Topic 4: Mandated Risk Management Tools

Question 1

The aim of Pillar 2 processes is to…

Answer 1

The aim of Pillar 2 processes is to enhance the link between an institution’s risk profile, its risk management and risk mitigation systems, and its capital planning

Question 2

In simple terms:
Pillar 1 =
Pillar 2 =

Answer 2

Pillar 1 = minimum safety standards

Pillar 2 = Comprehensive ‘safety inspection’

Question 3

Risk Management Framework

• definition
• 2 linked sets of processes

Answer 3

RMF
definition: collective term for the processes that an organisation has in place to manage risk

2 linked processes:

1. risk management for business planning (ICAAP, ILAAP, RAS)
2. Operational (BAU) risk management processes

Question 4

Three Lines of Defence (list)

Answer 4

Three Lines of Defence

1. Operational Management and Front Line Staff
2. Dedicated Risk Management and Compliance Functions
3. Independent Audit

Question 5

Line 2: Dedicated Risk Management & Compliance (5)
Business Planning (target: enhance capabilities)
Business Execution (target: effective and efficient)

Answer 5

1. assist business to understand risk constraints (regulation, capacity, appetite, policy)
2. assist business to identify targets within constraints (risk/reward, optionality, stress tests)
3. align risk processes to agreed targets (delegations, limits, procedures, incentives)
4. execute operational responsibilities (reporting, forecasting, credit approvals, incident response
5. assure that processes are working (deep dives, operational reviews, model monitoring)

Question 6

three lines of defence:

3LOD implementation: consider (5) (DETER)

Answer 6

1. documented
2. embedded (staff clear on scope of role / responsibility)
3. tested (effectiveness of challenge from Line 2 & 3 was regularly reviewed)
4. evidenced
5. refreshed

Question 7

Common set of components that regulators require in bank’s risk management framework

Answer 7

1. Board approved Risk Appetite Statement (perimeter of risk is owned by board)
2. Documented risk identification and assessment processes (ICAAP - capital adequacy, ILAAP - liquidity adequacy) (describe process for identifying risk, in particular in quantitative terms for capital and liquidity purposes
3. Stress testing: steady state assumptions are challenged; interaction of risks under extreme conditions
4. Recovery and resolution plans (plans for consequences of extreme risk crystallising; orderly wind down of banks)

Question 8

Risk Management Framework - Document
Purpose:

Typical Contents

Answer 8

Risk Management Framework - Document
Purpose: document core aspects
Contents: 
- core risk principles
- risk terminology
- minimum governance requirements
- min risk assessment and monitoring requirements
- documentation map
- scale for risk appetite measures
- single glossary of terms

Question 9

Risk Management Framework - key aspects - list examples of…
1/ Overarching document
2/ high level governance
3/ terminology

Answer 9

1. overarching document (principles, terminology, governance requirements)
2. high level governance (responsibilities of CEO, oversight (board, audit), risk delegation governance, escalation of breach process, frequency of review, monitoring (by who, frequency)
3. terminology (define risk - shortfall vs target objectives, define risk event, measure, profile, model, target)

Question 10

Risk Appetite Statement

Answer 10

1. description of bank’s current business (model & org structure)
2. Definitions for all risk measures, metrics, indicators. And identify owners
3. Board risk appetite
4. specific board approved quantitative risk appetite and tolerance levels. Settings informed by risk assessment documented in ICAAP / ILAAP
5. Mapping of risk metrics to reports and to associated governance forums
6. Should be an objective measure (traffic lights?)
   - what are dimensions of risk
   - what are appropriate threshold levels
   - what does the bank do differently when thresholds crossed

Question 11

Risk Appetite Statement - Measures & Factors

• Risk Measure
• Risk Factor
• Risk Appetite Statement

Answer 11

RISK MEASURE

• An output of some (often complex) risk estimation process (VaR etc.)
• Ultimately the best “risk” quantity, but often complex to measure / manage

RISK FACTOR

• An input to the risk estimation process that materially influences the output
• A proxy for the risk, but usually much simpler to embed operationally

RISK APPETITE STATEMENT generally contains both, but it is useful to remember that risk factors are always “one step removed” from the actual risk

Question 12

Risk definition

Answer 12

“what do we mean by risk?”
The potential for the bank to experience an outcome that falls short of our
targeted objectives or responsibilities; an “adverse outcome”. For example, there is a
risk that realised full year earnings will be below forecast, or that capital reserves will
fall below our targeted minimum level.

