The document is a self-assessment template for firms to evaluate their risk management practices against recommendations from five 2008 studies on the global banking crisis. It includes 32 assessment topics clustered into themes. The template lists the original recommendations and observations, attributed to their source study. It is intended to provide transparency for a self-assessment exercise conducted by firms at the request of the Senior Supervisors Group. The template streamlines the language from the source materials without altering their meaning or intent.
This document discusses opportunities to reform risk governance and corporate governance in four key areas:
1. Improving management's control and supervision of business lines.
2. Giving boards better perspective to oversee strategy, management, and risks.
3. Enhancing regulators' oversight of risk management practices.
4. Creating efficient processes to leverage finance, risk, compliance, and audit functions.
The document recommends augmenting organizational structures to promote senior management awareness of risks, establish clear communication lines, and provide oversight while respecting independent risk functions. This includes a Senior Risk Committee and aggregating business segment reporting to give boards a comprehensive view of risks.
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
The document discusses a presentation on enterprise risk management (ERM). It covers defining ERM, drivers for ERM adoption, ERM roles and responsibilities, and a practical approach to implementing ERM. This includes conducting an enterprise risk assessment to identify key risks and a risk management framework assessment to evaluate risk processes. The goal is to embed risk management into decision making and business activities.
Manigent Embedding Risk Appetite Within The Strategy ProcessAndrew Smart
The document discusses how risk appetite should be embedded within an organization's strategy process. It describes how risk appetite impacts and should be considered at each stage of strategy formulation, setting, and execution. Specifically, it states that risk appetite should guide strategic option evaluation and play a key role in defining objectives and risks. Organizations should also define risk appetite across multiple time horizons and risk dimensions. Key business drivers can then be used to frame how the organization assesses and aligns risk exposure with its strategic objectives and defined risk appetite.
The document discusses a study analyzing the valuation implications of enterprise risk management (ERM) maturity. The study found that firms with more mature ERM programs exhibited higher firm value, as measured by Tobin's Q, with a statistically significant positive relation of 25%. The most important aspects of ERM from a valuation perspective related to high levels of top-down executive engagement and the integration of ERM into both strategic activities and everyday practices. The study contributes to emerging research on quantifying the business value of ERM.
1) Risk management involves identifying, assessing, and prioritizing risks in order to minimize negative impacts and maximize opportunities. It also includes transferring, avoiding, reducing, or accepting risks.
2) While risk management standards aim to increase confidence, they are sometimes criticized for not measurably improving risk. Risk management must balance high-probability/low-impact risks with low-probability/high-impact risks.
3) Intangible risks like those from deficient knowledge, relationships, or processes directly reduce productivity and must be identified and reduced.
Research that pinpoints a correlation between the earnings stability of large multinational corporations and their ability to manage physical plant and other property-related risks
An approach to erm in the insurance industry apria 2002 rama warrier&preetiRama Warrier
This document discusses implementing an Enterprise Risk Management (ERM) approach for an insurance company. It begins by defining ERM as a holistic approach to managing all risks across an organization, rather than managing risks individually. The document then outlines key risks for an insurance company, including marketplace risks, operational risks, international risks, mergers and acquisitions risks, and others. It proposes a four-phase ERM strategy for insurance companies: 1) Identifying risks, 2) Quantifying risks through modeling and analysis, 3) Measuring and evaluating risks, and 4) Managing and monitoring risks on an ongoing basis. The goal is to develop an integrated risk management process to help insurance companies optimize decision-making and meet business objectives
Enterprise Risk Management as a Core Management Processregio12
The document summarizes the key findings from a study examining best practices in enterprise risk management (ERM) across multiple organizations. The study identified 10 principal findings related to optimizing ERM structures, supporting methodologies, using ERM for decision-making, and evaluating ERM performance. Best practices included establishing executive-level ERM support, using a variety of risk assessment methods, focusing on risk-informed culture and communication, evaluating ERM through performance metrics, and ensuring ERM maturity.
This document discusses opportunities to reform risk governance and corporate governance in four key areas:
1. Improving management's control and supervision of business lines.
2. Giving boards better perspective to oversee strategy, management, and risks.
3. Enhancing regulators' oversight of risk management practices.
4. Creating efficient processes to leverage finance, risk, compliance, and audit functions.
The document recommends augmenting organizational structures to promote senior management awareness of risks, establish clear communication lines, and provide oversight while respecting independent risk functions. This includes a Senior Risk Committee and aggregating business segment reporting to give boards a comprehensive view of risks.
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
The document discusses a presentation on enterprise risk management (ERM). It covers defining ERM, drivers for ERM adoption, ERM roles and responsibilities, and a practical approach to implementing ERM. This includes conducting an enterprise risk assessment to identify key risks and a risk management framework assessment to evaluate risk processes. The goal is to embed risk management into decision making and business activities.
Manigent Embedding Risk Appetite Within The Strategy ProcessAndrew Smart
The document discusses how risk appetite should be embedded within an organization's strategy process. It describes how risk appetite impacts and should be considered at each stage of strategy formulation, setting, and execution. Specifically, it states that risk appetite should guide strategic option evaluation and play a key role in defining objectives and risks. Organizations should also define risk appetite across multiple time horizons and risk dimensions. Key business drivers can then be used to frame how the organization assesses and aligns risk exposure with its strategic objectives and defined risk appetite.
The document discusses a study analyzing the valuation implications of enterprise risk management (ERM) maturity. The study found that firms with more mature ERM programs exhibited higher firm value, as measured by Tobin's Q, with a statistically significant positive relation of 25%. The most important aspects of ERM from a valuation perspective related to high levels of top-down executive engagement and the integration of ERM into both strategic activities and everyday practices. The study contributes to emerging research on quantifying the business value of ERM.
1) Risk management involves identifying, assessing, and prioritizing risks in order to minimize negative impacts and maximize opportunities. It also includes transferring, avoiding, reducing, or accepting risks.
2) While risk management standards aim to increase confidence, they are sometimes criticized for not measurably improving risk. Risk management must balance high-probability/low-impact risks with low-probability/high-impact risks.
3) Intangible risks like those from deficient knowledge, relationships, or processes directly reduce productivity and must be identified and reduced.
Research that pinpoints a correlation between the earnings stability of large multinational corporations and their ability to manage physical plant and other property-related risks
An approach to erm in the insurance industry apria 2002 rama warrier&preetiRama Warrier
This document discusses implementing an Enterprise Risk Management (ERM) approach for an insurance company. It begins by defining ERM as a holistic approach to managing all risks across an organization, rather than managing risks individually. The document then outlines key risks for an insurance company, including marketplace risks, operational risks, international risks, mergers and acquisitions risks, and others. It proposes a four-phase ERM strategy for insurance companies: 1) Identifying risks, 2) Quantifying risks through modeling and analysis, 3) Measuring and evaluating risks, and 4) Managing and monitoring risks on an ongoing basis. The goal is to develop an integrated risk management process to help insurance companies optimize decision-making and meet business objectives
Enterprise Risk Management as a Core Management Processregio12
The document summarizes the key findings from a study examining best practices in enterprise risk management (ERM) across multiple organizations. The study identified 10 principal findings related to optimizing ERM structures, supporting methodologies, using ERM for decision-making, and evaluating ERM performance. Best practices included establishing executive-level ERM support, using a variety of risk assessment methods, focusing on risk-informed culture and communication, evaluating ERM through performance metrics, and ensuring ERM maturity.
