SlideShare a Scribd company logo
Risk Management in Banks
Kristi Rohtsalu, May 2024
Overview
Introductory remarks
Risk is at the heart of banking – and so is risk management. In a regulated bank, it is crucial to take a holistic view:
• From economic perspective, see risk as cost of doing business, and risk management as the way to control and (possibly) lower that cost.
• From normative perspective, meet the regulatory requirements to protect the banking license.
• See economic and normative perspective as complementary to each other.
This material gives an overview of the enterprise risk management in banks; specifics by risk type – credit risk, market risk, operational risk,
liquidity risk and other relevant risks – are not discussed here. Considerations only relevant to systemically important banks are not covered; the
focus is on smaller and less complex banks. Regulatory topics refer to the regulatory frameworks as applied in the European Union, including
but not limited to Capital Requirements Directive (CRD IV) and Capital Requirements Regulation (CRR), and Bank Recovery and Resolution
Directive (BRRD).
The term ‘bank’ also refers to the banking group. ‘Institution’ is a more general term which covers banks and other institutions for which CRD
IV, CRR and BRRD apply; therefore, the term is used in the regulatory documents, guidelines and technical standards.
‘Senior management’ refers to the management body in its management function. ‘Supervisory board’ or ‘Board’ refers to the management
body in its supervisory function. These terms should be interpreted in accordance with the applicable law and organization structure.
2
Contents
• Risks in banking
• Risk management process and risk culture
• Risk Appetite Framework (RAF)
• Principle of proportionality and risk-based approach to risk management
• Risk governance and -organization
• Basel III and reporting frameworks
• The three pillars of Basel III
• Regulatory capital and liquidity adequacy ratios
• COREP and FINREP
• Regulatory processes
• Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Assessment Process (ILAAP)
• Supervisory Review and Evaluation Process (SREP)
• Recovery planning
• Stress testing and stress testing programs
• Inserting risk management considerations into credit pricing
• Appendices
• Abbreviations
• Links and references
3
Risks in banking
4
What is risk (in business and in banking)?
• In general terms, risk is cost of doing business.
• In financial terms, risk is the potential negative
impact to the value of business.
• For practical purposes, risk can also be defined as a
potential negative deviation from the expected
financial results. In that sense:
• Expected loss (EL) does not represent a risk,
because it is expected and therefore
provisioned.
• The risk lies in the unexpected loss (UL)
which is the negative deviation from the
expected loss.
• Risk is to be covered with adequate amounts of
capital and liquid assets such as cash.
• …And here we go again: cost of capital and
cost of liquidity factor in as costs of doing
business (besides other expenses).
5
Expected and Unexpected Loss in economic capital model
Risks in today’s banking (illustration)*
6
• Capital risk: Insufficient level or composition of capital to cover applicable capital requirements and support business activities under normal economic environments or stressed
conditions
• Credit risk: The risk that a counterparty fails to meet its obligations towards the bank and that the pledged collateral does not cover the claims
• Market risk, incl. interest rate risk in banking book (IRRBB): The risk to value, earnings, capital or exposure arising from movements of risk factors in financial markets
• Liquidity & funding risk: The risk of not being able to meet payment obligations and support business activities without incurring considerable additional costs for obtaining funds
or losses due to asset fire-sales
• Operational risk: The risk of losses, business process disruptions and negative reputational impact resulting from inadequate or failed internal processes, human errors and
systems, or from external events; sub-types of operational risk include (but are not limited to) the following:
• Process risk
• People risk aka personnel risk
• ICT & Information security risks
• AI risk & model risk
• Third-party / outsourcing risk
• Legal risk
• External fraud risk
• Regulatory compliance risk, incl. conduct risk and ML/TF risk: The risk of failure to fulfil and meet the external and internal regulations applicable to the licensed operations
• Strategic and business risk: Risk of losses, including in the form of foregone revenues or additional costs, due to failed business model, poor strategical planning and/or decisions,
or due to poor reputation not supporting strategic goals
• ESG risk: The risk of any current or prospective negative impact stemming from Environmental, Social or Governance (ESG) factors
• Reputation risk: Risk of losing reputation as a negative consequence resulting from the realization of one or several main risks
* This is an illustration only. Risk taxonomy may be different for different banks. One should also note interconnectedness of different risks as well as risk
concentrations.
Risk management process and risk culture
7
Risk management process
8
Identify
(‘gross
approach’)
Assess &
Measure
Manage &
Mitigate
Monitor
Report
• Business model analysis
• Evaluating specific products and services
• Evaluating internal processes and systems
• Evaluating external environment
• Stress testing to include forward-looking
perspective
Estimation of the likelihood and
potential impact:
• Qualitative analysis
• Quantitative assessment
Strategies to manage, mitigate
and/or eliminate risks, e.g.:
• Implementing control measures
• Improving processes
• Investing into technology
• Transferring risks through insurance
Monitor and review continually a)
inherent risks, and b) effectiveness
of risk mitigation strategies
Regular and ad hoc reporting (as
required) to management bodies
and other relevant stakeholders:
• Current risks
• Emerging risks
• Breaches of risk limits
• Effectiveness of risk management
framework • Risk taxonomy
• Definition of
‘material’ risk
• Risk inventory
Risk culture
• Risk culture is a term describing the
values, beliefs, knowledge, attitudes
and understanding about risk shared
by a group of people with a common
purpose.
• An effective risk culture is one that
enables and rewards individuals and
groups for taking the right risks in an
informed manner.
• In promoting a sound risk culture,
tone from the top plays a crucial role.
9
Risk culture
Organizational
culture
Behaviors
Personal
ethics
Personal
predisposition
to risk
Risk Culture Framework as designed by Institute of Risk Management
[WWW] https://www.theirm.org/what-we-say/thought-leadership/risk-culture/
Risk Appetite Framework (RAF)
10
Risk Appetite Framework is a strategic tool to reinforce strong risk culture, which in turn is critical for sound
risk management.
Key definitions of RAF
Risk appetite: The aggregate level and types of risk a financial institution is willing to assume within its risk capacity to achieve its strategic
objectives and business plan.
Risk Appetite
Framework
(RAF):
The overall approach, including policies, processes, controls, and systems through which risk appetite is established,
communicated, and monitored. It includes a risk appetite statement, risk limits, and an outline of the roles and responsibilities
of those overseeing the implementation and monitoring of the RAF.
Risk Appetite
Statement:
The articulation in written form of the aggregate level and types of risk that a financial institution is willing to accept, or to
avoid, in order to achieve its business objectives. It includes qualitative statements as well as quantitative measures expressed
relative to earnings, capital, risk measures, liquidity and other relevant measures as appropriate.
Risk capacity: The maximum level of risk a financial institution is able to assume given its capital base, its risk management and control
capabilities, and its regulatory constraints.
Risk limits: Quantitative measures based on forward looking assumptions that allocate the financial institution’s aggregate risk appetite
statement (e.g. measure of loss or negative events) to business lines, legal entities, specific risk categories, concentrations, and
as appropriate, other levels.
Risk profile: Point in time assessment of the financial institution’s gross and, as appropriate, net risk exposures (after taking into account
mitigants) aggregated within and across each relevant risk category based on forward looking assumptions.
Risk tolerance: The types of risks and levels of those risks that the financial institution does not intentionally expose itself to, but
accepts/tolerates.
11
Key definitions of RAF, illustration
12
Risk appetite
Risk tolerance
Risk capacity
Actual risk profile is
within risk appetite
Actual risk profile
exceeds risk appetite,
yet is acceptable (i.e.:
remains below risk
tolerance level)
Actual risk profile
exceeds risk
tolerance, yet is
tolerable (i.e.:
remains below risk
capacity level)
Actual risk profile
exceeds risk capacity:
recovery or the end of
story
Why do banks have to have a formalized Risk Appetite Framework?
“Children sometimes eat too much. Their eyes can be bigger than their stomachs. The result can be quite
unpleasant. For banks, it’s much the same. They sometimes take on more risk than they can stomach. The
results, however, can be worse than just a bellyache. Banks that take on too much risk can get into financial
trouble and fail, and, in some cases, they might even damage other banks and the economy.”
– Quote from speech by Danièle Nouy, Chair of the Supervisory Board of the ECB, International Conference on Banks’ Risk
Appetite Frameworks, Ljubljana, 10 April 2018
13
As compared to ‘normal’ private companies, banks are different: even banks in private ownership are kind of
quasi-private. This is because if a bank fails, this may easily become a problem in wider economy; fragility is
built into today’s financial system and requires careful balancing.
Designing RAF in five steps (one iteration*)
14
Step 1:
Identify all
material
risks.
Step 2: In the
Risk Appetite
Statement, spell
out how much
risk, and what
kind, you are
willing to take
on.
Step 3: Determine
risk capacity. How
much risk you can
actually stomach?
Step 4: Set risk
appetite limits by
business lines,
legal entity levels,
specific risk
categories, etc.
Step 5: Set up
policies,
processes,
controls and
systems for
implementation
and monitoring of
the RAF
Risk appetite may need
adjustment, given the
risk capacity.
* The development and establishment of an effective RAF is an iterative and evolutionary process that requires ongoing dialogue throughout the bank to attain
buy-in across the organization.
RAF – How to make it work?*
15
1. Effective governance and
tone from the top
- Establishment and
oversight by the Board
- Developed by the CRO, in
collaboration of the CEO,
CFO and relevant
stakeholders
- Board members and senior
management acting as role
models for the risk culture
3. Effective communication
- Risk Appetite Statement is
easy to communicate and
easy to understand
- Clear communication,
including communication of
roles and responsibilities of
all parties
5. Monitoring and
reporting
- The RAF should establish
the process for monitoring
and reporting, as well as
procedures for escalation
and cascading of limits.
- Tool: Risk Appetite
Dashboard
4. Alignment with
remuneration schemes
For example: if the
(intentional) action of an
employee leads to a breach
of risk limits, this might also
impact his or her
remuneration.
6. Stable over time, yet
agile and dynamic
The RAF should facilitate
timely management action
to respond to emerging risks
in the business and
externally.
2. Linkages to strategy and
structural processes, incl.
financial planning, capital
and liquidity planning,
contingency and business
continuity planning,
recovery planning, …
* Inspired by KPMG, “Insights: Leading practices for
Risk Appetite Frameworks” (October 2023)
Principle of proportionality and risk-based
approach to risk management
16
Principle of proportionality
• Banking regulations and regulatory guidelines are meant to be applied in a manner that is appropriate, taking into
account bank’s size and internal organization and the nature, scope and complexity of its activities.
• In banking supervision, banks are categorized into four SREP categories:
17
“The principle of proportionality is the idea that an action should not be more severe than is necessary.”
– Collins Dictionary
Put simply, when applied to risk management, principle of proportionality means focusing on what is of high risk rather than low
risk.
Category Description
1 Large institutions pursuant to Article 4(1), point (146) of Regulation (EU) No 575/2013, and other systemically important institutions if decided so
by the supervisor
2 Large institutions that are not classified under category ‘1’
Medium institutions with sizable cross-border activities and/or several business lines
Institutions with significant market shares in their lines of business
3 Small to medium institutions other than those in categories ‘1’, ‘2’ and ‘4’
4 Small and non-complex institutions pursuant to Article 4(1), point (145) of Regulation (EU) No 575/2013, and other small non-complex institutions
with limited scope and non-significant market share
Risk-based approach to risk management
• For risk-based approach to risk
management, all business functions,
supporting processes and information
assts should be classified in terms of
criticality and importance.
18
* Note that in Bank Recovery and Resolution Directive (BRRD), the
definition of ‘critical function’ is different than the one given here for
bank risk management purposes.
…secure
financial
performance
… secure
continuity of
banking
activities
A function is
critical*
and/or
important if
it is to…
… protect
banking
license
Risk governance and -organization
19
Tone from the top
• Risk management is not ‘contained’ in the unit(s) responsible for risk management and internal controls; it is everyone’s
responsibility. Yet it does not work without the tone from the top. Management body, including the Board and senior
management, retains overall responsibility for risks.
• The Board ensures that the institution-wide risk management framework is established. It defines and communicates
overall risk strategy and risk appetite as well as provides the foundation of a strong and sound risk culture and risk
awareness throughout the organization. It also, on a continuous basis, reviews and evaluates the effectiveness of the first
and second lines of defense risk management functions and assesses whether there are sufficient resources allocated in
that area.
• Board committees, first of all Risk Committee and/or Audit Committee are there to support and advise the Board.
• Senior management implements the risk strategy and risk appetite through internal rules and risk limit framework that
consists of limits, escalation triggers and key risk indicators.
• The head of the risk management function (CRO) ensures that all material risk are identified, measured and properly
reported. It delivers a complete view of the whole range of risks faced by the institution. CRO is actively involved in
elaborating the risk strategy and all material risk management decisions.
• The CRO shall not be removed without prior approval of the Board. The CRO shall be able to have direct access to the
Board where necessary. (Article 76, point (5) of Directive 2013/36/EU)
20
Risk organization and the three lines of defense
21
Risks
Supervisory board
Senior management
1st of defense:
Risk takers
Operative controls: Every
business unit is responsible for
identifying and managing the
risks inherent in the products,
activities, processes and systems
for which it is accountable.
Risk Ownership
2nd line of defense:
Risk management & Compliance
Ownership of the risk
management framework and
management of compliance risks:
• Risk policies, standards and
guidelines
• Stress testing and regulatory
processes
• Risk reporting
• Independent view regarding the
effectiveness of 1st line of defense
Risk Control
3rd line of defense:
Internal audit
Independent assurance to the
Board, supervisory authorities
and other interested parties of
