Risk Management Flashcards
The probability of something happening that will have an adverse impact upon people, plant, equipment, financials, property or the environment and the severity of the impact.” (Australian Risk Management Standard ASNZA 4360)
Risk
Focus of the Bank Proper
- Capital Adequacy & Transparency
- Risk-based Capital Adequacy Framework
- Liquidity Ratios - CAMELS Rating
- BSP Supervisory Assessment Framework (SAFr)
Focus of Trust Services
- Fiduciary Responsibility
- Basic Standards
- BSP Circular 766 - Trust Rating System
- BSP Supervisory Assessment Framework (SAFr)
The practices which are specific to Trust Banking will collectively be taken as
Fiduciary Risk Management
Fiduciary Risk Management involves the management of risks affecting both the ____ and _____ as a trust entity.
clients; TBG
What are the Risks associated with TBG?
- Strategic Risk
- Reputational Risk
- Compliance Risk
- Operational Risk
What are the Risks associated with the clients?
- Credit/Counterparty Risk
- Market Risk
- Liquidity Risk
- Sustainability Risk
Risk Management Structure: What are the 3 Lines of Defense Framework and who is/are responsible for each line?
- 1st Line of Defense (TBG/Business Risk Manager)
- 2nd Line of Defense (Risk Management)
- 3rd Line of Defense (Internal Audit)
The Line of Defense which has the following functions:
- best position to identify & manage risk
- immediate reporting & escalation of current & impending risks
- internal challenge to existing controls & declaration of levels of risk
1st line of defense (TBG /Business Risk Manager)
The Line of Defense which has the following functions:
- assist in the identification, assessment, monitoring & controlling risks
- provide tools to manage risks
- independent challenge and assessments, review of policies and procedures
2nd line of defense (Risk Management)
True or False. Risk as a discipline cuts right across the three lines of defense; The responsibility falls on the risk management team in the firm, as an inherent part of their day-to-day responsibilities
False. Risk as a discipline cuts right across the three lines of defense; The responsibility falls on every single individual in a firm, as an inherent part of their day-to-day responsibilities.
The Line of Defense which has the following functions:
- assess control adequacy, policy application & adherence
- report failings & policy deviations/ violations
- independent challenge to the levels of assurance declared by business operations and oversight functions
3rd Line of Defense (Internal Audit)
True or False. Everyone in a firm is expected to take responsibility for identifying and mitigating risks associated with the tasks they perform.
True
The Risk Management process of TBG includes the (1) ____________ of risks of the Group, (2) ___________ the risk exposures, (3) ___________ the risks to desired levels: in keeping with the risk tolerance of both the clients and TBG, and (4) _________ the levels of risks so that these continue to be within acceptable levels.
identifying, measuring, controlling, monitoring
The success of the Risk Management Framework rests on the ________________________ of the organization
diligent exercise of responsibility of each member
Under Product Development (of the Risk Identification) are:
- Risk Assessment Questionnaire
- AML Risk Assessment
- Fraud Risk Assessment
What is the Risk Identification Process?
- Product Development
- Client Onboarding
- Investment Evaluation
Under Client Onboarding (of the Risk Identification) are:
- AML Risk Profiling
- Client Suitability Assessment
- Client Risk Score
Under Investment Evaluation (of the Risk Identification) are:
- First Pass
- Risk Rating Systems for various asset types
- Counterparty Evaluation
Familiarize yourself with the Risk Reporting Checklist
Refer to slide 17 of TODP Risk Update as of July 2023
Risk Treatment Plan:
- Reduction
- Avoidance
- Transfer
- Acceptance
Risk Treatment Plan that entails finding alternative courses of action to reduce the probability & severity or prevention of risk
Reduction
Risk Treatment Plan that entails evading activities or situations that exhibit unacceptable risks & prevent an organization from taking more actions that may increase risk exposure
Avoidance
Risk Treatment Plan that often leaves the risk intact but shifts the responsibility for it to other parties that have greater control over the risk situation or are less susceptible to the impact of the risk factors
Transfer
Risk Treatment Plan saying that for some risks, it is simply not feasible to intervene with effective preventive/corrective measures, thus an organization may simply decide to “accept” such risks to realize opportunities
Acceptance
___________ is the current and prospective risk to TBG’s earnings arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes.
