Foundations of Risk Management

Question 1

Explain the concept of risk and compare risk management with risk taking.

Answer 1

• Risk is the volatility of returns that can lead to unexpected losses, with higher volatility indicating higher risk. This volatility is influenced by numerous risk factors and their interaction.
• Risk taking refers to accepting possible losses in the pursuit of positive cash flows. The possible losses are uncertain in the sense that they cannot be reliably anticipated and remain unexpected.
• Risk management has the goal of identifying these risks and taking appropriate measures to keep them under control and within a defined risk appetite. It is not only about reducing risk, but also about actively select the type and level of risk that is appropriate. In fact, the better and more precise the risk management, the more aggressive an enterprise can capture risk-rewarding activities.

Question 2

Describe the risk management process and identify problems and challenges that can arise in the risk management process.

Answer 2

• The risk management process first identifies the risk exposures before measuring/quantifying it, while also finding instruments to shift/trade them. An assessment of both the exposures and the available instruments then informs the decision whether to avoid, transfer, mitigate, or keep the risks. Finally, a continuous performance evaluation helps to decide whether the risk mitigation strategy requires adjustments.
• Some risk factors could be entirely unknown. The risk analysis could depend on factors that are unknown at the time of the analysis. The risk factor I want to measure could be confused by other factors that are out of scope (e.g. tax effects confusing the credit risk signal from bond prices. Risks could be misclassified, or certain aspects could be neglected due to a too narrow classification (e.g. market risk vs. counterparty risk). Finally, risk can be downright avoided, which would exclude the firm from reaping the payoff from taking risks in a controlled manner.

Question 3

Evaluate and apply tools and procedures used to measure and manage risk, including quantitative measures, qualitative assessment, and enterprise risk management.

Answer 3

• Value-at-risk (VaR) is a quantitative/statistical measure that defines the level of financial loss that occurs with a specified probability (confidence level, e.g. 5%). For example, a 10 day, 5% VaR of 1 million USD means that the probability to lose more than 1 million USD over 10 days is less than 5%, statistically speaking. This could also quantify the costs of holding the risk, for example through the funding costs of a sufficiently large reserve buffer.
• Enterprise risk management (ERM) attempts to avoid risk management silos and take risk considerations into account for business decisions. Tools include economic capital, enterprisewide stress testing, and risk committees.

Question 4

Distinguish between expected loss and unexpected loss, and provide examples of each.

Answer 4

• The expected loss is the sum of losses, weighted by their probability, thus referring to how much a firm expects to lose on average. For example, a certain share of loans will usually default, which can be priced into the loan as risk premium.
• Unexpected losses are the loss percentiles in excess of the expected loss. Unexpected losses might realise when multiple risk factors start to realise. For example, default rates will increase in a recession beyond previously expected level.

Question 5

Interpret the relationship between risk and reward and explain how conflicts of interest can impact risk management.

Answer 5

• In financial markets, to achieve higher returns, it is often necessary to accept higher levels of risk. However, this relationship is not always stable.
• Because returns must be adjusted for the associated risk, business managers could have an incentive to understate risks to overstate profitability. For example, remuneration could incentivise them to overstate profits today to boost their compensation, with the costs of the risks realising only in the future. Such conflicts of interest become especially potent when combined with a poor risk culture.

Question 6

Market risk

Answer 6

Market risk is the risk that changes in financial market prices and rates will reduce the value of security or portfolio. The risk can be decomposed into a general market risk (movement of the market as a whole) and specific market risk (movement of the particular transaction). Market risk can arise from open or imperfectly hedged trading positions.

Question 7

Interest rate risk

Answer 7

Interest rate risk (in its simplest form) is the risk that the value of a fixed-income security changes as a result of an increase in market interest rates. More complex types of interest rate risk can arise from changes of the shape of the yield curve (curve risk) or imperfect correlations of rates of different instruments used for hedging (basis risk).

Question 8

Equity price risk

Answer 8

Equity price risk is associated with the volatility of stock prices. It can be differentiated into general market risk (i.e. the sensitivity of the price to movements of the equity market as a whole) and idiosyncratic risk only affecting the stock. The latter can be eliminated through diversification.

Question 9

Foreign exchange risk

Answer 9

Foreign exchange risk arises from positions in foreign currency denominated assets and liabilities leading to fluctuations measures in a local currency. Drivers include imperfect correlations in the movement of currency prices and fluctuations in international interest rates.

Question 10

Commidity price risk

Answer 10

Commodity price risk is often characterised by higher volatility and is influenced by factors such as lower market liquidity (through fewer traders) and storage costs.

Question 11

Credit risk

Answer 11

Credit risk is the risk of an economic loss from the failure/default of a counterparty or from the increased risk of default during the term of the transaction. For example, credit risk realises when a borrower is unable to make the regular payment of principal and coupon. The loss given default (LGD) is not necessarily 100%, depending on the recovery rate.

Question 12

Default risk

Answer 12

Default risk corresponds to the incapacity or refusal by a borrower to meet their debt obligation by more than a reasonable period from the due date (often 60 days).

Question 13

Bankruptcy risk

Answer 13

Bankruptcy risk is the risk of taking over the collateral of a defaulted counterparty.