the appropriateness of the
institution’s risk management
Auditors
Risk Assurance
Enforcement:
ECB
and
NCAs
Internal control
functions
Basel III and reporting frameworks
22
The three pillars of Basel III on capital and liquidity adequacy*
23
Basel III as imposed by CRD & CRR
Internal assessments on capital and
liquidity (ICAAP and ILAAP)
Supervisory Review and Evaluation
Process (SREP)
Pillar 2 requirements and guidance:
• Pillar 2 requirements on capital and/or
leverage (binding)
• Pillar 2 guidance on capital and/or
leverage (supervisory expectation)
• Pillar 2 liquidity requirements (e.g.:
buffer add-ons, cap on cash outflows,
supervisory minimum survival period)
Pillar 2:
Bank specific requirements
and guidance
Disclosure requirement (Pillar 3
report)
• Transparency for market
participants, concerning the banks
risk position (risk management,
detailed information on own
funds, etc.)
• Enhanced comparability among
banks
Pillar 3:
Market Discipline
Capital requirements:
• Base capital requirements: CET1,
Tier 1, Total Capital ratio
• Buffer requirements
• Base leverage ratio requirement
Liquidity requirements:
• Liquidity Coverage Ratio (LCR)
• Net Stable Funding Ratio (NSFR)
Pillar 1:
General minimum
requirements
* Requirements only applicable to systemically important banks are not included here.
Capital adequacy ratios
Total risk exposure amount (TREA) here refers to the risk-weighted exposure amount as defined in Article 92 of Regulation
(EU) No 575/2013. In other documents, TREA is also referred to as Risk-weighted Assets (RWA).
24
𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 𝑟𝑎𝑡𝑖𝑜 =
𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 (𝐶𝐸𝑇1)
𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 𝐴𝑚𝑜𝑢𝑛𝑡 (𝑇𝑅𝐸𝐴)
𝑇𝑖𝑒𝑟 1 𝑟𝑎𝑡𝑖𝑜 =
𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 𝐶𝐸𝑇1 + 𝐴𝑑𝑑𝑖𝑡𝑖𝑜𝑛𝑎𝑙 𝑇𝑖𝑒𝑟 1 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 (𝐴𝑇1)
𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 𝐴𝑚𝑜𝑢𝑛𝑡 (𝑇𝑅𝐸𝐴)
𝑇𝑜𝑡𝑎𝑙 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 𝑟𝑎𝑡𝑖𝑜 =
𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 𝐶𝐸𝑇1 + 𝐴𝑑𝑑𝑖𝑡𝑖𝑜𝑛𝑎𝑙 𝑇𝑖𝑒𝑟 1 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 𝐴𝑇1 + 𝑇𝑖𝑒𝑟 2 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 (𝑇2)
𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 𝐴𝑚𝑜𝑢𝑛𝑡 (𝑇𝑅𝐸𝐴)
Banking ‘stuff’: Capital adequacy ratios (example)*
25
* Buffers and other requirements only applicable to systemically important banks are not included in this example. Specific numbers, except the base capital
requirement, are for illustration purposes only as they depend on specific circumstances.
CET 1 capital ratio Tier 1 capital ratio Total capital ratio
To be met at all
times
Base capital requirement 4.50% 6.00% 8.00%
Pillar 2 capital charge 3.60% 3.60% 4.60%
Total SREP capital requirement 8.10% 9.60% 12.60%
Combined buffer
requirement
Capital conservation buffer 2.50% 2.50% 2.50%
Systemic risk buffer 0.00% 0.00% 0.00%
Countercyclical buffer 1.50% 1.50% 1.50%
Overall capital requirement 12.10% 13.60% 16.60%
Pillar 2 guidance 1.50% 1.50% 1.50%
Total supervisory expectation 13.60% 15.10% 18.10%
Management buffer (if any) 0.40% 0.90% 0.90%
Internal capital target 14.00% 16.00% 19.00%
Leverage ratio
Leverage ratio Pillar 1 requirement (LR):
26
𝐿𝑒𝑣𝑒𝑟𝑎𝑔𝑒 𝑟𝑎𝑡𝑖𝑜 =
𝑇𝑖𝑒𝑟 1 𝑐𝑎𝑝𝑖𝑡𝑎𝑙
𝑇𝑜𝑡𝑎𝑙 𝑙𝑒𝑣𝑒𝑟𝑎𝑔𝑒 𝑟𝑎𝑡𝑖𝑜 𝑒𝑥𝑝𝑜𝑠𝑢𝑟𝑒
≥ 3%
Total leverage ratio exposure includes assets and off-balance sheet items, irrespective of how
risky they are. I.e.: leverage ratio is not risk-based but serves as a simple backstop to risk-
weighted capital requirements.
[For banks with an elevated risk of leverage] Leverage ratio Pillar 2 requirement (P2R-LR) on
top of the Pillar 1 requirement (legally binding, determined as part of SREP):
Intended to capture contingent leverage risk originating from a bank extensively using off-
balance-sheet items, derivatives etc. as well as engaging in regulatory arbitrage and providing
step-in support.
[Bank-specific recommendation] Leverage ratio Pillar 2 guidance (P2G-LR) on top of the Pillar
2 requirement (not legally binding but reflects supervisory expectations, determined as part of
SREP):
Set for some banks, considering the depletion of the leverage ratio in the stress test.
Leverage ratio Pillar 2
Guidance (P2G-LR)
Leverage ratio Pillar 2
Requirement (P2R-LR)
Leverage ratio Pillar 1
Requirement (LR)
Liquidity Coverage Ratio (LCR) base requirement
27
𝐿𝐶𝑅 =
𝑆𝑡𝑜𝑐𝑘 𝑜𝑓 𝐻𝑖𝑔ℎ 𝑞𝑢𝑎𝑙𝑖𝑡𝑦 𝑙𝑖𝑞𝑢𝑖𝑑 𝑎𝑠𝑠𝑒𝑡𝑠 (𝐻𝑄𝐿𝐴)
𝑇𝑜𝑡𝑎𝑙 𝑛𝑒𝑡 𝑐𝑎𝑠ℎ 𝑜𝑢𝑡𝑓𝑙𝑜𝑤𝑠 𝑜𝑣𝑒𝑟 𝑡ℎ𝑒 𝑛𝑒𝑥𝑡 30 𝑐𝑎𝑙𝑒𝑛𝑑𝑎𝑟𝑑 𝑑𝑎𝑦𝑠
=
=
𝑆𝑡𝑜𝑐𝑘 𝑜𝑓 𝐻𝑖𝑔ℎ 𝑞𝑢𝑎𝑙𝑖𝑡𝑦 𝑙𝑖𝑞𝑢𝑖𝑑 𝑎𝑠𝑠𝑒𝑡𝑠 (𝐻𝑄𝐿𝐴)
𝐶𝑎𝑠ℎ 𝑂𝑢𝑡𝑓𝑙𝑜𝑤𝑠 (30 𝑑𝑎𝑦𝑠) − 𝐶𝑎𝑠ℎ 𝐼𝑛𝑓𝑙𝑜𝑤𝑠(30 𝑑𝑎𝑦𝑠)
≥ 100%
High-quality liquid assets (HQLA) are
cash and assets that can be easily and
immediately converted into cash
without significantly affecting their
market value, e.g.:
• Cash and balances with central
banks
• Highly-rated government bonds
Cash – Outflows, example: Cash – Inflows, example:
Outflow Outflow rate
(weight)
Outflow – Stable deposits 5%
Outflow – Less stable deposits 10%
Undrawn credit facilities 5%
Other contractual cash outflows 100%
Inflow Inflow rate
(weight)
Inflows from fully performing
exposures
50%
Other contractual cash inflows Varying rates
LCR aims to ensure that banks survive a period of significant liquidity stress lasting 30 calendar days. The LCR is not designed to
cover all tail events involving deposit outflows, such as bank runs; instead, it should ensure that banks can withstand a certain
liquidity stress scenario.
Net Stable Funding Ratio (NSFR) base requirement
28
𝑁𝑆𝐹𝑅 =
𝐴𝑣𝑎𝑖𝑙𝑎𝑏𝑙𝑒 𝑎𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝑠𝑡𝑎𝑏𝑙𝑒 𝑓𝑢𝑛𝑑𝑖𝑛𝑔 (𝐴𝑆𝐹)
𝑅𝑒𝑞𝑢𝑖𝑟𝑒𝑑 𝑎𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝑠𝑡𝑎𝑏𝑙𝑒 𝑓𝑢𝑛𝑑𝑖𝑛𝑔 (𝑅𝑆𝐹)
≥ 100%
NSFR seeks to ensure that banks maintain stable funding structure. It is the ratio of the available amount of stable funding to
the required amount of stable funding over the time horizon of one year.
NSFR, illustration based on simplified balance sheet:
Assets
Cash and balances with central
bank
Performing exposures
Illiquid assets, incl. non-
performing exposures
Category
Highly
liquid
Fairly
liquid
Illiquid
RSF weight
0%
50-85%
100%
Short term borrowing
Liabilities and Equity
Retail deposits
Long term borrowing &
Own funds
Category
Less
stable
Non stable
Stable
ASF weight
90-95%
0-50%
100%
Reporting frameworks
The EBA has developed two reporting
frameworks being:
• COmmon REPorting Standards
(COREP) that specify the capital
and liquidity information required,
applies to all credit institutions and
investment firms operating in the
EEA.
• FINancial REPorting Standards
(FINREP) that specify the financial
information required and apply to
all credit institutions that
consolidate their financial reports
based on IFRS.
29
COREP FINREP
• Liquidity Adequacy:
LCR and NSFR
• Capital Adequacy:
credit risk, market risk,
operational risk
• Leverage
• …
• Primary statements:
balance sheet, income
statement, comprehensive
income, cash flows, equity
• Disclosures of financial
assets and liabilities, off
balance sheet activities, ..
• Forbearance and non-
performance
• …
Regulatory processes:
ICAAP and ILAAP, and SREP
30
Internal Capital Adequacy Assessment Process (ICAAP) & Internal
Liquidity Assessment Process (ILAAP)
Regulatory aim: Making banks more resilient and avoiding adverse situations by encouraging banks
to reflect on their capital and liquidity risks in a structured way.
ICAAP/ILAAP principles as set out by the ECB:
Principle 1 – The management body is responsible for the sound governance of ICAAP/ILAAP.
Principle 2 – The ICAAP/ILAAP is an integral part of the overall management framework.
Principle 3 – The ICAAP/ILAAP contributes fundamentally to the continuity of the institution by ensuring
capital/liquidity adequacy from different perspectives.
Principle 4 – All material risks are identified and taken into account in ICAAP/ILAAP.
Principle 5 – The internal capital / liquidity buffers are of high quality and clearly defined; the stable sources of
funding are clearly defined.
Principle 6 – ICAAP/ILAAP risk quantification methodologies are adequate, consistent and independently
validated.
Principle 7 – Regular stress testing is aimed at ensuring capital/liquidity adequacy in adverse circumstances.
31
Two complementary pillars of ICAAP & ILAAP: the economic and the
normative perspective
32
• The economic perspective covers the full universe of risks that may have material impact to
capital and liquidity position. The perspective is not based on regulatory provisions; instead, it is
based on the economic value considerations and economic capital. The bank should remain
economically viable and follow its strategy.
• The normative perspective is a multi-year assessment of the institution’s ability to fulfil all of its
liquidity-related and capital-related (quantitative) regulatory and supervisory requirements and
demands, and to cope with other external financial constraints, on an ongoing basis.
• Economic and normative perspective should mutually inform each other:
• Projections under economic perspective are expected to feed into the projections under normative perspective.
• Conversely, outcomes of the normative perspective ought to inform economic perspective risk quantifications and
adjust or complement the later.
ICAAP example: capital requirements under normative internal
perspective
33
• In baseline scenario, both Pillar 1 and Pillar 2 requirements and guidance shall be met over the planning period. In adverse
scenario, total SREP capital requirement shall be met at all times. (See the figures below.)
• Projections of the future capital position under the normative perspective should be informed by the economic perspective
assessments: to which extent the risks identified and quantified under the economic perspective may impact own funds and
exposure amounts in future?
• The impact of upcoming changes in legal, regulatory and accounting frameworks is expected to be considered as well.
ICAAP example: Management considerations under economic
perspective
• Under the economic perspective, economic risks and losses affect internal capital immediately and to their full extent. (Think, for example:
interest rate changes affecting the net value of bank’s cash flows immediately.) Hence, the economic perspective gives a very
comprehensive view of risks.
• When a significant downward trend is identified in the economic capital position, actions to reverse the trend, and review strategy and risk
appetite are ought to be taken. When the bank falls below the internal capital adequacy threshold, it should take necessary measures to
restore and ensure capital adequacy over medium term (3 years).
34
* The graph should not be understood as a projection of point-in-time economic situation. It depicts the deterioration of economic capital levels that may occur over time
beyond normal business cycle developments.
ICAAP example: Quantification of internal capital requirement
35
t=0
Capital
ratio
Internal target
ICAAP minimum
Economic minimum
Internal
point-in-
time
economic
capital
requirement
Combined
buffer
requirem
ent
P2G
Pillar
1
requirement
P2R
t=1
t=0 t=2 t=3 t=4 t=5
Internal
minimum
required
capital
ratio
incl.
scenario
buffer
Manage
ment
buffer
SREP
add-on
Time
Projected actual capital
ratio, base scenario
Projected actual capital
ratio, adverse scenario
Goal-seek capital ratio
based on adverse scenario,
normative perspective
Goal-seek capital ratio
based on adverse scenario,
economic perspective
Goal-seek: At the lowest point of the adverse scenario,
projected capital ratio ‘touches’ certain threshold (internal
point-in-time requirement for the economic perspective, or
the SREP capital requirement for the normative perspective).
SREP add-on (the difference between the SREP capital
requirement and the internal point-in-time estimate) ought to
be minimized; this through improving risk management,
transparency and communication with the supervisors
Approval of ICAAP & ILAAP,
and updated liquidity &
funding and capital plans
ICAAP & ILAAP: Illustrative process timeline
36
• Led by Finance
• Led by Risk Management
• Approval needed from Risk Committee (Management Body)
Key modelling assumptions
(business volumes etc.) and
calculation inputs in Risk
Committee
• Revision of risk inventory
• Scenario development (base and
adverse)
• High level / top-down analysis
Time
Oct-31 Nov-30 Dec-31 Jan-31 Feb-28 Mar-31
• Gathering inputs from risk takers
• Defining modelling assumptions
• Updating ICAAP & ILAAP
methodologies
• Gathering 31.12 start
data
• Performing stress test
analyses
• Point-in-time economic capital
calculations & analyses
• Updating Risk Appetite
Framework (RAF)
• ICAAP & ILAAP
documentation
• Financial plan
(base scenario)
• Reviewing/Updating
capital, and liquidity &
funding plans based on
ICAAP & ILAAP outcomes
ICAAP & ILAAP
scenarios in Risk
Committee
ICAAP & ILAAP results in
Risk Committee
ICAAP & ILAAP
submission to the
supervisory authority
Supervisory Review and Evaluation Process – SREP
• SREP is the core element of the FSA
regularly assessing and measuring
risks for each bank.
• Thereby, FSA assesses the bank’s
business model, strategy, internal
governance and controls, risks to
capital and liquidity, and capital and
liquidity adequacy. This is done in
dialogue with the bank.
• SREP outcome: SREP score on scale 1-
4 (and F, if failing or likely to fail)
• In the SREP decision, FSA sets capital
and liquidity targets, and sets key
objectives and deadlines to address
the identified issues (if any).
37
1 2 3 4 F
Overall SREP Score
Business
model
analysis
score
Internal
governance
and controls
score
Capital
adequacy
score
Liquidity
adequacy
score
Scores for
material
risks to
capital
Scores for
liquidity and
funding risks
Viability
score
Risk
score
Regulatory processes:
Recovery planning
38
Recovery planning in the context of Bank Recovery and Resolution Directive (BRRD)
• Recovery plans are intended to ensure that banks are prepared to restore their viability in a timely manner
even in periods of severe financial stress.
• The bank (banking group) shall be able to demonstrate to the satisfaction of the competent authority that
the Recovery Plan is reasonably likely to be implemented without causing any adverse effect on the financial
system.
• Recovery planning is designed to be an ongoing process that does not end once the bank’s management
body has approved the plan.
• A bank (banking group) may apply for preparation of recovery plan in simplified form:
1) a reduction in the contents of the Recovery Plan
2) a reduction in the frequency for updating the Recovery Plan
39
Recovery planning: Recovery Plan
• Structure & key elements:
1. Summary of the key elements of the Recovery Plan and of overall recovery capacity (ORC), and material changes since the
most recently filed Recovery Plan
2. Governance, incl.:
a. Recovery Plan development, and policies and procedures governing approval of Recovery Plan
b. The Plan’s consistency with the general management and risk management
c. The conditions and procedures to ensure timely implementation of recovery options
d. Recovery Plan indicators on capital, liquidity, profitability and asset quality, and (as applicable) market-based and macroeconomic indicators
3. Strategic analysis, incl.:
a. The description of the entity or entities covered by the Recovery Plan, incl. business and risk strategy, critical functions and core business lines
b. Recovery options, incl. options to restore capital and liquidity, and measures to reduce risk and leverage
c. Actions, arrangements and measures under recovery options; impact & feasibility assessment of the recovery options; continuity of operations
when recovery options are implemented; scenario analysis to test the effectiveness of recovery options and the adequacy of the Recovery Plan
indicators
d. Assessment to the overall recovery capacity
4. Communication and disclosure plan, incl.:
a. Internal communication
b. External communication
c. Effective proposals for managing any potential negative market reactions
a. Preparatory measures to facilitate the implementation of the Recovery Plan or to improve its effectiveness
40
Recovery planning: Recovery indicators (example for a small and non-
complex bank)*
41
Category Indicator name Early warning threshold
(Corresponds to ‘risk tolerance’
level from RAF)
Threshold to trigger recovery
actions (Corresponds to ‘risk
