1. Introduction to Financial Risk Management Flashcards
What is risk management?
- concerned with assessment & treatment of risk & uncertainty.
- “Risk”: potential variation in outcomes which can sometimes be measured
- “Uncertainty”: doubt about the future & ability to predict.
What is Financial risk?
uncertainty of a return/an outcome that has a financial implication — may lead to either profitable outcome or losses
Is risk a forward looking concept?
Yes, it refers to an event/outcome that has yet to happen
Why is financial risks good?
a profitable business can also involve significant risks & likely the profits generated are due to risk-taking in the first place
What are the 5 elements of risk management process?
Risk governance, risk tolerance, risk assessment, risk modelling & quantification, monitoring & risk reporting, breaches & incident escalation (internal & external)
What does Risk governance entail?
- sets risk appetite statement which is approved by the Board & embodied in the risk policy & delegated authorities.
- sets the “tone from the top” & provides a foundation for the risk culture
What does risk tolerance entail?
- breaks down the high-level risk appetite set above & translates it into actual risk limits that are measurable & actionable at the individual business unit level
- involves setting risk policy calibrated in line with the risk appetite
- eg: risk appetite approves VaR limit of 50mio. This limit will then be distributed to individual business units
- risk policy should also include procedures for a new product launch (eg: analysis of pricing, trading/hedging, client suitability, trade support capabilities, valuation process, legal/regulatory issues & operational implications)
- cost/benefit analysis should be conducted before any decision is taken
What does risk assessment involve?
- Identify new & changing risk landscape
- eg: new currency pairs, longer tenor, different product types, new types of customers, new markets all involve exposure to new types of financial risks.
What does Risk modelling & quantification involve ?
- model, quantify & aggregate risks to prioritize the focus of risk management & control.
- methodology employed in quantifying risk should be documented alongside any noticeable model weakness/incorrect assumptions (e.g. correlation computation, proxy data).
- Risk quantifications should also include risk-adjusted performance metric (e.g. PnL/VaR) to measure how effectively risk capital is being utilized — business unit with above-average risk-adjusted return should deserve more risk capital (instead of a business unit that generates the most profit on an absolute basis).
What does Monitoring and reporting involve?
- Monitor & report actual risk taken against the approved risk limits regularly to the key stakeholders
- important to not over report risk taken — Over-inflating only creates uneasiness & lead to wrong decision-making — Key stakeholders should be informed of the reflective/real risk exposure
What does Breaches and incident escalation (both internal & external/regulatory) involve?
- breaches of the approved risk limits need to be escalated to key stakeholders — incidents need to be reported & monitored closely until they are remediated.
- Any breaches/incident reports need to be followed up with the appropriate actions (reduced risk limits, trading suspension, warning letter or termination depending on the severity of the offence).
Who are the Stakeholders in the Risk Management Process?
- Board, executive, risk & audit committee
- Business owner
- Risk management & compliance function
- Internal audit
Identify the 3 lines of defence model (internal)
- 1st line: business/risk owner
- 2nd line: risk management & compliance function
- 3rd line: internal audit
What does the 1st line of defence — Business/risk owner (i.e. dealers) do?
• Own & manage risks
• Guide the development & implementation of internal policies & procedures + ensure that activities are consistent with business goals
• Ensure that risk controls & procedures established are part of daily operations.
• review, update & modify risk profile in line with changes in business environment & emerging risk.
- should also implement corrective actions to address existing process & control deficiencies.
- control breakdown, process inadequacies & unexpected events should be escalated to management.
What does the 2nd line of defence — risk management & compliance function do?
- Risk management
• Provides risk oversight.
• Risk management’s authority is delegated directly from Board of Directors/senior management to ensure the 1st line of defence is properly designed & operating as intended.
• Design & enforce risk limits & controls.
• Set risk policies, monitoring & escalation procedures.
• Define risk model & document risk methodology.
• Report risk information to relevant key stakeholders. - Compliance function
• A separate function that reports directly to senior management.
• Monitor specific risks such as non-compliance with applicable laws, regulations, policies & procedures.
What does the 3rd line of defence — internal audit do?
• Provide risk assurance to governing body & senior management.
• Consult 1st & 2nd lines of defence to improve overall risk operation
• evaluate & improve the effectiveness of risk management, control & governance process.
Who acts as the 4th line of defence?
- External auditors, regulators and other external bodies
- Regulators: impose requirements intended to strengthen the controls & review the 1st, 2nd & 3rd line of defence in relation to these requirements.
- External bodies like industry groups (e.g. FMAM) can also issue guidelines/notes for their members (i.e. the banks) to conform as part of risk management best practices industry-wide
What are the issues and challenges that may be encountered in the risk management process?
- Over reliance on risk management models/data that are based on flawed assumptions
- overlooking interaction of various risk factors
- overlooking concealed risks
- failure to communicate
- lack of required investment in system & infrastructure
- perception of risk management
- balancing risk vs return
What are the negative implications of Over reliance on risk management models/data that are based on flawed assumptions?
- risk management process relies on historical data — extrapolate from the past trends & forecast the probability of it happening
- BUT past events don’t necessarily relate to future shocks — historical performance may give a false sense of security. - Low probability, high impact events are impossible to forecast i.e. “Black Swan”
- increasingly common cause of the higher complexity & interconnectivity in the financial markets - normal distribution is used widely as an assumption in various risk management models (e.g. VaR).
- normal distribution implies that there’s a 68%/95%/99.7% probability that any random observation will lie within 1/2/3 standard deviations respectively away from the mean.
- IN REALITY, prices aren’t normally distributed — Large changes (exceeding 3 standard deviations) occur more often than the theory would suggest aka ‘fat tail’ event.
What are the negative implications of Overlooking interaction of various risk factors?
- When a bank hedges itself against market risk, may fail to assess all the risks associated with the instruments used for risk mitigation.
- eg: Risk managers who focus on FX risk aren’t responsible for credit risk & so they ignored the counterparty risk + credit risk managers may overlook FX risk as its not credit risk. BUT, market risk in FX contracts not honoured by customers/counterparties will emerge as credit risk.
What are the negative implications of Overlooking concealed risks?
- failure to capture risk can be caused by the front office (i.e. the people responsible for taking risks) failing to report it in the first place — dangerous since risk is Risk is underreported & unreported risks likely to expand
What are the risks relating to failure to communicate in risk management?
- failure to communicate effectively/explain complex reports to the board & the CEO who are responsible for making decisions about risk will cause misunderstanding & instill unwarranted confidence in their risk-taking capabilities.
- info may be distorted by intermediaries/delivered too late to the top management
What are the challenges relating to Lack of required investment in systems and infrastructure?
- To ensure the proper implementation of risk management policies, investment in systems & infrastructure is required — costs may be large.
- As such, high quality risk management architecture may be limited to well capitalized financial institutions. For smaller banks, this remains a significant issue.
What are the challenges relating to Perception of risk management?
viewed as:
- a cost center & a non-profit generating activity.
- an afterthought & not an integral part of the business
- business “hindrance”
BUT perception has changed considerably due to increasing volatility in the market coupled with heightened regulatory environment
