7. Risk Management in Banking Flashcards

1
Q

What is macro-prudential risk?

A

Where the extent that the fragility of a bank or other financial institution could affect the market and the economy as a whole.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two categories risk can be classified into:

A
  1. Speculative risk
  2. Absolute risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is speculative risk?

A

The possibility of a loss or a gain based on a decision to accept or decline a risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is absolute risk?

A

The situation where there is either a chance of loss, or no loss. But there is no change of gain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the six main types of risk for financial institutions?

A
  1. Credit risk
  2. Liquidity risk
  3. Market risk
  4. Conduct risk
  5. Operational risk
  6. Compliance risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is credit risk?

A

The risk that the loan will not be repaid, either in full or in part.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is liquidity risk?

A

The risk that a bank or financial institution does not have a sufficient level of liquid assets (assets that are easily converted into cash) to meet current and future payment obligations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is market risk?

A

The risk of an adverse impact on a bank’s valuations and profits resulting from changes in market factors, such as foreign exchange rates, interest rates, and commodity or equity prices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is conduct risk?

A

May arise because of inappropriate, unethical or unlawful behaviour of bank employees. Such conduct can be caused by deliberate actions or inadequacies in bank practices, frameworks or education programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is operational risk? What factors does it cover?

A

The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Covers a broad range of factors including human error, fraud, failure of information systems, problems related to personnel management, commercial disputes, accidents, fire and flood.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is compliance risk?

A

That of legal or regulatory sanction, and of financial or reputational loss, arising from a bank’s failure to abide by the compliance obligations required by legislation, regulation, rules, standards, or codes of conduct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are four of the BEAR measures?

A

Banking Executive Accountability Regime measures include:
- Executive registration with APRA
- APRA powers over remuneration policies
- Remuneration deferral
- ADI penalties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are executives required to do with APRA?

A

Senior executives and directors of ADIs will be required to register with APRA, and APRA will need to be advised prior to any future appointments. APRA will have the power to deregister and disqualify accountable persons who fail to meet expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe APRA powers over remuneration policies.

A

APRA will be given stronger powers to require ADIs to review and adjust their remuneration policies when APRA believes these policies are not appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe remuneration deferral and explain its purpose.

A

Depending on the size of the ADI and the role, accountable persons will be required to defer between 40% and 60% of variable remuneration for a period of four years. This is intended to ensure that accountable persons make decisions that are in the long-term interest of the bank and their customers. If an accountable person breaches their BEAR obligations, the ADI is obligated to withhold all or part of their variable remuneration as a penalty.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe penalties on ADIs under BEAR.

A

APRA will impose civil penalties of up to $200 million on ADIs that do not appropriately monitor the suitability of their executives to hold senior positions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Who monitors the conduct risk of financial institutions?

A

ASIC’s responsibility is to regulate the conduct of financial services companies to ensure they meet their obligations to maintain adequate risk management systems to mitigate exposure to relevant risks (and guide business decisions). ASIC also has an interest in conduct risk.

18
Q

What is related entity risk? What is it also referred to as?

A

Contagion risk, or related entity risk, is the risk that problems arising in other internal business channels compromise the financial and operational position of the wider ADI.

19
Q

What is related entity risk? What is it also referred to as?

A

Contagion risk, or related entity risk, is the risk that problems arising in other internal business channels compromise the financial and operational position of the wider ADI.

20
Q

What is contagion risk? What is it also referred to as?

A

Contagion risk, or related entity risk, is the risk that problems arising in other internal business channels compromise the financial and operational position of the wider ADI.

21
Q

What is an RAS and who requires it?

A

APRA requires that all ADIs maintain a clear and concise Risk Appetite Statement that addresses all material risks. The RAS provides direction to senior management on the type of activity the Board feels is appropriate to engage in, and what constitutes appropriate limits, or tolerances, for such activities.

22
Q

What are the three lines of defence in a risk management framework?

A
  1. Business operations
  2. Risk and control functions
  3. Internal audit
23
Q

Describe the first line of defence in a risk management framework.

