Foundation of

risk
management
The Governance of Risk Management
 Corporate Governance

The Governance Regulation

of Risk Corporate Governance after crisis 2009

Management Board of director best practices

Interdependence of functional units

Risk governance implementation

  Agency risk
 Series of processes to operate a
business
Corporate  Involves shareholders, senior
governance management and ultimately BoD
 Well-defined after high profile CG
Enron 2001, WorldCom 2002
  Turnbull report
Regulation  Sarbanes Oxley Act 2003 (SOX)
 Europe: voluntary
 CEO and CFO: personal verify and certify
accuracy of financial filings with SEC and all
disclosures

BoD and audit committee

Require certain internal composition
Deficiencies must be
control disclosed to investors and
regulators

SOX
Reporting procedure and internal controls
must be audited annually

Member names must be

disclosed publicly
Audit committee Understand accounting
principles, financial statement
Have audit experienced
 CG  Key lessons for banking industry
 Basel committee Banking
after Supervision (BCBS)
 BCBS 2015 guidelines for banking

crisis sector Risk management

 Dodd-Frank Act 2010

2009  Europe
 • Stakeholder priority: diverse, competing needs,
challenge to RM
• Board composition: good or not  no difference,
external forces too strong to mitigate
• Board risk oversight
Key lessons • Board members need to proactive in RM process
• Education for board members is necessary (link to RM
for banking infrastructure)
• Risk appetite
industry • Board needs to clearly articulate and communicate to
stakeholders
• Risk budget  translated to enterprise level risk limit
system
• Compensation: board should not incentivize undesired
risk-taking behavior
 • Basel committee Banking Supervision
• Banking regulators from 27 jurisdictions
Basel • Not legally binding
committee • Basel I (1988): Capital Adequacy Ratio (CAR)
8%  
Banking • Basel II (2006)
Supervision • Include both trading and lending
(BCBS) (1) • Disclosure suggestions, standards for
bank supervision by regulators
 • Basel III
• Born in direct response to 2007-2009
Basel crisis
committee • Factors both company specific and
market level risk
Banking • Capital – Tier 1 – common equity +
Supervision retained earnings
(BCBS) (2) • Liquidity coverage ratio: highly liquid
assets to fun 30 day’s cash needs
• Net stable funding ratio: 1-year stable
cash flow to fund required operations
 • Basel III
• Macroprudential overlay: 5 elements
Basel a. Leverage ratio of at least 3% - Tier 1 capital / total
consolidated assets
committee b. Countercyclical capital buffer

Banking c. Set minimum total loss-absorbing capital standards for GSI

banks (global Systematically Important)

Supervision d. Clear trades centrally as much as possible

e. Risk modeling and stress testing: capture tail risk
(BCBS) (3) • 2016 FRTB
• Fundamental Review of the Trading Book
• Market risk exposures through trading desks in derivatives
and other complex financial assets
 i. Board composition: qualified (knowledge and skillset)
ii. Policies of the board for its own operation that reinforce objectives
iii. Responsibilities of BoD:
1. Oversee implementation of risk appetite, strategic objectives,

BCBS 2015
governance framework
2. Governance for a conglomerate: board of parent firm needs to have
oversight over all members
guidelines 3. Risk identification, monitoring and control
4. Risk communication: to all levels of firm

for banking 5. Compensation: board should organize and supervise

6. Disclosure of RM process to stakeholders

sector Risk 7. Compliance

iv. Senior mgmt. (CEO, CFP, CRO, COO): conduct day to day operations

management to strategy approved by the board

v. RM function
1. Independent function
2. Supervised by CRO
3. Reports to board
vi. Internal audit: periodic, to inform progress on RM to board
 Background
• Before 1999: Glass-Steagall Act
• Prohibited commercial banks from investment
banking divisions

Dodd-Frank • To protect depositors from trading volatility

• 1999: Graham-Leach-Bliley Act
Act 2010 • Removed the barrier
• Permitted financial services holding companies
(1) • Combine commercial, investment, insurance, broker
dealer under same umbrella  Bear Sterns, Merrill
Lynch, Lehman Brothers
• 2010: Dodd-Frank Act
 7 key elements
1.Strengthen the Fed: Oversight over Systematically
Important financial Institutions (SIFIs) $50b asset
2.End “too big to fail”: created orderly liquidation
Dodd-Frank authority
3.Resolution plan: all SIFIs submit a “living will” to
Act 2010 Fed (plan if distress)
(2) 4.Derivatives markets: more transparency, reducing
counterparty risk
5.The Volker Rule:
1. Re impose Glass Steagall
2. Prohibits banks from proprietary trading
 7 key elements
6. Consumer protection:
• Set up consumer financial protection bureau to

