DNU - OLD Flashcards
Describe the risk opportunity management matrix
What are the 3 sides to the COSO ERM cube?
Top: the categories of organisational objectives
Front: the risk management process
Side: the top down implementation process
Describe the IRM model of risk objective setting
What are the 7 weaknesses of Basel II?
- The accords provisions didn’t adequately assess risk capital
- Assets could belong to the banking book or the trading book
- Treatment of market risk failed to capture the effects of excess concentration of credit exposure in the trading book
- Failed to recognise the effect of liquidity on bank securitisation practices
- Inadequate calibration of risk weights and risk assessments
- A lack of understanding of the correlation between risks
What are the 3 primary risk management standards?
- IRM (2002) Model
- COSO ERM Cube
- ISO 31000 (2018)
What are the disadvantages of the PESTLE risk classification system?
Disadvantages
o Can over simplify
o Needs to be regularly done to be effective
o Requires different people’s perspectives
o Difficult to anticipate external events
What are the key differences between Basel II and III
- Risk weighted assets Basel II: Banks should set aside 2.5% of the RWA Basel III: Banks should set aside 7% of the RWA
- Balance sheet: Basel III introduced a leverage ratio to limit bank activities and balance sheet
- Liquidity Basel III introduces stress testing for 30 days Basel III introduces macro-prudential issues Basel III requires systemically important banks to raise extra capital
What are the 8 Rs of Hazard Risk management
- Recognition of risks, incl. the nature and trigger
- Rating of risks in terms of magnitude and likelihood of producing the risk profile in the risk register
- Ranking of current level of risk against the established appetite
- Responding to significant risks
- Resourcing controls to ensure introduction of sustainable control activities
- Reaction planning, e.g. BCM
- Reporting of risk performance, actions and events, incl. communicating risk issues
- Reviewing the risk management system, including internal audit procedures, review of the risk architecture, strategy and protocols
What are the key points to remember when managing cyber risks?
- establishing processes that can deliver information about cyber security – and the benefits of investment in this area – up to board level
- establishing good communication between risk managers and information managers (e.g. between the chief risk officer and chief information officer)
- identifying the critical information systems that may be most at risk from cyber attacks
- developing multiple layers of defence which place more obstacles in the way of potential attackers
- developing controls that will detect attacks quickly
What is the IRM definition of ‘risk management’
Risk management is the process which aims to help organisations to understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure
What are the 5 over-arching principles of the COSO ERM framework?
- Governance and culture. Governance sets the tone for the organisation and establishes oversight responsibilities for ERM. Culture relates to ethical values, behaviours and understanding of risk
- Strategy and objective setting. ERM strategy and objective setting work together. Appetite and objectives should be aligned
- Performance. Risks that can impact the achievement of strategy and business objectives need to be identified and prioritised in the context of severity and appetite, so that responses can be selected
- Review and revision. By reviewing entity performance an organisation can consider how well ERM components are functioning over time, including after substantial changes, and decide what revisions are needed
- Information, communication and reporting. ERM requires a continual process for obtaining and sharing information, from internal and external sources, and that flows up and down through an organisation
Internal models is a requirement for Solvency 2. Under Solvency II an insurer must pass six tests covering what?
- Statistical quality standards – demonstrating that the methodology assumptions and data underlying the model are sound Calibration standards – demonstrating that the model is calibrated to a level equivalent to the Standard Formula for the purposes of the SCR calculation
- Validation standards – substantiating a sound control environment around the model
- Documentation – enabling a third party to reproduce the model from the documentation of the model
- Profit and loss attribution – demonstrating an ability to reconcile the sources of variance (or profit and loss) in the results of the model with the risks included in the model
- Use test – demonstrating that the internal model is used within the business for a wider range of purposes than just calculation of regulatory capital.
What is Credit Risk?
credit risk
o the borrower (counter-party) may fail to meet it’s obligations (to pay interest, or the credit itself)
o the largest risk faced by most banks
What are Market Risks?
Market risk is losses arising through movement of market prices as a result of:
- interest rate risk; where long term assets (e.g. mortgage) falls lower than short term liabilities (e.g. deposits)
- equity risk; adverse change in the price of stock foreign exchange risk (fluctuations in the value of foreign cash)
- credit price risk (adverse market prices move a change in the risk of a loan)
- commodity risk (risk of change in the prices of commodities – such as: • agricultural (wheat or corn) • industrial (metals) • energy (gas and oil)
What is CCAR?
