Professional Documents
Culture Documents
Certificate in Risk in Financial Services
Certificate in Risk in Financial Services
Risk in Financial
Services
Edition 7, May 2018
1
International Risk Regulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2
Operational Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3
Credit Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4
Market Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
5
Investment Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
6
Liquidity Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7
Model Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
8
Risk Oversight and Corporate Governance . . . . . . . . . . . . . . . . . . . . 193
9
Enterprise Risk Management (ERM). . . . . . . . . . . . . . . . . . . . . . . . 211
10
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
It is estimated that this manual will require approximately 100 hours of study time.
What next?
See the back of this book for details of CISI membership.
Principles of
Risk Management
Chapter Summary 3
This syllabus area will provide approximately 12 of the 100 examination questions
Principles of Risk Management
Chapter Summary
1
Learning Objectives
1.1.1 Understand the processes typically used to identify, reduce and manage specific aspects of risk
This first chapter provides an introduction to risk and describes the specific risks that financial services
firms face. Every business faces risks that present threats to its success. In its broadest sense, risk is
defined as the possible harm associated with a situation – the product of impact and probability.
Risk management is the practice of using processes, methods and tools for quantifying and managing
these risks and uncertainties.
An important aspect of the financial services sector is the management of financial risk on behalf of
both customers and owners. To discuss the risks faced by a financial services firm is, therefore, to address
one of the core reasons for its existence. For risk management practitioners, that is what gives the
disciplines within risk management their importance – and their intellectual appeal.
The basic concepts are not difficult to grasp, as will be seen as we progress through this workbook, but
understanding their interrelationship is sometimes less straightforward.
The diagram below shows a financial services firm – for example an asset manager, broker or bank – in
the context of the risk environment within which it operates. Detailed definitions will be provided as we
meet each element in its relevant chapter, but an initial overview will help to set the scene.
Strategic
risk, external Risk-related regulation and policy
sources
Financial Services Firm World Markets
Economic climate
Strategic risk, internal sources: strategy Interact
formulation & implementation Retail
Corporate governance & risk oversight
Political environment
Wholesale
Risk management framework
Competitive environment,
social & market forces Institutional
O
{
Credit risk
Management (ERM)
p people
Equities
Enterprise Risk
Investment risk
e
Technological forces
r r processes Market risk
a i
t s systems Liquidity risk Bonds
Shock & natural events i k
o external events
n Commodities
a
External stakeholders l
& third parties
Money Markets
© Andrew Brand
3
1. Credit, market and liquidity risks – these are at the centre of the diagram because the
management of these risks lies at the heart of the complex financial transactions performed by the
industry. These transactions include:
increasing the long-term wealth of investors and entrepreneurs by making investors’ assets
available to those in the global economy who can put them to best, most productive, use
enabling long-term mortgages and corporate or sovereign financing using short-term sources
of funding, such as retail deposits
providing the payment and safe-keeping mechanisms that underpin a modern wealth-creating
economy.
2. Investment risk – the credit, market and liquidity risks referred to above are managed for the
benefit of the firm – its owners and clients. Many of these clients are investors whose funds are
managed by the firm. We refer to the combination of risks involved in providing the ‘right’ level of
return to these investors as ‘investment risk’.
3. Operational risk – the act of managing credit, market, liquidity and investment risk is itself subject
to a different set of risks. These emerge from the people, processes, systems and external events
that the firm needs to manage in running its business. These are four key factors that are collectively
referred to as operational risk.
4. Enterprise risk – understanding the different risks to which a financial services firm is subject is
key to its success and, therefore, risk information is regularly reported up the chain of command.
Separate reporting mechanisms have traditionally been used for the separate risk types but,
increasingly, firms find it useful to group the risk types together and report on them collectively.
This provides the ‘risk equivalent’ of the firm’s accounting tools, where the balance sheet, profit and
loss account, and cash flow statement enable a focused view of the firm’s finances. Enterprise risk
management is a method of providing the firm with a succinct view of all its key risk information,
thus enabling the senior team to make balanced, firm-wide risk decisions.
5. Strategic risk (internal) – the firm does not exist in isolation, and interacts not only with global
financial markets, but also with the ‘real’ economy. These interactions with the real economy give
rise to the sorts of strategic risks that every firm faces, regardless of its industry. Some of the more
important internal drivers of strategic risk stem from:
a firm’s chosen strategy
translation and execution of the firm’s strategy into its business (or operational) model
its financial management
its internal compliance with externally imposed regulation and laws.