This document provides information about the 2009 Enterprise Risk Management Summit taking place from March 30 to April 1, 2009 in Washington, DC. The summit will include optional pre-conference and post-conference workshops on implementing enterprise risk management, as well as keynote speeches and breakout sessions on various risk management topics over the two-day conference. Attendees can earn up to 18 CPE credits. The event will take place at the Performance Institute Conference Center and a limited number of rooms have been reserved at a nearby hotel.
Building control efficiency: Rationalization, optimization and redesign Vladimir Matviychuk
Increased government reporting requirements have forced those responsible for internal controls to do more. The global recession has required them to do more with less. While regulators press for accountability, investors press for performance. Now, those responsible for internal controls must now take charge by assessing their processes and tools, and execute on efforts to make them as efficient – and effective – as possible. Those able to optimize their controls will be more able to move past compliance toward improved performance and competitive advantage.
This document is a report from the Senior Supervisors Group assessing risk management practices at major global financial institutions during recent market turmoil. It finds that firms with concentrated exposure to subprime mortgage securitizations suffered major losses, while those with comprehensive firm-wide risk identification and independent valuation practices fared better. It also notes challenges in managing liquidity needs and leveraged loan commitments. The report recommends supervisors strengthen regulatory frameworks and firms improve risk management, including senior oversight, stress testing, and liquidity planning.
1. This document presents a Risk Management Standard published jointly by three major risk management organizations in the UK. It provides terminology, processes, organizational structures, and objectives for effective risk management.
2. The standard recognizes that risk management involves both upside opportunities and downside threats. It should be integrated into an organization's culture and strategy to help achieve objectives. The core components of the risk management process include risk identification, analysis, evaluation, and treatment.
3. External and internal factors can both drive key risks for an organization. Examples of risk categories include strategic, operational, financial, compliance and knowledge-based risks. Carrying out risk assessment and prioritizing risks is important for informed decision-making.
This document provides a summary of a 2010 presentation on risk management in banks following the financial crisis. It discusses three major financial crises that resulted in lawsuits and insurance disputes. It identifies factors that contributed to the crises such as poor economics, greed, weak risk management, and irrational exuberance. Tables show the largest bankruptcies. The presentation emphasizes the importance of risk management, governance, and increased regulation. It outlines elements of enterprise risk management including risk identification, analysis, evaluation, and treatment.
This document provides information about the 2009 Enterprise Risk Management Summit taking place from March 30 to April 1, 2009 in Washington, DC. The summit will include optional pre-conference and post-conference workshops on implementing enterprise risk management, as well as keynote speeches and breakout sessions on various risk management topics over the two day conference. Attendees can earn up to 18 CPE credits. The event will take place at the Performance Institute Conference Center and rooms have been reserved at a nearby hotel.
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
Credit Suisse Group pursues a disciplined and comprehensive approach to risk management. It focuses significant resources to ensure it remains a leader in risk management. Credit Suisse Group differentiates between eight tiers of risk taking, approval and control across business units, group functions, senior management, boards, auditors, rating agencies and regulators. The document outlines Credit Suisse Group's risk management framework and focuses on seven major risk categories: strategy, market, credit, insurance underwriting, commission/fee income, operational and reputation/brand. It describes the importance of risk culture and identifies twelve organizational principles for effective risk management.
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
The document discusses the need for a paradigm shift in enterprise risk management (ERM) and internal audit approaches from a risk-centric model to an objective-centric model. It argues the current risk-centric models that rely on risk registers are flawed because they look at risks in isolation rather than linking them to organizational objectives. It proposes boards require management to regularly report on residual risk status linked to key value creation and preservation objectives. This would position management as primarily responsible for risk assessment rather than traditional ERM and internal audit groups. It acknowledges there are significant barriers to change, including guidance materials, skills gaps, and reluctance to change entrenched practices.
The document discusses enterprise risk management (ERM) and its importance for organizations. ERM involves identifying, assessing, and managing risks across an entire organization in a holistic manner. It helps organizations align strategy and risk appetite, enhance decision making, reduce surprises, seize opportunities, and improve capital allocation to create long-term shareholder value. The document outlines key concepts of ERM including its components, implementation steps, and how it benefits organizations.
This document discusses the importance of communication in risk management. It defines key terms and outlines various challenges to effective communication between business specialists, risk management, senior management, and stakeholders. Some common problems include differing perspectives between business and risk, siloed risk functions, and lack of a common risk language. The document provides ideas to address these issues, such as establishing a chief risk officer, implementing risk visualization tools, and focusing on transparency, common understanding, and clear responsibilities to improve holistic risk communication.
This document discusses the role of boards of directors and risk committees in managing risk. It outlines that boards are responsible for defining an organization's risk appetite and overseeing risk management strategies. Risk committees assist by monitoring risk profiles, overseeing assurance processes, and ensuring proper risk communication. The document also discusses embedding risk management in an organization's culture and systems, and different risk management strategies like transference, avoidance, reduction, and acceptance.
Tools &Techniques for Effective Risk Management V3.0cgautam
The document outlines the traditional view of risk management and its flaws. It discusses the need for an enterprise-wide approach to risk management (ERM) to address changing internal and external requirements. The ERM process involves environment scanning, strategic alignment, event identification, risk assessment, and risk response planning. It should have clear roles and responsibilities defined across the organization and be integrated into strategic decision making. Overall the document provides an overview of ERM and its benefits over traditional risk management approaches.
Abstract: Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
This document discusses the crucial role of security in crisis management for businesses operating in emerging markets. It outlines that security managers are integral members of crisis management teams, and their responsibilities include ensuring staff safety, security of facilities and operations, and liaising with national security agencies. The security function is important for managing health, logistical, and facility issues during a crisis. Having strong security networks and experience enables crisis management teams to effectively navigate difficult situations and minimize impacts to business operations, finances, and reputation.
This document outlines four risks associated with filming an opening sequence and plans to mitigate each risk. The risks include children falling down stairs during filming, dropping the camera out an upstairs window, a dog turning aggressive during filming, and crashing a car during sound recording. The plans to address each risk involve having an adult present to supervise children, securing the camera on a tripod rather than holding it, having the dog's owner present to keep it calm and focused, and using an experienced driver to maneuver the car for sound effects.
The document summarizes a presentation on Risk Control Self Assessment (RCSA). It discusses identifying risks for RCSA, why RCSA is used, types of RCSA, reporting RCSA results through heat maps, and making the RCSA process effective through consistency, discussion with stakeholders, and regular reporting to management. The presentation was delivered by Kumar Natarajan at the 4th Annual Operational Risk Management Forum in Dubai, 2012.