Strategic risk
Corporate Planning Stages
- Planning & Budget
- Approvals
- Dissemination
- Implementation
- Monitoring
- Review
This stage includes the Insight about the assessment of strengths, weaknesses, opportunities, and threats
Planning & Budget
Under this stage is the Board oversight: ensuring goals are realistic and risk appetite is acceptable
Approvals
This stage encompasses Accountability: Clear dissemination of responsibilities across TBG personnel
Dissemination
This stage tackles a Sound operational environment and appropriate support infrastructure to facilitate the achievement of goals
Implementation
Active monitoring/reporting of internal and external developments affecting plans/performance vs. targets is the target for this stage
Monitoring
This stage focuses on Proactive Deviation Management: identification of potential deviations to plans caused by internal/external factors
Review
True or False. For the monitoring stage, Performance against targets is done periodically to identify areas for improvement and apply necessary resources to augment deficiencies.
True
Operational risk is defined as the risk of loss resulting from inadequate or failed internal _________, ________, and ______ or from __________.
processes, people, and systems; external events
Operational Risk encompasses the following:
- Product development and delivery
- Operational processing
- Systems development
- The internal control environment
Operational Risk includes _________ which arises from non-adherence with the terms of the fiduciary agreement and the potential that unenforceable contracts, lawsuits, or adverse judgments can disrupt or otherwise negatively affect the operations of TBG.
Legal Risk
What are the Operational Risk Event Types?
- IF (Internal Fraud)
- EF (External Fraud)
- EDPM (Execution, delivery & process management)
- EPWS (Employment practices & workplace safety)
- CPBP (Clients, products & business practices)
- DPA (Damage to physical assets)
- BDSF (Business Disruption and System Failures)
Sound Operational Control Environment Risk Coverage includes:
- People
- Process
- Systems
- External Events
Activities/programs under this Risk Coverage include:
- Hiring Qualifications, Background Check, Training and Development
- Performance Appraisal, Employee discipline
- Succession planning, Benefits
- Employee Safety Guidelines
People
Activities/programs under this Risk Coverage include:
- Automation, Maker-Checker, Delineation of Roles; Accountability
- Policies and Procedures (Desk Manuals)
- BCP, RCSA, BRM
Process
Activities/programs under this Risk Coverage include:
- Best Practices for Emergency Drills
- Records Management
- Contingency Plan
External Events
It is the current and prospective risk to clients’ earnings or principal contribution arising from an obligor’s failure to meet the terms of any contract or otherwise perform as agreed.
Credit/Counterparty Risk
Activities/programs under this Risk Coverage include:
- Audit Trail, Access Restrictions
- Information Security Guidelines, Upgrades, Antivirus and Firewalls
- Limits Management System, Escalation to Management
Systems
Asset Management Diagram
Refer to slide 31of TODP Risk Update
Credit/Counterparty Risk arises _______ fiduciary funds are extended, committed, invested, or otherwise exposed through actual or implied contractual agreements, and reflected in the client’s financial statements.
anytime
Credit/Counterparty Risk is found in all activities where settlement depends on __________, ______, or _________ performance.
counterparty, issuer or borrower
TBG Risk Rating System (Credit or Investment Evaluation) includes all of the following except:
a.Trust Credit Risk Rating System (TCRRS)
b. Foreign Bond Rating System (FBRS)
c. Internal Equity Risk Rating System (IERRS)
d. Fund Selection Framework (TBG)
e. Asset Allocation Rating System (AARS)
e. Asset Allocation Rating System (AARS) - gawa gawa ko lang to
The result of the Credit or Investment Evaluation is a risk rating attached to the credit exposure. The risk rating is a fundamental tool in risk management and is the basis of ___________, _______, and credit ___________.
accreditation, management, and credit administration
The issuer/counterparty must attain a passing rating of at least ‘Acceptable’ in the internal evaluation to be accredited in the TBG Investment Universe. (Under which step is this included?)
Credit or Investment Approval
Process of Credit Risk Management
- Credit or Investment Evaluation
- Credit or Investment Approval
- Credit or Investment Administration
Under this step of the credit risk management includes:
- Monitoring of the credit/quality of the Investment Universe
- Impairment assessment (Allowance for Probable Losses, Expected Credit Loss)
Credit or Investment Administration
True or False. A TrustCom approval is required only for some investments.
False. A TrustCom approval is required for all investments.
It is the current and prospective risk to clients’ earnings or principal contribution arising from changes in the value of the TBG’s holdings of investment portfolios.
Market Risk
Market Risks arises from dealing and position-taking activities in:
Interest rate;
Foreign exchange; and
Equity markets.
