Risk governance

Question 1

What are the key steps of the risk management control cycle?

Answer 1

• Risk identification
• Identify risks that can threaten the income and assets of the company (hardest aspect of risk management)
• Because the risks the company is exposed to are numerous, and
• Risk identification needs to be comprehensive
• Biggest risks are unidentified risks (esp those that haven’t occurred before)
• Risk classification
• Risk measurement
• Risk control
• Risk financing
• Risk monitoring

Question 2

What are the other aspects involved in risk identification stage?

Answer 2

• Determine if risk is systematic or diversifiable
• Identify preliminary possible risk control measures to reduce the likelihood and severity of risk event
• Identify opportunities to exploit risk to gain competitive advantage
• Identify company’s risk appetite or risk tolerance level.
• What is the purpose of risk classification stage of the process
• Aids the calculation of of cost of risk
• And the value of diversification
• Risk owner can be appointed to manage the control processes of the risk
• What is estimated in risk measurement stage
• Probability of a risk event occurring
• The likely severity (this is done before and after risk control measures + their costs)
• How does knowing the prob and severity aid to risk management
• Gives the basis for evaluating
• and selecting methods of risk control (declined, transferred, mitigated, retained with and without controls)

Question 3

What is risk control?

Answer 3

• Decide whether to:
• Reject
• Fully accept
• Partially accept each identified risk
• Risk control measures are systems to mitigate risks or consequences of risk events by:
• Reduce probability of a risk occurring
• E.g Safety features to reduce risk of fire starting
• Limiting the financial consequences of a risk
• Financial consequences = losses if risk event (RE) occurs + costs of mitigation techniques (insurance premiums)
• Limiting the severity of the effects of a risk that does occur
• Reduce the probability of catastrophic loss
• E.g. adequate fire extinguishers to avoid total loss
• Reducing the consequences of a risk that does occur
• Risks event that do not have direct financial impact (operational risk?)
• Another available business premises in case of fire total loss
• What is risk financing
• Determining the likely cost of each risk. E(loss)+cost of mitigations + cost of capital arising from retained risk
• Ensuring the organization has enough financial resources to continue objectives after loss event has occurred
• What is risk monitoring
• Regular review and re-assessment of existing risks
• Identification of new or previously omitted risks
• What are the objectives of risk monitoring
• Determine if risk exposure and risk appetite of organization has changed overtime
• Identify new risks and changes of nature of existing risks
• Report on risks that occurred and how they were managed
• Assess the effectiveness of existing risk management processes

Question 4

What are the benefits of risk mitigations to a provider?

Answer 4

• SAMOSAS R
• Stability and quality of business improved
• Avoid surprises
• Management and allocation of capital improved (better growth and returns)
• Opportunities exploited for profit
• Synergies (benefits of combining two) identified and relative opportunities taken
• Arbitrage opportunities identified
• Stakeholders in the business given confidence
• React more quickly to emerging risks
• What are the objectives of the risk management process
• Incorporate all risk, both financial and non-financial
• Evaluate all relevant strategies for managing risk
• Consider all relevant constraints including:
• Political
• Social
• Regulatory
• Competitive
• Exploit the hedges (options) and portfolio effects among the risks
• E.g. Life insuer sells life assurance (mortality risk) and immediate annuity contracts (longevity risk)
• Exploit the financial and operational efficiencies within the strategies

Question 5

What is the difference between risk and uncertainty?

Answer 5

• Uncertainty – outcome is unpredictable (likeliness and severity)
• Risk - consequence of an action taken
• Involves some uncertainty, but
• There may be some certainty about some components of the risk

Question 6

What is systematic risk?

Answer 6

• Risk that affects entire financial market
• Not just specific participants
• Not possible to diversify
• What is diversifiable risk
• Arise from an individual component of the financial market
• Risk can be eliminated by diversification investor is not rewarded for taking diversified portfolio
• Example of risks that are both systematic and diversifiable
• Domestic only investment fund will see domestic equity market as systematic risks
• International investment fund can diversify by overseas investments

Question 7

What does it mean to manage risk at a business level and disadvantages of this approach?