capacity’ level from RAF)
Near-default threshold
(Corresponds to regulatory
requirement, if applicable)
1. Capital indicators CET1 ratio [To be calibrated] [To be calibrated] [To be calibrated]
Total Capital ratio [To be calibrated] [To be calibrated] [To be calibrated]
Leverage ratio [To be calibrated] [To be calibrated] [To be calibrated]
2. Liquidity indicators Liquidity position [To be calibrated] [To be calibrated] n/a
LSR [To be calibrated] [To be calibrated] [To be calibrated]
NSFR [To be calibrated] [To be calibrated] [To be calibrated]
3. Profitability
indicators
Return on equity [To be calibrated] N/A N/A
Significant operational loss [To be calibrated] N/A N/A
4. Asset quality
indicators
Default rate [To be calibrated] N/A N/A
Coverage ratio [provisions / total
non-performing loans]
[To be calibrated] N/A N/A
(Gross non-performing loans) /
total loans
[To be calibrated] N/A N/A
* Adjusted from the lists in Annex II of the EBA/GL/2021/11.
Recovery planning: Recovery options and ORC range (illustration)
42
Identification of credible and feasible
recovery options
• Capital raising
• Restructuring of liabilities
• Cost reductions
• Sale of assets / loan portfolios
• Liquidity improvement
recovery options (e.g.: use of
central bank facilities)
• Disposal recovery options
(e.g.: sale of business lines,
sale of subsidiaries)
• Various management actions
(e.g.: reduce lending, margin
increases, increasing fee
income)
Testing recovery options in a range
of scenarios of severe
macroeconomic and financial stress
Define scenarios:
1. Systemic scenario(s)
2. Idiosyncratic scenario(s)
3. Combined scenario(s)
Choose and adjust recovery
options for constraining factors
related to the simultaneous or
sequential implementation of
recovery options
Calculate ‘scenario-specific
recovery capacities’ expressed
in ‘relevant RP indicators’:
• CET1 (18 months)
• Total capital ratio (18 months)
• Leverage ratio (18 months)
• LCR (timeframe: 6 months)
• NSFR (timeframe: 6 months)
Determination of the Overall Recovery Capacity (ORC) range
Difference between the highest and lowest ‘scenario-specific recovery
capacity’ of relevant scenarios, this in terms of:
a) Capital including leverage (capital ORC), and
b) Liquidity (liquidity ORC)
Capital ORC determination, example
Liquidity ORC determination, example
Relevant scenario CET1 ratio TC ratio LR
Scenario 1 - Systemic +4.50% +5.00% +2.50%
Scenario 3 - Combined +3.60% +4.00% +1.80%
Capital OCR 360-450 bps 400-500 bps 180-250 bps
Relevant scenario LCR NSFR
Scenario 2 – Idiosyncratic +70% +6.00%
Scenario 3 – Combined +40% +3.50%
Liquidity OCR 40%-70% 3.50%-6.00%
Competent Authorities’ Assessment of Recovery Plan and the ORC score
43
Assessment of the
‘scenario-specific
recovery capacity’
• Are scenarios severe enough?
• Are the selected recovery options credible and feasible, including the
timeframe, the impacts and any constraining factors?
Assessment of the
ORC – ‘adjusted ORC’
• Is the ORC calculated by the bank as the range between the lowest and the
highest ‘scenario-specific recovery capacity’ both in terms of capital (including
leverage) and liquidity ‘relevant RP indicators’?
• Overall quantitative and qualitative assessment of the ORC & determining the
‘adjusted ORC’ both in terms of capital and liquidity
• ‘Adjusted ORC’ <= ORC determined by the institution
Assigning ORC score
• Indicative ORC score, given the ‘adjusted ORC’ & considering the ‘relevant RP
indicators’: ‘satisfactory’, ‘adequate with potential room for improvement’ or
‘weak’
• Plus qualitative considerations, not already reflected in the ‘adjusted ORC’
(e.g.: difference between the institution’s ORC and the ‘adjusted ORC’)
• Lead to final ORC score: ‘satisfactory’, ‘adequate with potential room for
improvement’ or ‘weak’
Assessment criteria:
• Completeness of the Plan
• Quality of the Plan
• Level of integration and consistency of the Plan
with the general corporate governance,
internal processes and risk management
framework
• Sufficient number of plausible and viable
recovery options
• Overall Recovery Capacity (ORC) of the
institution ↓ →
ORC
score
Satisfactory
Adequate
Weak
Connecting BAU mode, continuity plans, ICAAP & ILAAP, and RP
• Business continuity plans, ICAAP & ILAAP, capital and liquidity contingency plans,
and Recovery Plan are parts of the same risk management continuum:
• Business continuity plans, ICAAP & ILAAP, and capital and liquidity contingency
plans are aimed at maintaining continuity of the bank.
• Recovery plans set out measures (incl. extraordinary measures) to restore its
financial position following a significant deterioration.
• Calibration of the indicators for continuity/contingency plans and the Recovery Plan
should be consistent with each other, and with the overall Risk Appetite Framework:
• Recovery Plan indicators present a subset of all indicators in Risk Appetite
Framework
• Recovery Plan capital/liquidity indicators should be integrated into the
ICAAP/ILAAP
• In Business as Usual (BAU) mode, Overall Recovery Capacity (ORC) is generally
expected to be improved over time.
44
Business As Usual Some stress
High stress / Business
continuity situation
Focus of continuity plans
and ICAAP & ILAAP
Emergency / Financial
Recovery situation
Focus of Recovery Plan
Recovery Plan
indicators
Risk indicators in Risk
Appetite Framework
Risk indicators to
trigger business
continuity, and capital
and liquidity
contingency plans
Recovery planning: Further thoughts
• Recovery planning can be an interesting and beneficial thought experiment, especially for more complex
institutions. It basically means breaking the monolith into pieces (entities, business lines etc.), identifying
critical functions and core business lines, and then putting the pieces back together while leaving only what
is important.
• Recovery planning has implications to the organization set-up. A resilient set-up ought to be such that in
the financial recovery situation, disposal of less significant business lines and subsidiaries can be considered
as a feasible recovery option.
• List of recovery options is like a menu to choose from when things get tough.
45
Regulatory processes: Stress testing and
stress testing programs
46
Stress testing
• Stress testing is a central risk
management tool to take forward-
looking view in risk management,
strategy planning, capital planning
and liquidity planning.
• Stress testing program includes:
• Sensitivity analyses
• Scenario analyses
• Reverse stress testing
• Stress testing may be performed
top-down and bottom-up.
47
Stress
testing
Data infra-
structure
Risk
appetite
Strategic
planning &
budgeting
Capital
planning &
ICAAP
Liquidity
planning &
ILAAP
Recovery
planning
Stress testing program: Minimum set (example for a small and non-
complex bank)
48
Analysis type Description Why? Coverage Frequency (unless higher frequency is
requested by the management body
and/or there are significant new
developments)
Sensitivity
analyses
Sensitivities to various risk factors To identify material risks As appropriate As needed
Sensitivities of ECLs and IFRS9
impairment provisions to various inputs
IFRS9 disclosures Credit risk in the banking book Once a year
Sensitivities to various interest rate
scenarios
Risk reporting and risk
management disclosures
Interest rate risk in the banking book Quarterly
Scenario analyses Base scenario, upside scenario and
downside scenario for credit losses
IFRS9 expected credit loss
modelling
Credit risk in the banking book Scenario development: once a year
ECL calculations: once a month
Solvency stress test based on unlikely
but possible adverse economic scenario
covering at least 3 years
ICAAP All material risks to capital;
banking group and connected
entities
Full process: once a year; quarterly
updates to the management body
Liquidity stress test based on unlikely but
possible liquidity risk scenario that
includes market-wide and idiosyncratic
schock(s)
ILAAP All material risks to liquidity and
funding;
banking group and connected
entities
Full process: once a year; quarterly
updates to the management body
Reverse stress
testing
Identification of ‘near-default’ / close to
failure scenario(s); stress testing based
on the identified scenario(s)
Recovery planning;
Assessing the severity of the
ICAAP and ILAAP scenarios
All material risks;
banking group and connected
entities
Once a year (unless a lower frequency is
agreed with the FSA)
Stress testing program: Elements
• Types of stress testing and their main objectives and applications
• The frequency of the different stress testing exercises
• The internal governance arrangements: lines of responsibility and procedures
• Coverage: entities, risk types and portfolios included
• Relevant data infrastructure
• Methodology and models
• Assumptions, incl. business and managerial
49
Inserting risk management considerations
into credit pricing
50
Guidelines from European Banking Authority (Chapter 6 of
EBA/GL/2020/06)
• Pricing frameworks should reflect credit risk appetite and business strategy, including profitability and risk perspective.
Loan pricing should also be linked to the characteristics of the loan product and consider competition and prevailing
market conditions. Institutions should also define their approach to pricing by borrower type and credit quality, and
riskiness of the borrower. […]
• According to the guidelines, costs to be reflected in loan pricing should include the following:
• The cost of capital (both regulatory and economic capital)
• The cost of funding which should match the key features of the loan, e.g. the expected duration of the loan
• Operating and administrative costs resulting from cost allocation
• Credit risk cost
• Any other real costs associated with the loan in question
• Competition and prevailing market conditions, in particular lending segments and for particular loan products
• For the purposes of pricing and measuring of profitability, risk-adjusted profitability measures such as economic value
added (EVA), return on risk-adjusted capital (RORAC) and risk-adjusted, return on capital (RAROC), return on risk-weighted
assets (RORWA) and other relevant measures should be considered.
• There should be ex ante transaction tools as well as tools for regular ex post monitoring in place.
51
Components of effective interest rate* in risk-based loan offer
generation (example)
52
Derived based on the projected
loan cash flows, given borrower-
and transaction specific credit risk
parameters as inputs
Cost of own funds
Cost of deposits and
other liabilities
Allocated operating and
administrative costs, and
other real costs
Expected credit losses
Economic profit margin
Targeted internal rate of
return in the calculation of
cost-based credit price
Ceiling to the cost of credit for
the borrower (as applicable,
given e.g. the responsible
lending considerations)
Space for pricing
optimization, given prevailing
market conditions
Offered credit price
(effective interest rate)
Cost-based credit price
(incl. opportunity cost
reflected in the
shareholders’ expected
returns)
* The term ‘effective interest rate’ is used to reflect different pricing structures, i.e.: different possible splits between the loan interest rate, loan contract fee and
other fees charged in connection with the loan.
Links between credit pricing, and ICAAP, ILAAP
and SREP:
• Cost of own funds depends on the
amount/proportion of capital that is required
to cover for the risks to capital, as estimated
in the course of ICAAP and SREP.
• Weighted average cost of capital (WACC),
incl. cost of own funds, cost of deposits and
cost of other liabilities, should reflect cash
drag, i.e.: the proportion of funds that cannot
be lent out but has the be kept in high-quality
liquid assets (HQLA) with (normally) very low
or non-existent returns. Required proportion
of HQLA is an output of the ILAAP and SREP.
Further, the required composition of liabilities
and thus, the cost of liabilities, also depend
on the outcomes of ILAAP and SREP.
Appendices
53
Abbreviations
AI – Artificial Intelligence
AML/CFT – Anti-money Laundering and Counter-
terrorism Financing
ASF – Available Stable Funding
AT1 – Additional Tier 1 capital
BAU – Business as Usual
BRRD – Bank Recovery and Resolution Directive
(Directive 2014/59/EU)
bps – basis points
CAS – Capital Adequacy Statement
CEO – Chief Executive Officer
CET1 – Common Equity Tier 1 capital
CFO – Chief Financial Officer
COREP – COmmon REPorting Standard
CRD – Capital Requirements Directive (Directive
2013/36/EU)
CRR – Capital Requirements Regulation
(Regulation (EU) No 575/2013)
CRO – Chief Risk Officer
EBA – European Banking Authority
ECB – European Central Bank
ECL – Expected Credit Loss (under IFRS9
framework)
EEA – European Economic Area
EL – Expected Loss
ESG – Environmental, Social and Governance
EVA – Economic Value Added
FINREAP – FINancial REPorting Standards
FSA – Financial Supervisory Authority
HQLA – High Quality Liquid Assets
ICAAP – Internal Capital Adequacy Process
ICT – Information and communication
technology
IFRS – International Financial Reporting Standard
ILAAP – Internal Liquidity Assessment Process
IRRBB – Interest Rate Risk in the Banking Book
LAS – Liquidity Adequacy Statement
LCR – Liquidity Coverage Ratio
LR – Leverage Ratio
MDA – Maximum Distributable Amount
ML/TF – Money Laundering / Terrorism Financing
N/A – Not Applicable
NCA – National Competent Authority
NPAP – New Product Approval Policy and Process
NSFR – Net Stable Funding Ratio
ORC – Overall Recovery Capacity
P2G – Pillar 2 guidance
P2R – Pillar 2 requirement
P2G-LR – Pillar 2 leverage ratio guidance
P2R-LR – Pillar 2 leverage ratio requirement
RMF – Risk Management Function
RAF – Risk Appetite Framework
RAROC – Risk-adjusted Return on Capital
RORAC – Return on Risk-adjusted Capital
RORWA – Return on Risk-weighted Assets
RP – Recovery Plan
RSF – Required Stable Funding
RTS – Regulatory Technical Standards
RWA – Risk-weighted Assets
SREP – Supervisory Review and Evaluation Process
T2 – Tier 2 capital
TC – Total Capital
TREA – Total Risk Exposure Amount
TSLRR – Total SREP Leverage Ratio Requirement
UL – Unexpected Loss
WACC – Weighted Average Cost of Capital
54
Links and references
• EBA Interactive Single Rulebook (BRRD, CRD, CRR, …): https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook
• EBA Guidelines on internal governance under CRD: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/internal-governance/guidelines-
internal-governance
• Risk Appetite Framework:
• Principles for An Effective Risk Appetite Framework by Financial Stability Board: https://www.fsb.org/wp-content/uploads/r_131118.pdf
• Speech by Danièle Nouy, Chair of the Supervisory Board of the ECB, International Conference on Banks’ Risk Appetite Frameworks, Ljubljana, 10 April 2018:
https://www.bankingsupervision.europa.eu/press/speeches/date/2018/html/ssm.sp180410.en.html
• Resources on ICAAP, ILAAP and SREP:
• ECB guidelines to ICAAP and ILAAP: https://www.bankingsupervision.europa.eu/press/publications/newsletter/2019/html/ssm.nl190213_3.en.html
• Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing under
Directive 2013/36/EU (EBA/GL/2022/03): https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/supervisory-review-and-evaluation-
process-srep-4
• Resources for recovery planning (in addition to BRRD):
• EBA Guidelines on the overall recovery capacity in recovery planning: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/recovery-
resolution-and-dgs/guidelines-overall?version=2023#activity-versions
• Regulatory Technical Standards on the content of recovery plans: https://eur-lex.europa.eu/legal-
content/EN/TXT/?qid=1468424758476&uri=CELEX%3A32016R1075
• EBA Guidelines on recovery plans indicators (EBA/GL/2021/11): https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/recovery-
resolution-and-dgs/guidelines-recovery
• EBA/GL/2014/06 on the range of scenarios to be used in recovery plans: https://www.eba.europa.eu/documents/10180/760136/05cc62a3-661c-4eee-
ad07-d051f3eeda07/EBA-GL-2014-06%20Guidelines%20on%20Recovery%20Plan%20Scenarios.pdf
• ECB webpage on recovery plans: https://www.bankingsupervision.europa.eu/banking/tasks/recoveryplans/html/index.en.html
• EBA Guidelines on loan origination and monitoring (EBA/GL/2020/06): https://www.eba.europa.eu/legacy/regulation-and-policy/regulatory-activities/credit-
risk/guidelines-loan-origination-and
55

