Chapter 1 - Principle of Risk Management Flashcards
what is credit risk?
Risk of financial loss resulting from a borrower’s failure to repay a loan.
what is operational risk?
Risk of loss resulting from inadequate or failed internal processes, people or systems, or external events.
what is enterprise risk?
Risk to the organization, such as not being able to achieve objectives.
what is strategic risk (internal)
the firm is not isolated, and interacts with global financial markets and the “real economy”, such as financial management and strategies.
who are the strategic risk-takers? the robust processes
CEO and senior managers - formulate a strategy for the firm that requires certain risks to be taken and avoided.
Robust processes - Ensuring the firm is properly governed to formulate and implement. Implementing a coherent risk framework.
what is strategic risk (external)
Arises in unforeseen changes in the global economy, competitive environment and social/market forces.
what is a risk register?
Allows firms to document and track risks that could impact an organization.
what is risk appetite?
How much risk the organization is willing to take
Difference between risk and uncertainty
Risk = situations that can be estimated and allows predictions/planning
Uncertainty = probability of outcomes are unknown, difficult to plan
What is the simple framework for managing risk?
- Risk Policies and governance at board level
- Risk oversight - often performed by the business unit (first line of defense) with results and actions plan reported to independent risk management function
- Day-to-day Risk management - must be owned by business units, not risk function.
What is economic risk?
During economic boom, failure to anticipate a downturn will result in firms increasing their stocks using current input prices and not the reduce price.
What is political risk?
Changes in government decisions which affects markets. It affects it by:
- change in price
- increase/decrease demand
- changes to regulatory environment
what is cyber risk?
Covers broad range of risks that are related to theft/damage to information stored. Cyber risk needs to be managed proactively by the board, led by senior management and assured by corporate governance.
what are social and market factors?
tech advances, changes in consumer behavior, housing, saving.
What are the risks from stakeholders/third-parties
- Parent company = owns enough for subsidiary (another
company) and owns more than one business. - significant holdings by investors who have voting rights
- large customers = managing relationship with clients
The 3 keys to managing stakeholder risk
Build relationship with client at senior level, understand stakeholder agenda, manage expectations
who are third-parties?
IT, regulators, solicitors, brokers, advisers
what are the ESG risks?
Environmental = climate change, natural resources
Social = human capital, product liability, stakeholders
Governance = corporate governance, corporate behavior
which committee ensures ESG is central to a company risk?
Committee of sponsoring organization of Treadway commission ( COSO Framework) they state “ create, preserve, sustain and realize value while improving their approach”
What is the boards role?
Ask management how the risk-identification process establishes ESG and how the risks could be incorporated in the strategy.
What is a PESTLE Analysis?
Analysis on the macro environment in which a business operates. Political, environmental, social, technological, legal and economic.
what is a business process analysis?
Examining high-level business process, and describing both the internal low-level processes and external factors which can influence those processes.
What are the key internal drivers of risk?
Strategic , operational, financial
What is strategic risk?
The European Banking Authority defines as the current or prospective risk to earnings and capital arising from changes.
Takes two forms:
- is the strategy right?
- is the strategy being properly implemented?
What is operational risk?
Bank for international Settlements (BIS) - Risk of loss resulting from inadequate or failed internal processes, people, systems and external events.
What is financial risk the three elements?
Credit - risk of loss from failure of counterparty to meet obligations
Market - risk of loss arising from changes in value of financial instruments
Liquidity - Risk that a firm has insufficient cash to meet obligations
How are the internal drivers of risk typically assessed?
- risk assessment workshops
- discussion with internal/external auditors
- stress testing - varying one input factor at a time
- scenario analysis - constructing realistic scenarios
Define Risk culture?
Systems of values and behaviours present through an organisation that shapes risk decision.
key features of healthy risk culture?
Attitude to risk and ethics of boards and senior team, effectiveness, degree of risk, the extent of incentive schemes
what is conduct risk. what does it link to
The risk that the firms behaviour will result in poor outcomes for customers
Links to consumer duty regulations July 2023 - accountable for ensuring good delivery to customers
What are the other inherent factors linking to risk?
Market failures, lack of available decision-making, often exacerbated by low financial outcomes.
What to do for easily quantifiable risks? and for less easily quantifiable risks?
- Appetite risk level for direct financial loss, specific risk measures, such as credit or market value-at risk (VaR) Metrics
Less:
- Policy might be specified for non-financial statements
What does the top-down approach involve?
Involves board and senior management.
Involves:
- Identifying threats to objectives
- relating the threats to the coverage available
- recognising that holding capital is not the best mitigant for every risk.
what does the bottom up approach mean?
Involves line management.
- “Acceptable occurrences” levels for errors and losses
- Set of key risk indicators which are tracked against pre-defined appetites.
what links the bottom-up to the top-down approach?
