Building out a Robust and
Efficient Risk Management
Provided by Alan Cheung,MBA,CFE,CEH
Purpose
• In this workshop training, we will cover the
following:
List of key activities related to credit portfolio, risk
reporting, credit risk coordination, and market risk
Important elements use to verify the efficiency of
credit risk rating systems
Imperfection of measuring risk using Value-at-Risk
(VaR) calculation
Credit Risk
• Reviewing Credit Portfolio
 Evaluate credit monitoring procedures, annual reviews, and risk ratings.
 Determine all ‘Watchlist’ and non-performing loans book in an entity are
properly monitored.
 Credit approvals – verifying that credit applications are properly approved and
any subject to the conditions are satisfied.
 Credit documentation – evaluate the completeness of credit and legal files, as
well as controls over safe keeping of legal and credit documentation.
Structured Product
-Credit Derivatives are off-balance sheet financial statements that permit one party
to transfer the risk of a reference asset, which it typically owns, to another one
party (the guarantor) without actually selling the assets.
-Through the use of Credit Derivatives, a financial institution can acquire new credit
risk or hedge on existing one. For example, TROR is consist of an agreement by one
counterparty to pay the total rate of return on a public by the traded asset, in
exchange for stream of payments reflecting LIBOR plus a negotiated spread
received from the other counterparty.
Risk Management –
Capital Market
 Monitoring of risk exposures developed in financial institution with
objective of enhancing the overall efficiency of the control
framework;
 Approve the credit risk (client ratings, transactions, individual credit
applications and Global limits) after initial approval by the
concerned operational managers;
 Collaborate with business lines to develop standardized calculation
models for risk exposures in respect of products and trading
activities, while taking account of settlement and collateralization
effects;
 Perform monitoring and reporting for major risks, counterparties on
the watch list and provisions;
 Operates and/or develops information systems used to calculate
and monitor risk exposures in respect of financial institutional and
market counterparties.
Market Risks
 Maintain continuous monitoring (independent from the Front
Office) of positions and risk exposures arising from the Group’s
trading activities; verifies that positions and exposures are within
set limits;
 Establish the appropriate set of limits, approval and escalation
process;
 Define methodologies (VaR, sensitivity, stress testing, …etc.),
validates valuation models, verifies market parameters, establishes
risk monitoring procedures and determines reserves;
 Defines the functionalities and supervises the development of
databases and information systems used to measure market risk;
 Generate consolidated view of reporting for regulatory authorities
(e.g. FBNY, FSB) in respect of capital requirements for market risk
and counterparty risk. It is important to have continuously
monitoring and ensuring the reliability of reporting.
Credit Risk Rating Systems and Capital
Requirements
 Implementation and enforcement of governance rules for the Group’s credit risk rating
system:
 Development of cross-disciplinary models for use by multiple Business Divisions;
 Standardization and validation of methods and models used within the Group;
and,
 Establishment of performance reporting on the internal rating system.
 Definition and functionality of methodology for calculation of economic and
regulatory capital for various categories of risk (e.g. credit, operational).
 Definition of methods for the measurement of capital by risk exposures,
 Facilitation and contribution to various project initiatives within the Risk Group
for capital measurement (stress testing, portfolio analysis,…etc.)
 Definition of related key processes
 Determine key requirements (e.g. tools & process models) and regulatory
constraints,
 Coordinates and facilitates between Operations, Model, and Risk teams,
projects to create or upgrade processes, notably including efforts to use risk
management modelling in banking environments.
Support for Management Efforts
 Establish a working group led by Operational Risk to coordinate the
Firm’s response to a ‘potential’ risk event;
 Incorporate key infrastructure areas (e.g. Financial Risk
Management, Operations and Independent Validation
team/Product Control);
 The aim of the working group is to identify and review key controls
on a firm-wide basis, encompassing;
 The substance of existing reports, and their approval and escalation
procedures;
 Existence of any large positions; and,
 Other areas which may be subject to this type of activity.
 The Board Risk Management Committee should request that IAD
undertake issues assurance of any remedial activities of the working
group. In addition, IAD will provide management any information
required as a result of previous audits and issues assurance work.
Imperfection of Value at Risk (VaR)
Below is a summary of proposed audit coverage for trading desk across business units globally
due to imperfection of measuring risk using VaR calculation.