Question 14

Downgrade risk

Answer 14

Downgrade risk is the risk that the (perceived) creditworthiness of a counterparty deteriorates, for example a downgrading by a rating agency. This may in turn lead to a higher risk premium or credit spread, which implies lower prices.

Question 15

Settlement risk

Answer 15

Settlement risk is the risk due to the exchange of cash flows when a transaction is settled. Failure to perform on settlement can be caused by counterparty default, liquidity constraints, or operational issues.

Question 16

Credit concentration risk

Answer 16

Concentration risk measures the extent to which obligors are diversified in terms of exposures, geography, and industry.

Question 17

Funding liquidity risk

Answer 17

Funding liquidity risk relates to a firm’s ability to raise the necessary cash to roll over its debt, to meet the cash, margin and collateral requirements of counterparties, and to satisfy (capital) withdrawals.

Question 18

Trading liquidity risk

Answer 18

Trading liquidity risk is the risk that an institution will not be able to execute a transaction at the prevailing market price because there is (temporarily) no demand for the deal on the other side of the market. If the transaction cannot be postponed, execution may lead to substantial loss on the position. This risk is also related to the size and immediacy of the transaction.

Question 19

Operational risk

Answer 19

Operational risk refers to potential losses resulting from a range of operational weaknesses including inadequate systems, management failure, faulty controls, fraud, and human errors. It may also include catastrophes (e.g. earthquake, terrorist attacks) and other nonfinancial risk (inter alia fraud risk, technology risk).

Question 20

Human factor risk

Answer 20

Human factor risk relates to losses that may result from human errors such as pushing the wrong button, inadvertently destroying a file, or entering a wrong value.

Question 21

Legal and regulatory risk

Answer 21

Legal and regulatory risk is related to operational and reputation risk, and arises from many different sources, including lack of authorisation to conduct activities, litigation from trading counterparties, and potentially negative consequences of law changes (e.g. tax reform).

Question 22

Business risk

Answer 22

Business risk is related to the uncertainty around the factors influencing the success of a firm to achieve its targets. While certain risks relate to internal decision-making (e.g. flawed project management), factors could also lie outside the direct influence of the firm, such as consumer preferences or macroeconomic developments.

Question 23

Strategic risk

Answer 23

Strategic risk refers to the risk of significant investments for which there is a high uncertainty about success and profitability. It can also be related to a change in the strategy of the firm, e.g. to react to competitors.

Question 24

Reputation risk

Answer 24

Reputation risk refers to the perception that an enterprise can and will fulfil its promises (to counterparties) as well as the perception that an enterprise will act fairly and follow ethic practices. Reputational risk is especially important to institutions whose business requires clients’ trust, such as banks.

Question 25

Systemic risk

Answer 25

Systemic risk refers to the potential for the failure of one institution to create a chain reaction on other institutions and consequently threaten the stability of financial markets and the economy. Systemic risk also relates to the connection between market participants and can cause risk spillovers between them.

Question 26

Evaluate some disadvantages of hedging risk exposures.

Answer 26

Assuming perfect capital markets, the price of a derivative or any other financial instrument used for hedging risks fully reflects its price characteristics, which implies that such a transaction cannot increase the firm’s financial value. At the same time, risk management requires attention and time from the firm’s management, the firm would need to invest in the skills, knowledge, and infrastructure required for a risk management function, and the firm would incur compliance costs (e.g. for disclosures). Finally, hedging can result in earnings variability when accounting flows and economic cash flows do not occur at the same time.

Question 27

Evaluate some advantages of hedging risk exposures.

Answer 27

An important base assumption that supports risk management is the high fixed cost of financial distress or even default/bankruptcy. Due to imperfect information, firm managers may also have an interest to reduce volatility either to benefit their own portfolio or as means of signalling. When a firm chooses a specific risk appetite which is attractive to a certain group of investors, hedging allows the management to reach this risk appetite. From a production perspective, reducing the volatility of input prices also allows for greater stability in the pricing policy of the firm. Finally, as hedging reduces the firm credit risk to investors, it reduces its financing costs, boosting investment capabilities and thus growth.

Question 28

Apply appropriate methods to hedge operational and financial risks, including pricing, foreign currency, and interest rate risk.

Answer 28

Hedging risks related to operations of a firm has the benefit that it decreases complexity in the production chain through greater stability, thus also freeing up management attention. It can stabilise pricing on key markets, for example by hedging the price swings of commodities needed as input (e.g. commodity futures). Foreign exchange risk from projects in foreign countries can be hedged by fixing the exchange rate today for the point in time when the cash flows will occur (e.g. through local currency put options or forward exchange contracts). When investing in new products, the financial risks of taking debt on the balance sheet can be reduced through interest rate hedges (e.g. interest rate swaps), which makes the profitability of the investment more manageable.

Question 29

Explain how a company can determine whether to hedge specific risk factors, including the role of the board of directors and the process of mapping risks.

Answer 29

As a first step, the firm needs to determine its risk appetite, i.e. how much of a risk factor they are willing to accept. This can be in quantitative (e.g. maximum loss) or qualitative terms for a defined period and should consider the stakeholders as well as how performance evaluation can be achieved. The measures of risk factors can either be in accounting or economic terms.