The document analyzes the film Taken using Propp's narrative theory, which identifies common character archetypes in stories. It discusses how the main characters in Taken - Brian as the Hero, his daughter Kim as the Heroine, and her kidnappers as the Villains - fit the expected roles of restoring order. Brian is dispatched by both himself and Kim's mother to rescue his daughter from the Villains, and receives information from a friend acting as the Donor. While most narratives include a Helper, Brian works alone in Taken. A character initially helping Brian but later betraying him fits the role of the False Hero.
This document contains 49 multiple choice questions about risk assessment and internal control evaluation. It covers topics such as the auditor's responsibility regarding internal controls, separation of duties, control activities, obtaining an understanding of internal controls, control risk assessment, tests of controls, and internal control deficiencies.
Control Self-Assessment (CSA) allows managers and employees to directly assess an organization's risk management and internal controls. CSA helps clarify business objectives, identify risks to achieving objectives, and ensure controls and regulations are followed. The CSA process involves employees self-evaluating controls and processes through activities like risk identification, control assessment, and action planning. Benefits of CSA include improved understanding and responsibility for controls, more effective corrective actions, and increased awareness of objectives. However, CSA may face resistance to change and requires open and honest participation to provide accurate results.
1. Auditors are expected to provide an opinion on whether a company's financial statements are presented fairly in accordance with the applicable financial reporting framework.
2. Auditors obtain an understanding of a company's internal controls to plan the nature, timing, and extent of audit procedures. Weak internal controls require more audit testing.
3. Auditors must maintain independence, be competent and exercise due care. They follow standards for responsibilities, performance, reporting and obtaining evidence.
This document provides information about the 2009 Enterprise Risk Management Summit taking place from March 30 to April 1, 2009 in Washington, DC. The summit will include optional pre-conference and post-conference workshops on implementing enterprise risk management, as well as keynote speeches and breakout sessions on various risk management topics over the two-day conference. Attendees can earn up to 18 CPE credits. The event will take place at the Performance Institute Conference Center and a limited number of rooms have been reserved at a nearby hotel.
Building control efficiency: Rationalization, optimization and redesign Vladimir Matviychuk
Increased government reporting requirements have forced those responsible for internal controls to do more. The global recession has required them to do more with less. While regulators press for accountability, investors press for performance. Now, those responsible for internal controls must now take charge by assessing their processes and tools, and execute on efforts to make them as efficient – and effective – as possible. Those able to optimize their controls will be more able to move past compliance toward improved performance and competitive advantage.
This document is a report from the Senior Supervisors Group assessing risk management practices at major global financial institutions during recent market turmoil. It finds that firms with concentrated exposure to subprime mortgage securitizations suffered major losses, while those with comprehensive firm-wide risk identification and independent valuation practices fared better. It also notes challenges in managing liquidity needs and leveraged loan commitments. The report recommends supervisors strengthen regulatory frameworks and firms improve risk management, including senior oversight, stress testing, and liquidity planning.
1. This document presents a Risk Management Standard published jointly by three major risk management organizations in the UK. It provides terminology, processes, organizational structures, and objectives for effective risk management.
2. The standard recognizes that risk management involves both upside opportunities and downside threats. It should be integrated into an organization's culture and strategy to help achieve objectives. The core components of the risk management process include risk identification, analysis, evaluation, and treatment.
3. External and internal factors can both drive key risks for an organization. Examples of risk categories include strategic, operational, financial, compliance and knowledge-based risks. Carrying out risk assessment and prioritizing risks is important for informed decision-making.
This document provides a summary of a 2010 presentation on risk management in banks following the financial crisis. It discusses three major financial crises that resulted in lawsuits and insurance disputes. It identifies factors that contributed to the crises such as poor economics, greed, weak risk management, and irrational exuberance. Tables show the largest bankruptcies. The presentation emphasizes the importance of risk management, governance, and increased regulation. It outlines elements of enterprise risk management including risk identification, analysis, evaluation, and treatment.
This document provides information about the 2009 Enterprise Risk Management Summit taking place from March 30 to April 1, 2009 in Washington, DC. The summit will include optional pre-conference and post-conference workshops on implementing enterprise risk management, as well as keynote speeches and breakout sessions on various risk management topics over the two day conference. Attendees can earn up to 18 CPE credits. The event will take place at the Performance Institute Conference Center and rooms have been reserved at a nearby hotel.
This white paper explains the concepts, legal requirements, strategies, and global framework for the implementation of risk management. It also deals with fraud and reputation risk management and how the negative reputation of an entity may harm the operations and profitability.
This white paper may be useful in performing the advisory role in Risk Management and Risk Governance.
“Today’s fast-paced business environment encounters a complex and ever-changing risk landscape that may negatively impact organizational value. The only way to respond to it is by having a dynamic and holistic perspective of the risk management approach to ensure business continuity.”
– Jack Zahran, President, Pinkerton
Credit Suisse Group pursues a disciplined and comprehensive approach to risk management. It focuses significant resources to ensure it remains a leader in risk management. Credit Suisse Group differentiates between eight tiers of risk taking, approval and control across business units, group functions, senior management, boards, auditors, rating agencies and regulators. The document outlines Credit Suisse Group's risk management framework and focuses on seven major risk categories: strategy, market, credit, insurance underwriting, commission/fee income, operational and reputation/brand. It describes the importance of risk culture and identifies twelve organizational principles for effective risk management.
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
The document discusses the need for a paradigm shift in enterprise risk management (ERM) and internal audit approaches from a risk-centric model to an objective-centric model. It argues the current risk-centric models that rely on risk registers are flawed because they look at risks in isolation rather than linking them to organizational objectives. It proposes boards require management to regularly report on residual risk status linked to key value creation and preservation objectives. This would position management as primarily responsible for risk assessment rather than traditional ERM and internal audit groups. It acknowledges there are significant barriers to change, including guidance materials, skills gaps, and reluctance to change entrenched practices.
The document discusses enterprise risk management (ERM) and its importance for organizations. ERM involves identifying, assessing, and managing risks across an entire organization in a holistic manner. It helps organizations align strategy and risk appetite, enhance decision making, reduce surprises, seize opportunities, and improve capital allocation to create long-term shareholder value. The document outlines key concepts of ERM including its components, implementation steps, and how it benefits organizations.
This document discusses the importance of communication in risk management. It defines key terms and outlines various challenges to effective communication between business specialists, risk management, senior management, and stakeholders. Some common problems include differing perspectives between business and risk, siloed risk functions, and lack of a common risk language. The document provides ideas to address these issues, such as establishing a chief risk officer, implementing risk visualization tools, and focusing on transparency, common understanding, and clear responsibilities to improve holistic risk communication.