A

Business operations:
Risk management by business operations, individual business units and operation teams. Actions include:
- Involvement in day-to-day risk management activities
- Following a risk process
- Applying internal controls and risk responses

24
Q

Describe the second line of defence in a risk management framework.

A

Risk and control functions:
Independent risk control and compliance oversight. Actions include:
- Review and challenge risk management processes
- Provide guidance and direction
- Develop risk management frameworks

25
Q

Describe the third line of defence in a risk management framework.

A

Internal audit:
Actions include:
- Review 1st and 2nd line activities and processes
- Provide an independent perspective and challenge
- Objective assessment and offer assurance

26
Q
  • What are the eight steps under 31000:2009?
A

Risk Management Principles and Guideline Activities:
1. Establish the context
2. Risk assessment
3. Risk identification
4. Risk analysis
5. Risk evaluation
6. Risk treatment
7. Ongoing monitoring and review
8. Ongoing communication and consultation

27
Q

What are four ways to identify risks?

A
  1. Workshops
  2. Questionnaires
  3. Loss data capture and analysis
  4. Near miss analysis and experience
28
Q

What are the characteristics of workshops for identifying risks?

A
  • Often used when a bank is about to start a project or implement a major change
  • The workshop should continue until all of the likely risks have been identified
29
Q

What are the characteristics of questionnaires for identifying risks?

A
  • Used to identify high level risks that can be assessed in more detail
  • Careful wording is required for the questionnaire to ensure that all risks are properly identified and avoid any questions that lead the respondents towards a particular outcome
30
Q

What are the characteristics of loss data capture and analysis for identifying risks?

A

If a risk has not been identified by the bank, it can become apparent when a loss is caused to the business.

31
Q

What are the characteristics of loss data capture and analysis for identifying risks?

A

If a risk has not been identified by the bank, it can become apparent when a loss is caused to the business.

32
Q

What are the characteristics of near miss analysis and experience for identifying risks?

A

The same retrospective risk identification technique can be employed when no loss has been suffered, but instead, there has been a near miss.

33
Q
  • Draw a risk analysis matrix.
A
34
Q

What is residual risk?

A

The threat that remains after all efforts to identify and eliminate risk have been made.

35
Q

What is risk treatment?

A

A key process, involving selection of one or more options for mitigating risks.

36
Q

What are some examples of risk treatment?

A
  • Avoiding the risk
  • Accepting or increasing the risk in order to pursue an opportunity
  • Removing the source of the risk
  • Reducing the likelihood of the risk occurring
  • Changing the consequences if the risk occurs
  • Sharing the risk with another party
37
Q

What are the downsides of risk treatment? How is this mitigated?

A

Risk treatment itself can introduce new risks. For example, a failure (or ineffectiveness) of treatment measures could represent a significant risk. With this in mind, monitoring needs to be an integral part of the treatment plan to give assurance that treatment measures remain effective.

38
Q

What are the four characteristics of effective key risk indicators?

A
  1. Measurable
  2. Predictable
  3. Comparable
  4. Informational
39
Q

What are KRIs?

A

Key risk indicators are metrics that help with the monitoring and control of identified risks over time.

40
Q

What can KRIs alert management to?

A

Risk indicators also provide early earning about whether an exposure to risk is changing. Tolerances or limits are usually tied to risk indicators which, when exceeded, alert management to areas of potential problems.

41
Q

What is the role of the Board regarding KRIs?

A

The Board will also specify appropriate key risk indicators, which will be monitored. They will identify levels at which the bank is comfortable to operate, which little or no detailed reporting is required by the Board, and higher levels that must be escalated to the Board via the Risk Committee.

42
Q

What key information should be included in a risk register?

A
  • Name of the project/business unit/division
  • Date last reviewed and modified
  • Reference numbers assigned to each identified risk
  • Identified risk
  • The probability or likelihood of the risk occurring
  • A rating based on the extent of damage the risk could cause
  • A risk score
  • The control measures identified for handling the risk
  • Whether the risk is within appetite
  • Residual risk rating (after controls have been applied)