Once the risk factors and the firm’s appetite for these risk factors is clear, the firm needs to map the assets and liabilities that are sensitive to the risk factors. For example, for foreign exchange risk, the firm would need to identify the currency in which the balance sheet and cash flows are denominated. The mapping should allow the firm to identify the most important risk factors in terms of both impact and likelihood. Finally, the firm should now be able to understand which risk factors can be hedged and which are nonhedgeable. For this mapping, the management will also need access to adequate corporate and market data.

For the mapped risk factors, the firm needs to identify the instruments that allow it to manage them. Such instruments can sometimes already be found internally, for example by directly financing foreign investments in the local currency. For all identified instruments, the firm then chooses those with the best benefit-to-costs profile. This analysis could also result in a decision to hedge a risk only partly or even not at all.

Question 30

Assess the impact of risk management instruments.

Answer 30

• Static strategies, such as perfectly offsetting hedge instruments, can be implemented easily and require less efforts to monitor.
• Dynamic strategies, such as ongoing trade flows, require more monitoring and incur higher costs to maintain.
• Risk management instruments can also have consequences related to taxes and accounting presentations, as well as disclosure requirements.

Question 31

Compare and contrast best practices in corporate governance with those of risk management.

Answer 31

• Corporate governance refers to the system of rules, practices, and controls put in place by a firm to ensure accountability, transparency, and achievement of long-term goals/value. This relates to the primary objective of creating shareholder wealth while also taking into account debt holders with the consideration of risks increasing the probability of default.
• Risk management is a critical part of corporate governance. Firms need to define rules, practices, and controls that govern risk management, and failures of risk management can often be related to poor corporate governance. At the intersection of corporate governance and risk management is the concept of risk governance.

Question 32

Assess the role and responsibilities of the board of directors in risk governance.

Answer 32

• The board of directors have the responsibility to manage the firm according to the interests of the shareholders, while also taking into account other stakeholders such as debt holders. This requires actively ensuring that profits are sustainable and that potential conflicts of interest (i.e. agency risks) are considered.
• With regard to risk governance, the board needs to make the risks the firm is incurring transparent to all relevant stakeholders. At the same time, the board should formulate an adequate risk appetite, which embeds risk management in business planning and informs the assessment of risk-adjusted returns of business activities. The risk appetite also allows the board to decide how to respond to risk exposures (reject, accept, mitigate, transfer).

Question 33

Evaluate the relationship between a firm’s risk appetite and its business strategy, including the role of incentives.

Answer 33

• The risk appetite should be embedded in the business strategy. The metrics used for measuring the performance of the business should depict the risks that need to be taken to execute it. In particular, risk limits for each type of risk provide a framework within the business strategy can be executed.
• Incentives should be structured in a way that risks are taken into consideration. For example, the risk a business unit takes in order to achieve their results should be reflected in the compensation of the business unit for achieving these returns. In this regard, the firm’s compensation committee should ensure that business activities remain aligned with the interests of stakeholders.

Question 34

Distinguish the different mechanisms for transmitting risk governance throughout an organization and illustrate the interdependence of functional units within a firm as it relates to risk management.

Answer 34

• The operations function reconciliates front- and back-office positions, including booking and settlement of trades as well as creating P&Ls and marking-to-market the trading positions. Behind that, Finance is responsible for the valuation and finance policy, including ensuring the integrity of the P&L created by operations.
• The business risk committee is responsible for business-level risk management, ensuring that the business’ strategy is in line with the firm’s risk appetite. At a more granular level, parts of this mandate can be delegated to business unit managers.
• The senior risk committee receives delegated authority from the risk committee to draw up recommendations for the risk appetite, while also documenting and enforcing the firm’s risk policies.
• The risk committee independently reviews the different forms of risk the firm is taking, approves individual large credits, monitors the risks in the firm’s portfolio vis-à-vis the market/industry, and report crucial risk information to the board of directors. This includes approving the risk appetite recommended in delegated authority by the senior risk committee.
• The CRO is responsible form risk management from the board of directors perspective, framing the risk management strategy and developing the infrastructure for the firm’s risk management (e.g. model vetting, limit monitoring, drafting of risk policies).
• This can be supported by the function of a risk advisory director (potentially a board member), who would develop risk management policies and reports, oversees financial reporting, ensure compliance with regulatory requirements, and participate in and support risk committee meetings.
• Finally, the audit function provides independent assessment of the framework and its implementation, including the adequacy of documentation, data accuracy, model reliability, and the soundness of stress testing methodologies.

Question 35

Assess the role and responsibilities of a firm’s audit committee.

Answer 35

• The audit committee’s responsibility is to ensure that the firm’s financial and regulatory reporting is accurate and to evaluate the quality of the process for these activities. It should also ensure that the firm complies with best practices and standards in regulatory, risk management, legal, and compliance activities. To achieve independence in this mandate, the members of the audit committee should be non-executive members of the board.
• The audit committee should be separated from the risk committee due to the difference in required skills and responsibilities.