfolio over the period during which it
was held.
• It is calculated as the percentage by which the value of a portfolio (or asset) has grown for a
particular period.
• It is the sum of income and capital gains over the period, divided by the initial period value

Main Investment Risks:

I. Currency Risk: Risk arising from fluctuations in the value of currencies against one another.
II. Interest Rate Risk:
• Interest rate risk is the risk that interest rates move against the investor
• Interest rate risk can also affect an investor’s capital, since the price of fixed income
securities (ie, bonds) moves in the opposite direction to interest rates.
III. Issuer Risk: Risk of issuer getting into financial difficulties leading to defaults.
IV. Equity Risk:
• Risk of low or negative capital growth.
• Risk of low or zero income.
• Factors affecting equity risk:
o Growth Risk
o Volatility Risk
o Strategic Risk
V. Commodity Risk:
• Commodities tend to have volatile price movements, often linked to natural events such
as harvests.
• Commodity price risk is the risk of an adverse price movement in the value of a commodity
VI. Property Risk:
• Property Related Risk:
o Location of the property
o The effect of the use of the property on its value
o The credit quality of the tenants
o The length of the lease.
• Market Related Risk:
o The effect of changes in interest rates on valuations
o Performance of individual property sectors
o Prospects for rental income growth.
VII. Liquidity Risk:
likelihood of being unable to transform assets into cash within a preferred time, without incurring
losses, and is closely linked to both credit and market risk.

Calculating Asset and Portfolio Investment Risk:

• Low Standard Deviation implies Low Risk

• High Standard Deviation implies High Risk
Benchmark:

• A benchmark is simply any standard against which it is reasonable to compare the performance
of a share or a fund.
• Benchmarks should be relevant to the market in which the fund itself is invested, and they should
be used consistently
• Benchmarks can be used to compare not only the performance of a fund in terms of return, but
also in terms of volatility.

Beta:

• The beta factor measures the volatility of an investment relative to the market or benchmark.
• The higher the value of beta for an investment, the greater the movement in its return relative to
the market or benchmark.
• Beta values for funds are generally calculated over a 36-month period, from monthly data.
• Significance of Beta:
o A fund with a beta factor of one moves in line with the market or benchmark
o A fund with a beta factor greater than one varies more widely than the benchmark.
o A fund with a beta factor of less than one fluctuates less than the benchmark

Alpha:

• The extent of any outperformance against its benchmark, ie, the difference between a fund’s
expected returns based on its beta and its actual returns.
• A disadvantage of alpha is that it does not distinguish between underperformance caused by
incompetence and underperformance caused by fees.

Sharpe Ratio:

• The Sharpe ratio measures the excess return of a portfolio over the risk-free interest rate, for each
unit of risk assumed by the portfolio.
• The risk being measured by the standard deviation of the portfolio’s returns.
• The higher the Sharpe ratio, the better the risk-adjusted performance of the portfolio

Information Ratio:

• The information ratio compares the excess return achieved by a fund over its benchmark.
• Its tracking error is the standard deviation of returns relative to the benchmark.
• It is a measure of how closely a portfolio follows the index to which it is benchmarked.
Private Equity:

• Private equity is an illiquid asset class consisting of equity securities in operating companies that
are not publicly traded on a stock exchange.
• Private equity fund managers often take an active role in the management of the companies they
invest in, through having a majority shareholding and/or a seat on the board
• The advantages:
o Potential for higher returns
o Lack of correlation with more ‘standard’ investments.
• Disadvantages:
o Risk of losing initial investment if the firm fails.
o Lack of transparency in the firm’s operations and finances

Venture Capital:

• Venture capital is a type of private equity capital, typically provided to early-stage, high-potential,
growth companies in the hope of generating a return through an eventual sale of the company
once it has become successful.
• Venture capital investments are generally made as cash in exchange for shares in the invested
company
• Advantages:
o Tax benefits
o Potential off higher return
o Lack of correlation with more standard investment

Property:

• An exposure to property can provide diversification benefits to a portfolio, owing to its low
correlation with both traditional and alternative asset classes.
• Property can be subject to prolonged downturns and, if invested in directly, its lack of liquidity
and high transaction costs on transfer really make it suitable only as an investment for the
medium to long-term.