Tools for Market Risk Management
- MTM or Revaluation
- Benchmarking Policy
- Duration
- Value-at-Risk (VaR)
- Active VaR
- Market Stress Testing
The fundamental purpose of this tool is to obtain an objective measure of the current market value, and hence of the potential profit and loss of a fund/portfolio if liquidated.
MTM or Revaluation
For TBG, this tool sets the appropriate benchmark to evaluate its asset management performance is just as critical as the performance itself. Fund performance is consistently benchmark-driven.
Benchmarking Policy
This tool measures the approximate sensitivity of a bond’s value to changes in interest rates.
Duration
This concept is introduced in a portfolio/asset management where the concern is not mainly focused on the portfolio loss but with its underperformance against a set benchmark.
Active VaR
TBG uses _____________ which is a measure of time characteristics that considers the repayment of capital at maturity & the size and timing of coupon payments prior to final maturity
Macaulay Duration
This tool is a measurement of a portfolio’s biggest probable loss at a given horizon and confidence level, under normal market condition. It provides a universal measure of the level of riskiness of a portfolio.
VaR
The Active VaR for TBG compares the possible returns of a portfolio with that of the benchmark returns, and measures the ________ _______ _______ deviation or underperformance given the same market scenario
maximum possible negative
This tool takes up abnormal market events that would impact severely the value of the funds.
Market Stress Testing
________ is the current and prospective risk to clients’ earnings or principal contribution arising from TBG’s inability to recognize or address unplanned changes in client’s and/or beneficiary’s needs thereby affecting the ability to liquidate assets quickly with minimal loss in value.
Liquidity Risk
True or False. TBG shall determine and maintain adequate level of liquidity in each accounts based on client-defined constraints and/or circumstances or product specifications.
True
What are the Tools for Liquidity Risk Management?
- Client Liquidity Evaluation: Liquidity Needs
- Investment Liquidity Evaluation
- Liquidity Contingencies
- Contingency Liquidation Plan (CLP)
- Liquidity Stress Testing
This liquidity tool requires the clients to specify their liquidity requirements. These requirements should be anticipated whenever possible to cover for both clients and TBG requirements such as payment of trust fees, withholding tax and out-of-pocket expenses.
Client Liquidity Evaluation: Liquidity Needs
This tool puts premium on the liquidity profile of its investment outlets. This is evident in the internal rating systems which includes liquidity ratios assessment.
Investment Liquidity Evaluation
This tool includes unanticipated withdrawal requests from clients. When the withdrawal levels become substantial and beyond the cash balance maintained for an account, the fund manager may be forced to liquidate investments at a loss. This will cause the fund’s value to drop and may signal even larger redemptions.
Liquidity Contingencies
Thisl tool provides a framework for managing a liquidity crisis, which includes the identification of trigger events or early warning indicators, establishing response action plans and funding strategies, and defining roles and responsibilities of key personnel to ensure minimal (if any) long term adverse effects for TBG clients.
Contingency Liquidation Plan (CLP)
The objective of this tool is to determine the level of robustness of funds in case of massive redemptions from investors and to what extent are funds and remaining investors affected in terms of resulting drop in NAVPU
liquidity stress-testing
The limits-setting process is a/an ________ activity conducted by the TRSK and the TBG.
annual
This process covers risk limits for which the TBG Management and BOD-level committees have control over (e.g. UITFs). These limits are subject to a periodic review to ensure that controls remain effective and relevant.
Limits Management
True or False. Failure to respond to the advisory and/or address the breach within the specified turn-around time is considered as violation of the bank policies and operating procedures, subject to the investigation of Internal Audit Group (IAG) and the regular due process conducted by Special Actions Committee (SAC). Any or a combination of sanctions enumerated under the Bank’s General Code of Conduct may be imposed.
True
__________ is the current and prospective risk to TBG’s earnings or capital arising from violation of laws, rules and regulations of regulatory authorities, prescribed practices or sound fiduciary principles, internal policies and procedures, and prudent ethical standards.
Compliance risk
Compliance Risk:
- exposes TBG to fines, payment of damages, and the voiding of contracts.
- this can lead to curtailed business opportunities, reduced expansionary potential, unenforceability of contract or even adversely affect TBG’s reputation.
Compliance Risk Management includes:
- Compliance Program
- Management Review System
- Gap Analysis
The negative public opinion can cause:
(a) clients to question or doubt TBG’s integrity to engage in fiduciary activities which can result in the termination of fiduciary relationships,
(b) litigation costs to increase, or
(c) revenues to decline.
