Professional Documents
Culture Documents
Chapter 2. The Governance of Risk Management
Chapter 2. The Governance of Risk Management
risk
management
The Governance of Risk Management
Corporate Governance
SOX
Reporting procedure and internal controls
must be audited annually
2009 Europe
• Stakeholder priority: diverse, competing needs,
challenge to RM
• Board composition: good or not no difference,
external forces too strong to mitigate
• Board risk oversight
Key lessons • Board members need to proactive in RM process
• Education for board members is necessary (link to RM
for banking infrastructure)
• Risk appetite
industry • Board needs to clearly articulate and communicate to
stakeholders
• Risk budget translated to enterprise level risk limit
system
• Compensation: board should not incentivize undesired
risk-taking behavior
• Basel committee Banking Supervision
• Banking regulators from 27 jurisdictions
Basel • Not legally binding
committee • Basel I (1988): Capital Adequacy Ratio (CAR)
8%
Banking • Basel II (2006)
Supervision • Include both trading and lending
(BCBS) (1) • Disclosure suggestions, standards for
bank supervision by regulators
• Basel III
• Born in direct response to 2007-2009
Basel crisis
committee • Factors both company specific and
market level risk
Banking • Capital – Tier 1 – common equity +
Supervision retained earnings
(BCBS) (2) • Liquidity coverage ratio: highly liquid
assets to fun 30 day’s cash needs
• Net stable funding ratio: 1-year stable
cash flow to fund required operations
• Basel III
• Macroprudential overlay: 5 elements
Basel a. Leverage ratio of at least 3% - Tier 1 capital / total
consolidated assets
committee b. Countercyclical capital buffer
BCBS 2015
governance framework
2. Governance for a conglomerate: board of parent firm needs to have
oversight over all members
guidelines 3. Risk identification, monitoring and control
4. Risk communication: to all levels of firm
management
translate to risk limits
• Risk limits
• At asset class and business unit levels
(1) • Monitored through stress testing and VaR
• There’s a margin for error
Risk e. Hard to balance btw biz opportunities and risk limits: profitable
but beyond risk limit
f. Can approve
Finance and
Senior management Business unit level RM function
operation functions
• Assisted by risk • Implement approved • Execute risk • Led by CRO
committee risk policy mitigation and • Monitors risk limits
• Set firm’s risk • Identify exceptions transfer and controls
appetite • Analyze current RM • Manages RM
• Designs and tools to ensure risk process
oversees risk policy limits are • Communicates with
• Evaluate maintained senior mgmt. and
performance relative • Help in the risk risk committee
to risk limits business planning
Risk advisory director
Risk Board’s duties
governance RM committee
director
Role: educating on
Liaise btw board and
best practices in both
mgmt.
CG and RM
RM policies and internal controls
Responsible for
• Financial statement and regulatory reporting requirements
• RM process: to ensure board’s policies are being followed and
sufficient to monitor and control risks
Requirements
• Independence but should work with mgmt. frequently
• All members need financial knowledge
• Ability to ask probing and relevant questions
Internal auditors
1. Report to audit committee
2. Monitoring RM procedures, tracking
progress of existing systems
3. Affirming the efficacy of existing policies,
systems
Audit 4. Very adherence to compliance standards
5. Offer opinion on validity of calculated risk
committee (2) metrics like VaR
6. Validate pricing model for managing market
risk
7. Offer opinion on model assumption
(volatility, correlation)
8. Further ref: Institute of Internal Auditors
2017 revised set of standards (country
specific)