Unit 3 Flashcards
Comparing traditional RM and ERM -7 differences
- Focus on risk identification/ analysis vs
Risk in the context of business strategy
Traditional vs ErM
- Risk as individual hazards
Vs
Risk portfolio development with risk interconnectivities
Traditional vs ERM
- Focus on all risks managed in separate areas
Vs
Focus on critical risks
Traditional vs ERM
Risk mitigation
Vs
Risk is entity wide
Traditional vs ERM
Risk with no owners
Vs
Identifying and defining risk responsibilities
Traditional vs ERM
Risk is insurance
Vs
Monitoring and measuring risk
Traditional bs ERM
Risk is only about ‘downside risk’
Vs
Risk encompasses upside and downside risk as well as uncertainty
Traditional vs ERM
Risk is not my responsibility
Vs
Risk is embedded into everyone’s responsibility
Solvency 2 -ERM definition
A firm must have in place an effective RM system comprising strategies, processes and reporting procedures necessary to identify, monitor, manage and report on a continuous basis the risks, at an individual and at an aggregated level, to which it is or could be exposed, and their interdependencies
Solvency 2, RM system must
-be effective and integrated into org structure and dm
- include the risks to be covered in the SCR
- cover • underwriting and reserving
•asset liability management
•investments, in particular derivatives
• liquidity and concentration risk
• operational risk management
• re-insurance and other risk mitigation techniques
- where applying matching adjustment or liquidity adjustment, set up liquidity plan
Basel 3, 4 principles of supervisory review (Pillar 2)
- Banks should have a process to assess their overall capital adequacy in relation to their risk profile as well as a strategy to maintain their capital levels
- Supervisors should review and evaluate bank internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with Reg capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of the process.
- Supervisors should expect banks to operate above the minimum Reg capital ratio and they should be able to require banks to hold capital in excess of the minimum.
- Supervisors should seek to intervene at an early stage to prevent capital from falling below the minimum levels required to support the risk characteristics of a particular bank and should require rapid remedial action if capital is not maintained or restored
Features of rigorous capital assessment
-the board should set risk appetite
- should monitor compliance with internal limits and controls
- all material risk exposures should be measured and estimated (including risks not addressed in Pillar 1)
- should be a system for reporting on risks
ICAAP pillar 2 includes
- requirements on how banks should carry out their own risk and capital adequacy assessment, and document that in their ICAAP submission
- the independent supervisory review process that is used to challenge the ICAAP submission
Firm that has received internal model approval, the RM function must:
- Design and implement model
- test and validate model
- document model and any changes
- analyse performance of model
- inform governing body about performance, suggesting areas for improvement
ICAAP-regulators looking to see that:
• Board and senior management oversight: bank’s management responsible for understanding the nature and level of risk being taken and how that relates to capital requirements and for ensuring the adequacy and effectiveness of the risk management framework.
• Sound capital assessment: the bank should have in place a process for identifying, measuring and reporting all material risks (i.e. not just those addressed by Pillar 1) and for relating the level of risks to a capital level. This needs to be linked to the strategic objectives and business plans of the bank to ensure that capital held is not only adequate at the time of reporting but will remain sufficient should the bank plan to grow and/or if significant adverse events occur in the future.
• Comprehensive assessment of risks: all risks should be measured and where mathematical models are not possible, then appropriate estimation approaches should be used. Where mathematical models are used they should be subject to suitable stress tests. Concentration risk is highlighted
as requiring pro-active management
. • Monitoring and reporting: there should be mechanisms to monitor risk positions and to assess how the changing risk profile links to changing capital requirements.
• Internal control review: the capital assessment process should include independent review and, where appropriate, internal and external audit.
ORSA
ORSA allows an insurer to calculate its capital requirements at a confidence interval of its own choosing. Typically, this would be higher than the regulatory capital requirement since the regulatory capital is calibrated at a level at which an insurer would receive a low credit rating. In addition, ORSA might include those risks that are not set out in the Pillar 1 regulatory capital requirement, including
strategic risk and reputational risk. The ORSA therefore provides an “economic capital” view.
Features of ERM
- Encompasses all areas of exposure
- integrated rather than silo view
- evaluates internal and external context
- recognises exposures are interrelated
- qualitative and quantitative structured process
- seeks to embed RM in decision making
-helps identify risks to strategy - communicates risk issues
- supports activities of internal audit
- sees RM as a source of competitive advantage
ORSA PRA must include:
• Overall solvency needs taking into account the specific risk profile, approved risk tolerance limits and business strategy
• Compliance, on a continuous basis, with SCR and MCR
• significance with which the risk profile of the firm deviates from assumptions underlying the SCR
ORSA PRA
Firm must make ORSA integral part of business strategy and take ORSA into account on ongoing basis in strategy
Perform regularly and without delay following any significant change
Definition of ERM by IIA
A rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organisation’s strategic and financial objectives
Benefits/ reasons of RM
MADE 2
Mandatory, Assurance, decision making, Effective and Efficient core processes
FIRM
Financial; infrastructure; reputational; marketplace
Principles of RM / how
PACED
Proportionate, Aligned, comprehensive, embedded, dynamic
S&P - ERM analysis
RM culture;
Risk controls;
Emerging RM;
Risk models;
Strategic RM
Establishing the context for RM -Hopkin
External context
Internal context
Context of RM process
External context
• government policy, national and international regulation
• the changing financial services market – competitor activity, new competitors such as supermarkets offering financial services, evolving products, new and declining markets and customers
• factors in the wider financial services sector such as low interest rates or excess growth in credit
• technological developments including increased use of the internet for banking and insurance.
What does the world around us look like?
What are the drivers and trends?
Internal context
What are our objectives?
What is our capacity?
What are our business processes?
How do we make decisions?
- The organisation’s divisions, departments, structures, systems, processes and accountability, cultures, leadership, strengths and weaknesses
• internal stakeholders – staff, managers and the board
• its approach to corporate governance, its resources, competencies and capabilities, its culture, and the ways it conducts itself factors that influence how the organisation will try to set and achieve its objectives, which of course is the primary aim of risk management.
Context of RM process
what is the process expected to achieve?
Who will be responsible?
What resources will be required?
The risk management context typically involves the context in which the risk management process must operate, which can be described using the RASP acronym. Included in this element of context is something called the ‘risk appetite’; a very important idea around deciding upon an acceptable level of risk for the organisation.
Objective setting
External analysis + Internal analysis
|
Strategic objectives (alignment required)
|
Tactical objectives (mid level / departmental)
|
Operational objectives (team, personal)
Benefits of establishing context for RM
Define objectives
Identify scope, responsibilities, and resources
Methodologies for evaluating success
Reasons why setting objectives is difficult
- Competing stakeholders expectations;
- Continuously questioned in light of changing context
- Staff may be unaware/ disagree
- More ambitious/ more risky and vice versa
Implement ERM steps through
PIML