Unit 6

Question 1

4 Ts of Hazard risks

Answer 1

Tolerate- orgs readiness to bear the risk after risk treatment in order to achieve its objectives

‘Treat’ - avoid by deciding not to start or continue
- taking or increasing the risk to pursue an opportunity
- removing the risk source
- changing likelihood or consequences

Transfer- insurance or outsourcing
- can’t fully transfer- more risk sharing

Terminate - sometimes not possible ie public service

Question 2

4/ 5 Es of opportunity risk management

Answer 2

Exist
Explore
Exit/ expand
Exploit

Question 3

Risk control techniques

Answer 3

PCDD
Preventative; ( seg of duties) corrective; (password) detective; (bank reconciliation) directive ( follow bank procedures)

Question 4

Hazard risks only

Answer 4

Preventative => Exit /terminate
Corrective => Treat ie move to within tolerance
Detective => Tolerate
Directive => Transfer

Question 5

Fraud example

Answer 5

Preventative- vetting candidates, penalties on staff for breaches therefore discouraging others

Corrective- media handling to reduce rep risk, call police to remove internal fraudsters

Directive- procedures

Detective- whistlowing, review of existing suppliers for fakes

Question 6

5 C’s of credit risk

Answer 6

Character- reputation of the company
Capital- how company is financed
Conditions - of the sector and country where the company is
Capacity- of the company to repay
Collateral- assets that the bank could claim if the company could not repay

Question 7

Reduce portfolio risk through

Answer 7

Syndication
Whole loan sales
Securitisation
Credit default swaps

Question 8

Credit analysis path -larger orgs or more complex

Answer 8

Business risks -
micro-industry trends, reg trends
macro- GDP, inflation, demographic trends, political stability, reg environment, legal environment

Financial risks
Micro- mgt analysis, proactive/ reactive, strategy, motivation, experience, integrity, corp governance
Macro - financial analysis- operating position, financial disclosures, financial position

Structural risks-
Micro- type of borrower, holding company, primary operating subsidiary, secondary operating subsidiary
Macro- type of borrowing, secured vs unsecured, subordinated, long or short term

Question 9

Credit control measures

Answer 9

Repayment, restructure, reschedule

Question 10

Market risk elements

Answer 10

Fx, interest rate, equity, commodity, credit price.

Can be general or specific to part of the market

Question 11

Market risk measures

Answer 11

Measure through VAR, ES, stress testing and scenarios

Hedging and basis risk. Basis risk is the result of imperfect hedging.

Market risk measurement of credit risk;
CS01- credit price sensitivity to one basis point change in spread.

PV01 - calculates bond profit or loss for small changes in the risk free yield.

Duration times spread-adjust for duration-evolution on CS01.

RR05 -loss given default calculated by 1-recovery rate.

Question 12

Liquidity risk- Basel statement

Answer 12

A bank should establish a robust liquidity risk management framework that ensures it maintains sufficient liquidity, including a cushion of unencumbered, high quality liquid assets, to withstand a range of stress events, including those involving the loss or impairment of both unsecured and secured funding sources.

Not in Pillar 1

Question 13

Liquidity risk -Solvency 2

Answer 13

Not required risk to hold capital for but there is an expectation that firms will have enough liquidity to pay claims when they arise.
Most insurance firms run stress tests based on large claim incidents to test the adequacy of their liquidity in stressed conditions.

Question 14

Basel 3 on liquidity risk

Answer 14

17 principles - fundamental one already written out.

• Governance- risk tolerance stated, senior management develop strategy, incorporate liquidity into internal processes

• Measurement and management

• public disclosure

• role of supervisors

Question 15

Basel 3 re-work with 2 objectives

Answer 15

• promote short term resilience of a bank’s liquidity risk profile by ensuring it has sufficient high quality liquid assets to survive a significant stress testing scenario lasting for one month-liquidity coverage ratio developed
• promote resilience over a longer time horizon by creating additional incentives for banks to fund their activities with more stable sources of funding on an ongoing basis. Net stable funding ratio has 1 yr time horizon

Question 16

Controlling insurance (underwriting and reserving) risk definition

Answer 16

Fluctuations in the timing, frequency and severity of insured events relative to the expectations of the firm at the time of underwriting that risk

Question 17

How manage underwriting and reserving risk?

Answer 17

Re-insurance-transfer an amount of liability in the event of a claim to a counterparty. But brings credit risk to the insurer in case they default.

Question 18

General insurance risks:

Answer 18

Re-insurance
Claims management
Underwriting
Reserving

Question 19

Life insurance risks;

Answer 19

Longevity
Mortality
Morbidity
Persistency
Claims management
Underwriting
Product cycle
Expense

Question 20

Other insurance risks

Answer 20

Concentration
Counterparty credit risk
Market risk
Pension obligation risk
Catastrophe Risk

Question 21

Operational risk controls

Answer 21

BCP; cyber; outsourcing; insurance and risk transfer. Also;

AML
Recruitment policies
Compliance policies
Conflicts of Interest policies
HR in particular recruitment and retention policies
Control policies for key internal processes such as underwriting

Question 22

Operational risk management process

Answer 22

Identification
Assessment
Measurements
Mitigation and control
Monitoring and reporting

Question 23

Governance of Op Risk through?

Answer 23

3 LOD

Question 24

Op risk identification, assessment and measurement includes:

Answer 24

Audit oversight - usually used to supplement bottom up.