More Related Content

Similar to Risk Management in Banks - Overview (May 2024)

bankriskmanagement-150329124901-conversion-gate01.pptx
bankriskmanagement-150329124901-conversion-gate01.pptxbankriskmanagement-150329124901-conversion-gate01.pptx
bankriskmanagement-150329124901-conversion-gate01.pptx
sadiqfarhan2
 
Bank risk management
Bank risk managementBank risk management
Bank risk management
Ashima Thakur
 
Introduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptxIntroduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptx
manjujayakumar2
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance  A New ERM and IA ParadigmFive Lines of Assurance  A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
Five lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; ermFive lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; erm
Dr. Zar Rdj
 
Basel 2
Basel 2Basel 2
Basel 2
vinaya.hs
 
Syllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docxSyllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docx
Yoyo Sudaryo
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
Case IQ
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
Stephen Ong
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A Journey
Debashis Gupta
 
dt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformationdt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformation
Mark Micallef
 
Risk management
Risk managementRisk management
Risk management
Dinesh Sankar
 
Building out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan CheungBuilding out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan Cheung
László Árvai
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
Susan Young
 
MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_Riskmanagement
Hong Tong Wu ???
 
risk management in banks
risk management in banksrisk management in banks
risk management in banks
pallvisachdeva
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1
Paul Hunt
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to finance
Robert Reed
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Risk Management Institution of Australasia
 

Similar to Risk Management in Banks - Overview (May 2024) (20)

bankriskmanagement-150329124901-conversion-gate01.pptx
bankriskmanagement-150329124901-conversion-gate01.pptxbankriskmanagement-150329124901-conversion-gate01.pptx
bankriskmanagement-150329124901-conversion-gate01.pptx
 
Bank risk management
Bank risk managementBank risk management
Bank risk management
 
Introduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptxIntroduction to Risk Management and Sources of Risk.pptx
Introduction to Risk Management and Sources of Risk.pptx
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance  A New ERM and IA ParadigmFive Lines of Assurance  A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Five lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; ermFive lines of assurance a new paradigm in internal audit &amp; erm
Five lines of assurance a new paradigm in internal audit &amp; erm
 
Basel 2
Basel 2Basel 2
Basel 2
 
Syllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docxSyllabus-Financial Risk Management.docx
Syllabus-Financial Risk Management.docx
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
Risk Management - A Journey
Risk Management - A JourneyRisk Management - A Journey
Risk Management - A Journey
 
dt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformationdt_mt_SREP_Pub_Transformation
dt_mt_SREP_Pub_Transformation
 
Risk management
Risk managementRisk management
Risk management
 
Building out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan CheungBuilding out a Robust and Efficient Risk Management - Alan Cheung
Building out a Robust and Efficient Risk Management - Alan Cheung
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
 
MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_Riskmanagement
 
risk management in banks
risk management in banksrisk management in banks
risk management in banks
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to finance
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 

More from Kristi Rohtsalu

Innovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistuses
Innovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistusesInnovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistuses
Innovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistuses
Kristi Rohtsalu
 
Patagooniat avastamas, veebruar-märts 2024
Patagooniat avastamas, veebruar-märts 2024Patagooniat avastamas, veebruar-märts 2024
Patagooniat avastamas, veebruar-märts 2024
Kristi Rohtsalu
 
Patagoonia avastamise retk veebruaris-märtsis 2024
Patagoonia avastamise retk veebruaris-märtsis 2024Patagoonia avastamise retk veebruaris-märtsis 2024
Patagoonia avastamise retk veebruaris-märtsis 2024
Kristi Rohtsalu
 
Notes from AltFi Lending Summit 2023
Notes from AltFi Lending Summit 2023Notes from AltFi Lending Summit 2023
Notes from AltFi Lending Summit 2023
Kristi Rohtsalu
 
My 2023 Summer Tripping in Georgia
My 2023 Summer Tripping in GeorgiaMy 2023 Summer Tripping in Georgia
My 2023 Summer Tripping in Georgia
Kristi Rohtsalu
 
50 pilti minu Gruusia suvest 2023
50 pilti minu Gruusia suvest 202350 pilti minu Gruusia suvest 2023
50 pilti minu Gruusia suvest 2023
Kristi Rohtsalu
 
Minu Bali Reisi Päevikud (Veebruar-Märts 2023)
Minu Bali Reisi Päevikud (Veebruar-Märts 2023)Minu Bali Reisi Päevikud (Veebruar-Märts 2023)
Minu Bali Reisi Päevikud (Veebruar-Märts 2023)
Kristi Rohtsalu
 
Notes from AltFi Lending Summit 2022
Notes from AltFi Lending Summit 2022Notes from AltFi Lending Summit 2022
Notes from AltFi Lending Summit 2022
Kristi Rohtsalu
 
Rännates Alpides ja vahemerelises Euroopas suvel 2022
Rännates Alpides ja vahemerelises Euroopas suvel 2022Rännates Alpides ja vahemerelises Euroopas suvel 2022
Rännates Alpides ja vahemerelises Euroopas suvel 2022
Kristi Rohtsalu
 
Notes from AltFi Festival of Finance 2022 in London
Notes from AltFi Festival of Finance 2022 in LondonNotes from AltFi Festival of Finance 2022 in London
Notes from AltFi Festival of Finance 2022 in London
Kristi Rohtsalu
 
Winter Office in Gran Canaria
Winter Office in Gran CanariaWinter Office in Gran Canaria
Winter Office in Gran Canaria
Kristi Rohtsalu
 
Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021
Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021 Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021
Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021
Kristi Rohtsalu
 
The AltFi Festival of Finance 2020 - Notes
The AltFi Festival of Finance 2020 - NotesThe AltFi Festival of Finance 2020 - Notes
The AltFi Festival of Finance 2020 - Notes
Kristi Rohtsalu
 
IRB and IFRS 9 credit risk models - consistent (re)implementation
IRB and IFRS 9 credit risk models - consistent (re)implementationIRB and IFRS 9 credit risk models - consistent (re)implementation
IRB and IFRS 9 credit risk models - consistent (re)implementation
Kristi Rohtsalu
 
My First Trip to Norway - Summer 2020
My First Trip to Norway - Summer 2020My First Trip to Norway - Summer 2020
My First Trip to Norway - Summer 2020
Kristi Rohtsalu
 
Baltic coastal hiking 2020 from Tallinn to Riga
Baltic coastal hiking 2020 from Tallinn to RigaBaltic coastal hiking 2020 from Tallinn to Riga
Baltic coastal hiking 2020 from Tallinn to Riga
Kristi Rohtsalu
 
AltFi Berlin Summit 2019 - Notes
AltFi Berlin Summit 2019 - NotesAltFi Berlin Summit 2019 - Notes
AltFi Berlin Summit 2019 - Notes
Kristi Rohtsalu
 