Business Area Parameters Comments
Daily Calculation of VaR
(not monthly)
Prices
Correlation
measures
Greek
scenarios
Prices and correlation may not
always be available on the
open markets
Counterparty Risk
Analysis
Credit Default
swaps
Credit Spread Recovery rate
Must not exceed specific
thresholds
Trend Analysis
MTM on
exposure
Dashboards
Reference on
CBOE
Determine if the patterns are
aligned with the business line
strategies and risk appetite
Valuation
Income
Attribution
Independent
Price
Verification
Pricing
Models
All price changes/inputs must
be reflected accurately to the
P&L with support.
Market Risk Limits Limits Thresholds
Change
Management
Determine the limit breaches
are increasing exposure bets.
Risk Management –
Credit & Market Risks
What uniquely distinguishes large financial institutions from
other companies is their role in risk transfer and risk
management.
As Walter Wriston famously said: “…managing risk … is the
business of banking.”
Attributed to Walter Wriston, ex-CEO and Chairman of CitiCorp by the Economist in 1993 (“Survey of International Bankers: A
comedy of errors” April 1993) though other sources also attribute the quote to John Pierpoint Morgan.
Market Risk Credit Risk
The bank’s assets are mostly invested in loans and
securities (about 90% of average assets). These loans
and securities have differing interest rate structures –
some are fixed and some are floating. They also have
different set of maturities.
The bank’s liabilities, deposits and borrowings also
have differing maturities and interest rate
characteristics. If the bank’s (asset-based) interest
income structure is not properly aligned with the
(liability-based) interest expense structure, the result is
interest rate risk.
Market risk involves calculating risk that the value of a
portfolio, either an investment portfolio or a trading
portfolio, will decrease due to the change in value of
the market risk factors.
Credit risk involves going through the financials of the
clients and analyzing them with debt ratios ...etc. to
determine credit quality.
Market risk focuses more on the trading desk's
activities and stress testing/sensitivity analysis of
current and prospective trades.
Credit risk involves looking at the financial statements
of the company and analyzing their industry (e.g. Issuer
credit risk requires a detailed understanding of how
cash flows through a company and how leverage
affects company health).
Market risk is typically measured over very short time
periods (daily).
Credit risk is typically measured over a long time
horizon (annually).
The five “C’s” of Credit - Capital, Capacity, Conditions,
Collateral, and Character.
Key Differences between Market Risk vs. Credit Risk
http://Independentaudit.com
Risk Management
Challenges in Credit and Market Risk
Areas
• The front office has sometimes breach assigned limits – this is particularly important
because banks and large financial institutions have historically operated some proprietary
trading or principal trading businesses which required close supervision given the risks
being taken.
• Losses in the US structured credit business suggest that the business did not fully assess
the risk taken on (although the market volatility was unusually high).
• The real estate portfolio in certain business units, for example, in Portugal, Ireland, Greece,
and Spain, became overly leveraged and concentrated in property and construction.
• Missing the appropriate monitoring and escalation process for timely alerts and awareness
of the potential limit breaches to senior management.
• Lack of senior management oversight and governance over market risk stress testing.
• Incomplete review of stress methodologies, including VaR and Non-VaR type.
• Data integrity and manual intervention processing.
http://dilbert.com
Risk Management
How management should address
Credit and Market Risks?
 Reinforcing the risk culture and business ownership of risk and
embedding the risk appetite
 Define the process for managing the control environment (e.g.
create an internal control and assurance framework and key risk
policies)
 Provide a common language of risk terminology
 Assign accountability for risks
 Focus on ensuring the framework covers all risk types and articulates
responsibilities
 Strengthening the control functions
Audit Considerations on Credit
and Market Risks
 Development of a formal risk appetite process for financial risks
 The establishment of authorities, limits and governance (e.g. policies
and procedures)
 Develop credit portfolio analytics
 Joint sign-off between market and credit risk
 Integrated daily Value at Risk (VaR) production
 Stress testing
 Reporting/Escalation
Risk Management: Challenges and
Opportunities
• Internal Audit Resources
‒ Training the auditors
‒ Recruiting subject matter expertise, e.g., model risk experts, quants, actuaries
‒ Using Data Analytics
• Increasing and changing regulatory expectations
• Blurring of the 1st and 2nd Line – Risk Management as a process owner
• Risk Management as an assurance partner
• Risk Convergence vs. Auditor Independence
• Beyond looking at the controls
• Internal Audit as the 3rd Line of Defense - Effective Challenge
• Be relevant

Building out a Robust and Efficient Risk Management - Alan Cheung

  • 1.