Escalation mechanisms need to be defined (Risk appetite statements) so that the bottom-up approach (business risk assessments) can be linked to top-down approach.
What is inherent risk?
What is residual (net) risk?
Also known as gross risk. An assessment of risk without considering the beneficial effects of mitigating controls.
Also known as net risk. The firms exposure after having taken mitigating controls into account.
what is the risk profile?
made up of the type and intensity of the risks to which it is exposed.
Consists of: Nature of threats, likelihood of adverse effects occurring, level of disruption and costs associated.
what is risk mitigation?
The efforts made to reduce either the impact or the likelihood of the risk.
Includes:
- hedging
- ensuring insurance in place
- holding collateral
what is reputational risk?
Either an outcome or results as an indirect/direct consequence, such as credit, market, liquidity, or operational risk.
Can cause losses:
- loss of current or future customers
- loss of employees or managers within organisation
- loss of business partners
- increased costs
What can be used when firms embark on new areas of business?
Cost/benefit analysis. This compares the estimated likely revenues with actual costs
what are the specific risks in financial services as defined by Bank for international settlements?
Operational risk - risk of loss resulting from inadequate or failed internal processes, people and systems.
Credit risk - risk of loss caused by a counterparty or issuer failing to meet obligation
Market risk - risk of loss arising from changes in the value of financial instruments.
Asset liquidity risk - represents the risk that an entity will be unable to unwind a position in particular financial market due to lack of depth or disruption.
Funding liquidity risk - risk that a firm cannot obtain the funds to meet obligations as they fall due
Interest rate risk - exposure of a firms financial conditions to adverse movements in interest rates, such as balance sheets.
What is the interconnectedness of risks in financial systems?
Who states risk interact with each other non-linearly?
Positively correlated as GDP grows:
Interest rate, market, asset liquidity, funding liquidity.
GDP rate Slows:
Operational risk and credit risk
The Basel committee on banking and supervision has shown that risks interact with each other non-linearly
What is cognation?
How does the government work with banks to prevent fail, but what risk does this create? What happens if the government cant make these funds?
When is systematic risk at its highest?
When risks affect firms, but also the stability of financial system. This causes systemic risk!
Government can take on debts and obligations. This creates a risk called sovereign default risk. Government may default on its government issued bonds.
Systematic risk at its highest when individual firms measure risk at its lowest as this encourages behaviour.
what do UK require banks to construct and maintain?
Recovery and resolution plans:
- credible recovery actions that the firms could implement in the event of a severe stress to restore its business to a stable condition
- the mechanism by which any failure can be enacted in orderly fashion.
what risks affect most industries and what risks predominantly affect financial? What characteristics sets apart the financial sector?
Strategic and operational = most industries
Credit, market, liquidity and investment = financial
Characteristics:
- complexity, no physical product, product life span, necessity of modern economic systems.
What has fintech helped develop?
Developed Regtech, regulation and technology. Regtech provides speed and agility to efficiently manage those rapidly growing requirements.
What is a decentralised distributed ledger technology?
What is an initial coin or currency offering?
The problem with ICOs?
DLT (blockchain) enables storage, distribution, and exchange of values between users.
ICO raises capital or participates in investment opportunities using crypto. It is a form of crowdfunding and funds start-ups.
The problem is that there is not much regulation. This increases risk of fraud, money laundering and financial terrorism.
What are the requirements set out for financial crime, such as AML (anti-money laundering) and CFT (counter-terrorist financing)
The 4th EU AML Directive - virtual assets must be regulated for AML purposes
Payment services directives - establishes safer online payment environment. For example, strong customer authentication.
What is the data security that the EU have to adhere to?
What countries enacted the act on the protection of personal information (APPI)?
What is China’s law?
Firms must adhere to data protection laws, such as general data protection regulation. This requires companies to protect data or face fines of 20 million euros, or undertaking up to 4 % of global turnover.
Japan uses APPI for its privacy and data protection.
The person information protection law (PIPL) is China’s first comprehensive law designed to regulate online data and protect personal information.
What are the two different types of storage of digital assets?
Hot environment = Online
- Strong encryption is the essential safeguard. The digital asset and the private encryption key must be stored separately
Cold storage = Offline
- Both the digital and physical risks exist as these are stored in vaults and bunkers. This cold storage is likely to increase.
Why is crypto currencies more volatile than physical currencies?
Due to the speculative demand and exacerbated by hoarding. There is a limited amount of currency, makes it suspectable to market manipulation.
What risk does engaging in Crypto bring to a firm?
Any negative adverse regulatory events could trigger a further loss of confidence, business risk! There is a risk of reputational risk, for example any data breaches can damage reputation.
what are the key financial risks?
Credit, Market, liquidity
What is hedging an example of?
Risk Mitigation
what is an example of an external risk?
Cyber
Top down + Bottom up =
Risk appetite
which function is responsible for accessing soundness of a counterparty
Credit risk management