Minu Suur Suvine Seiklusreis 2019
Minu Suur Suvine Seiklusreis 2019Minu Suur Suvine Seiklusreis 2019
Minu Suur Suvine Seiklusreis 2019
Kristi Rohtsalu
 
Notes from AltFi FinTech Investor Forum 2019
Notes from AltFi FinTech Investor Forum 2019Notes from AltFi FinTech Investor Forum 2019
Notes from AltFi FinTech Investor Forum 2019
Kristi Rohtsalu
 
Minu teine Laulasmaa Ultra, 9.-10. juuni 2018
Minu teine Laulasmaa Ultra, 9.-10. juuni 2018Minu teine Laulasmaa Ultra, 9.-10. juuni 2018
Minu teine Laulasmaa Ultra, 9.-10. juuni 2018
Kristi Rohtsalu
 

More from Kristi Rohtsalu (20)

Innovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistuses
Innovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistusesInnovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistuses
Innovatsioonifestival 2024 - Tehisintellekt ühiskonna teenistuses
 
Patagooniat avastamas, veebruar-märts 2024
Patagooniat avastamas, veebruar-märts 2024Patagooniat avastamas, veebruar-märts 2024
Patagooniat avastamas, veebruar-märts 2024
 
Patagoonia avastamise retk veebruaris-märtsis 2024
Patagoonia avastamise retk veebruaris-märtsis 2024Patagoonia avastamise retk veebruaris-märtsis 2024
Patagoonia avastamise retk veebruaris-märtsis 2024
 
Notes from AltFi Lending Summit 2023
Notes from AltFi Lending Summit 2023Notes from AltFi Lending Summit 2023
Notes from AltFi Lending Summit 2023
 
My 2023 Summer Tripping in Georgia
My 2023 Summer Tripping in GeorgiaMy 2023 Summer Tripping in Georgia
My 2023 Summer Tripping in Georgia
 
50 pilti minu Gruusia suvest 2023
50 pilti minu Gruusia suvest 202350 pilti minu Gruusia suvest 2023
50 pilti minu Gruusia suvest 2023
 
Minu Bali Reisi Päevikud (Veebruar-Märts 2023)
Minu Bali Reisi Päevikud (Veebruar-Märts 2023)Minu Bali Reisi Päevikud (Veebruar-Märts 2023)
Minu Bali Reisi Päevikud (Veebruar-Märts 2023)
 
Notes from AltFi Lending Summit 2022
Notes from AltFi Lending Summit 2022Notes from AltFi Lending Summit 2022
Notes from AltFi Lending Summit 2022
 
Rännates Alpides ja vahemerelises Euroopas suvel 2022
Rännates Alpides ja vahemerelises Euroopas suvel 2022Rännates Alpides ja vahemerelises Euroopas suvel 2022
Rännates Alpides ja vahemerelises Euroopas suvel 2022
 
Notes from AltFi Festival of Finance 2022 in London
Notes from AltFi Festival of Finance 2022 in LondonNotes from AltFi Festival of Finance 2022 in London
Notes from AltFi Festival of Finance 2022 in London
 
Winter Office in Gran Canaria
Winter Office in Gran CanariaWinter Office in Gran Canaria
Winter Office in Gran Canaria
 
Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021
Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021 Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021
Tallataksoga Lõuna-Saksamaa, otsaga Austrias – reisipäevikuid suvest 2021
 
The AltFi Festival of Finance 2020 - Notes
The AltFi Festival of Finance 2020 - NotesThe AltFi Festival of Finance 2020 - Notes
The AltFi Festival of Finance 2020 - Notes
 
IRB and IFRS 9 credit risk models - consistent (re)implementation
IRB and IFRS 9 credit risk models - consistent (re)implementationIRB and IFRS 9 credit risk models - consistent (re)implementation
IRB and IFRS 9 credit risk models - consistent (re)implementation
 
My First Trip to Norway - Summer 2020
My First Trip to Norway - Summer 2020My First Trip to Norway - Summer 2020
My First Trip to Norway - Summer 2020
 
Baltic coastal hiking 2020 from Tallinn to Riga
Baltic coastal hiking 2020 from Tallinn to RigaBaltic coastal hiking 2020 from Tallinn to Riga
Baltic coastal hiking 2020 from Tallinn to Riga
 
AltFi Berlin Summit 2019 - Notes
AltFi Berlin Summit 2019 - NotesAltFi Berlin Summit 2019 - Notes
AltFi Berlin Summit 2019 - Notes
 
Minu Suur Suvine Seiklusreis 2019
Minu Suur Suvine Seiklusreis 2019Minu Suur Suvine Seiklusreis 2019
Minu Suur Suvine Seiklusreis 2019
 
Notes from AltFi FinTech Investor Forum 2019
Notes from AltFi FinTech Investor Forum 2019Notes from AltFi FinTech Investor Forum 2019
Notes from AltFi FinTech Investor Forum 2019
 
Minu teine Laulasmaa Ultra, 9.-10. juuni 2018
Minu teine Laulasmaa Ultra, 9.-10. juuni 2018Minu teine Laulasmaa Ultra, 9.-10. juuni 2018
Minu teine Laulasmaa Ultra, 9.-10. juuni 2018
 

Recently uploaded

原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
tdt5v4b
 
Conflict resololution,role of hr in resolution
Conflict resololution,role of hr in resolutionConflict resololution,role of hr in resolution
Conflict resololution,role of hr in resolution
Dr. Christine Ngari ,Ph.D (HRM)
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
tdt5v4b
 
一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理
8p28uk6g
 
Sethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and LeadershipSethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and Leadership
Anjana Josie
 
Resource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdfResource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdf
FeteneA
 
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
tdt5v4b
 
Addiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdfAddiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdf
Bill641377
 
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptxGanpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
GanpatiKumarChoudhar
 
Make it or Break it - Insights for achieving Product-market fit .pdf
Make it or Break it - Insights for achieving Product-market fit .pdfMake it or Break it - Insights for achieving Product-market fit .pdf
Make it or Break it - Insights for achieving Product-market fit .pdf
Resonate Digital
 
Public Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdfPublic Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdf
Pinta Partners
 
Credit Management training seminar power point presentation
Credit Management training seminar power point presentationCredit Management training seminar power point presentation
Credit Management training seminar power point presentation
bernanbumatay1
 
Enriching engagement with ethical review processes
Enriching engagement with ethical review processesEnriching engagement with ethical review processes
Enriching engagement with ethical review processes
strikingabalance
 
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Dr. Nazrul Islam
 
The Management Guide: From Projects to Portfolio
The Management Guide: From Projects to PortfolioThe Management Guide: From Projects to Portfolio
The Management Guide: From Projects to Portfolio
Ahmed AbdelMoneim
 
Credit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentationCredit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentation
bernanbumatay1
 
Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024
stuwilson.co.uk
 
Comparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile SystemsComparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile Systems
Rob Healy
 
Strategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptxStrategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptx
KarthikRaghu8
 
Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
Ram V Chary
 

Recently uploaded (20)

原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
 
Conflict resololution,role of hr in resolution
Conflict resololution,role of hr in resolutionConflict resololution,role of hr in resolution
Conflict resololution,role of hr in resolution
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
 
一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理
 
Sethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and LeadershipSethurathnam Ravi: A Legacy in Finance and Leadership
Sethurathnam Ravi: A Legacy in Finance and Leadership
 
Resource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdfResource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdf
 
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
 
Addiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdfAddiction to Winning Across Diverse Populations.pdf
Addiction to Winning Across Diverse Populations.pdf
 
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptxGanpati Kumar Choudhary Indian Ethos PPT.pptx
Ganpati Kumar Choudhary Indian Ethos PPT.pptx
 
Make it or Break it - Insights for achieving Product-market fit .pdf
Make it or Break it - Insights for achieving Product-market fit .pdfMake it or Break it - Insights for achieving Product-market fit .pdf
Make it or Break it - Insights for achieving Product-market fit .pdf
 
Public Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdfPublic Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdf
 
Credit Management training seminar power point presentation
Credit Management training seminar power point presentationCredit Management training seminar power point presentation
Credit Management training seminar power point presentation
 
Enriching engagement with ethical review processes
Enriching engagement with ethical review processesEnriching engagement with ethical review processes
Enriching engagement with ethical review processes
 
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
 
The Management Guide: From Projects to Portfolio
The Management Guide: From Projects to PortfolioThe Management Guide: From Projects to Portfolio
The Management Guide: From Projects to Portfolio
 
Credit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentationCredit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentation
 
Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024
 
Comparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile SystemsComparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile Systems
 
Strategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptxStrategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptx
 
Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
 

Risk Management in Banks - Overview (May 2024)