Answer 7

• Parent company determine the overall risk appetite
• Each BU manages risk with its allocated risk appetite
• No allowance for benefits of diversification or pooling of risk
• Hence business is not capital efficient

Question 8

What does it mean to manage risk at enterprise level and advantages?

Answer 8

• ERM Risk managed at group or entreprise level
• All risk are considered at enterprise level:
• Diversification
• Pooling of risks
• Economies of scale
• Capital efficiency
• Provides insight into risk in different parts of the business
• Unerstand risk better add value by exploiting risks as opportunity

Question 9

What are the roles of varios stakeholders in risk governance?

Answer 9

• Employees Look out for risks and suggest controls
• CRO Allocating risk budget after allowing diversification
• Monitoring group risk exposure
• Documenting risk events
• Managing various risk functions
• Providing leadership and direction
• Designing and implementing ERM frameworks
• Ongoing risk policy development
• Develop systems to analyse, monitor and manage risk
• The Central Risk Function (Risk managers)
• Giving advice to board on risk
• Assessing overall risk and their correlations
• And compare this with risk appetite
• Staff can report new and enhanced risks to them
• Provide guidance to line managers
• Monitor profress of risk management processes
• And pull the whole picture together
• Customers
• Note and report risks faced when using products
• Shareholders
• Drive risk governance
• Development of risk appetite
• Regulators, auditors and credit rating agencies
• Quality of risk governance
• Impose minimum standards.
• What are the 3 lines of defence of risk management
• First line of defence – line management staff in the BU
• Accountable for daily measuring and management of risk in individual BU
• Second line of defence – CRO, risk management team, compliance team
• Establish risk and compliance programmes and policies,
• support and monitor line management
• report to the board
• third line of defence – board and audit function
• governance of risk management process
• setting risk management strategy
• approving policies and ensure that ERM is effective
• What is the relationship between 2 first lines of defence
• Offence vs defence
• BU want to maximise income and risk management focusses on minimizing losses
• Policy vs policing
• BU operate within rules set up by risk management function and policied by
• Risk management, audit and compliance functions
• partnership
• Risk management and BU are integrated
• Risk identification and classification
• financial product and benefit scheme
• Accepting risk
• Risk measurement and reporting
• Risk transfer
• Other risk controls
• Provisions
• Valuation of liabilities
• What is the relationship between 2 first lines of defense
• Describe the replicating approach of valuing A and L
• Assets values are taken at market values
• A portfolio of assets that replicate the term and risk characteristics of liabilities is selected. The fair value of liabilities is the market values of these assets
• Describe the RISK-NEUTRAL market-consistent approach to value A and L
• Discount liabilities at pre-tax market yield on risk-free assets such as government bonds and swaps
• What factors should be considered when values guarantees
• Take a cautious approach
• Worst case assumed in every scenario then too much caution
• Unless the guarantees are in the money
• Stochastic model => Likelihood of biting + associated E(cost)
• Parameter values => reflect the purpose for which the results are required
• Guarantees may become +- onerous over time (required more resources)
• Values of guarantees + influence on consumer behaviors vary greatly depending on => Economic scenarios + sophistication of market
• Outline the factors to consider when assessing the cost of an option from the viewpoint of the provider.
• Take cautious approach
• However, this can build in too much caution
• E.g. PH may not exercise the highest cost option despite it being financially better for them
• Allow for anti-selection risk
• Or use eligibility criteria for exercising options
• Options and guarantees are not necessarily independent. Some guarantees may make options more valuable
• Deterministic and closed form (e.g. B-S) methods could be used
• Reporting results
• Insolvency and closure
• Capital management
• Capital requirements
• Surplus and surplus management
• Monitoring
• Glossary
• A1. Banking overview