This document discusses the role of boards of directors and risk committees in managing risk. It outlines that boards are responsible for defining an organization's risk appetite and overseeing risk management strategies. Risk committees assist by monitoring risk profiles, overseeing assurance processes, and ensuring proper risk communication. The document also discusses embedding risk management in an organization's culture and systems, and different risk management strategies like transference, avoidance, reduction, and acceptance.
Tools &Techniques for Effective Risk Management V3.0cgautam
The document outlines the traditional view of risk management and its flaws. It discusses the need for an enterprise-wide approach to risk management (ERM) to address changing internal and external requirements. The ERM process involves environment scanning, strategic alignment, event identification, risk assessment, and risk response planning. It should have clear roles and responsibilities defined across the organization and be integrated into strategic decision making. Overall the document provides an overview of ERM and its benefits over traditional risk management approaches.
Abstract: Risk management is an activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes (e.g. natural disasters or fires, accidents, death). Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments. Objective of risk management is to reduce different risks related to a pre-selected domain to an acceptable. It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. The paper describes the different steps in the risk management process which methods are used in the different steps, and provides some examples for risk and safety management.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
This document discusses the crucial role of security in crisis management for businesses operating in emerging markets. It outlines that security managers are integral members of crisis management teams, and their responsibilities include ensuring staff safety, security of facilities and operations, and liaising with national security agencies. The security function is important for managing health, logistical, and facility issues during a crisis. Having strong security networks and experience enables crisis management teams to effectively navigate difficult situations and minimize impacts to business operations, finances, and reputation.
This document outlines four risks associated with filming an opening sequence and plans to mitigate each risk. The risks include children falling down stairs during filming, dropping the camera out an upstairs window, a dog turning aggressive during filming, and crashing a car during sound recording. The plans to address each risk involve having an adult present to supervise children, securing the camera on a tripod rather than holding it, having the dog's owner present to keep it calm and focused, and using an experienced driver to maneuver the car for sound effects.
The document summarizes a presentation on Risk Control Self Assessment (RCSA). It discusses identifying risks for RCSA, why RCSA is used, types of RCSA, reporting RCSA results through heat maps, and making the RCSA process effective through consistency, discussion with stakeholders, and regular reporting to management. The presentation was delivered by Kumar Natarajan at the 4th Annual Operational Risk Management Forum in Dubai, 2012.
The document analyzes the film Taken using Propp's narrative theory, which identifies common character archetypes in stories. It discusses how the main characters in Taken - Brian as the Hero, his daughter Kim as the Heroine, and her kidnappers as the Villains - fit the expected roles of restoring order. Brian is dispatched by both himself and Kim's mother to rescue his daughter from the Villains, and receives information from a friend acting as the Donor. While most narratives include a Helper, Brian works alone in Taken. A character initially helping Brian but later betraying him fits the role of the False Hero.
This document contains 49 multiple choice questions about risk assessment and internal control evaluation. It covers topics such as the auditor's responsibility regarding internal controls, separation of duties, control activities, obtaining an understanding of internal controls, control risk assessment, tests of controls, and internal control deficiencies.
Control Self-Assessment (CSA) allows managers and employees to directly assess an organization's risk management and internal controls. CSA helps clarify business objectives, identify risks to achieving objectives, and ensure controls and regulations are followed. The CSA process involves employees self-evaluating controls and processes through activities like risk identification, control assessment, and action planning. Benefits of CSA include improved understanding and responsibility for controls, more effective corrective actions, and increased awareness of objectives. However, CSA may face resistance to change and requires open and honest participation to provide accurate results.
1. Auditors are expected to provide an opinion on whether a company's financial statements are presented fairly in accordance with the applicable financial reporting framework.
2. Auditors obtain an understanding of a company's internal controls to plan the nature, timing, and extent of audit procedures. Weak internal controls require more audit testing.
3. Auditors must maintain independence, be competent and exercise due care. They follow standards for responsibilities, performance, reporting and obtaining evidence.
This document outlines a risk management methodology consisting of risk assessment and risk mitigation processes. It describes assessing assets according to classification, valuation of confidentiality, integrity and availability, and calculation of risk level based on asset value, threat level and vulnerability level. Risks are mapped to risk levels of very low, low, medium, high and very high. Controls are identified to treat risks deemed not acceptable. The effectiveness of controls is evaluated to determine if residual risk is reduced to an acceptable level.
This document contains a chapter summary and test bank for an IT auditing textbook. It includes 36 multiple choice and true/false questions that test understanding of key concepts around auditing and internal controls. Some of the main topics covered include the COSO and COBIT frameworks, components of internal controls like preventative and detective controls, the roles of internal and external auditors, and concepts like audit risk and tests of controls.
The document provides an overview of control self-assessment (CSA). It discusses what CSA is, its goals and benefits, how it is implemented through workshops, and how the results are reported. CSA involves employees assessing risks, controls and weaknesses within their process. Workshops are facilitated to have open discussions, develop recommendations and action plans. The results are anonymously reported to management to address issues.
Operational risk can arise from inadequate or failed internal processes, people and systems or from external events. It can be measured using a top-down approach such as the Basic Indicator Approach which calculates capital as 15% of average gross income, or the Standardized Approach which divides activities into business lines each with a factor. A bottom-up approach uses internal loss data but has challenges around position equivalence, completeness, and context dependence. Key risk indicators can also be used to signal potential operational losses.
Risk management is an integral part of business management. This set of principles was developed by the industry for the industry. They have been drafted to make them so practical that they will resonate with any financial organization.
The document outlines the National Bank of Malawi's operational risk management framework. It discusses the operational risk policy, roles and responsibilities of the board, management, and risk division. It describes the bank's approach to identifying, assessing, monitoring, and controlling operational risk. The bank has adopted the Basic Indicator Approach to measure operational risk capital charge and has developed business continuity plans to prepare for disasters. The presentation also discusses operational risk incident management guidelines and roles in reporting and addressing incidents.
A risk assessment identifies hazards within a workplace like a laboratory and evaluates risks to safety. It determines the likelihood and severity of potential harm from hazards and how to minimize risks. A proper risk assessment identifies hazards, evaluates who may be harmed and how, decides on precautions through reasonable and practical means, records the findings, and reviews the assessment periodically or when new hazards emerge. The goal is to protect workers and others on the premises from injury by outlining safety guidelines and precautions for the workplace.
Operation Risk Management in Banking SectorSanjay Kumbhar
This presentation discusses operational risk management in the banking sector. It covers topics such as categories of operational risk, risk identification and analysis techniques, key risk indicators, and risk mitigation strategies. The presentation is delivered by five students and contains several sections that outline the flow of topics to be presented.
This document discusses operational risk and provides details on its definition, measurement, and management. It defines operational risk as losses resulting from inadequate or failed internal processes, people, and systems or from external events. It describes the Basic Indicator Approach, Standardized Approach, and Advanced Measurement Approach for calculating operational risk capital charges under Basel II. It also outlines the data elements, risk categories, and tools used to measure and manage operational risk.