  • 1. Risk Management in Banks Kristi Rohtsalu, May 2024 Overview
  • 2. Introductory remarks Risk is at the heart of banking – and so is risk management. In a regulated bank, it is crucial to take a holistic view: • From economic perspective, see risk as cost of doing business, and risk management as the way to control and (possibly) lower that cost. • From normative perspective, meet the regulatory requirements to protect the banking license. • See economic and normative perspective as complementary to each other. This material gives an overview of the enterprise risk management in banks; specifics by risk type – credit risk, market risk, operational risk, liquidity risk and other relevant risks – are not discussed here. Considerations only relevant to systemically important banks are not covered; the focus is on smaller and less complex banks. Regulatory topics refer to the regulatory frameworks as applied in the European Union, including but not limited to Capital Requirements Directive (CRD IV) and Capital Requirements Regulation (CRR), and Bank Recovery and Resolution Directive (BRRD). The term ‘bank’ also refers to the banking group. ‘Institution’ is a more general term which covers banks and other institutions for which CRD IV, CRR and BRRD apply; therefore, the term is used in the regulatory documents, guidelines and technical standards. ‘Senior management’ refers to the management body in its management function. ‘Supervisory board’ or ‘Board’ refers to the management body in its supervisory function. These terms should be interpreted in accordance with the applicable law and organization structure. 2
  • 3. Contents • Risks in banking • Risk management process and risk culture • Risk Appetite Framework (RAF) • Principle of proportionality and risk-based approach to risk management • Risk governance and -organization • Basel III and reporting frameworks • The three pillars of Basel III • Regulatory capital and liquidity adequacy ratios • COREP and FINREP • Regulatory processes • Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Assessment Process (ILAAP) • Supervisory Review and Evaluation Process (SREP) • Recovery planning • Stress testing and stress testing programs • Inserting risk management considerations into credit pricing • Appendices • Abbreviations • Links and references 3
  • 5. What is risk (in business and in banking)? • In general terms, risk is cost of doing business. • In financial terms, risk is the potential negative impact to the value of business. • For practical purposes, risk can also be defined as a potential negative deviation from the expected financial results. In that sense: • Expected loss (EL) does not represent a risk, because it is expected and therefore provisioned. • The risk lies in the unexpected loss (UL) which is the negative deviation from the expected loss. • Risk is to be covered with adequate amounts of capital and liquid assets such as cash. • …And here we go again: cost of capital and cost of liquidity factor in as costs of doing business (besides other expenses). 5 Expected and Unexpected Loss in economic capital model
  • 6. Risks in today’s banking (illustration)* 6 • Capital risk: Insufficient level or composition of capital to cover applicable capital requirements and support business activities under normal economic environments or stressed conditions • Credit risk: The risk that a counterparty fails to meet its obligations towards the bank and that the pledged collateral does not cover the claims • Market risk, incl. interest rate risk in banking book (IRRBB): The risk to value, earnings, capital or exposure arising from movements of risk factors in financial markets • Liquidity & funding risk: The risk of not being able to meet payment obligations and support business activities without incurring considerable additional costs for obtaining funds or losses due to asset fire-sales • Operational risk: The risk of losses, business process disruptions and negative reputational impact resulting from inadequate or failed internal processes, human errors and systems, or from external events; sub-types of operational risk include (but are not limited to) the following: • Process risk • People risk aka personnel risk • ICT & Information security risks • AI risk & model risk • Third-party / outsourcing risk • Legal risk • External fraud risk • Regulatory compliance risk, incl. conduct risk and ML/TF risk: The risk of failure to fulfil and meet the external and internal regulations applicable to the licensed operations • Strategic and business risk: Risk of losses, including in the form of foregone revenues or additional costs, due to failed business model, poor strategical planning and/or decisions, or due to poor reputation not supporting strategic goals • ESG risk: The risk of any current or prospective negative impact stemming from Environmental, Social or Governance (ESG) factors • Reputation risk: Risk of losing reputation as a negative consequence resulting from the realization of one or several main risks * This is an illustration only. Risk taxonomy may be different for different banks. One should also note interconnectedness of different risks as well as risk concentrations.
  • 7. Risk management process and risk culture 7
  • 8. Risk management process 8 Identify (‘gross approach’) Assess & Measure Manage & Mitigate Monitor Report • Business model analysis • Evaluating specific products and services • Evaluating internal processes and systems • Evaluating external environment • Stress testing to include forward-looking perspective Estimation of the likelihood and potential impact: • Qualitative analysis • Quantitative assessment Strategies to manage, mitigate and/or eliminate risks, e.g.: • Implementing control measures • Improving processes • Investing into technology • Transferring risks through insurance Monitor and review continually a) inherent risks, and b) effectiveness of risk mitigation strategies Regular and ad hoc reporting (as required) to management bodies and other relevant stakeholders: • Current risks • Emerging risks • Breaches of risk limits • Effectiveness of risk management framework • Risk taxonomy • Definition of ‘material’ risk • Risk inventory
  • 9. Risk culture • Risk culture is a term describing the values, beliefs, knowledge, attitudes and understanding about risk shared by a group of people with a common purpose. • An effective risk culture is one that enables and rewards individuals and groups for taking the right risks in an informed manner. • In promoting a sound risk culture, tone from the top plays a crucial role. 9 Risk culture Organizational culture Behaviors Personal ethics Personal predisposition to risk Risk Culture Framework as designed by Institute of Risk Management [WWW] https://www.theirm.org/what-we-say/thought-leadership/risk-culture/
  • 10. Risk Appetite Framework (RAF) 10 Risk Appetite Framework is a strategic tool to reinforce strong risk culture, which in turn is critical for sound risk management.
  • 11. Key definitions of RAF Risk appetite: The aggregate level and types of risk a financial institution is willing to assume within its risk capacity to achieve its strategic objectives and business plan. Risk Appetite Framework (RAF): The overall approach, including policies, processes, controls, and systems through which risk appetite is established, communicated, and monitored. It includes a risk appetite statement, risk limits, and an outline of the roles and responsibilities of those overseeing the implementation and monitoring of the RAF. Risk Appetite Statement: The articulation in written form of the aggregate level and types of risk that a financial institution is willing to accept, or to avoid, in order to achieve its business objectives. It includes qualitative statements as well as quantitative measures expressed relative to earnings, capital, risk measures, liquidity and other relevant measures as appropriate. Risk capacity: The maximum level of risk a financial institution is able to assume given its capital base, its risk management and control capabilities, and its regulatory constraints. Risk limits: Quantitative measures based on forward looking assumptions that allocate the financial institution’s aggregate risk appetite statement (e.g. measure of loss or negative events) to business lines, legal entities, specific risk categories, concentrations, and as appropriate, other levels. Risk profile: Point in time assessment of the financial institution’s gross and, as appropriate, net risk exposures (after taking into account mitigants) aggregated within and across each relevant risk category based on forward looking assumptions. Risk tolerance: The types of risks and levels of those risks that the financial institution does not intentionally expose itself to, but accepts/tolerates. 11
  • 12. Key definitions of RAF, illustration 12 Risk appetite Risk tolerance Risk capacity Actual risk profile is within risk appetite Actual risk profile exceeds risk appetite, yet is acceptable (i.e.: remains below risk tolerance level) Actual risk profile exceeds risk tolerance, yet is tolerable (i.e.: remains below risk capacity level) Actual risk profile exceeds risk capacity: recovery or the end of story
  • 13. Why do banks have to have a formalized Risk Appetite Framework? “Children sometimes eat too much. Their eyes can be bigger than their stomachs. The result can be quite unpleasant. For banks, it’s much the same. They sometimes take on more risk than they can stomach. The results, however, can be worse than just a bellyache. Banks that take on too much risk can get into financial trouble and fail, and, in some cases, they might even damage other banks and the economy.” – Quote from speech by Danièle Nouy, Chair of the Supervisory Board of the ECB, International Conference on Banks’ Risk Appetite Frameworks, Ljubljana, 10 April 2018 13 As compared to ‘normal’ private companies, banks are different: even banks in private ownership are kind of quasi-private. This is because if a bank fails, this may easily become a problem in wider economy; fragility is built into today’s financial system and requires careful balancing.
  • 14. Designing RAF in five steps (one iteration*) 14 Step 1: Identify all material risks. Step 2: In the Risk Appetite Statement, spell out how much risk, and what kind, you are willing to take on. Step 3: Determine risk capacity. How much risk you can actually stomach? Step 4: Set risk appetite limits by business lines, legal entity levels, specific risk categories, etc. Step 5: Set up policies, processes, controls and systems for implementation and monitoring of the RAF Risk appetite may need adjustment, given the risk capacity. * The development and establishment of an effective RAF is an iterative and evolutionary process that requires ongoing dialogue throughout the bank to attain buy-in across the organization.
  • 15. RAF – How to make it work?* 15 1. Effective governance and tone from the top - Establishment and oversight by the Board - Developed by the CRO, in collaboration of the CEO, CFO and relevant stakeholders - Board members and senior management acting as role models for the risk culture 3. Effective communication - Risk Appetite Statement is easy to communicate and easy to understand - Clear communication, including communication of roles and responsibilities of all parties 5. Monitoring and reporting - The RAF should establish the process for monitoring and reporting, as well as procedures for escalation and cascading of limits. - Tool: Risk Appetite Dashboard 4. Alignment with remuneration schemes For example: if the (intentional) action of an employee leads to a breach of risk limits, this might also impact his or her remuneration. 6. Stable over time, yet agile and dynamic The RAF should facilitate timely management action to respond to emerging risks in the business and externally. 2. Linkages to strategy and structural processes, incl. financial planning, capital and liquidity planning, contingency and business continuity planning, recovery planning, … * Inspired by KPMG, “Insights: Leading practices for Risk Appetite Frameworks” (October 2023)
  • 16. Principle of proportionality and risk-based approach to risk management 16
  • 17. Principle of proportionality • Banking regulations and regulatory guidelines are meant to be applied in a manner that is appropriate, taking into account bank’s size and internal organization and the nature, scope and complexity of its activities. • In banking supervision, banks are categorized into four SREP categories: 17 “The principle of proportionality is the idea that an action should not be more severe than is necessary.” – Collins Dictionary Put simply, when applied to risk management, principle of proportionality means focusing on what is of high risk rather than low risk. Category Description 1 Large institutions pursuant to Article 4(1), point (146) of Regulation (EU) No 575/2013, and other systemically important institutions if decided so by the supervisor 2 Large institutions that are not classified under category ‘1’ Medium institutions with sizable cross-border activities and/or several business lines Institutions with significant market shares in their lines of business 3 Small to medium institutions other than those in categories ‘1’, ‘2’ and ‘4’ 4 Small and non-complex institutions pursuant to Article 4(1), point (145) of Regulation (EU) No 575/2013, and other small non-complex institutions with limited scope and non-significant market share
  • 18. Risk-based approach to risk management • For risk-based approach to risk management, all business functions, supporting processes and information assts should be classified in terms of criticality and importance. 18 * Note that in Bank Recovery and Resolution Directive (BRRD), the definition of ‘critical function’ is different than the one given here for bank risk management purposes. …secure financial performance … secure continuity of banking activities A function is critical* and/or important if it is to… … protect banking license
  • 19. Risk governance and -organization 19
  • 20. Tone from the top • Risk management is not ‘contained’ in the unit(s) responsible for risk management and internal controls; it is everyone’s responsibility. Yet it does not work without the tone from the top. Management body, including the Board and senior management, retains overall responsibility for risks. • The Board ensures that the institution-wide risk management framework is established. It defines and communicates overall risk strategy and risk appetite as well as provides the foundation of a strong and sound risk culture and risk awareness throughout the organization. It also, on a continuous basis, reviews and evaluates the effectiveness of the first and second lines of defense risk management functions and assesses whether there are sufficient resources allocated in that area. • Board committees, first of all Risk Committee and/or Audit Committee are there to support and advise the Board. • Senior management implements the risk strategy and risk appetite through internal rules and risk limit framework that consists of limits, escalation triggers and key risk indicators. • The head of the risk management function (CRO) ensures that all material risk are identified, measured and properly reported. It delivers a complete view of the whole range of risks faced by the institution. CRO is actively involved in elaborating the risk strategy and all material risk management decisions. • The CRO shall not be removed without prior approval of the Board. The CRO shall be able to have direct access to the Board where necessary. (Article 76, point (5) of Directive 2013/36/EU) 20
  • 21. Risk organization and the three lines of defense 21 Risks Supervisory board Senior management 1st of defense: Risk takers Operative controls: Every business unit is responsible for identifying and managing the risks inherent in the products, activities, processes and systems for which it is accountable. Risk Ownership 2nd line of defense: Risk management & Compliance Ownership of the risk management framework and management of compliance risks: • Risk policies, standards and guidelines • Stress testing and regulatory processes • Risk reporting • Independent view regarding the effectiveness of 1st line of defense Risk Control 3rd line of defense: Internal audit Independent assurance to the Board, supervisory authorities and other interested parties of the appropriateness of the institution’s risk management Auditors Risk Assurance Enforcement: ECB and NCAs Internal control functions