6. Strategic risk (external) – arises from unforeseen changes in:
the global economy
the political arena
the competitive environment
social and market forces
technological innovation.
7. Corporate governance and risk oversight – within the organisation there are both tactical and
strategic risk-takers. The strategic risk-takers – chief executive officer (CEO), directors and senior
managers – formulate a strategy for the firm that requires certain risks to be taken, and others expressly
to be avoided. They communicate the strategy to the traders, asset managers and research analysts,
whose job it is to manage the tactical risks involved in implementing it. For this communication process
to function properly, and to enable the strategic risk-takers to monitor the subsequent progress in the
strategy’s implementation, there needs to be a set of robust processes for:
ensuring that the firm is properly governed to formulate and implement the strategy
implementing a coherent firm-wide risk framework to enable oversight of the strategic and
tactical risks that will enable the anticipated returns to be generated and unnecessary losses or
impairment of the company’s value to be minimised.
4
Principles of Risk Management
Having gained an understanding of the broad spectrum of risks to which financial services firms are
1
potentially exposed, and the underlying drivers of each type, a firm needs to address the various ways in
which the actual risks it faces can be managed. A ‘risk register’ of risk types (eg, operational) and specific
risks (eg, failure of the customer relationship management system) is compiled and used by firms so that
the risks and the associated mitigating actions and controls can be understood, owned and monitored.
The firm then needs to decide how much risk it is willing to take, a concept known as risk appetite, and
make sure that this appetite is not exceeded, through the use of formal controls and high-quality risk
reporting. In addition to controls and risk reporting, the so-called risk culture of the firm also plays a key
role in enabling the risk appetite set by the board to be understood and adhered to at all levels of the
organisation.
Learning Objectives
1.1.2 Understand the key elements of risk management and the differences between risk and
uncertainty
Risk is generally discussed as if it were synonymous with uncertainty, but there is a technical distinction
between the two. Variability that can be quantified in terms of probabilities is best thought of as risk;
but variability that cannot be quantified at all is best thought of simply as ‘uncertainty’.
Nevertheless, this technical difference between risk and uncertainty should not prevent firms from
protecting themselves against the negative consequences of less quantifiable events.
Risk management focuses on identifying what could go wrong, evaluating which risks should be
dealt with and implementing strategies to address those risks. Firms that have identified their risks ‘in
advance’ and have formulated a response plan will be better prepared and have a more cost-effective
way of dealing with them if they do occur.
5
A Simple Framework for Managing Risk
As shown in the following diagram, the key elements of a simple risk framework are:
• Risk policies and governance at board level (this is covered in chapter 9 on Risk Oversight and
Corporate Governance).
• Risk oversight – often performed by a dedicated risk management function or functions, often
organised by risk type and performing the following tasks:
identify risks
assess risks
ensure that risks are appropriately controlled
monitor and report on the risks and their associated controls.
• Day-to-day risk management – this activity is inseparable from good business management and
must be owned by the business units, not the risk function.
identify assess
risk oversight
monitor control
© Andrew Brand
6
Principles of Risk Management
1
Learning Objective
1.1.3 Know the key external sources of risk and their potential impact on a business: economic;
political; competitive environment, social and market forces; technological including cyber
security; shocks and natural events; external stakeholders and third parties
As described in the chapter summary, external risks arise from unforeseen changes in:
Further external risks are also posed by unexpected shocks and natural events, and by the actions of
external stakeholders and third parties.
Therefore, a firm has to understand the current and potential future patterns of human behaviour that
will affect the products or services it sells. For example, during an economic boom, a failure to anticipate
an imminent downturn will result in firms continuing to increase their stocks using current input prices
of raw materials. They will then find they need to reduce the prices of their finished goods to sell them in
a recession. Equally, financial services firms with securitised mortgages on their books will find it difficult
to sell them if there is a fall in house prices.
Other political events, such as changes in economic policy, or tax law, will also affect the financial
services sector. Political changes, being so closely linked to the economy, can affect financial services
firms in three main ways:
7
Glossary
223
Multiple Choice Questions
The following additional questions have been compiled to reflect as closely as possible the examination
standard that you will experience in your examination. Please note, however, they are not the CISI
examination questions themselves.