Question 13

Risk Appetite Statement

• Risk Thresholds
  (1) Tolerance Levels
  (2) Appetite Levels

Answer 13

(1) Tolerance Levels (Hard Limits)
Risk management actions escalate strongly as the limit is approached. Over tolerance…

(2) Appetite Levels (Softer Limits)
Risk management actions escalate strongly when the limit is passed and bank is in “above appetite” state

Question 14

Risk Appetite:

Tolerance: If over tolerance…

Appetite: If over appetite…

Answer 14

OVER TOLERANCE (primary goal = risk reduction)

1. immediate Board notification
2. CEO approval of risk increases
3. certain activities prohibited
4. may trigger predefined plans
5. disposals, freeze dividends etc.

OVER APPETITE
If over appetite:
1. enhanced oversight / reporting
2. reduced limits/delegations,
3. discretionary risk reduction actions,
4. risk increases are escalated for approval,
5. risk reduction efforts reported to Board

Question 15

ICAAP
ILAAP

Shared Content

Answer 15

International Capital Adequacy Assessment Process
International Liquidity Adequacy Assessment Process

Shared Content

1. Business model and strategy (bus organisation, plans, risks, links to business strategy)
2. Risk governance framework (roles/responsibilities, risk identification/assessment, operational controls)
3. Risk data, aggregation and IT systems (systems/processes; data checks/validation)

Question 16

ICAAP

• Bank’s internal assessment of capital = important component
• Intra risk vs Inter risk

Answer 16

ICAAP

1. Intra Risk: ie within one type - might be diversification, but application of regulatory cap measures are additive (eg 100 x $1m loans of same type = same as $100m loan)
2. Inter risk: some diversification may exist between types - eg credit and market risk

Question 17

ILAAP (5 considerations)

Answer 17

1. Funding strategy, including sources of funds, tenors, products, key markets
2. Policies around regular testing of funding sources, eg Central Bank repo
3. Funding concentration risk, and how it will be assessed and managed
4. Foreign exchange rate risks
5. Description of how liquidity costs and benefits are allocated internally - eg how is the benefit from increasing retail deposits as a proportion of total
   funding represented in internal business performance measures

Question 18

Contingency (Capital / Funding plans)

• Operational documents to guide risk‐mitigating actions in times of stress. These docs include:

Answer 18

1. List of actions, identified through scenarios and stress tests, to avoid shortfall in liquidity or capital – typically including
   – Capital: assets (or whole businesses) that could be sold, and at what stressed values
   – Liquidity: assets that could be used for sale‐and‐repurchase (repo) operations
2. Plans are internal bank documents, however many regulators mandate banks to create and maintain these plans
3. Plans often form part of the Recovery and Resolution Plan that will be executed by the regulators in the event of a crisis at the bank

Question 19

Stress Testing
Consider:
1. Sensitivity Testing
2. Stress Testing of Model (test resilience of model)
3. Stress Testing of Business (this is the currently accepted use of the term)

Answer 19

1. Sensitivity Testing
   - Measures relationship between changes in model inputs and resulting outputs
   - “What are the key drivers of these (modelled) numbers?”
   - Helps identify which model inputs need to be monitored most closely / precisely
2. Stress Testing of the Model
   - Tests the resilience and scope of applicability of the model
   - “At what point does the model (or its assumptions) break down?”
3. Stress Testing of the Business (key)
   - Considers the resilience of the business up to and beyond limits of the model
   - “What’s is the robustness of my business (plans) against extreme situation X?”
   - By definition, stress testing cannot be a wholly analytic or model‐driven process

Question 20

By definition, stress testing cannot be a wholly analytic or model‐driven process - why

Answer 20

Why - because it is built on data from the past; survivor bias (you haven’t experienced ‘near death’ experience)

Question 21

Stress testing is not..

