Chapter 10 - Enterprise Risk Management (EMR) Flashcards
What does the Basel Committee enhanced pillar 2 guidance set out to board of directors / seniors
- understand firm risk profile
- aggregate firm wide exposure information
- define risk appetite
- set clear incentives
what does ERM enable a firm to do
- provide the firm with a succinct view of its key risk information, enabling the senior team to make a balanced risk decision.
- define common understanding of risk
- aggregate risk information
- present summarized risk info quickly
- compare firms risk profile
- use firm-wide risk view
- assign firms limited resources
Definition of risk management
definition of ERM
RM = Practice of using processes, methods and tools for managing risk and uncertainties, focus on identifying what went wrong.
ERM = Process of applying the discipline of risk management to all risks a firm faces to understand and manage them
Also known as - Integrated risk management/firm-wide risk management
ERM approach, what it integrates and allows
what indicators does it show
it integrates the management of all risks, those with corporate governance responsibilities are able to see a single view of the firm’s risk profile
ERM approach shows the indicators across all firm’s risk types, and when one risk indicator starts to increase, the links through to the other risks can be seen.
give an example of an industry regulation, and what its driving firms towards
Basel Pillar 2 (internal capital and liquidity assessment process) currently drives firms towards ERM
what are the three things firms have to produce an internal capital and liquidity assessment
what step is the hardest, what does ERM focus on
1) Define and quantify their overall risk exposure across all risk types
2) Stress and scenario test this exposure
3) Compare the results to available capital
the first step is the most challenging, and this step ERM focuses on.
what does sound practice recognise
That operational, credit, and market risk are linked and should not be treated in isolation
what are the goals of the ERM program?
- designing and implementing methods
- enabling decisions
- allowing comparisons of risk profile
- setting accountability
Cultural aspects of ERM - Sponsor
Sponsor will need to make sure right resources are available, being able to grasp the details of what the program is attempting to achieve, ensuring acceptance throughout firm
why does an exception-based approach help a ERM framework
- makes it clearer to senior teams which actions need to be prioritized due to all the information
what has firms experienced challenges in?
Combining their ‘Financial’ (credit and market) risk teams, with their operational risk teams to form a single unit.
The main challenge has been different cultures and skill-types required
what are the 2 risk information which are reported up to chain of command?
- periodic reporting of risk and control information
- immediate escalation of risks as they materialize and controls fail
what should be established to help firms
what is an escalation matrix
Thresholds and Limits should be established across the firm for individual risk types, and these should be used to build an escalation matrix
Escalation matrix - table showing potential incident types and who should be alerted at different points of severity.
what does a piecemeal approach do
makes it more difficult for senior managers to properly priories and coordinate their actions when information they receive is coming from several disparate sources
VaR models, what they include, what modified VaR is used for
Credit VaR, Market VaR, Liquidity VaR , Modified VaR used to estimate future operational risk, based on key scenarios
what are the three inter-related categories for grouping risk data
- measurement (must enable direct comparisons between asset classes)
- timescales
-combining the data
What two things need to be consistent across all measured risks to aggregate risk meaningfully
- confidence levels and time-frames
Otherwise cant compare the risks on a like-for-like basis
what car a VaR measure if used carefully
can yield useful and comparable results across disparate risk types
time scale of Short VaR, Medium and longer
short - weeks
medium - weeks/months
longer - months/years
what are the further timescale challenges in production of ERM reports, why are the slow
Slow because:
- complexity involved in collecting and transforming inputs
- need to add narrative to the data in order that the senior team can quickly understand and act on key points
distinguish firms risk and clients risk
Firms risk - impact firm, or clients that they need to be compensated.
Client risk - impact the client, but do not require the firm to pay compensation.
three ways ERM program increases accountability
- where departments or named individuals are included as risk or control owners in the ERM reports seen by seniors
- if risk materializes, senior executives has responsibility
- as specific accountability becomes more visible, other staff know they don’t need to try to resolves certain issues, and instead be more productive in areas they are accountable.
What has the regulatory framework trying to include?
what is the first focus and second.
including ESG risk into the three pillars of the banking prudential framework.
The first focus is on Pillar 2, Firms internal assessment of ESG risks and the supervisory review and evaluation process (SREP) performed by regulators.
The second focus is on the Pillar 3, disclosure requirements for the firms ESG metrics and measurements
what must be done to incorporate ESG risks into business strategies
Taking into account an assessment of their materiality over different time horizons by:
- embedding material ESG risk into risk appetite frameworks
- managing ESG risks as drivers of financial risks, in manner with risk appetite, and reflected in banks internal capital and liquidity assessment.
Why is the managed of ESG risks in a systematic way needed?
So they are incorporated into institutions’ decision making and long term capital and liquidity planning
how is ESG carried out in context of ERM
- Identification
- evaluation
- action
what does ESG risk require which credit, market and operational doesn’t
requires the banking and financial services sector to extend their time horizon for strategic planning to at least ten years, testing resilience to different scenarios, and disclosing ESG risk-related strategies.
what is GRC
what does it involve
benefits
what does it offer.
Governance, regulatory, compliance.
It is a set of processes and procedures to help organizations achieve business objectives by harmonizing the identification assessment and management of risk across the company.
it OFFERS the power of sharing data and intelligence to drive better results and build a stronger org.
It will involve
- defining the right objectives for an organization
- ensuring smooth communication
- establishing and enforcing the right set of actions and controls
benefits
- reduce costs, reduce duplications, faster, higher quality, consistent.
what business functions would typically participate in an ERM program?
- strategic planning
- finance department
- appropriate risk departments
what do the operational risk teams provide information on?
- losses over a certain threshold
- the controls environment
- business continuity planning
- insurance arrangements
what does the internal audit department do in the ERM framework?
- indepdently do the provision of risk information.
Its role is to audit the ERM framework to ensure it is accurate and robust.