The document discusses operational risk and provides guidance on defining, identifying, measuring, monitoring, controlling, and mitigating operational risk according to the Basel Committee on Banking Supervision. It addresses issues with operational risk loss data and outlines principles for developing an appropriate operational risk management environment, process, and framework. The document also examines challenges with using internal and external loss data for quantifying operational risk capital requirements.
Risk assessment principles and guidelinesHaris Tahir
Risk assessment principles and guidelines is a presentation slides was created and presented at Mission Critical Workshop. This slides is part of Business Continuity Management (BCM) presentation which intended for professional who is responsible for BCM or Risk Assessment Program.
This document outlines the phases and steps of completing a risk analysis. It discusses (1) analyzing risks by identifying assets, threats, vulnerabilities and risks; (2) developing countermeasures through mitigation opportunities and policy planning; and (3) applying the process in practice using a small business example. The goal is to characterize, define, mitigate and eliminate risks to protect assets.
This presentation details the Avalanche risk Assessment proposal. The mission of this proposal is to determine areas of risk from avalanches based on measuring snow accumulation using laser altimeter systems.
This document provides an introduction to risk assessment for stonemasons. It explains that a risk is the likelihood of harm from a hazard together with the severity of the harm. Common hazards in stonemasonry like angle grinders and ladders are identified. It outlines the five steps to conducting a risk assessment: identifying hazards, identifying those affected, evaluating risks and controls, recording the assessment, and reviewing it. Workers are asked to identify hazards in an image and discuss hazards from their own experience. The document instructs trainees to complete a risk assessment for cutting stone.
This standard provides guidelines for conducting risk management. It defines key terms like risk and outlines the risk management process. The process involves risk assessment, which includes risk identification, analysis, and evaluation. Risks can originate from external and internal factors and threaten an organization's objectives. Following the risk assessment, risks are evaluated, treated, monitored, and reported on to support strategic decision making and increase organizational efficiency. Regularly updating the standard based on best practices will help risk management remain an effective process.
This standard provides guidelines for conducting risk management. It defines key terms like risk and outlines the risk management process. The process involves risk assessment, which includes risk identification, analysis, and evaluation. Risks can stem from external or internal factors and impact an organization's strategic objectives. Conducting risk management helps organizations achieve goals, improve decision making, and enhance resilience by understanding uncertainties. The standard aims to promote best practices for managing opportunities and threats.
1) This document presents a Risk Management Standard published jointly by three major risk management organizations in the UK. It provides terminology, processes, organizational structures, and objectives for effective risk management.
2) The standard recognizes that risk management involves both upside opportunities and downside threats. It should be integrated into an organization's culture and strategy to help achieve objectives. The core components of the risk management process include risk identification, analysis, evaluation, and treatment.
3) Risks can stem from external and internal factors and be categorized as strategic, financial, operational, hazard or compliance-related. A risk profile prioritizes risks to focus treatment efforts. Communication of risks and risk management performance is important for internal and external
1. This document presents a Risk Management Standard published jointly by three major risk management organizations in the UK. It provides terminology, processes, organizational structures, and objectives for effective risk management.
2. The standard recognizes that risk management involves both upside opportunities and downside threats. It should be integrated into the organization's culture and strategy to help achieve objectives. The core components of the risk management process include risk identification, analysis, evaluation, and treatment.
3. External and internal factors can both drive key risks facing an organization. A variety of techniques can be used to analyze risks, and the results should be communicated to stakeholders and used to prioritize risks for further action.
This document outlines Sun Pharmaceutical Industries Limited's Enterprise Risk Management policy. It defines key aspects of the company's ERM framework, including the following:
1. It establishes an ERM framework in accordance with international risk management standards to proactively manage risks across the company.
2. Key components of the framework include risk identification, assessment, treatment, monitoring, and accountability. Risk owners are responsible for managing risks in their areas.
3. The policy defines roles for the board, risk management committee, internal audit team, function heads, risk coordinators, and risk owners in implementing and maintaining the ERM system.
4. Risk appetite statements define thresholds for financial impacts and qualitative parameters to guide
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
This document provides a structured approach to implementing enterprise risk management (ERM) based on ISO 31000. It discusses key risk management principles, including defining risk, establishing a risk management process, and creating a risk-aware culture. The document advocates developing a risk architecture, strategy, and protocols to provide proper context for risk activities. It also summarizes ISO 31000's risk management process of risk identification, evaluation, response, resourcing, reaction planning, and reporting.
The document discusses the role of internal audit in risk management. It outlines that while primary responsibility for risk management lies with management, internal audit can play a valuable supporting role. The appropriate role may vary between organizations but could include focusing audit work on key risks, participating in risk oversight committees, or educating staff on risk management. Internal audit should avoid being responsible for managing risks but can provide advice, analysis, and audit the risk management process. Maintaining independence and objectivity is important for internal audit.
Risk management is an increasingly important
business driver and stakeholders have become
much more concerned about risk. Risk may be a
driver of strategic decisions, it may be a cause of
uncertainty in the organisation or it may simply be
embedded in the activities of the organisation. An
enterprise-wide approach to risk management
enables an organisation to consider the potential
impact of all types of risks on all processes,
activities, stakeholders, products and services.
Implementing a comprehensive approach will
result in an organisation benefiting from what is
often referred to as the ‘upside of risk’.
The two-day 2010 Enterprise Risk Management Summit aimed to teach attendees how to minimize enterprise risk through a mature ERM framework, utilize key risk indicators as an assessment tool, and improve corporate risk management strategies. The summit included workshops and presentations on topics such as implementing ERM, examining top financial and organizational risks, and integrating performance measures into an ERM system. Attendees would learn from industry experts and earn up to 15 CPE credits.
The document summarizes an upcoming Enterprise Risk Management Summit that will take place from June 21-22, 2010 in Arlington, VA. Attendees will learn how to [1] implement key risk indicators to improve risk strategy, [2] create company-wide risk minimization initiatives, and [3] build mature ERM frameworks to mitigate risk. Specific sessions will provide guidance on utilizing performance metrics in ERM, identifying top financial and organizational risks, and integrating corporate responsibility into ERM programs. The summit aims to help organizations effectively measure, manage, and reduce enterprise-wide risks.
The document summarizes an upcoming enterprise risk management summit that will take place from June 21-22, 2010 in Arlington, VA. Attendees will learn how to [1] use key risk indicators to improve risk strategy, [2] create company-wide risk minimization initiatives, and [3] build mature ERM frameworks to mitigate risk. Specific sessions will provide guidance on examining financial and organizational risks, identifying alternative risk responses, and integrating performance measures into ERM systems. The goal is to help organizations effectively manage enterprise-wide risk and improve performance and profitability.
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryFindWhitePapers
The document discusses lessons that can be learned from the financial crisis regarding effective risk management. It argues that risk management needs greater authority, senior executive leadership, and sufficient risk expertise at high levels. It also stresses the importance of combining quantitative risk model outputs with human judgment, paying attention to the quality of data used in models, and using stress testing and scenario planning to prepare for potential risks and events.
