CH7-Risk Management in Banking Flashcards
What four members make up the Council of Financial Regulators?
APRA, ASIC, RBA and the Department of Treasury.
What is the role of the Council of Financial Regulators?
Regulators collaborating together to improve efficiency and effectiveness of financial regulation and to promote stability of Australian financial systems.
What is the key role of financial regulators and what are the two key risks they are responsible for managing?
Stability and consumer protection for the macro-economy. They are responsible for managing:
- Macro-prudential risk: Impact of banks and financial institutions on the market and economy.
- Regulatory risk: Impact of regulation on the activities of financial market participants
What are the two categories of risk?
Absolute risk - Situation where there is a chance of loss, or no loss. But no chance of gain.
Speculative risk - Situation where there is the possibility of loss or gain depending if a decision is make to accept or decline that risk.
What are the six main types of risk that Australian banks are exposed?
1) Credit risk
2) Liquidity risk
3) Market risk
4) Conduct risk
5) Operational risk
6) Compliance risk
When did the BEAR regime become effective?
1 July 2019
What four measures does BEAR use to ensure executives are accountable for driving cultural change?
1) Executives must register with APRA
2) APRA can adjust remuneration policies if they are not appropriate
3) Executives must defer 40-60% of variable remuneration for 4 years to ensure decisions are made in the long term interest of the ADI
4) Penalties of up to 200 million on ADI
BEAR was introduced to cover banking entities regulated by APRA. FAR was introduced to cover which entities?
Entities regulated by ASIC a far broader set that APRA
ASIC is focussed on which kind of risk?
Conduct risk of financial services companies
What is the risk management responsibilities of “The Board”?
Setting the tone for risk management, approve risk management strategy and framework, and monitor its effectiveness. Board must also provide clear and concise Risk Appetite Statements (RAS).
What is a Risk Appetite Statement (RAS)?
Provides direction to senior management on the type of activity the board feels is appropriate to engage.
What are the ‘Three Lines of Defence’ in risk management?
1) 1st line of defence - Business operations ensuring adherence to daily risk management activities, following risk process and controls
2) 2nd line of defence - Risk and Control Functions to ensure the first line of defence is properly designed, implemented and operating.
3) 3rd line of defence - Internal Audit to ensure effectiveness of governance, risk management and internal controls.
Why are risk management processes important?
Enable banks to:
- Accurately measure risk exposure to balance risk and reward according to their risk appetite
- Optimise growth whilst mitigating potential loss
- Protect depositors, policy holders and investors by maintaining a strong balance sheet
- Embed adequate controls to guard against excessive or undue risk
- Meet regulatory and compliance obligations
What is Risk Assessment?
It is the process of risk identification, risk analysis and risk evaluation
Which ISO standard deals with Risk Management Principles and Guidelines?
ISO 31000:2018
According to ISO 31000:2018 what are the seven key areas of risk management process?
1) Establish the context - Boards’ risk appetite, objectives and competitive environment
2) Risk identification - Find, recognise and describe risks that could impact the banks objectives
3) Risk analysis - Understand the actual risks identified
4) Risk evaluation - Comparing risk with the banks level of risk appetite.
5) Risk treatment - Implemented options for mitigating a risk
6) Communicate and consult with internal and external stakeholders
7) Monitor and review outcome
A risk matrix with likelihood and impact is a useful tool for which of the seven key risk management areas of the ISO 31000:2018?
Risk Analysis by providing an objective means of assessment
What is a residual risk?
Not all risks can be fully mitigated. Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.
In risk treatment according to ISO 31000:2018 what are the six risk mitigation options?
1) Avoid by no starting/continuing activity
2) Accept the risk
3) Remove the source of risk
4) Reduce the risk
5) Transfer the risk by sharing with another party like taking insurance
6) Change the consequences if the risk occurs
Sometimes the risk treatment cannot be justified. What are two good examples?
1) Risk mitigation benefit does not justify the cost of mitigation or introduces new risks.
2) Failure of treatment measure represents a significant risk
Monitoring and review of risks and risk treatments as part of ISO 31000:2018 has what purpose?
1) Ensure controls are effective and efficient in design and operation
2) Obtain more information to improve risk assessment
3) Analysis of lessons learned
4) Detect changes to the internal/external context
5) Identify new and emerging risks
What are Risk Indicators?
Metrics that help with the monitor and control if identified risks over time. Help measure if a risk is controlled satisfactorily.
What three characteristics allow a metric to be considered a Key Risk Indicator (KRI)?
1) Able to measure the amount of exposure due to a risk
2) Able to measure the effectiveness of controls to reduce or mitigate risk
3) Able to measure how well risk exposures are being managed
For an Key Risk Indicator (KRI) to be effective what are four characteristics?
1) Measurable
2) Predictable
3) Comparable
4) Informational
A risk register is a management tool used to capture and report on risks? What are key fields that should be captured?
Reference ID, Risk description, likelihood, impact, mitigation/controls and residual risk rating.