Responsible Investment:

• Environmental Concerns
• Social Concerns
• Corporate Governance Concerns

Tracking Error:

• Tracking error is a measure of how closely a portfolio follows the index to which it is benchmarked.
• Types of Tracking Error:
o Historical Tracking Error (Ex-Post)
Usually calculated as the standard deviation of returns relative to the benchmark and is
more useful for reporting performance.
o Predictive Tracking Error (Ex-Ante)
Various models exists like using beta to complicated multi-factor fixed income models.
Methods Used to Mitigate Portfolio Risk:
I. Systematic and Non-Systematic Risk
II. Optimisation and Diversification
III. Portfolio Hedging
IV. Short Selling
V. Risk Transfer

Monitoring, Management, and Reporting of Investment:

• Peer review with other fund managers in the same firm

• Risk review with independent risk managers in the firm
• Monitoring for mandate compliance
• Performance attribution reporting

UNIT 7: LIQUIDITY RISK

The liquidity of an institution depends on, among other things:

• Its immediate need for cash

• How much cash it currently has
• its available lines of credit
• How easily it can transform its non-cash assets into cash
Tools to Identify Liquidity Risk:

I. The Maturity Ladder:

• It is a useful device for comparing cash inflows and outflows, both on a daily basis and
over a series of specified time periods.
• The analysis of net funding requirements involves the construction of a maturity ladder
and the calculation of a cumulative net excess, or deficit, of funds at selected maturity.
• In constructing the maturity ladder, a bank has to allocate each cash inflow or outflow to
a given calendar date
II. Actual and Contractual Cash Receipts:
• Reasons why actual and contractual cash flows shown in the maturity ladder will differ
from the actual cash receipts:
o It is not possible to estimate with certainty the cash flows from all instruments
o Even when cash flows can be properly estimated, the existence of credit risk
means that the cash may not materialize on the due date – or at all.
o The business may not wish to hold the instrument until maturity
III. Asset Liquidity Risk:
• Asset liquidity is cash obtained from mature or divested (sold) assets, or the use of these
assets as collateral in secured funding.
• Factors determining asset liquidity risk:
o How easily the asset can be sold for cash
o How easily the asset can be used as a collateral
 IV. Funding Liquidity Risk:
• The term ‘funding liquidity’ usually refers to the way in which a firm obtains liquidity from
the liability side of its balance sheet.
• Liability liquidity tends to refer to unsecured funding obtained from depositors, third
parties and the wholesale markets.
• So the term ‘funding liquidity risk’ refers to the likelihood that the bank’s funding will not
be available when required.

Measurement of Funding Liquidity Risk:

I. Liquidity Gap Analysis:

• Before a liquidity gap analysis can be performed, a technique called cash matching is used
to understand a firm’s or portfolio’s liquidity risk, by examining all net future cash flows.
• Gap analysis then aggregates the cash flows into maturity brackets and checks if cash
flows in each bracket net to zero.
• A liquidity gap is any net cash flow for a bracket.
• Disadvantages:
o It does not consider credit risk, and assumes all cash flows will occur.
o It cannot handle options in a meaningful way
II. Stress Testing:
• A technique for assessing how outcomes differ when individual inputs to a system are
changed or stressed.
• Stress testing will then take those normal assumptions and tailor them to the particular
area being tested.
• Some stress information can be readily based on historical while others will, of necessity,
be based on subjective assumptions
III. Expected Future Funding Requirement:
• Analyzing historical patterns of roll-overs, draw-downs and new requests for loans
• Conducting statistical analysis taking account of seasonal and other effects believed to
determine loan demand
• Making subjective high-level business projections
• Undertaking a customer-by-customer assessment for its larger customers and applying
historical relationships to the remainder
Measurement of Asset Liquidity Risk:

I. Bid Offer Spread

• The size of the bid-offer spread is a measure of the liquidity of the market.
• To compare the liquidity of different assets, the ratio of the spread to the asset’s mid-
price can be used.
• The smaller the ratio, the more liquid the asset is.
• A limitation is that the bid-offer spread reflects the size of the transaction cost, as well as
the liquidity of the market
II. Market Depth:
• Market depth is a measure of the volume of transactions necessary to move prices
 • One drawback is that market depth can change very quickly.
III. Immediacy:
• Immediacy is a measure of the time it takes to achieve a deal in a market.
• It depends on the existence of market makers to buy from sellers, and sell to buyers
IV. Resilience:
• Resilience is a measure of the speed with which prices return to equilibrium following a
large trade.
• The more liquid the market, the faster the prices return to equilibrium.
Managing Liquidity Risk:

I. Liquidity Limits:
• Size of Cumulative Contractual Cash Flow
• Funding Concentration
• Time
II. Counterparty Credit Limits:
To reduce its liquidity risks, the bank needs to maintain intra-day counterparty credit limits.
III. Scenario Analysis:
• A bank’s going concern condition
• A bank specific crisis
• A general market crisis
IV. Liquidity at Risk:
• Setting up brackets
• Arranging Distribution
• Finding confidence Level
V. Diversification:
• The type of liquidity instruments held
• The currency of the funding
• The counterparties used
• The firm’s liability term structure
• An assessment of the availability of markets for the realization of the liquid assets
VI. Behavioral Analysis:
• The normal level of rollovers of deposits and other liabilities
• The effective maturity of deposits with non-contractual maturities
• The normal growth in new deposit accounts
VII. Funding Method
• Wholesale money markets
• Securitization of loan portfolios
• Retail deposits
• Loan facilities with the central bank.
UNIT 8: MODEL RISK
Model:

The word ‘model’ refers to any method or approach in which statistical, economic, financial or
mathematical theories, techniques and assumptions are used to transform input data into quantitative
estimates

Model Risk:

Model risk is an operational risk and occurs primarily for two reasons:

• The model may have fundamental errors and may produce inaccurate outputs when viewed
against the design objective and intended business uses.
• The model may be used incorrectly or inappropriately

Uses of Models:

• Informing business decisions

• Conducting stress testing
• Valuing exposures, instruments or positions
• Providing the real-time signal for algorithmic securities trading.
Benefits of Modelling:

• Models are simplified representations of the real-world relationships that exist between observed
characteristics, values and events.
• Enables an unclear and complicated reality to be represented in a way that enables sound
investment decisions to be made.
• Speeds up decision-making through the automation of complex methods.
• Facilitate results that have greater accuracy, and easier repeatability.
• Enables ‘what-if’ analyses to be performed by varying individual inputs to observe the effect(s) on
the outputs
Limitations of Modelling:

• Over reliance on the model may lead to losses.

• Based on assumptions
• Might be used in an inaccurate manner

Commonly Used Models:

I. Operational Risk Scenario Modelling:

• Risk workshops are typically held with senior risk and business personnel to ensure good
quality model inputs, and the participants are asked to consider plausible but unlikely
scenarios that could have a significant impact were they to occur.
• In order to arrive at the level of capital necessary to cover the potential scenarios, the loss
impacts and frequencies are subjected to a modelled stress
II. Monte Carlo Simulation Process:
 • Deriving the Likelihood of Occurrence
• Deriving the Impacts
III. Credit Risk Modelling: Credit VaR
• Credit Value-at-Risk is a quantitative estimate of the credit risk of the portfolio and is
typically the difference between expected and unexpected losses on a credit portfolio
over a specific period of time expressed at a certain level statistical confidence.
IV. Market Risk Modelling: Market VaR
• arket VaR is a widely used measure that, in simple terms, expresses the maximum market
loss that can occur with a specified confidence over a specified period.
• Steps involved:
o Identify the risk factors that affect the returns of the portfolio
o Select a sample of actual historic risk factor changes over a given period of time
o Systematically apply each of those daily changes to the current value of each risk
factor, revaluing the current portfolio as many times as the number of days in the
historical sample.
o List out all the resulting portfolio values, ordered by value, and, assuming the
required VaR is at the 95% confidence level, identify the value that represents the
fifth percentile of the distribution in the left-hand tail
V. Liquidity Risk Modelling: Liquidity-at-Risk (LaR)
• Once the historic funding requirements have been assigned to their funding amount
frequency brackets, the brackets can be arranged as a distribution.
• Typically there will be a cluster of commonly required funding amounts in the middle of
the distribution, with lower amounts and higher amounts spread out on either side to
form the tails.
• Exactly as with market VaR and credit VaR, the LaR distribution gives the firm an idea of
its likely funding requirement over a given time period at different confidence levels