  • 22. Basel III and reporting frameworks 22
  • 23. The three pillars of Basel III on capital and liquidity adequacy* 23 Basel III as imposed by CRD & CRR Internal assessments on capital and liquidity (ICAAP and ILAAP) Supervisory Review and Evaluation Process (SREP) Pillar 2 requirements and guidance: • Pillar 2 requirements on capital and/or leverage (binding) • Pillar 2 guidance on capital and/or leverage (supervisory expectation) • Pillar 2 liquidity requirements (e.g.: buffer add-ons, cap on cash outflows, supervisory minimum survival period) Pillar 2: Bank specific requirements and guidance Disclosure requirement (Pillar 3 report) • Transparency for market participants, concerning the banks risk position (risk management, detailed information on own funds, etc.) • Enhanced comparability among banks Pillar 3: Market Discipline Capital requirements: • Base capital requirements: CET1, Tier 1, Total Capital ratio • Buffer requirements • Base leverage ratio requirement Liquidity requirements: • Liquidity Coverage Ratio (LCR) • Net Stable Funding Ratio (NSFR) Pillar 1: General minimum requirements * Requirements only applicable to systemically important banks are not included here.
  • 24. Capital adequacy ratios Total risk exposure amount (TREA) here refers to the risk-weighted exposure amount as defined in Article 92 of Regulation (EU) No 575/2013. In other documents, TREA is also referred to as Risk-weighted Assets (RWA). 24 𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 𝑟𝑎𝑡𝑖𝑜 = 𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 (𝐶𝐸𝑇1) 𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 𝐴𝑚𝑜𝑢𝑛𝑡 (𝑇𝑅𝐸𝐴) 𝑇𝑖𝑒𝑟 1 𝑟𝑎𝑡𝑖𝑜 = 𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 𝐶𝐸𝑇1 + 𝐴𝑑𝑑𝑖𝑡𝑖𝑜𝑛𝑎𝑙 𝑇𝑖𝑒𝑟 1 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 (𝐴𝑇1) 𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 𝐴𝑚𝑜𝑢𝑛𝑡 (𝑇𝑅𝐸𝐴) 𝑇𝑜𝑡𝑎𝑙 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 𝑟𝑎𝑡𝑖𝑜 = 𝐶𝑜𝑚𝑚𝑜𝑛 𝐸𝑞𝑢𝑖𝑡𝑦 𝑇𝑖𝑒𝑟 1 𝐶𝐸𝑇1 + 𝐴𝑑𝑑𝑖𝑡𝑖𝑜𝑛𝑎𝑙 𝑇𝑖𝑒𝑟 1 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 𝐴𝑇1 + 𝑇𝑖𝑒𝑟 2 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 (𝑇2) 𝑇𝑜𝑡𝑎𝑙 𝑅𝑖𝑠𝑘 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 𝐴𝑚𝑜𝑢𝑛𝑡 (𝑇𝑅𝐸𝐴)
  • 25. Banking ‘stuff’: Capital adequacy ratios (example)* 25 * Buffers and other requirements only applicable to systemically important banks are not included in this example. Specific numbers, except the base capital requirement, are for illustration purposes only as they depend on specific circumstances. CET 1 capital ratio Tier 1 capital ratio Total capital ratio To be met at all times Base capital requirement 4.50% 6.00% 8.00% Pillar 2 capital charge 3.60% 3.60% 4.60% Total SREP capital requirement 8.10% 9.60% 12.60% Combined buffer requirement Capital conservation buffer 2.50% 2.50% 2.50% Systemic risk buffer 0.00% 0.00% 0.00% Countercyclical buffer 1.50% 1.50% 1.50% Overall capital requirement 12.10% 13.60% 16.60% Pillar 2 guidance 1.50% 1.50% 1.50% Total supervisory expectation 13.60% 15.10% 18.10% Management buffer (if any) 0.40% 0.90% 0.90% Internal capital target 14.00% 16.00% 19.00%
  • 26. Leverage ratio Leverage ratio Pillar 1 requirement (LR): 26 𝐿𝑒𝑣𝑒𝑟𝑎𝑔𝑒 𝑟𝑎𝑡𝑖𝑜 = 𝑇𝑖𝑒𝑟 1 𝑐𝑎𝑝𝑖𝑡𝑎𝑙 𝑇𝑜𝑡𝑎𝑙 𝑙𝑒𝑣𝑒𝑟𝑎𝑔𝑒 𝑟𝑎𝑡𝑖𝑜 𝑒𝑥𝑝𝑜𝑠𝑢𝑟𝑒 ≥ 3% Total leverage ratio exposure includes assets and off-balance sheet items, irrespective of how risky they are. I.e.: leverage ratio is not risk-based but serves as a simple backstop to risk- weighted capital requirements. [For banks with an elevated risk of leverage] Leverage ratio Pillar 2 requirement (P2R-LR) on top of the Pillar 1 requirement (legally binding, determined as part of SREP): Intended to capture contingent leverage risk originating from a bank extensively using off- balance-sheet items, derivatives etc. as well as engaging in regulatory arbitrage and providing step-in support. [Bank-specific recommendation] Leverage ratio Pillar 2 guidance (P2G-LR) on top of the Pillar 2 requirement (not legally binding but reflects supervisory expectations, determined as part of SREP): Set for some banks, considering the depletion of the leverage ratio in the stress test. Leverage ratio Pillar 2 Guidance (P2G-LR) Leverage ratio Pillar 2 Requirement (P2R-LR) Leverage ratio Pillar 1 Requirement (LR)
  • 27. Liquidity Coverage Ratio (LCR) base requirement 27 𝐿𝐶𝑅 = 𝑆𝑡𝑜𝑐𝑘 𝑜𝑓 𝐻𝑖𝑔ℎ 𝑞𝑢𝑎𝑙𝑖𝑡𝑦 𝑙𝑖𝑞𝑢𝑖𝑑 𝑎𝑠𝑠𝑒𝑡𝑠 (𝐻𝑄𝐿𝐴) 𝑇𝑜𝑡𝑎𝑙 𝑛𝑒𝑡 𝑐𝑎𝑠ℎ 𝑜𝑢𝑡𝑓𝑙𝑜𝑤𝑠 𝑜𝑣𝑒𝑟 𝑡ℎ𝑒 𝑛𝑒𝑥𝑡 30 𝑐𝑎𝑙𝑒𝑛𝑑𝑎𝑟𝑑 𝑑𝑎𝑦𝑠 = = 𝑆𝑡𝑜𝑐𝑘 𝑜𝑓 𝐻𝑖𝑔ℎ 𝑞𝑢𝑎𝑙𝑖𝑡𝑦 𝑙𝑖𝑞𝑢𝑖𝑑 𝑎𝑠𝑠𝑒𝑡𝑠 (𝐻𝑄𝐿𝐴) 𝐶𝑎𝑠ℎ 𝑂𝑢𝑡𝑓𝑙𝑜𝑤𝑠 (30 𝑑𝑎𝑦𝑠) − 𝐶𝑎𝑠ℎ 𝐼𝑛𝑓𝑙𝑜𝑤𝑠(30 𝑑𝑎𝑦𝑠) ≥ 100% High-quality liquid assets (HQLA) are cash and assets that can be easily and immediately converted into cash without significantly affecting their market value, e.g.: • Cash and balances with central banks • Highly-rated government bonds Cash – Outflows, example: Cash – Inflows, example: Outflow Outflow rate (weight) Outflow – Stable deposits 5% Outflow – Less stable deposits 10% Undrawn credit facilities 5% Other contractual cash outflows 100% Inflow Inflow rate (weight) Inflows from fully performing exposures 50% Other contractual cash inflows Varying rates LCR aims to ensure that banks survive a period of significant liquidity stress lasting 30 calendar days. The LCR is not designed to cover all tail events involving deposit outflows, such as bank runs; instead, it should ensure that banks can withstand a certain liquidity stress scenario.
  • 28. Net Stable Funding Ratio (NSFR) base requirement 28 𝑁𝑆𝐹𝑅 = 𝐴𝑣𝑎𝑖𝑙𝑎𝑏𝑙𝑒 𝑎𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝑠𝑡𝑎𝑏𝑙𝑒 𝑓𝑢𝑛𝑑𝑖𝑛𝑔 (𝐴𝑆𝐹) 𝑅𝑒𝑞𝑢𝑖𝑟𝑒𝑑 𝑎𝑚𝑜𝑢𝑛𝑡 𝑜𝑓 𝑠𝑡𝑎𝑏𝑙𝑒 𝑓𝑢𝑛𝑑𝑖𝑛𝑔 (𝑅𝑆𝐹) ≥ 100% NSFR seeks to ensure that banks maintain stable funding structure. It is the ratio of the available amount of stable funding to the required amount of stable funding over the time horizon of one year. NSFR, illustration based on simplified balance sheet: Assets Cash and balances with central bank Performing exposures Illiquid assets, incl. non- performing exposures Category Highly liquid Fairly liquid Illiquid RSF weight 0% 50-85% 100% Short term borrowing Liabilities and Equity Retail deposits Long term borrowing & Own funds Category Less stable Non stable Stable ASF weight 90-95% 0-50% 100%
  • 29. Reporting frameworks The EBA has developed two reporting frameworks being: • COmmon REPorting Standards (COREP) that specify the capital and liquidity information required, applies to all credit institutions and investment firms operating in the EEA. • FINancial REPorting Standards (FINREP) that specify the financial information required and apply to all credit institutions that consolidate their financial reports based on IFRS. 29 COREP FINREP • Liquidity Adequacy: LCR and NSFR • Capital Adequacy: credit risk, market risk, operational risk • Leverage • … • Primary statements: balance sheet, income statement, comprehensive income, cash flows, equity • Disclosures of financial assets and liabilities, off balance sheet activities, .. • Forbearance and non- performance • …
  • 30. Regulatory processes: ICAAP and ILAAP, and SREP 30
  • 31. Internal Capital Adequacy Assessment Process (ICAAP) & Internal Liquidity Assessment Process (ILAAP) Regulatory aim: Making banks more resilient and avoiding adverse situations by encouraging banks to reflect on their capital and liquidity risks in a structured way. ICAAP/ILAAP principles as set out by the ECB: Principle 1 – The management body is responsible for the sound governance of ICAAP/ILAAP. Principle 2 – The ICAAP/ILAAP is an integral part of the overall management framework. Principle 3 – The ICAAP/ILAAP contributes fundamentally to the continuity of the institution by ensuring capital/liquidity adequacy from different perspectives. Principle 4 – All material risks are identified and taken into account in ICAAP/ILAAP. Principle 5 – The internal capital / liquidity buffers are of high quality and clearly defined; the stable sources of funding are clearly defined. Principle 6 – ICAAP/ILAAP risk quantification methodologies are adequate, consistent and independently validated. Principle 7 – Regular stress testing is aimed at ensuring capital/liquidity adequacy in adverse circumstances. 31
  • 32. Two complementary pillars of ICAAP & ILAAP: the economic and the normative perspective 32 • The economic perspective covers the full universe of risks that may have material impact to capital and liquidity position. The perspective is not based on regulatory provisions; instead, it is based on the economic value considerations and economic capital. The bank should remain economically viable and follow its strategy. • The normative perspective is a multi-year assessment of the institution’s ability to fulfil all of its liquidity-related and capital-related (quantitative) regulatory and supervisory requirements and demands, and to cope with other external financial constraints, on an ongoing basis. • Economic and normative perspective should mutually inform each other: • Projections under economic perspective are expected to feed into the projections under normative perspective. • Conversely, outcomes of the normative perspective ought to inform economic perspective risk quantifications and adjust or complement the later.
  • 33. ICAAP example: capital requirements under normative internal perspective 33 • In baseline scenario, both Pillar 1 and Pillar 2 requirements and guidance shall be met over the planning period. In adverse scenario, total SREP capital requirement shall be met at all times. (See the figures below.) • Projections of the future capital position under the normative perspective should be informed by the economic perspective assessments: to which extent the risks identified and quantified under the economic perspective may impact own funds and exposure amounts in future? • The impact of upcoming changes in legal, regulatory and accounting frameworks is expected to be considered as well.
  • 34. ICAAP example: Management considerations under economic perspective • Under the economic perspective, economic risks and losses affect internal capital immediately and to their full extent. (Think, for example: interest rate changes affecting the net value of bank’s cash flows immediately.) Hence, the economic perspective gives a very comprehensive view of risks. • When a significant downward trend is identified in the economic capital position, actions to reverse the trend, and review strategy and risk appetite are ought to be taken. When the bank falls below the internal capital adequacy threshold, it should take necessary measures to restore and ensure capital adequacy over medium term (3 years). 34 * The graph should not be understood as a projection of point-in-time economic situation. It depicts the deterioration of economic capital levels that may occur over time beyond normal business cycle developments.
  • 35. ICAAP example: Quantification of internal capital requirement 35 t=0 Capital ratio Internal target ICAAP minimum Economic minimum Internal point-in- time economic capital requirement Combined buffer requirem ent P2G Pillar 1 requirement P2R t=1 t=0 t=2 t=3 t=4 t=5 Internal minimum required capital ratio incl. scenario buffer Manage ment buffer SREP add-on Time Projected actual capital ratio, base scenario Projected actual capital ratio, adverse scenario Goal-seek capital ratio based on adverse scenario, normative perspective Goal-seek capital ratio based on adverse scenario, economic perspective Goal-seek: At the lowest point of the adverse scenario, projected capital ratio ‘touches’ certain threshold (internal point-in-time requirement for the economic perspective, or the SREP capital requirement for the normative perspective). SREP add-on (the difference between the SREP capital requirement and the internal point-in-time estimate) ought to be minimized; this through improving risk management, transparency and communication with the supervisors
  • 36. Approval of ICAAP & ILAAP, and updated liquidity & funding and capital plans ICAAP & ILAAP: Illustrative process timeline 36 • Led by Finance • Led by Risk Management • Approval needed from Risk Committee (Management Body) Key modelling assumptions (business volumes etc.) and calculation inputs in Risk Committee • Revision of risk inventory • Scenario development (base and adverse) • High level / top-down analysis Time Oct-31 Nov-30 Dec-31 Jan-31 Feb-28 Mar-31 • Gathering inputs from risk takers • Defining modelling assumptions • Updating ICAAP & ILAAP methodologies • Gathering 31.12 start data • Performing stress test analyses • Point-in-time economic capital calculations & analyses • Updating Risk Appetite Framework (RAF) • ICAAP & ILAAP documentation • Financial plan (base scenario) • Reviewing/Updating capital, and liquidity & funding plans based on ICAAP & ILAAP outcomes ICAAP & ILAAP scenarios in Risk Committee ICAAP & ILAAP results in Risk Committee ICAAP & ILAAP submission to the supervisory authority
  • 37. Supervisory Review and Evaluation Process – SREP • SREP is the core element of the FSA regularly assessing and measuring risks for each bank. • Thereby, FSA assesses the bank’s business model, strategy, internal governance and controls, risks to capital and liquidity, and capital and liquidity adequacy. This is done in dialogue with the bank. • SREP outcome: SREP score on scale 1- 4 (and F, if failing or likely to fail) • In the SREP decision, FSA sets capital and liquidity targets, and sets key objectives and deadlines to address the identified issues (if any). 37 1 2 3 4 F Overall SREP Score Business model analysis score Internal governance and controls score Capital adequacy score Liquidity adequacy score Scores for material risks to capital Scores for liquidity and funding risks Viability score Risk score
  • 39. Recovery planning in the context of Bank Recovery and Resolution Directive (BRRD) • Recovery plans are intended to ensure that banks are prepared to restore their viability in a timely manner even in periods of severe financial stress. • The bank (banking group) shall be able to demonstrate to the satisfaction of the competent authority that the Recovery Plan is reasonably likely to be implemented without causing any adverse effect on the financial system. • Recovery planning is designed to be an ongoing process that does not end once the bank’s management body has approved the plan. • A bank (banking group) may apply for preparation of recovery plan in simplified form: 1) a reduction in the contents of the Recovery Plan 2) a reduction in the frequency for updating the Recovery Plan 39
  • 40. Recovery planning: Recovery Plan • Structure & key elements: 1. Summary of the key elements of the Recovery Plan and of overall recovery capacity (ORC), and material changes since the most recently filed Recovery Plan 2. Governance, incl.: a. Recovery Plan development, and policies and procedures governing approval of Recovery Plan b. The Plan’s consistency with the general management and risk management c. The conditions and procedures to ensure timely implementation of recovery options d. Recovery Plan indicators on capital, liquidity, profitability and asset quality, and (as applicable) market-based and macroeconomic indicators 3. Strategic analysis, incl.: a. The description of the entity or entities covered by the Recovery Plan, incl. business and risk strategy, critical functions and core business lines b. Recovery options, incl. options to restore capital and liquidity, and measures to reduce risk and leverage c. Actions, arrangements and measures under recovery options; impact & feasibility assessment of the recovery options; continuity of operations when recovery options are implemented; scenario analysis to test the effectiveness of recovery options and the adequacy of the Recovery Plan indicators d. Assessment to the overall recovery capacity 4. Communication and disclosure plan, incl.: a. Internal communication b. External communication c. Effective proposals for managing any potential negative market reactions a. Preparatory measures to facilitate the implementation of the Recovery Plan or to improve its effectiveness 40