    Building out aRobust and Efficient Risk Management Provided by Alan Cheung,MBA,CFE,CEH
  • 2.
    Purpose • In thisworkshop training, we will cover the following: List of key activities related to credit portfolio, risk reporting, credit risk coordination, and market risk Important elements use to verify the efficiency of credit risk rating systems Imperfection of measuring risk using Value-at-Risk (VaR) calculation
  • 3.
    Credit Risk • ReviewingCredit Portfolio  Evaluate credit monitoring procedures, annual reviews, and risk ratings.  Determine all ‘Watchlist’ and non-performing loans book in an entity are properly monitored.  Credit approvals – verifying that credit applications are properly approved and any subject to the conditions are satisfied.  Credit documentation – evaluate the completeness of credit and legal files, as well as controls over safe keeping of legal and credit documentation. Structured Product -Credit Derivatives are off-balance sheet financial statements that permit one party to transfer the risk of a reference asset, which it typically owns, to another one party (the guarantor) without actually selling the assets. -Through the use of Credit Derivatives, a financial institution can acquire new credit risk or hedge on existing one. For example, TROR is consist of an agreement by one counterparty to pay the total rate of return on a public by the traded asset, in exchange for stream of payments reflecting LIBOR plus a negotiated spread received from the other counterparty.
  • 4.
    Risk Management – CapitalMarket  Monitoring of risk exposures developed in financial institution with objective of enhancing the overall efficiency of the control framework;  Approve the credit risk (client ratings, transactions, individual credit applications and Global limits) after initial approval by the concerned operational managers;  Collaborate with business lines to develop standardized calculation models for risk exposures in respect of products and trading activities, while taking account of settlement and collateralization effects;  Perform monitoring and reporting for major risks, counterparties on the watch list and provisions;  Operates and/or develops information systems used to calculate and monitor risk exposures in respect of financial institutional and market counterparties.
  • 5.
    Market Risks  Maintaincontinuous monitoring (independent from the Front Office) of positions and risk exposures arising from the Group’s trading activities; verifies that positions and exposures are within set limits;  Establish the appropriate set of limits, approval and escalation process;  Define methodologies (VaR, sensitivity, stress testing, …etc.), validates valuation models, verifies market parameters, establishes risk monitoring procedures and determines reserves;  Defines the functionalities and supervises the development of databases and information systems used to measure market risk;  Generate consolidated view of reporting for regulatory authorities (e.g. FBNY, FSB) in respect of capital requirements for market risk and counterparty risk. It is important to have continuously monitoring and ensuring the reliability of reporting.
  • 6.
    Credit Risk RatingSystems and Capital Requirements  Implementation and enforcement of governance rules for the Group’s credit risk rating system:  Development of cross-disciplinary models for use by multiple Business Divisions;  Standardization and validation of methods and models used within the Group; and,  Establishment of performance reporting on the internal rating system.  Definition and functionality of methodology for calculation of economic and regulatory capital for various categories of risk (e.g. credit, operational).  Definition of methods for the measurement of capital by risk exposures,  Facilitation and contribution to various project initiatives within the Risk Group for capital measurement (stress testing, portfolio analysis,…etc.)  Definition of related key processes  Determine key requirements (e.g. tools & process models) and regulatory constraints,  Coordinates and facilitates between Operations, Model, and Risk teams, projects to create or upgrade processes, notably including efforts to use risk management modelling in banking environments.
  • 7.
    Support for ManagementEfforts  Establish a working group led by Operational Risk to coordinate the Firm’s response to a ‘potential’ risk event;  Incorporate key infrastructure areas (e.g. Financial Risk Management, Operations and Independent Validation team/Product Control);  The aim of the working group is to identify and review key controls on a firm-wide basis, encompassing;  The substance of existing reports, and their approval and escalation procedures;  Existence of any large positions; and,  Other areas which may be subject to this type of activity.  The Board Risk Management Committee should request that IAD undertake issues assurance of any remedial activities of the working group. In addition, IAD will provide management any information required as a result of previous audits and issues assurance work.
  • 8.