Effective Governance of Risk Modelling:

I. The Roles and Responsibilities of Different Parts of the Organization:

• Board of Directors and Senior Management:
o Establishing adequate policies and procedures and ensuring adherence to them
o Assigning competent staff with clear model ownership established and with
potential conflicts of interest identified and addressed
o Overseeing model development and implementation
o Establishing model risk controls: evaluating model results, ensuring effective
challenge, reviewing model validation and internal audit findings, and taking
prompt remedial action when necessary
o Recognising the potential need for the creation of provisions for trades where the
model is known to have limited capability to fully represent reality.
• Internal Audit
o A firm’s internal audit function should assess the overall effectiveness of the
model risk management framework, including the framework’s ability to address
model risk for individual models and in the aggregate.
 o Internal audit staff should possess sufficient expertise in relevant modelling
concepts as well as their use in particular business lines
• External Resources:
o Although model risk management is an internal process, a firm may decide to
engage external resources to help execute certain activities related to the model
risk management framework.
o A designated internal party from the firm should be able to understand and
evaluate the results of the design, validation and risk-control activities conducted
by external resources
II. Policies, Procedures and Documentation:
• Following aspects of model risk management should be covered by the policies:
o Model risk definition
o Assessment of model risk
o Acceptable practices for model development, implementation and use
o Appropriate model validation activities
o Governance and controls over the model risk management process.
• Policies should emphasize testing and analysis, and promote the development of targets
for model accuracy, standards for acceptable levels of discrepancies, and procedures for
review of, and response to, unacceptable discrepancies.
• The policies should require maintenance of detailed documentation of all aspects of the
model risk management framework
• The board or its delegates should periodically review the policies to ensure consistent and
rigorous practices across the organization

UNIT 9: RISK OVERSIGHT AND CORPORATE GOVERNANCE

Principal Oversight Function:

I. Board of Directors:
• Determining the company’s approach to risk
• Setting the right culture throughout the organization
• Monitoring the company’s exposure to risk
• Identifying the risks inherent in the company’s business model and strategy
• Overseeing the effectiveness of management’s mitigation processes and controls
• Ensuring the company has effective crisis management processes
II. Risk Committee:
• Ratify the key policies and associated procedures of the firm’s risk management activities
• Monitor the effectiveness of these key policies
• Translate the overall risk appetite of the firm into a set of limits that flow down
III. Regulatory Oversight:
• Lengthy and in-depth on-site visits
• Reviewing detailed reports on the way in which the firm is managing its risks and capital
Structural Framework:

• The firm’s risk committee recommends to the board an amount at risk (ie, risk appetite or
tolerance) that it is prudent for the board to approve. In particular, the risk committee
determines:
o The amount of financial risk
o The amount of non-financial risk
• The board delegates the authority to oversee risk to the risk committee, whose membership,
depending on the type of firm, typically includes:
o A non-executive director (NED) as chair
o The chief risk officer (CRO)
o The chief financial officer (CFO)
o The chief investment officer (CIO) for investment management firms
o Potentially a risk representative from any parent firm
o Other non-executive directors
• The risk committee then delegates to the CRO the authority to:
o Make decisions on its behalf
o Set business-level risk limits
o Approve risks in excess of these limits, within the overall risk limits approved by the board.
• Consequently, the CRO is responsible for:
o The firm’s risk management strategy
o The firm’s risk policies and risk methodologies
o Ensuring that the firm’s infrastructure can support its risk management objectives.
• The risk committee provides a detailed review and approval (say, annually) of each business unit’s
risk limits, and delegates the monitoring of these limits to the CRO
• Risk monitoring responsibilities are also delegated to department heads of the various business
units which in turn is delegated to business managers.
• The business managers are responsible for the risk management and performance of the business
and they, in turn, delegate limits to the bank’s traders.
 • Within an investment management firm there may be risk sub-committees which exist to enable
the fund managers to explain their strategies, and to present their risk profile for challenge and
debate.
• Within many firms there is also an operational risk committee – sometimes referred to as a
controls committee. The role of the committee is to make sure that business decisions are in line
with the firm’s desired risk/ reward trade-offs
• At the department level, operational risks and controls would be assessed, perhaps annually,
through risk workshops, desk-based reviews or some other mechanism.