  • 41. Recovery planning: Recovery indicators (example for a small and non- complex bank)* 41 Category Indicator name Early warning threshold (Corresponds to ‘risk tolerance’ level from RAF) Threshold to trigger recovery actions (Corresponds to ‘risk capacity’ level from RAF) Near-default threshold (Corresponds to regulatory requirement, if applicable) 1. Capital indicators CET1 ratio [To be calibrated] [To be calibrated] [To be calibrated] Total Capital ratio [To be calibrated] [To be calibrated] [To be calibrated] Leverage ratio [To be calibrated] [To be calibrated] [To be calibrated] 2. Liquidity indicators Liquidity position [To be calibrated] [To be calibrated] n/a LSR [To be calibrated] [To be calibrated] [To be calibrated] NSFR [To be calibrated] [To be calibrated] [To be calibrated] 3. Profitability indicators Return on equity [To be calibrated] N/A N/A Significant operational loss [To be calibrated] N/A N/A 4. Asset quality indicators Default rate [To be calibrated] N/A N/A Coverage ratio [provisions / total non-performing loans] [To be calibrated] N/A N/A (Gross non-performing loans) / total loans [To be calibrated] N/A N/A * Adjusted from the lists in Annex II of the EBA/GL/2021/11.
  • 42. Recovery planning: Recovery options and ORC range (illustration) 42 Identification of credible and feasible recovery options • Capital raising • Restructuring of liabilities • Cost reductions • Sale of assets / loan portfolios • Liquidity improvement recovery options (e.g.: use of central bank facilities) • Disposal recovery options (e.g.: sale of business lines, sale of subsidiaries) • Various management actions (e.g.: reduce lending, margin increases, increasing fee income) Testing recovery options in a range of scenarios of severe macroeconomic and financial stress Define scenarios: 1. Systemic scenario(s) 2. Idiosyncratic scenario(s) 3. Combined scenario(s) Choose and adjust recovery options for constraining factors related to the simultaneous or sequential implementation of recovery options Calculate ‘scenario-specific recovery capacities’ expressed in ‘relevant RP indicators’: • CET1 (18 months) • Total capital ratio (18 months) • Leverage ratio (18 months) • LCR (timeframe: 6 months) • NSFR (timeframe: 6 months) Determination of the Overall Recovery Capacity (ORC) range Difference between the highest and lowest ‘scenario-specific recovery capacity’ of relevant scenarios, this in terms of: a) Capital including leverage (capital ORC), and b) Liquidity (liquidity ORC) Capital ORC determination, example Liquidity ORC determination, example Relevant scenario CET1 ratio TC ratio LR Scenario 1 - Systemic +4.50% +5.00% +2.50% Scenario 3 - Combined +3.60% +4.00% +1.80% Capital OCR 360-450 bps 400-500 bps 180-250 bps Relevant scenario LCR NSFR Scenario 2 – Idiosyncratic +70% +6.00% Scenario 3 – Combined +40% +3.50% Liquidity OCR 40%-70% 3.50%-6.00%
  • 43. Competent Authorities’ Assessment of Recovery Plan and the ORC score 43 Assessment of the ‘scenario-specific recovery capacity’ • Are scenarios severe enough? • Are the selected recovery options credible and feasible, including the timeframe, the impacts and any constraining factors? Assessment of the ORC – ‘adjusted ORC’ • Is the ORC calculated by the bank as the range between the lowest and the highest ‘scenario-specific recovery capacity’ both in terms of capital (including leverage) and liquidity ‘relevant RP indicators’? • Overall quantitative and qualitative assessment of the ORC & determining the ‘adjusted ORC’ both in terms of capital and liquidity • ‘Adjusted ORC’ <= ORC determined by the institution Assigning ORC score • Indicative ORC score, given the ‘adjusted ORC’ & considering the ‘relevant RP indicators’: ‘satisfactory’, ‘adequate with potential room for improvement’ or ‘weak’ • Plus qualitative considerations, not already reflected in the ‘adjusted ORC’ (e.g.: difference between the institution’s ORC and the ‘adjusted ORC’) • Lead to final ORC score: ‘satisfactory’, ‘adequate with potential room for improvement’ or ‘weak’ Assessment criteria: • Completeness of the Plan • Quality of the Plan • Level of integration and consistency of the Plan with the general corporate governance, internal processes and risk management framework • Sufficient number of plausible and viable recovery options • Overall Recovery Capacity (ORC) of the institution ↓ → ORC score Satisfactory Adequate Weak
  • 44. Connecting BAU mode, continuity plans, ICAAP & ILAAP, and RP • Business continuity plans, ICAAP & ILAAP, capital and liquidity contingency plans, and Recovery Plan are parts of the same risk management continuum: • Business continuity plans, ICAAP & ILAAP, and capital and liquidity contingency plans are aimed at maintaining continuity of the bank. • Recovery plans set out measures (incl. extraordinary measures) to restore its financial position following a significant deterioration. • Calibration of the indicators for continuity/contingency plans and the Recovery Plan should be consistent with each other, and with the overall Risk Appetite Framework: • Recovery Plan indicators present a subset of all indicators in Risk Appetite Framework • Recovery Plan capital/liquidity indicators should be integrated into the ICAAP/ILAAP • In Business as Usual (BAU) mode, Overall Recovery Capacity (ORC) is generally expected to be improved over time. 44 Business As Usual Some stress High stress / Business continuity situation Focus of continuity plans and ICAAP & ILAAP Emergency / Financial Recovery situation Focus of Recovery Plan Recovery Plan indicators Risk indicators in Risk Appetite Framework Risk indicators to trigger business continuity, and capital and liquidity contingency plans
  • 45. Recovery planning: Further thoughts • Recovery planning can be an interesting and beneficial thought experiment, especially for more complex institutions. It basically means breaking the monolith into pieces (entities, business lines etc.), identifying critical functions and core business lines, and then putting the pieces back together while leaving only what is important. • Recovery planning has implications to the organization set-up. A resilient set-up ought to be such that in the financial recovery situation, disposal of less significant business lines and subsidiaries can be considered as a feasible recovery option. • List of recovery options is like a menu to choose from when things get tough. 45
  • 46. Regulatory processes: Stress testing and stress testing programs 46
  • 47. Stress testing • Stress testing is a central risk management tool to take forward- looking view in risk management, strategy planning, capital planning and liquidity planning. • Stress testing program includes: • Sensitivity analyses • Scenario analyses • Reverse stress testing • Stress testing may be performed top-down and bottom-up. 47 Stress testing Data infra- structure Risk appetite Strategic planning & budgeting Capital planning & ICAAP Liquidity planning & ILAAP Recovery planning
  • 48. Stress testing program: Minimum set (example for a small and non- complex bank) 48 Analysis type Description Why? Coverage Frequency (unless higher frequency is requested by the management body and/or there are significant new developments) Sensitivity analyses Sensitivities to various risk factors To identify material risks As appropriate As needed Sensitivities of ECLs and IFRS9 impairment provisions to various inputs IFRS9 disclosures Credit risk in the banking book Once a year Sensitivities to various interest rate scenarios Risk reporting and risk management disclosures Interest rate risk in the banking book Quarterly Scenario analyses Base scenario, upside scenario and downside scenario for credit losses IFRS9 expected credit loss modelling Credit risk in the banking book Scenario development: once a year ECL calculations: once a month Solvency stress test based on unlikely but possible adverse economic scenario covering at least 3 years ICAAP All material risks to capital; banking group and connected entities Full process: once a year; quarterly updates to the management body Liquidity stress test based on unlikely but possible liquidity risk scenario that includes market-wide and idiosyncratic schock(s) ILAAP All material risks to liquidity and funding; banking group and connected entities Full process: once a year; quarterly updates to the management body Reverse stress testing Identification of ‘near-default’ / close to failure scenario(s); stress testing based on the identified scenario(s) Recovery planning; Assessing the severity of the ICAAP and ILAAP scenarios All material risks; banking group and connected entities Once a year (unless a lower frequency is agreed with the FSA)
  • 49. Stress testing program: Elements • Types of stress testing and their main objectives and applications • The frequency of the different stress testing exercises • The internal governance arrangements: lines of responsibility and procedures • Coverage: entities, risk types and portfolios included • Relevant data infrastructure • Methodology and models • Assumptions, incl. business and managerial 49
  • 50. Inserting risk management considerations into credit pricing 50
  • 51. Guidelines from European Banking Authority (Chapter 6 of EBA/GL/2020/06) • Pricing frameworks should reflect credit risk appetite and business strategy, including profitability and risk perspective. Loan pricing should also be linked to the characteristics of the loan product and consider competition and prevailing market conditions. Institutions should also define their approach to pricing by borrower type and credit quality, and riskiness of the borrower. […] • According to the guidelines, costs to be reflected in loan pricing should include the following: • The cost of capital (both regulatory and economic capital) • The cost of funding which should match the key features of the loan, e.g. the expected duration of the loan • Operating and administrative costs resulting from cost allocation • Credit risk cost • Any other real costs associated with the loan in question • Competition and prevailing market conditions, in particular lending segments and for particular loan products • For the purposes of pricing and measuring of profitability, risk-adjusted profitability measures such as economic value added (EVA), return on risk-adjusted capital (RORAC) and risk-adjusted, return on capital (RAROC), return on risk-weighted assets (RORWA) and other relevant measures should be considered. • There should be ex ante transaction tools as well as tools for regular ex post monitoring in place. 51
  • 52. Components of effective interest rate* in risk-based loan offer generation (example) 52 Derived based on the projected loan cash flows, given borrower- and transaction specific credit risk parameters as inputs Cost of own funds Cost of deposits and other liabilities Allocated operating and administrative costs, and other real costs Expected credit losses Economic profit margin Targeted internal rate of return in the calculation of cost-based credit price Ceiling to the cost of credit for the borrower (as applicable, given e.g. the responsible lending considerations) Space for pricing optimization, given prevailing market conditions Offered credit price (effective interest rate) Cost-based credit price (incl. opportunity cost reflected in the shareholders’ expected returns) * The term ‘effective interest rate’ is used to reflect different pricing structures, i.e.: different possible splits between the loan interest rate, loan contract fee and other fees charged in connection with the loan. Links between credit pricing, and ICAAP, ILAAP and SREP: • Cost of own funds depends on the amount/proportion of capital that is required to cover for the risks to capital, as estimated in the course of ICAAP and SREP. • Weighted average cost of capital (WACC), incl. cost of own funds, cost of deposits and cost of other liabilities, should reflect cash drag, i.e.: the proportion of funds that cannot be lent out but has the be kept in high-quality liquid assets (HQLA) with (normally) very low or non-existent returns. Required proportion of HQLA is an output of the ILAAP and SREP. Further, the required composition of liabilities and thus, the cost of liabilities, also depend on the outcomes of ILAAP and SREP.
  • 54. Abbreviations AI – Artificial Intelligence AML/CFT – Anti-money Laundering and Counter- terrorism Financing ASF – Available Stable Funding AT1 – Additional Tier 1 capital BAU – Business as Usual BRRD – Bank Recovery and Resolution Directive (Directive 2014/59/EU) bps – basis points CAS – Capital Adequacy Statement CEO – Chief Executive Officer CET1 – Common Equity Tier 1 capital CFO – Chief Financial Officer COREP – COmmon REPorting Standard CRD – Capital Requirements Directive (Directive 2013/36/EU) CRR – Capital Requirements Regulation (Regulation (EU) No 575/2013) CRO – Chief Risk Officer EBA – European Banking Authority ECB – European Central Bank ECL – Expected Credit Loss (under IFRS9 framework) EEA – European Economic Area EL – Expected Loss ESG – Environmental, Social and Governance EVA – Economic Value Added FINREAP – FINancial REPorting Standards FSA – Financial Supervisory Authority HQLA – High Quality Liquid Assets ICAAP – Internal Capital Adequacy Process ICT – Information and communication technology IFRS – International Financial Reporting Standard ILAAP – Internal Liquidity Assessment Process IRRBB – Interest Rate Risk in the Banking Book LAS – Liquidity Adequacy Statement LCR – Liquidity Coverage Ratio LR – Leverage Ratio MDA – Maximum Distributable Amount ML/TF – Money Laundering / Terrorism Financing N/A – Not Applicable NCA – National Competent Authority NPAP – New Product Approval Policy and Process NSFR – Net Stable Funding Ratio ORC – Overall Recovery Capacity P2G – Pillar 2 guidance P2R – Pillar 2 requirement P2G-LR – Pillar 2 leverage ratio guidance P2R-LR – Pillar 2 leverage ratio requirement RMF – Risk Management Function RAF – Risk Appetite Framework RAROC – Risk-adjusted Return on Capital RORAC – Return on Risk-adjusted Capital RORWA – Return on Risk-weighted Assets RP – Recovery Plan RSF – Required Stable Funding RTS – Regulatory Technical Standards RWA – Risk-weighted Assets SREP – Supervisory Review and Evaluation Process T2 – Tier 2 capital TC – Total Capital TREA – Total Risk Exposure Amount TSLRR – Total SREP Leverage Ratio Requirement UL – Unexpected Loss WACC – Weighted Average Cost of Capital 54
  • 55. Links and references • EBA Interactive Single Rulebook (BRRD, CRD, CRR, …): https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook • EBA Guidelines on internal governance under CRD: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/internal-governance/guidelines- internal-governance • Risk Appetite Framework: • Principles for An Effective Risk Appetite Framework by Financial Stability Board: https://www.fsb.org/wp-content/uploads/r_131118.pdf • Speech by Danièle Nouy, Chair of the Supervisory Board of the ECB, International Conference on Banks’ Risk Appetite Frameworks, Ljubljana, 10 April 2018: https://www.bankingsupervision.europa.eu/press/speeches/date/2018/html/ssm.sp180410.en.html • Resources on ICAAP, ILAAP and SREP: • ECB guidelines to ICAAP and ILAAP: https://www.bankingsupervision.europa.eu/press/publications/newsletter/2019/html/ssm.nl190213_3.en.html • Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing under Directive 2013/36/EU (EBA/GL/2022/03): https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/supervisory-review-and-evaluation- process-srep-4 • Resources for recovery planning (in addition to BRRD): • EBA Guidelines on the overall recovery capacity in recovery planning: https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/recovery- resolution-and-dgs/guidelines-overall?version=2023#activity-versions • Regulatory Technical Standards on the content of recovery plans: https://eur-lex.europa.eu/legal- content/EN/TXT/?qid=1468424758476&uri=CELEX%3A32016R1075 • EBA Guidelines on recovery plans indicators (EBA/GL/2021/11): https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/recovery- resolution-and-dgs/guidelines-recovery • EBA/GL/2014/06 on the range of scenarios to be used in recovery plans: https://www.eba.europa.eu/documents/10180/760136/05cc62a3-661c-4eee- ad07-d051f3eeda07/EBA-GL-2014-06%20Guidelines%20on%20Recovery%20Plan%20Scenarios.pdf • ECB webpage on recovery plans: https://www.bankingsupervision.europa.eu/banking/tasks/recoveryplans/html/index.en.html • EBA Guidelines on loan origination and monitoring (EBA/GL/2020/06): https://www.eba.europa.eu/legacy/regulation-and-policy/regulatory-activities/credit- risk/guidelines-loan-origination-and 55