Comprehensive Capital Analysis and Review (CCAR) is a United States regulatory framework introduced by the Federal Reserve to assess, regulate, and supervise large banks and financial institutions
Describe the S&P ERM calculator miodel
What is the HM Treasury definition of ‘risk management’
Risk management is all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress
What are Operational Risks?
operational risk
- risk of loss resulting from inadequate or failed internal controls, people, processes, systems, or legal risk
- the least understood risk and the most challenging to measure, monitor and manage
What are the 8 non-core functions of a bank?
- Cash management
- Investment and securities
- Derivatives trading
- Loan commitment fees
- Letters of credit fees
- Insurance services
- Trust services
- Risk management services fees
What are the factors that affect ERM implementation?
- The start position
- The commitment from the top
- The size and complexity of the organisation
- The extent to which the enterprise is a global actor
- The resources available to support implementation
What are the 7 features of CCAR (Comprehensive Capital Analysis and Review)
- Sound financial risk management
- Effective loss estimation methodologies
- Solid resource estimation methodologies
- Sufficient capital adequacy impact assessment
- Comprehensive capital policy and capital planning
- Robust internal controls
- Effective governance
What does good Risk Management do?
- Enable better strategic decision making. Because risks associated with different options will be fully analysed
- Improve tactics. Because consideration will have been given to selection of the tactics and risks involved in the alternatives available
- Improve operations. Because events that can cause disruption will be identified in advance And actions taken to reduce likelihood and limit damage
- Enhance compliance. Because the risks associated with failure to achieve customer and statutory obligations will be recognised
What are the Financial benefits of ERM (FIRM):
Financial
- Reduced cost of funding and capital
- Better control of CapEx approvals
- Increased profitability for organisations
- Accurate financial risk reporting
- Enhanced corporate governance
What are the 4 levels of risk sophistication
- Inform – unaware of obligations
- Reform – awareness of non compliance
- Conform – actions to ensure compliance
- Perform – achieve business opportunities
- Deform – inactivity caused by obsession
What internal control policies can help manage operational risk?
- anti-money laundering
- recruitment policies
- compliance policies
- conflicts of interest policies
- human resources, in particular recruitment and retention policies
- control policies for key internal processes, such as underwriting
Describe the 3 ISO wheels of principles, framework and process
What are the 5 Cs of assessing potential loan credit?
- character – the reputation of the company
- capital – how the company is currently financed
- conditions – of the sector and country where the company operates
- capacity – of the company to repay the loan
- collateral – assets that the bank could claim if the company could not repay the loan.
Describe a Risk Matrix
What are non-primary risk management standards?
- Basel III
- Solvency II
- IAIS
- Standard and Poors
- Moody’s
- Fitch Ratings
- Dodd-Frank; U.S. securities
- IFRS
- COBIT
- SEC
Describe the target levels of risk model
What are the features of Risk Appetite?
- Risk appetite and risk exposure are considered as consequences of business decisions rather than a driver of those decisions.
- Questions about risk appetites can only be answered within the context of the strategy tactics operations and compliance activities within the firm.
- Risk appetite is the total value of the corporate resource is that the board of the organisation is willing to put at risk
What are examples of derivatives?
Swaps, options, forwards; value/change in value of goods to bonds, stocks or commodities.
Why group banking and insurance together?
- The risks are similar (credit, market and operational etc)
- Both are heavily regulated and are important to the world’s economy
- Regulators seek harmonisation of financial markets (Basel III and Solvency II)
- People now move between both, leading to transfer of knowledge
- Both have advanced risk management approaches
- Both need to understand and respond to changing technologies, including those that provide threats and opportunities
What are the 3 sub-types of wholesale banks?
- commercial banks (specialised loans to businesses, fund raising intermediaries)
- correspondent banks (banks lending to other banks)
- investment (or merchant) banks (advisors to government and firms about raising funds in capital markets, privatising public assets)
What is the COSO definition of ERM?
ERM is process, effected by a board, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential risks that may effect the entity, manage risks to be within it’s risk appetite, and to provide reasonable assurance regarding the achievement of entity objectives
What are the 3 aims of COBIT?
- Help optimise IT enabled investments
- Ensure service delivery
- Provide a measure to judge when things go wrong
What % impact should Infrastructure risks be benchmarked at under FIRM?
- ½ day impact on normal operations
- 10% budget increase on operations
What are the 3 sub-types of retail banks?
- retail banks (banks, cooperatives, savings and loans companies (incl. building societies), credit unions
- private banks (wealth management, tax and investment)
- postal banks
Name some of the sources that can be used to get information on risk trends, best-practice or research
• PwC banana skins • WEF Global Risks report • HM Treasury Orange Book • CIMA risk report on RBS and Tesco • PRA Handbook • BCBC Guidelines and Principles • IIA • Financial Reporting Council • IRM • COSO
What does ICCAP emphasise?