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
An ERM program must be integrated with an organization's overall strategy to provide a complete approach to risk management. The key is to align ERM with strategic objectives in each of the four perspectives of the balanced scorecard - financial, customer, internal processes, and learning and growth. This ensures ERM considers risks that could impact any part of the organization and guides efforts to achieve goals. By including ERM-related objectives in the strategy map, individuals understand how risk management relates to their roles in executing strategy. Properly integrating ERM allows an organization to manage risks and seize opportunities to improve performance, customer satisfaction, and shareholder value.
Common Risk Management failures include lack of organizational integration, outdated risk measurement capabilities, and failure to view risk management as an enabler of long-term competitive advantage rather than just a preventative measure. Major challenges in establishing effective ERM include organizational silos, growing and changing risks, and cost pressures. As risk management becomes more strategic, companies are expected to increase spending to improve risk capabilities across the organization.
The document summarizes an enterprise risk management summit that will take place from June 21-22, 2010 in Arlington, VA. Over the two days, attendees will learn how to: 1) use key risk indicators to improve risk strategy and create a company-wide initiative to minimize operational risk exposure; 2) build a mature ERM framework to mitigate risk and implement a strategy to protect the organization from current market risks; and 3) measure and manage enterprise-wide risk to improve organizational performance and profitability. Speakers will provide guidance on topics such as developing and launching an ERM program, identifying and utilizing alternative risk responses, and integrating performance measures and metrics into an ERM system.
Investors in Risk Management provides expert-driven risk maturity assessment services to assess and improve the risk management maturity using our Risk Management Maturity Model (RMMM) to mitigate the impact of uncertainty on business objectives.
Practical approach to Risk Based Internal AuditManoj Agarwal
The document provides an overview of risk based internal auditing. It discusses key concepts like the definition of risk, COSO ERM framework, three lines of defense model, definition of internal audit, and risk based internal audit approach. The approach involves identifying the audit universe and processes, risk identification and assessment, risk scoring and heat mapping, developing the risk based internal audit plan, and executing the plan. Various tools for risk based auditing like the audit tracker, audit report templates, and resources are also outlined.
The document provides guidelines for insurance companies in Ethiopia to manage inherent risks as the National Bank of Ethiopia transitions to a risk-based supervision model. It defines eight significant inherent risks for insurers, including credit, market, liquidity, underwriting, technical reserves, operational, contagion, and reinsurance risks. The guidelines outline roles and responsibilities for boards of directors, management, and other parties in developing risk management programs and policies to monitor and control these risks on an ongoing basis. The aim is to help insurers safely and soundly manage risks to support Ethiopia's economic development.
This document is a term paper submitted by Anu Damodaran to her faculty guide, Mr. C.T. Sunil, in partial completion of her MBA program at Amity University in Dubai. The paper is titled "To study ERM - A competitive edge for the company and how it adds value to its shareholders". The introduction provides background on enterprise risk management (ERM) and its importance for businesses facing various strategic, market, operational and financial risks. The paper will review literature on ERM and explore how companies can implement ERM through risk mapping and maturity models. It will also discuss the advantages, suitability and limitations of ERM for businesses.
Enterprise Risk Management (ERM); From theory to practiceSegun Ogunwale
This document outlines the theory and practice of enterprise risk management (ERM). It discusses how ERM works differently in private versus public sector organizations due to differences in goals and risk tolerance. The document proposes a framework for implementing ERM with five phases: risk governance, risk assessment, risk quantification, risk monitoring and reporting, and risk optimization. It also describes steps to implement ERM such as obtaining buy-in, building an ERM foundation, conducting risk assessments, ongoing monitoring, and developing reporting. Roadblocks to implementation like resistance to change are also addressed.
The document discusses the challenges that banks face in meeting new regulatory requirements for stress testing and capital planning. It notes that existing risk and finance systems are not well-suited to the more rigorous analysis now required, and that banks must improve data management, analytical models, and reporting in order to "break the black box" and increase transparency. The document outlines the complex data, modeling, and reporting needs to conduct comprehensive, forward-looking stress tests that meet regulatory expectations and can be useful for bank management.
The document lists the desktop backgrounds of four individuals: Obama, Timmy G, Ben Bernanke, and Lloyd Blankfein. Bernanke's background is labeled "it's only paper" and Blankfein's is labeled "Doing God's Work".
Presentation on Corporate Governance and the changing financial landscape. Includes up to date discussion (as of April 2011) of Dodd-Frank Act elements as well as current topics and research. Links to papers via box.net.
Banks and insurers are resisting new U.S. rules requiring large financial firms to submit "living wills" detailing how they could be dismantled during a crisis. Industry groups argue that breaking up companies would hurt them by imposing inefficient management structures. Regulators counter that they need an orderly mechanism to avoid panic, and that developing living wills would help firms and authorities be better prepared for resolving future failures. Discussions are ongoing between regulators and financial firms over how stringent the new rules should be.
This presentation discusses the changing financial landscape after the 2008 crisis and lessons learned. It covers four main topics: 1) how the financial crisis occurred and the role of poor policy and incentives, 2) changes in regulation and the financial system, 3) key lessons on risk management and governance, and 4) focus areas including liquidity, capital, and compensation. The presentation emphasizes that while regulation is important, the underlying issues were related more to incentives and risk culture within firms.
This document provides an agenda and overview for a presentation on interest rate risk modeling and management. It discusses supervisory expectations, capabilities of the ALM5 tool, how the tool can be used for risk management versus compliance, key issues in interest rate risk architecture, and concludes with a summary review. The presentation aims to help financial institutions better understand balance sheet management and interest rate risk modeling.
The document discusses a presentation about the financial crisis, its impacts on risk management, and key lessons learned. It begins with standard disclaimers and an agenda. The presentation argues that the crisis was due to systemic failures from national policies promoting homeownership, monetary policy, poor risk controls at firms, and corporate governance issues, rather than a lack of regulation. It also provides context on the Dodd-Frank Act and regulatory reform timeline.
This technical report presents Version 1.1 of the Capability Maturity Model (CMM) for software. The CMM is a framework for evaluating and improving the maturity of software processes in an organization. It describes five levels of process maturity ranging from ad hoc to optimizing. Key practices are identified for key process areas at each maturity level that must be satisfied to achieve that level of process capability. The report provides an overview of the CMM framework and its use for software process assessments and improvements. Future directions are also discussed, including potential new areas for the CMM.
This document provides a theoretical analysis of factors that can trigger a financial crisis based on the works of John Maynard Keynes and Hyman Minsky. It discusses two key changes in deregulated financial markets: 1) growing uncertainty in liberalized markets, and 2) financial innovations that generate liquidity beyond bank credit. These changes, along with debt financing and securitization, can lead markets from a state of hedging to speculation and eventually "Ponzi finance" where borrowing is needed to pay off existing liabilities. The global financial crisis of 2008 is analyzed as a potential example of a Minsky moment where extended speculation triggered a collapse in confidence and asset values.