Dodd-Frank regulate consumer facing financial products

7. Stress testing:
Act 2010 • Robust and dynamic
• Top-down approach (macroeconomic shocks and
(3) impacts on risks)
• Incorporate in liquidity planning
• Results evaluated at
• Bank level
• Economy level by Fed
 Supervisory review and
Evaluation Process
Europe • Dodd Frank replica
• Requires stress testing and
forward-looking basis
BoD best  Corporate governance

practices  Risk management

 • Majority of BoD is independent from
management
• All should possess basic knowledge of
firm’s business and industry (can be
Corporate trained before joining)
• Shareholders evolved to stakeholders’
governance best interest
• CEO # president
• Introduction to CRO
• Compensation plan: long term goals, claw
back provision
 Risk appetite
• Enterprise level: clearly articulated

Risk • Must be consistent with business strategy

• Board (risk committee) sets risk appetite 

management
translate to risk limits
• Risk limits
• At asset class and business unit levels
(1) • Monitored through stress testing and VaR
• There’s a margin for error

Determine strategy for known risks

(retained, avoided, mitigated, transferred)
 Maintain
1. CRO
a. Day to day supervision – reports directly to CEO
b. With ongoing access to full board
c. Liaison between board and senior mgmt.
d. Sit on senior risk mgmt team (CEO, CFO, treasurer chief compliance
officer, executives)

Risk e. Hard to balance btw biz opportunities and risk limits: profitable
but beyond risk limit
f. Can approve

management • Temporary breaches of risk limits

• Within tolerance brands
g. Risk limit breaches request

(2) • Should be in writing

• Presented to risk committee for awareness and review
2. Risk committee
3. Compensation committee: connect to
a. Risk appetite
b. Risk committee
4. Audit committee: independent
 Interdependence of functional units

Finance and
Senior management Business unit level RM function
operation functions
• Assisted by risk • Implement approved • Execute risk • Led by CRO
committee risk policy mitigation and • Monitors risk limits
• Set firm’s risk • Identify exceptions transfer and controls
appetite • Analyze current RM • Manages RM
• Designs and tools to ensure risk process
oversees risk policy limits are • Communicates with
• Evaluate maintained senior mgmt. and
performance relative • Help in the risk risk committee
to risk limits business planning
  Risk advisory director
Risk  Board’s duties
governance  RM committee

implementation  Compensation committee

 Audit committee
 Attend risk committee
Meets with senior
and audit committee
Risk advisory to provide guidance
mgmt. regularly

director
Role: educating on
Liaise btw board and
best practices in both
mgmt.
CG and RM
 RM policies and internal controls

Risk appetite and its impact on strategy

Board’s duties:
review and Financial statement and disclosure, periodic
analyze RM reports, internal and external reports
Related parties’ transactions

Industry’s CG and RM best practices

 Independently monitor
Setting risk appetite
ongoing RM

RM committee Maintain contact with

internal and external
auditors to ensure Supervise all known risks
compliance with regulation
and internal risk limits

Approve high-level risk

decisions eg. Approve credit
facilities above limits or
some threshold
 • Deferred payment till LT results are
known
• Claw backs of previous bonuses if LT
Compensation results not consistent with ST
• Bonus bonds
committee (1) • Used by Swiss Bank, UBS
• Executives will lose bonus bond if
regulatory capital ratios fall
below 7.5%
• Should reinforce risk appetite
 • G20 reforms
a.Eliminate multiyear bonus
guarantees
b.Symmetrical compensation
i. Avoid asymmetric bonus
Compensation structure
ii. Deferred payment and claw
committee (2) back provisions
c. Limit incentive-based compensation
d.Disclosure to make compensation
packages transparent for
stakeholders
e.Independent
f. Bonus bond
Audit committee (1)

Responsible for
• Financial statement and regulatory reporting requirements
• RM process: to ensure board’s policies are being followed and
sufficient to monitor and control risks

Requirements
• Independence but should work with mgmt. frequently
• All members need financial knowledge
• Ability to ask probing and relevant questions
 Internal auditors
1. Report to audit committee
2. Monitoring RM procedures, tracking
progress of existing systems
3. Affirming the efficacy of existing policies,
systems
Audit 4. Very adherence to compliance standards
5. Offer opinion on validity of calculated risk
committee (2) metrics like VaR
6. Validate pricing model for managing market
risk
7. Offer opinion on model assumption
(volatility, correlation)
8. Further ref: Institute of Internal Auditors
2017 revised set of standards (country
specific)