    Imperfection of Valueat Risk (VaR) Below is a summary of proposed audit coverage for trading desk across business units globally due to imperfection of measuring risk using VaR calculation. Business Area Parameters Comments Daily Calculation of VaR (not monthly) Prices Correlation measures Greek scenarios Prices and correlation may not always be available on the open markets Counterparty Risk Analysis Credit Default swaps Credit Spread Recovery rate Must not exceed specific thresholds Trend Analysis MTM on exposure Dashboards Reference on CBOE Determine if the patterns are aligned with the business line strategies and risk appetite Valuation Income Attribution Independent Price Verification Pricing Models All price changes/inputs must be reflected accurately to the P&L with support. Market Risk Limits Limits Thresholds Change Management Determine the limit breaches are increasing exposure bets.
  • 9.
    Risk Management – Credit& Market Risks What uniquely distinguishes large financial institutions from other companies is their role in risk transfer and risk management. As Walter Wriston famously said: “…managing risk … is the business of banking.” Attributed to Walter Wriston, ex-CEO and Chairman of CitiCorp by the Economist in 1993 (“Survey of International Bankers: A comedy of errors” April 1993) though other sources also attribute the quote to John Pierpoint Morgan.
  • 10.
    Market Risk CreditRisk The bank’s assets are mostly invested in loans and securities (about 90% of average assets). These loans and securities have differing interest rate structures – some are fixed and some are floating. They also have different set of maturities. The bank’s liabilities, deposits and borrowings also have differing maturities and interest rate characteristics. If the bank’s (asset-based) interest income structure is not properly aligned with the (liability-based) interest expense structure, the result is interest rate risk. Market risk involves calculating risk that the value of a portfolio, either an investment portfolio or a trading portfolio, will decrease due to the change in value of the market risk factors. Credit risk involves going through the financials of the clients and analyzing them with debt ratios ...etc. to determine credit quality. Market risk focuses more on the trading desk's activities and stress testing/sensitivity analysis of current and prospective trades. Credit risk involves looking at the financial statements of the company and analyzing their industry (e.g. Issuer credit risk requires a detailed understanding of how cash flows through a company and how leverage affects company health). Market risk is typically measured over very short time periods (daily). Credit risk is typically measured over a long time horizon (annually). The five “C’s” of Credit - Capital, Capacity, Conditions, Collateral, and Character. Key Differences between Market Risk vs. Credit Risk
  • 11.
  • 12.
    Challenges in Creditand Market Risk Areas • The front office has sometimes breach assigned limits – this is particularly important because banks and large financial institutions have historically operated some proprietary trading or principal trading businesses which required close supervision given the risks being taken. • Losses in the US structured credit business suggest that the business did not fully assess the risk taken on (although the market volatility was unusually high). • The real estate portfolio in certain business units, for example, in Portugal, Ireland, Greece, and Spain, became overly leveraged and concentrated in property and construction. • Missing the appropriate monitoring and escalation process for timely alerts and awareness of the potential limit breaches to senior management. • Lack of senior management oversight and governance over market risk stress testing. • Incomplete review of stress methodologies, including VaR and Non-VaR type. • Data integrity and manual intervention processing.
  • 13.
  • 14.
    How management shouldaddress Credit and Market Risks?  Reinforcing the risk culture and business ownership of risk and embedding the risk appetite  Define the process for managing the control environment (e.g. create an internal control and assurance framework and key risk policies)  Provide a common language of risk terminology  Assign accountability for risks  Focus on ensuring the framework covers all risk types and articulates responsibilities  Strengthening the control functions
  • 15.
    Audit Considerations onCredit and Market Risks  Development of a formal risk appetite process for financial risks  The establishment of authorities, limits and governance (e.g. policies and procedures)  Develop credit portfolio analytics  Joint sign-off between market and credit risk  Integrated daily Value at Risk (VaR) production  Stress testing  Reporting/Escalation
  • 16.
    Risk Management: Challengesand Opportunities • Internal Audit Resources ‒ Training the auditors ‒ Recruiting subject matter expertise, e.g., model risk experts, quants, actuaries ‒ Using Data Analytics • Increasing and changing regulatory expectations • Blurring of the 1st and 2nd Line – Risk Management as a process owner • Risk Management as an assurance partner • Risk Convergence vs. Auditor Independence • Beyond looking at the controls • Internal Audit as the 3rd Line of Defense - Effective Challenge • Be relevant