Risk Identification And Classification

Question 1

Risk identification

Answer 1

Everyone in an organization should be involved in risk identification, at all levels.

Techniques that can be used as part of the process:
• risk classification (to ensure full coverage)
• risk checklists, e.g. as used for setting regulatory capital requirements
• experience of staff joining from similar organizations, consultants, experts
• project management risk identification techniques
> high level preliminary analysis
> brainstorming
> desktop analysis
> risk register/risk matrix

Question 2

Risk categories

Answer 2

These two form financial risks
Market risk
Credit risk

Liquidity risk
Business risk
Operational risk
External risk

Question 3

Market risk

Answer 3

Risks related to changes in investment market values or other features correlated with investment markets, such as interest rates and inflation rates
Can be divided into consequences of:
• changes in asset values
• investment market value changes on liabilities
• mismatching assets and liabilities

Question 4

Credit risk

Answer 4

The risk of failure of third parties to meet their obligations
Examples:
• borrowers defaulting on interest and capital payments - including credit concentration risk and possibly also credit spread changes
• counterparties to a transaction to meet their obligations - including settlement risk
• debtors failing to pay for purchased goods/services

Security (or collateral) may be required from the borrower as a way of reducing credit risk when lending money

Question 5

Liquidity risk

Answer 5

Individual or company:
The risk that an individual or company, although solvent, does not have available sufficient financial resources to enable it to meet its obligations as they fall due, or can secure such resources only at excessive cost

Financial markets:
Liquidity arises when the market does not have the capacity to handle that volume of transacted asset without a potential adverse price impact
Therefore liquidity (how quickly an asset can be converted to cash at a predictable price) differs from marketability (how easy it is to trade an asset)

Question 6

Business risk

Answer 6

Business risk is specific to the business undertaken.
Examples:
• poor underwriting standards (underwriting risk)
• poor claims experience (insurance risk)
• providing finance for a project that turns out to be unsuccessful (financing risk)
• exposure to a particular risk being greater than expected, or lower sales volumes than expected, e.g. due to competitor actions (exposure risk)

Question 7

Operational risk

Answer 7

This refers to the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events

Operational risk can be controlled by the organization, and can arise from:
• inadequate internal processes, people or systems
• poor conduct towards customers/the market (conduct risk)
• dominance of a single individual (dominance risk)
• reliance on third parties (e.g. outsources)
• the failure of plans to recover from an external event

Question 8

External risk

Answer 8

Arises from external events such as storm, fire, flood or terrorist attack

Regulatory, legislative and tax changes are also examples of external risk

In general, external risk is systematic (non-diversifiable) risk

Question 9

Climate change

Answer 9

It may generate the following types of risk for financial companies
• physical - arising from the first-order effects of environmental changes, e.g. extreme weather
• transition - arising from economic, political and market changes, e.g. reduced fossil fuel consumption
• liability - relating to compensation claims due to the impacts of climate change

Question 10

Identification and analysis of risk

Answer 10

• make a high level preliminary risk analysis to confirm that the project does not have such a high risk profile such that it is still worth analyzing further

• hold a brainstorming session of project experts and senior internal and external people who are used to thinking strategically about the long term
The aim is:
> identify project risks, both likely and unlikely, and their upsides and downsides
> discuss these risks and their interdependency
> attempt to place a broad initial evaluation of the risk, this includes analyzing the frequency and consequences should it occur
> generate initial mitigation options
> discuss these options briefly

• carry out a desktop analysis to supplement the results from the brainstorming session, by identifying further risks and mitigating options

• obtain the considered opinions of experts who are familiar with the details of the project and the outline plans for financing it

• carefully set out all the identified risks in a risk register or risk matrix, with cross references to other risks where there is interdependency