Three Lines of Defense:

I. Business Management:
Day-to-day ownership, responsibility and accountability for assessing, controlling and managing
risk.
II. Independent Risk Functions:
Provide support and challenge on risk management, and helping to set risk appetite and strategy,
define risk reporting and ensure the adequacy of risk mitigation.
III. Internal Audit:
Provide independent assurance on the first and second lines, and the appropriateness and
effectiveness of policy implementation and internal controls.

Key Challenges:

• Establishing and maintaining the appropriate authority and autonomy of risk managers
• Keeping a clear segregation of duties between risk-taking staff and risk managers
• Relationship of risk managers to the business

Relationship of Risk Managers to the Business:

Factors Determining Firm’s Risk and Control Culture:

I. Governance and Policies:

• Ownership and management involvement
• Staff remuneration policy
• Staff appraisal process
• Risk policy
• Risk function(s) independence
• Caliber of risk personnel
• Escalation and whistle-blowing processes
• Code of conduct
II. Risk Appetite/Risk Tolerance:
• This involves understanding the firm’s current risk profile and trends (which is the current
implicit risk appetite) and monitoring the firm’s ongoing performance against its desired
risk appetite.
 • The firm’s risk appetite should be clearly connected to its overall business strategy and
capital plan
III. Transparency
• Principle 12 (Disclosure and transparency) states that the governance of the bank should
be adequately transparent to its shareholders, depositors, other relevant stakeholders
and market participants.
• Public Disclosure on following topics:
o Board Structure
o Basic Ownership Structure
o Incentive Structure
o Code of Policy
o Policy on Conflicts of Interest
IV. Integrity, Ethics and Social Responsibility
V. Education and Development
VI. Reducing Risk
VII. Moral Hazard:
• Moral hazard describes the possibility that people will behave differently when protected
from the effects of the risks that they take
• In a corporate setting, moral hazard exists whenever staff stand to gain by behaving in
ways that may not benefit the company or may not be in line with company policy

UNIT 10: ENTERPRISE RISK MANAGEMENT

Risk Management:

• Risk management is the practice of using processes, methods and tools for managing risks and
uncertainties.
• Risk management focuses on identifying what could go wrong, evaluating which risks should be
dealt with and implementing strategies to deal with them.

Enterprise Risk Management:

• The process of applying the discipline of risk management to all the risks a firm face to understand
and manage them, not only individually, but also in the way that they relate to each other.
• ERM is also known as integrated risk management or firm-wide risk management.

Industry Regulation (ICAAP):

• Define and quantify their overall risk exposure across all risk types.
• Stress and scenario test this exposure.
• Compare the results to the available capital

Goals of ERM:

• Designing and implementing the methods for collating firm-wide information on all risk types,
asset types and business lines
 • Enabling decision-making through aggregated risk reporting
• Allowing comparison of the firm’s risk profile to the available risk capital
• Setting clear accountability and incentives across the firm to control risk exposures and
concentrations in accordance with the stated risk appetite.

Challenges to ERM:

• Cultural Aspects of Implementing and Establishing an ERM Program:

o Involves different areas of firm
o Way of communication is different leading to misinterpretations.
o Firms have experienced challenges in combining their ‘financial’ (credit and market) risk
teams, with their operational risk teams to form a single unit.
o The main challenge has been the different cultures and skill-types required to perform
these very different roles.
• Exception-Based Escalation Challenge:
o An ERM framework encompasses so much information which could potentially be
escalated and actioned, that, without an exception-based approach, it may not be clear
to the senior teams which actions should be prioritized
o Even with an ERM framework in place, it remains a challenge to ensure that incidents are
not escalated in a piecemeal fashion by the different departments that are involved
• Data Aggregation Challenge:
o Measurement and Comparison
o Timescale
▪ Market Risk Var -Short Term
▪ Credit Risk Var - Medium Term
▪ Liquidity Risk Var - Medium Term
▪ Operational Risk Var – Long Term
o Combination of Data
▪ Firm Risk
▪ Client Risk:
• Accountability
o Department
o Senior Executive
o Individuals

Business Functions that Participate in an ERM Program:

• Strategic Planning
• Finance Department
• Risk Department
• Operational Risk Teams
• Inter Audit Department