1. Which of the following is the BEST reason for using detective controls?
A. To reduce the likelihood of risk occurring
B. To prevent a risk occurring
C. To reduce the impact if a risk occurs
D. To provide feedback in the risk reporting process
2. Which of the following distributions is commonly used for modelling operational risk?
A. Lognormal
B. Abnormal
C. Normal
D. Exponential abnormal
3. Which of the following items forms part of the expected loss calculation?
A. Probability of Default
B. Expected Default
C. Initial Default
D. Unexpected Default
233
Syllabus Learning Map
267
Syllabus Unit/ Chapter/
Element Section
268
Syllabus Learning Map
269
Syllabus Unit/ Chapter/
Element Section
Be able to apply risk categorisation to simple, practical examples of
normal activity and change-related projects:
• people
3.4.3 4.3
• processes
• systems
• external events
Operational Risk Assessment and Measurement
3.5
On completion, the candidate should:
Understand the main reasons for assessing and measuring operational
3.5.1 5.1
risk, and the difficulties involved
Know the basic terms used in the assessment and measurement of
3.5.2 5.2
operational risk
Understand the following methods of assessing operational risk:
• impact and likelihood assessment
3.5.3 5.3
• scenario analysis
• bottom-up analysis
Understand the Key Risk Indicators (KRI) method of measuring
3.5.4 5.4
operational risk
Understand how historical loss data can be used in measuring
3.5.5 5.5
operational risk
Understand the practical constraints of implementing an operational
3.5.6 5.6
risk management framework
Managing Operational Risk
3.6
On completion, the candidate should:
Know the purpose of a risk register (risk log) and its core features:
• objectives
• description of risk
• risk ranking
3.6.1 • lead person or department 6.1
• action plan
• target and completion dates
• sources of assurance and oversight
• mitigating controls
Understand and be able to distinguish between the following
methods for reducing operational risk exposure:
• risk transfer
3.6.2 6.2
• risk avoidance
• risk mitigation
• risk acceptance
270
Syllabus Learning Map
271
Syllabus Unit/ Chapter/
Element Section
Know the basic principles of setting credit limits for trade book and
4.2.5 2.5
loan product risk management
4.2.6 Understand the main limitations of credit risk measurement 2.6
Credit Risk Management
4.3
On completion, the candidate should:
Understand the following examples of credit risk mitigation, and how
they may be typically applied:
• underwriting standards
• guarantees
• credit limits
• netting
4.3.1 • collateral 3.1
• diversification
• insurance/credit derivatives
• credit default swaps
• collateralised debt obligations
• loan sales and securitisation
• central counterparties
4.3.2 Be able to calculate a simple margin or collateral adequacy calculation 3.2
Understand the role and sound practice features of an effective credit
4.3.3 3.3
risk management function
Understand the role of reporting and escalation tools of credit risk
4.3.4 3.4
management
Know the Basel key stages of credit risk policy development,
modelling and control:
• development
• validation
4.3.5 3.5
• approval
• implementation
• review
• post-implementation monitoring
Understand the methods used to manage credit risk:
• credit scoring systems
• factor inputs: financial, non-financial and extraordinary
• stress testing
• segmentation
4.3.6 3.6
• external ratings
• setting limits or caps
• internal credit rating
• provisioning and impairment
• key statistics and key performance indicators
272
Syllabus Learning Map
273
Syllabus Unit/ Chapter/
Element Section
Understand the terms distribution analysis, confidence intervals,
5.2.5 normal distribution and fat-tailed distribution, and how they are used 2.5
within risk analysis
Understand the following concepts used in risk measurement and
control:
• probability
5.2.6 • volatility 2.6
• regression
• correlation coefficients alpha and beta
• optimisation
Understand the Value-at-Risk (VaR) approach to managing market
risk:
5.2.7 • VaR limit setting and monitoring for bank trading positions 2.7
• VaR as a portfolio measure of risk
• validation and back testing
Know the three different approaches to VaR:
• historical simulation
5.2.8 2.7.3
• parametric
• Monte Carlo
Understand the underlying purposes, principles and application of
the main types of scenario and stress testing:
5.2.9 • extreme event 2.8
• risk factor
• external factor
274
Syllabus Learning Map
275
Syllabus Unit/ Chapter/
Element Section
276
Syllabus Learning Map
277
Syllabus Unit/ Chapter/
Element Section
278
Syllabus Learning Map
Examination Specification
Each examination paper is constructed from a specification that determines the weightings that will be
given to each element. The specification is given below.
It is important to note that the numbers quoted may vary slightly from examination to examination as
there is some flexibility to ensure that each examination has a consistent level of difficulty. However, the
number of questions tested in each element should not change by more than plus or minus 2.
279