CH7-Risk Management in Banking

Question 1

What four members make up the Council of Financial Regulators?

Answer 1

APRA, ASIC, RBA and the Department of Treasury.

Question 2

What is the role of the Council of Financial Regulators?

Answer 2

Regulators collaborating together to improve efficiency and effectiveness of financial regulation and to promote stability of Australian financial systems.

Question 3

What is the key role of financial regulators and what are the two key risks they are responsible for managing?

Answer 3

Stability and consumer protection for the macro-economy. They are responsible for managing:
- Macro-prudential risk: Impact of banks and financial institutions on the market and economy.
- Regulatory risk: Impact of regulation on the activities of financial market participants

Question 4

What are the two categories of risk?

Answer 4

Absolute risk - Situation where there is a chance of loss, or no loss. But no chance of gain.
Speculative risk - Situation where there is the possibility of loss or gain depending if a decision is make to accept or decline that risk.

Question 5

What are the six main types of risk that Australian banks are exposed?

Answer 5

1) Credit risk
2) Liquidity risk
3) Market risk
4) Conduct risk
5) Operational risk
6) Compliance risk

Question 6

When did the BEAR regime become effective?

Answer 6

1 July 2019

Question 7

What four measures does BEAR use to ensure executives are accountable for driving cultural change?

Answer 7

1) Executives must register with APRA
2) APRA can adjust remuneration policies if they are not appropriate
3) Executives must defer 40-60% of variable remuneration for 4 years to ensure decisions are made in the long term interest of the ADI
4) Penalties of up to 200 million on ADI

Question 8

BEAR was introduced to cover banking entities regulated by APRA. FAR was introduced to cover which entities?

Answer 8

Entities regulated by ASIC a far broader set that APRA

Question 9

ASIC is focussed on which kind of risk?

Answer 9

Conduct risk of financial services companies

Question 10

What is the risk management responsibilities of “The Board”?

Answer 10

Setting the tone for risk management, approve risk management strategy and framework, and monitor its effectiveness. Board must also provide clear and concise Risk Appetite Statements (RAS).

Question 11

What is a Risk Appetite Statement (RAS)?

Answer 11

Provides direction to senior management on the type of activity the board feels is appropriate to engage.

Question 12

What are the ‘Three Lines of Defence’ in risk management?

Answer 12

1) 1st line of defence - Business operations ensuring adherence to daily risk management activities, following risk process and controls
2) 2nd line of defence - Risk and Control Functions to ensure the first line of defence is properly designed, implemented and operating.
3) 3rd line of defence - Internal Audit to ensure effectiveness of governance, risk management and internal controls.

Question 13

Why are risk management processes important?

Answer 13

Enable banks to:
- Accurately measure risk exposure to balance risk and reward according to their risk appetite
- Optimise growth whilst mitigating potential loss
- Protect depositors, policy holders and investors by maintaining a strong balance sheet
- Embed adequate controls to guard against excessive or undue risk
- Meet regulatory and compliance obligations

Question 14

What is Risk Assessment?

Answer 14

It is the process of risk identification, risk analysis and risk evaluation

Question 15

Which ISO standard deals with Risk Management Principles and Guidelines?

Answer 15

ISO 31000:2018

Question 16

According to ISO 31000:2018 what are the seven key areas of risk management process?

Answer 16

1) Establish the context - Boards’ risk appetite, objectives and competitive environment
2) Risk identification - Find, recognise and describe risks that could impact the banks objectives
3) Risk analysis - Understand the actual risks identified
4) Risk evaluation - Comparing risk with the banks level of risk appetite.
5) Risk treatment - Implemented options for mitigating a risk
6) Communicate and consult with internal and external stakeholders
7) Monitor and review outcome

Question 17

A risk matrix with likelihood and impact is a useful tool for which of the seven key risk management areas of the ISO 31000:2018?

Answer 17

Risk Analysis by providing an objective means of assessment

Question 18

What is a residual risk?

Answer 18

Not all risks can be fully mitigated. Residual risk is the threat that remains after all efforts to identify and eliminate risk have been made.

Question 19

In risk treatment according to ISO 31000:2018 what are the six risk mitigation options?

Answer 19

1) Avoid by no starting/continuing activity
2) Accept the risk
3) Remove the source of risk
4) Reduce the risk
5) Transfer the risk by sharing with another party like taking insurance
6) Change the consequences if the risk occurs

Question 20

Sometimes the risk treatment cannot be justified. What are two good examples?

Answer 20

1) Risk mitigation benefit does not justify the cost of mitigation or introduces new risks.
2) Failure of treatment measure represents a significant risk

Question 21

Monitoring and review of risks and risk treatments as part of ISO 31000:2018 has what purpose?

Answer 21

1) Ensure controls are effective and efficient in design and operation
2) Obtain more information to improve risk assessment
3) Analysis of lessons learned
4) Detect changes to the internal/external context
5) Identify new and emerging risks

Question 22

What are Risk Indicators?

Answer 22

Metrics that help with the monitor and control if identified risks over time. Help measure if a risk is controlled satisfactorily.

Question 23

What three characteristics allow a metric to be considered a Key Risk Indicator (KRI)?

Answer 23

1) Able to measure the amount of exposure due to a risk
2) Able to measure the effectiveness of controls to reduce or mitigate risk
3) Able to measure how well risk exposures are being managed

Question 24

For an Key Risk Indicator (KRI) to be effective what are four characteristics?

Answer 24

1) Measurable
2) Predictable
3) Comparable
4) Informational

Question 25

A risk register is a management tool used to capture and report on risks? What are key fields that should be captured?

Answer 25

Reference ID, Risk description, likelihood, impact, mitigation/controls and residual risk rating.