The document is a vision statement by Thomas Eugene Day nominating himself to the Board of the Professional Risk Managers' International Association (PRMIA). It discusses the changes needed in risk management practices in light of the 2007-2009 financial crisis. It outlines PRMIA's role in contributing to the evolving risk management field through its designation program, building affinity relationships, growing revenue, and securing sponsorships while maintaining independence.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
The document discusses the 38-year experiment with fiat currency since the US abandoned the gold standard in 1971. It notes that fiat currency has no intrinsic value and is only worth what goods and services it can purchase. However, there is now more claims on assets than real assets due to credit expansion. This could lead to currency debasement through inflation as more money is created. The document warns that printing money to get out of the current crisis will only make the problem worse by further eroding confidence in fiat currencies. It argues we may be reaching an important crossroads where people begin questioning the value of paper money.
This document proposes adjustments to fair value accounting to reduce procyclicality. It suggests using a historical moving average over four quarters to calculate asset values for capital requirements, rather than quarterly mark-to-market valuations. This would dampen the impact of short-term market volatility on capital while still providing transparency through footnote disclosures. It aims to balance microprudential and macroprudential objectives by giving regulators flexibility to adjust requirements in times of stress without changing the accounting methodology. Feedback is requested on using a moving average to decrease fair value's potential to exacerbate downturns.
The Reform Package made several changes to banking regulations. It created the Consumer Financial Protection Bureau to oversee consumer financial products and established new restrictions on risky trading by big banks to reduce risk. The package also increased capital requirements for banks to reduce taxpayer bailouts in case of future crises.
This document discusses approaches to monitoring systemic risk in the financial system. It begins with an overview of systemic risk and what drives it, such as the size, interconnectedness, liquidity, concentration, and leverage of financial institutions. It then reviews potential roles of a systemic risk regulator and various initiatives by banking, securities, and insurance regulators to monitor systemic risk. The document evaluates different approaches to collecting systemic risk information and identifies gaps. It considers tools like stress tests, risk reporting templates, trade repositories, and data warehouses. Finally, it discusses key concepts around improving data infrastructure while protecting confidentiality and balancing macroprudential and microprudential oversight.
This is the G-30 club that Volker used to chair. This is a publically available document, so hopefully SlideShare can figure that out and not remove it.
The document provides a summary of the implementation of compensation principles and standards by national authorities. Key points include:
1) Most jurisdictions have adopted a mix of regulation and supervisory oversight to implement the principles and standards.
2) Significant progress has been made but effective implementation is still a work in progress across jurisdictions.
3) Key recommendations are to finalize implementation efforts, strengthen supervisory cooperation across borders, ensure standards apply to all significant financial institutions, and conduct a follow up review in 2011.
This document summarizes a study of 347 cases of alleged fraudulent financial reporting by U.S. public companies between 1998 and 2007. Some key findings include:
- The dollar magnitude of fraud significantly increased compared to a previous 1987-1997 study, with a total of $120 billion in misstatements across 300 cases.
- Companies committing fraud tended to be larger than in the previous study, with median assets and revenues just under $100 million.
- The CEO and/or CFO were named as involved in 89% of fraud cases.
- Improper revenue recognition was the most common fraud technique in over 60% of cases.
- Few differences were found between fraud and no-fraud companies in terms of
This document summarizes the key findings and recommendations from The Turner Review, which analyzes the causes of the global banking crisis that began in 2008 and proposes reforms to create a more stable banking system. The review finds that macroeconomic trends, financial innovation, excessive leverage, procyclicality, and misplaced reliance on mathematical models all contributed to the crisis. It recommends fundamental changes like increasing and improving bank capital requirements, implementing countercyclical policies, expanding regulatory coverage, and enhancing supervision, regulation and risk management. The review argues these reforms are necessary to reduce the probability and severity of future financial crises.
More from ACTUS Foundation for Financial Research (20)
The Most Inspiring Entrepreneurs to Follow in 2024.pdfthesiliconleaders
In a world where the potential of youth innovation remains vastly untouched, there emerges a guiding light in the form of Norm Goldstein, the Founder and CEO of EduNetwork Partners. His dedication to this cause has earned him recognition as a Congressional Leadership Award recipient.
Discover the Beauty and Functionality of The Expert Remodeling Serviceobriengroupinc04
Unlock your kitchen's true potential with expert remodeling services from O'Brien Group Inc. Transform your space into a functional, modern, and luxurious haven with their experienced professionals. From layout reconfiguration to high-end upgrades, they deliver stunning results tailored to your style and needs. Visit obriengroupinc.com to elevate your kitchen's beauty and functionality today.
Tired of chasing down expiring contracts and drowning in paperwork? Mastering contract management can significantly enhance your business efficiency and productivity. This guide unveils expert secrets to streamline your contract management process. Learn how to save time, minimize risk, and achieve effortless contract management.
AI Transformation Playbook: Thinking AI-First for Your BusinessArijit Dutta
I dive into how businesses can stay competitive by integrating AI into their core processes. From identifying the right approach to building collaborative teams and recognizing common pitfalls, this guide has got you covered. AI transformation is a journey, and this playbook is here to help you navigate it successfully.
The Steadfast and Reliable Bull: Taurus Zodiac Signmy Pandit
Explore the steadfast and reliable nature of the Taurus Zodiac Sign. Discover the personality traits, key dates, and horoscope insights that define the determined and practical Taurus, and learn how their grounded nature makes them the anchor of the zodiac.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
Presentation by Herman Kienhuis (Curiosity VC) on Investing in AI for ABS Alu...Herman Kienhuis
Presentation by Herman Kienhuis (Curiosity VC) on developments in AI, the venture capital investment landscape and Curiosity VC's approach to investing, at the alumni event of Amsterdam Business School (University of Amsterdam) on June 13, 2024 in Amsterdam.
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART
SATTA MATKA DPBOSS KALYAN MATKA RESULTS KALYAN CHART KALYAN MATKA MATKA RESULT KALYAN MATKA TIPS SATTA MATKA MATKA COM MATKA PANA JODI TODAY BATTA SATKA MATKA PATTI JODI NUMBER MATKA RESULTS MATKA CHART MATKA JODI SATTA COM INDIA SATTA MATKA MATKA TIPS MATKA WAPKA ALL MATKA RESULT LIVE ONLINE MATKA RESULT KALYAN MATKA RESULT DPBOSS MATKA 143 MAIN MATKA KALYAN MATKA RESULTS KALYAN CHART INDIA MATKA KALYAN SATTA MATKA 420 INDIAN MATKA SATTA KING MATKA FIX JODI FIX FIX FIX SATTA NAMBAR MATKA INDIA SATTA BATTA
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
Cover Story - China's Investment Leader - Dr. Alyce SUmsthrill
In World Expo 2010 Shanghai – the most visited Expo in the World History
https://www.britannica.com/event/Expo-Shanghai-2010
China’s official organizer of the Expo, CCPIT (China Council for the Promotion of International Trade https://en.ccpit.org/) has chosen Dr. Alyce Su as the Cover Person with Cover Story, in the Expo’s official magazine distributed throughout the Expo, showcasing China’s New Generation of Leaders to the World.