Answer 21

Stress testing is not..

a model - all banks have models; need to engage people on what happens around the edges.

Question 22

Stress Testing Expectations (banks spend a lot on stress testing, expectations vary around the world)

1. Types of STress
2. Who has responsibility for developing stress tests
3. Frequency of test

Answer 22

Types of stress:
• Idiosyncratic – extreme event that impacts on bank alone, e.g. internal fraud
• Market‐wide – extreme event impacting market as a whole, e.g. liquidity drought
• Combined – an idiosyncratic event during market‐wide stress

Responsibility for scenario development and refinement:
• Internal – bank develops scenarios and gives bands. (to default rates, etc.)
• Regulator – regulator develops scenarios, and associated quantitative parameters
• Mixed – regulator develops macroeconomic scenario, but requires bank to parameterise fully

Frequency and scope:
• US most frequent – annual stress tests + “light” stress test re‐runs in intervening 6 months
• UK annual stress tests
• Australia and Europe (ex‐UK) tend towards every two years

Question 23

Structure of Market Wide Stress Test

1. Generate
2. Refine
3. Execute

Answer 23

1. Generate
   - High Level Narrative (eg economic recession deepens, lasts 3 years)
   - Economic Parameters (eg unemployment rate, interest rates et c)
2. Refine
   - Business Parameters (eg default rates, portfolio growth rate)
3. Execute
   - Modelled Outputs
   - Model Adjustments
   - Management Actions (agree actions in stressed conditions and their effectiveness)
   - Post Action Impacts

Question 24

Reverse Stress Tests

Answer 24

Normal scenario starts with a defined stress and estimates the consequences
• Reverse scenario starts with business becoming non‐viable, and asks what the level of stress in business parameters would need to be for that to occur

Question 25

Extreme Stress Scenarios

Consider factors in the context of Lehmans (2008) and Barings (1995)

Answer 25

Consider: 
1. Liquidity concerns
2. reputational damage
3. conduct issues
4. adverse market conditions
5. black swan event
6. solvency concerns -> economically non viable
7. regulatory sanctions
8 loss of licence

Question 26

Recovery and Resolution Plan

Answer 26

• 2010: Recommendations of the Cross‐border Bank Resolution Group (Basel Committee on Banking supervision (BCBS)
• 2010: Dodd–Frank Wall Street Reform and Consumer Protection Act (Section 165(d)) (United States Government)
• 2011: Key Attributes of Effective Resolution Regimes for Financial Institutions (Financial Stability Board (FSB))
• 2014: European Bank Recovery and Resolution Directive (European Parliament)
• Known as “Living Wills” (especially in the USA), these require banks to create their own plans for orderly resolution, which will be executed by their regulator
• Australia a little behind on this, and drafting and passing supporting regulation an identified priority for APRA in 2016

Question 27

Resolution - close down in orderly way, at minimal cost to taxpayer/society: typically:

Answer 27

1. Buyout: find an entity with resources to buy out the entire bank and recapitalise
2. Asset Sale: sell performing assets for the best price
3. Restructure: transfer performing assets to a new bank entity along with sufficient
   funding to be viable, and leave remainder (a “bad bank”) in administration

Question 28

Review Novo Banco example

Answer 28

Portugal: Portuguese Espirito Santo

• good assets (Novo Banco) / bad assets split
• bonds (pari passu) transferred from good asset bank to bad asset bank, value dropped 90%
• bonds held predominantly by international investors
• 2015 Portuguese unemployment 12.7%; GDP Growth close to zero;