- The importance of stress testing
- The ability of regulatory capital to absorb losses in times of stress
- Long term capital requirements (through future cycles)
- Also, how quickly assets could be liquidated to meet requirements
What are the central (strategic) roles a bank has in facilitating economic activity?
- financial intermediation channelling savings from depositors to borrowers
- asset transformation creating loans from deposits
- money creation the process of generating additional money through repeated lending, through the fractional reserve banking system, the original deposit to a bank
What are the Marketplace benefits of ERM (FIRM):
Marketplace
- Commercial opportunities maximised
- Better marketplace presence
- Increased customer satisfaction (and spend)
- Higher ratio of business success 5. Lower ratio of business disasters
What key events are there within the timeline of good Risk Management?
- 2022 - Basel III implementation date
- 2017 - Basel III changes published
- 2016 - Implementation of Solvency II
- 2010/11 - Basel III publication date
- 2004 - Basel II adopted
- 1997 - VaR widely adopted
- 1995 - Early risk management frameworks are adopted
- 1989 - Chair of JP Morgan calls for daily 4.15 Report
- 1988 - Basel I adopted
- 1973 - Solvency I adopted
What are the 3 Lines of Defence?
- Business lines management
- Independent operational risk management function
- Independent review and challenge (audit)
What are the principal reasons for the 2007-2009 financial crash?
- Banks assumed that re-packaged debts (incl. sub prime mortgages) would continue to be tradable commodities
- Banks assumed that short term borrowing on the wholesale money markets would continue to be available
- Regulators and bankers did not understand how important shadow banking institutions had become to the everyday functioning of financial markets
- Banks did not always understand the risks of securitisation
- Over reliance on ratings agencies
What is the side of the COSO ERM cube?
The top down implementation process, incl. -
- Subsidiary
- Business unit
- Division
- Entity level
What are the features and differences of Compliance, Hazard, Control and Opportunity Risks?
- Compliance risks; should be minimised, cannot be fragmented
- Hazard risks; only negative outcomes, linked to insurance, can only inhibit the mission, can be mitigated
- Control risks; unknown or unexpected events, difficult to quantify, approach is based on managing uncertainty of events. Cause doubt about the ability to achieve the organisation’s mission. Most difficult to describe. Usually dependant on the successful management of people and thee effective implementation of processes, to be managed
- Opportunity risks; relate to risk vs. return, approach based on investment. Usually deliberately sourced or embraced. Most important risk for future success.
What are the 5 steps in the credit risk assessment process?
- Identify opportunity
- Evaluate prospective borrower
- Make credit decision
- Disburse credit
- Monitor credit
Explain Corrective risk controls (from PCDD)
Corrective
- To correct a risky situation
- Often simple and effective, and don’t require elimination of processes. But can be difficult to quantify.
- Costs can be disproportionate to benefits.
- Often meet regulatory requirements
Why analyse risks?
- Prioritise risks for treatment
- Compare risks with the risk appetite
- Achieve consistent perceptions of significance
- Inform decisions for resource management
- Inform decisions about risk strategy execution
- Ensure capital adequacy
What is the RIMS definition of ERM?
ERM is a strategic business discipline that supports the achievement of an organisation’s objectives by addressing the full spectrum of it’s risks and managing the combined impact of those risks as an interrelated risk portfolio
What are the 3 steps to implementing ERM?
- Employ a CRO to oversee implementation
- Align with PACED
- Assess benefits through FIRM
What are the 8 PRA Fundamental Rules for Firms:
- Rule 1: A firm must conduct its business with integrity.
- Rule 2: A firm must conduct its business with due skill, care and diligence.
- Rule 3: A firm must act in a prudent manner.
- Rule 4: A firm must at all times maintain adequate financial resources.
- Rule 5: A firm must have effective risk strategies and risk management
- Rule 6: A firm must organise and control its affairs responsibly and effectively.
- Rule 7: A firm must deal with its regulators in an open and cooperative way and must disclose to the PRA appropriately anything relating to the firm of which the PRA would reasonably expect notice.
- Rule 8: A firm must prepare for resolution so, if the need arises, it can be resolved in an orderly manner with a minimum disruption of critical services.
What was the European financial crisis of 2009-2013
- Caused by a sovereign debt crisis, caused by unsustainable spending/borrowing by governments in 17 countries
- Outcomes incl. understanding of how government finances impact banking performance, and uncertainty as to who was responsible for resolving banking crises and how this can deepen the problem
Describe the COSO ERM cube