This _____ is the deviation from the expected outcome which can be positive, negative or both
effect
True or False. TBG manages reputation risk by making sure that the entire TBG Risk Management Framework is active and effective.
true
TBG Basic Principles in Reputation Risk Management
- Promote a sound and ethical culture through its Sound Operational Control Environment and will practice self-policing in different levels and venues of the organization.
- Practice due diligence across activities from sales to account termination.
- Keep pace and respond well to market or regulatory changes. Anticipation is key in laying down the best possible course of actions to manage risks.
- Fidelity to the clients will be above all other interests of TBG.
- Brand image protection shall be a major consideration in setting business strategies.
- Compliance to laws, rules and regulations of regulatory authorities, prescribed practices or sound fiduciary principles, internal policies and procedures, and prudent ethical standards shall not be compromised.
What is included in the Reputation Risks?
- Strategic Risk Management
- Operational Risk Management
- Credit Risk Management
- Market Risk Management
- Liquidity Risk Management
- Compliance Risk Management
___________ is the current and prospective risk to TBG’s earnings and capital arising from negative publicity regarding the financial institution’s fiduciary business practices.
Reputation risk
True or False. Public Perception is not an issue in the fiduciary business.
False. Since the public’s perception is critical in the fiduciary business, TBG shall exercise an abundance of caution in dealing with clients and the public in general.
The effect of uncertainty on objectives.
Risk
___________ issued in _____ used the 3 Lines of Defense Model to emphasize on the accountabilities at each level to ensure effective management of Operational Risks.
BSP Circular 900; 2016
unknown information relating to an event
uncertainty
Who is responsible for assisting the business unit to fully comply with the circular 900
1st Line: Business Risk Manager (BRM)
The business line management and personnel as the first line of defense should be responsible on a day-to-day basis for identifying, managing and reporting operational risks inherent in the products, activities, processes and systems for which they are accountable. Who are this people?
1st Line: Business Unit (Risk Owner or a control owner)
______________________ shall assist management in meeting its responsibility to understand and manage operational risk exposures and ensure the development and consistent implementation of operational risk policies, processes, and procedures throughout the Bank.
2nd Line: Operational Risk Management Division (ORD)
______________________ performs independent assurance to efficiently assess/determine compliance with Bank policies, procedures and regulatory requirement; assess the adequacy and effectiveness of internal control; and recommend control measures that will promote operational efficiency and mitigate risks in the operations.
3rd Line: Internal Audit Group (IAG)
Risk Management Process wherein it Identifies the sources of risk, areas of impact, events and their causes and potential consequences
Identification
Risk Management Process wherein it quantifies the current level of risk by using different tools and techniques
Measurement
Risk Management Process wherein it establishes and communicates risk limits through policies and procedures
Control
Risk Management Process wherein it track and reports the exposures to monitor our compliance with risk tolerance standards
Monitoring
Risks under Market Risk
- Equity Price Risk
- Interest Rate Risk
- Currency Risk
- Commodity Risk
It is the potential reduction in value of a portfolio due to changes in financial market prices and rates.
Market Risk
Risks under Credit Risks
- Downgrade Risk
- Bankruptcy Risk
Risk arising from an obligor’s failure to meet the terms of any contract
Credit Risk
It may arise if TBG is unable to liquidate assets quickly with minimal loss in value
Liquidity Risk
Risks under Operational Risk
- Process
- People
- System
- External Events
may arise from adverse business decisions, improper implementation of decisions and lack of responsiveness to industry changes
Strategic Risk
may arise from an unintentional or negligent failure to meet a professional (legal) obligation to specific clients, or from the nature or design of a product
Legal Risk
may arise from negative publicity regarding the FI fiduciary business practices
Reputational Risk
Violation of laws, rules and regulations of regulatory authorities
Compliance Risk
What are the different Types of Risk under TBG?
- Market Risk
- Credit Risk
- Liquidity Risk
- Operational Risk
- Strategic, Legal, Reputational, Compliance Risk
What are the risks borne by the client?
- Market Risk
- Credit Risk
- Liquidity Risk
Operational risks leaves out _______ and _______ risks in part because they can be difficult to measure quantitatively
reputational and strategic risks
The _____________ recommends three approaches that could be adopted by firms to build a capital buffer that can protect against operational risk losses.
