What are the key steps of risk management by a financial provider?
- Risk identification
- Risk classification
- Risk measurement
- Risk control
- Risk financing
- Risk monitoring
- Cycle back
What does risk identification concern?
- Recognise risks that will threaten the assets & income of the organisation by establishing context:
- > Business objectives
- > Company structures & finances
- > Who are the key stakeholders?
- > What is the area of business?
- > External environment
- Systematic or diversifiable?
- Preliminary identification of possible risk control processes
- Identify exploitable risks to gain competitive advantage
What is risk classification concerned with?
- Classifying risks helps with calculating cost of risk & the value of diversification
- Management allocates the risk to an “owner” who is responsible for the control processes of the risk
What is risk measurement concerned with?
- Estimation of the probability of the risk event occurring and its severity
- Gives the basis for evaluating/selecting risk control methods:
o Decline risks
o Transfer risks
o Mitigate risks
o Retain risks with or without controls
What is risk control concerned with?
- Deciding whether to fully/partially accept each identified risk
- Identifying possible mitigation options for risks where needed
- Risk control measures aim to mitigate risks or their consequences by:
o Reducing probability of risk occurring
o Limiting severity of the effects of occurring risks
o Limiting consequences of the risks that occur eg. adequate insurance
What is risk financing concerned with?
- Determining the likely cost of each risk (including cost of mitigations, expected losses & cost of capital arising from retained risks)
- Ensuring the organisation has sufficient financial resources available to continue its objectives after loss event occurs
What is risk monitoring concerned with?
- Identify new risks or changes in the nature of existing risks
- Determine if the exposure to risk and/or risk appetite of the organisation has changed over time
- Report on risks that have actually occurred and how they were managed
- Assess whether the existing risk management process is effective
What are the benefits of a risk management process for a provider?
- Avoid surprises
- Improve stability & quality of the business
- Improve their growth & returns by:
o Exploiting risk opportunities
o Better management/allocation of capital
- Identify opportunities from:
o Natural synergies
o Risk arbitrage
- Give stakeholders in their business confidence that the business is being well managed
Risk management strategies that balance risk, growth and consistency should ideally:
- Incorporate all risks, both financial & non-financial
- Evaluate all relevant strategies for managing risks, both financial & non-financial
- Consider all relevant constraints including political, social, regulatory & competitive
- Exploit the:
o Hedges & portfolio effects among the risks
o Financial & operational efficiencies within strategies
What is systematic risk?
- Risk that affects the whole financial market or system
- It cannot avoided through diversification
What is diversifiable risk?
- Arises from an individual component of a financial market or system
- Only non-diversifiable risks are rewarded within the scope of most financial systems
- Rational investor should not take on any diversifiable risk
What are the main characteristics of ERM?
- Board implementation & key objective of the board
- Evolving process
What does the centralisation aspect of ERM concern?
- Portfolio approach (assesses all the risks across the company wrt their cumulative effect & correlations)
- Central Risk Function (single department responsible for risk assessment/objectives/monitoring lead by expertise & knowledge of CRO)
- Documentation (details of all risks & potential risks kept in one evolving source document)
- Reporting (one person, the CRO is responsible for reporting on overall risks to the company board)
Advantages of portfolio approach:
- Assesses all the risks across the company wrt their cumulative effect & correlations
- Can lead to greater efficiencies in terms of:
o Insurance purchased
o Investment strategy
o Capital requirements
Advantages of central risk function (CRF):
- Clearly defined risk objectives
- Without CRF, dilution of knowledge b/w different departments is likely
- More accurate/efficient reporting of risks from:
o Staff to CRO
o CRO to the board
o The Board back to all departments & employees
- Less likelihood of gaps in analysis
- Central auditing of risks => less risk of over-confidence & anchoring
- Improvement of risk culture or an organisation
What is the documentation aspect of CRF concerned with?
- Risk policy is set out and risks are listed & defined (using checklists & risk register) in consistent language (taxonomy of risks)
- Responsibility of CRF to keep the documentation updated when new risks are identified or treatment of risks change
What is the reporting aspect of CRF concerned with?
- Risks must be reported to the board st. there is clarity in the understanding of:
o Key risks prioritised by CRO
o Developments in the organisation’s risk profile
- Employees should
o Be adequately trained in ERM
o Understand importance of reporting potential risks & monitoring current risks
What is the board implementation component concerned with in ERM?
- Crucial for the board to completely buy into the concept
- Should be a key objective for the board
- ERM agenda item every meeting
- Appoint CRO (who may be on the board)
What is the evolving process component of ERM concerned with?
- Board should implement a thorough process
- Risk continually being monitored & revised
- Not a once off exercise
Challenges of ERM:
- Considerable initial effort required
- The Board must sell the idea to managers and staff
- Must be a part of corporate culture
How might business units of a single organisation operate?
- Carry out the same activity but in different locations
- Carry out different activities at the same location
- Carry out different activities at different locations
- Operate in different countries
- Operate in different markets
- Be separate companies in a group, which each have their own business unit
How may a parent company manage risks b/w business units alternatively to ERM?
- Determine the overall risk appetite of the company
- Divide the risk appetite b/w the different units
- Likely that this method does not allow for diversification benefits
- Hence a preferable approach is risk management at the enterprise level
Who are the stakeholders of risk governance?
- Directors / senior management
- Risk managers and any Chief Risk Officer
- All other employees
- Credit rating agencies