Critical self assessment (bottom up) - each unit analyses the nature of risks it faces.

Risk mapping - process flows, org units and business units to op risk types. (Bottom up)

Causal networks - map of factors that directly or indirectly cause op risk event, (bottom up)

Key risk indicators- measure the change in risk over time, indicating how risky an activity is by applying objective statistical methods. Can be both top-down and bottom-up.

Actuarial models (both top down and bottom up) frequency and magnitude of op risk losses data.

Earnings volatility (top down) backward looking measure- how much each unit earned over period of time.

Question 25

Fundamental principle of insurance and risk transfer?

Answer 25

Indemnity- put the insured back in the position (financially at least) as if the loss had never occurred. Some policies compulsory

Question 26

Types of insurance for FS firms

Answer 26

• Insurance against building damage, loss of revenue and terrorism
• directors and officers insurance
• employment practice insurance
• fidelity guarantee and crime insurance
• cyber insurance

Question 27

Reasons and types of insurance:

Answer 27

1. Mandatory legal and contractual obligations ie employers liability, public liability, motor 3rd party etc
2. Balance sheet/ profit and loss protection ie business interruption, asset protection, key person
3. Employee benefit/ protection of employee assets ie life and health, directors and officers liability

Question 28

1st party versus 3rd party insurance

Answer 28

1st party- org buys insurance to cover the increased cost of operation, recover cost of repairing damage and restoring the business following a loss. Own issues

3rd party- liabilities to others. 3rd party injured person who will make the claim.

Question 29

Captive insurance companies- definition

Answer 29

Insurance company that is not otherwise involved in insurance. Org can use its internal resources to fund certain types of anticipated losses or insurance claims. 3rd party- eg extended warranty insurance policies offered by retailers of electrical goods

Question 30

Captive insurance-advantages

Answer 30

• savings in insurance costs due to lower premiums often set
• gain access to re-insurance markets
• exposure to cost of insurance claims meaning org has greater risk awareness
• greater cover
• tax benefits

Question 31

Disadvantages of captive insurance

Answer 31

• exposure to insurance claims otherwise paid by commercial insurance market
• parent org to allocate capital
• large losses paid by captive, absorbed by parent
• compliance issues if writing business across borders
• significant admin

Question 32

What type of control BCP?

Answer 32

Corrective.
A specific type of risk treatment to keep org operating or restore operations

Question 33

Business impact analysis definition

Answer 33

An analysis stage in the BCP cycle that analyses the effect of an interruption on our key dependencies and core processes

Question 34

BCP lifecycle has 5 components

Answer 34

1. Identify crucial risk factors already affecting the org
2. Understand the needs and obligations of the org
3. Establish, implement and maintain your BCMS
4. Measure the overall capability to manage disruptive incidents
5. Guarantee conformity with stated BC policy

Question 35

BCP principles

Answer 35

Comprehensive
Cost effective
Practical
Effective
Maintained
Practiced

Question 36

Business impact versus BCP

Answer 36

Emphasis of a BIA is the identification of the relative importance and criticality of each function rather than BCP - identifying the events that could undermine that particular function

Question 37

BIS report on outsourcing-systems and controls:

Answer 37

• fit with existing org
• agreement allows monitoring
• due diligence
• smooth transition

Concentration risk implications

Question 38

Outsourcing reasons:

Answer 38

• streamlining operations
• cost control
• freeing up resources for other work
• improving quality and service
• resources not available internally

Question 39

PRA CRR firm requirements

Answer 39

When relying on a third party for the performance of operational functions which are critical for the performance of relevant services and activities on a continuous and satisfactory basis, (a firm must) ensure that it takes reasonable steps to avoid undue additional operational risk and;

not to not undertake the outsourcing of important operational functions in such a way as to impair materially:
(a) the quality of its internal control; and
(b) the ability of the PRA to monitor the firm’s compliance with all obligations under the regulatory system

Question 40

PRA - Insurance firms

Answer 40

If a firm outsources a function or any insurance or reinsurance activity, it remains fully responsible for discharging all of its obligations under the rules and other laws, regulations and administrative provisions adopted in accordance with the Solvency II Directive.

Question 41

FCA expects firms to

Answer 41

• develop a security culture, driven from the top down
• have good governance around cyber security
• identify key assets and appropriate protections•
have adequate detection capabilities so firms know if they are being attacked
• have systems and controls to ensure recovery and response in the event of an attack – you will recognise the links to BCP here.

Question 42

Cyber risk-key issues for managing cyber risks include:

Answer 42

• establishing processes that can deliver info about cyber security-and benefits- up to board level
• establishing good communication between risk managers and information managers
• identifying the critical information on systems that may be most at risk from cyber attacks
• developing multiple layers of defence
• developing controls that will detect attacks quickly

Question 43

Monitoring and review- when reviewing a control need to answer

Answer 43

1. Is the control we chose to implement really the best control for the risk?
2. Is the control effective in practice?
3. Does the control provide good value for money?

Cost of risk controls-focus on critical controls

Question 44

Risk events -learning from experience

Answer 44

• why it occurred
• whether we had previously identified it as a possible risk
• why it had the impact it did
• whether we had correctly analysed it’s likelihood and impact
• how we stop it happening again

Question 45

7 functions that can be outsourced

Answer 45

• HR
• call centres
• marketing
• IT
• finance
• real estate management
• distribution and logistics