Basel committee
3 approaches as per the Basel Committee
- Basic Indicator Approach
- Standardized Approach
- Advanced Measurement Approach
Under the basic indicator approach, the amount of capital required to protect against operational risk losses is set equal to ____ of annual gross income over the previous ____ years.
15%; three
Under this approach, the FI activities classified into eight business lines then average gross income for each business line is then multiplied by the line’s beta factor. After that, the capital results from all eight business lines are summed up.
Standardized Approach
Requirements of the bank in order to use the standardized approach:
- Have an operational risk management function tasked with identification, assessment, monitoring, and control of operational risk.
- Consistently keep records of losses incurred in each business line
- Regularly report operational risk losses incurred in all business lines
- Install an operational risk management system that’s well documented
- Regularly subject its operational risk management processes to independent reviews by both internal and external auditors
Under the ________________, The Basel Committee on Banking Supervision has identified seven categories of operational risk
Advanced Measurement Approach
encompasses acts committed internally that diverge from a firm’s interests
Internal Fraud
encompasses acts committed by third parties. Commonly encountered practices include theft, check fraud, hacking, and unauthorized access to information
External Fraud
this category has much to do with intentional and unintentional practices that fail to meet a professional obligation to clients
Clients, products and business practices
acts that go against laws put in place to safeguard the well-being of both employees and customers
Employment practices and work safety
there are losses incurred to either natural phenomena like earthquake or human made events
Damage to physical assets
this included supply-chain disruptions and system failures like power outages, software crashes, etc.
Business disruption and system failure
this describes the failure to execute transactions and manage processes correctly. Issues such as data entry errors can cause unprecedented losses.
Execution, delivery and process management
RM TOOLSfor OPERATIONAL RISK
- Risk Incident Reports (RIR)
- Process Risk Self-Assessment (PRSA)
- Key Risk Indicators (KRI)
- Business Continuity Plan (BCP)
- Business Risk Forum (BRF)
- Risk Assessment Questionnaire
- Audits and Assessments
events, transactions or activities which subject the Bank to any form of potential, near-miss or actual risk exposures involving operational, reputational, compliance, information security or financial risks.
RISK INCIDENT REPORT
Important Components of RIR
Refer to Slide 25 of BRM PresMat VF
An internally driven activity to assess the risks and controls in the processes underlying a business unit’s operations.
PROCESS RISK SELF-ASSESSMENT (PRSA)
BCP should be able to cover and establish linkages among its multiple components, such as _________, _____________, ___________, and ______________.
communication plan, crisis management plan, contingency funding plan, technology recovery plan.
PRSA is an ______ exercise wherein business units evaluate their inherent risks (risks before considering controls), effectiveness of the control environment, and residual risks (risks after considering controls).
annual
Documented plan detailing the orderly and expeditious process of recovery, resumption, and restoration of business functions in the event of disruption.
BUSINESS CONTINUITY PLAN (BCP)
The BCPlan aims to:
- Ensure minimal disruption of operations
- Minimize financial losses
- Ensure timely resumption of normal operationss
Phases of Business Continuity Management
Refer to slide 31 of BRM PresMat vF
Discussion of roles during the emergency
Tabletop Exercise / Structured Walk-though Test
Desk-based walkthrough of the plan (videos, presentations)
Walk-Through Drill / Simulation Test
A telephone procedure which can be used to notify personnel of an emergency
Communication / Call Tree Test
a series of tests that focus on the miscellaneous components of BCP (availability of plan, retrieval of vital hard copy records from offsite locations, contact suppliers and others ; confirm alternate site readiness
Component Test Exercise
Test the capability of personnel, systems, and facilities located in alternate sites
Alternate Site Test / Exercise
Involves the actual mobilization of personnel to other sites in an attempt to establish communications and perform processing as set forth in the plans
Functional Drill / Parallel Test
an exercise done at full capacity where all critical personnel are involved in the test
Enterprise-wide Full-interruption / Full-Scale Test
KEY RISK INDICATORS
- Identify leading or predictive indicators that will allow management to anticipate and mitigate potential impact to the organization
- Identify major operational risks or loss events that affected the business unit
- Work backwards to identify the intermediate and root cause events or causal drivers
Audits and Other Assessments
BSP Audit
Internal Audit
External Audit
Independent Compliance Testing
ISABRA
AML Audit
Privacy Impact Assessment (PIA)
Fraud Risk Assessment
Other Regulators (BIR, IC, SEC, etc.)
Business Risk Forum
Refer to slide 35 of BRM PresMat vF