1Q24_HYUNDAI CAPITAL SERVICES INC. AND SUBSIDIARIES
Ssg supplement 102009
1. Senior Supervisors Group
Self-Assessment Template
A Supplement to
Risk Management Lessons from the
Global Banking Crisis of 2008
October 21, 2009
2. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
SELF-ASSESSMENT TEMPLATE
INTRODUCTION
In November 2008, the Senior Supervisors Group (SSG) asked twenty firms
to conduct self-assessments by benchmarking their current risk management
practices against recommendations and observations of five industry and
supervisory studies published earlier that year.
The firms’ self-assessments contributed significantly to the major themes
and conclusions of the SSG report Risk Management Lessons from the Global
Banking Crisis of 2008, published in October 2009.
The SSG created a template for firms to use in the self-assessment exercise.
The template, included here as a supplement to the October 2009 report, is a
compilation of the recommendations and observations from the 2008 studies,
organized by theme and clustered by sub-theme, to create thirty-two assessment
topics. The source of each recommendation and observation is noted by the
abbreviation and associated color code (see the Self-Assessment Key) of the
industry group or supervisory agency that authored the relevant study. In places
where the language is very similar to that of a recommendation or observation
from a different source, we note the comparable report and section number.
The SSG Secretariat took care to streamline the supplement without losing
the integrity of the original language. Any departure from the original message
of these studies is an unintended consequence of an effort to avoid repeating
the same recommendation or observation.
The SSG is not endorsing the recommendations or observations in the
studies by including them in the self-assessment, nor is it attempting to
establish a new set of standards. This supplement to the Risk Management
Lessons from the Global Banking Crisis of 2008 serves solely to provide clarity
and transparency concerning the self-assessment exercise.
3. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template
Self-Assessment Key
Study Group/Agency Code
Observations on Risk Management Practices during the Recent Senior Supervisors Group SSG
Market Turbulence
Report of the Financial Stability Forum on Enhancing Market Financial Stability Forum FSF
and Institutional Resilience
Final Report of the IIF Committee on Market Best Practices: Principles Institute of International Finance IIF
of Conduct and Best Practice Recommendations
Containing Systemic Risk: The Road to Reform Credit Risk Management Policy Group III CRMPG
Policy Statement on Financial Market Developments* President’s Working Group on Financial Markets PWG
Multiple
Note: AT is assessment topic.
* The recommendations in this study were included only in the template provided to U.S. firms.
I. Management of Risk
A. Governance
AT 1 Policies IIF 1.1 Firms should establish clear policies that define risk management as the clear responsibility of each
institution’s senior management, in particular, the chief executive officer (CEO), subject to the oversight
of the board of directors. Senior management should be involved in the risk-control process, and both
the board and senior management should regard risk management and control as essential aspects
of the business.
IIF 1.7 Firms should establish clear policies so that control and audit functions are independent of organizations
whose activities they review. Their responsibility is to provide assurance that line businesses and the risk
management organization are complying with internal and regulatory policies, controls, and procedures
concerning risk management.
AT 2 Roles and Responsibilities IIF 1.2 Boards have an essential oversight role in risk management. In attending to this duty, each board should:
• include members who have an adequate understanding of risk management. Each board should be
given the means to understand the risk profile of the firm and the firm’s performance against it;
• consider, depending on the characteristics of the firm, whether there should be separate audit and risk
committees and whether at least some members of the risk committee (or equivalent) should be
individuals with technical financial sophistication in risk disciplines;
• set basic goals for the firm’s risk appetite and strategy, such as rating or earnings-volatility targets, with
senior management and as guideposts for senior management in implementing risk management
policies throughout the firm; and
• review with senior management how the firm’s strategy is evolving over time and when and to what
extent the firm is deviating from the strategy (for example, when a strategy resulted in heavy
dependence on conduits or on structured products).
IIF 1.3 Risk management should be a priority for the whole firm and not be focused only on particular business
areas or made a purely quantitative oversight process or an audit/control function. Mutually reinforcing
roles within each organization are essential to creating a strong, pervasive risk culture.
IIF 1.4 Risk management should be a key responsibility of the entire business-line management, not just those
businesses that invest the capital of the firm on a proprietary basis.
IIF 1.5 All employees in each organization should have a clear understanding of their responsibilities in regard to
the management of risks assumed by the firm and should be held accountable for their performance with
respect to these responsibilities.
IIF 1.6 Firms should implement controls to ensure that the governance structure that has been adopted is
actually implemented in managing the day-to-day business. The regular and predictable functioning of
risk management and governance structures is a fundamental element of effective risk management.
IIF I.25 Risk management personnel should possess sufficient experience, qualifications, and status to exercise
control responsibilities. Credibility requires market and product knowledge as well as mastery of risk
disciplines. In addition, firms should consider establishing some (bi-directional) career crossover between
risk and line roles. Doing so will contribute directly to improving mutual understanding
and to strengthening the risk management function.
IIF IV.14 Firms should ensure that there is a process to highlight accounting policy decisions for management
consideration; this process should include developing an understanding within the firm of the impacts
of accounting requirements and accounting policy on the valuation process.
SSG III A It was critical for firms to have risk management functions that are not only independent but also have
sufficient authority within the organization.
1
4. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
A. Governance (Continued )
AT 2 Roles and Responsibilities PWG III D 1 Global financial institutions should promptly identify and address any weaknesses in risk management
(Continued ) practices that the turmoil has revealed.
AT 3 Internal Coordination and CRMPG III The Policy Group (CRMPG) recommends that all large integrated financial intermediaries evaluate the
Communication IV-2a manner in which information relating to risk taking, risk monitoring, and risk management is shared
with senior management and the boards of directors and make necessary improvements to ensure that
such information flows are timely, understandable, and properly presented. As a part of this effort, senior
management should actively encourage ongoing discussion with board members in order to improve the
quality, coverage, and utility of information made available to the board. Each institution should evaluate
how effective its information flows are as they relate to the intersection of credit, market, operational,
and liquidity risk.
CRMPG III The Policy Group recommends that each institution review its internal systems of both formal and
IV-2d informal communication across business units and control functions to ensure that such communication
systems encourage the prompt and coherent flow of risk-related information within and across business
units and, as needed, the prompt escalation of quality information to top management.
IIF I.8 The finance and treasury functions should operate in a coordinated and cohesive manner with the risk
management function to ensure important checks and balances. (Comparable to SSG III D.)
SSG III D Firms should provide an effective forum in which senior business managers and risk managers can
meet to discuss emerging issues frequently; senior management should signal its commitment to
such dialogue.
AT 4 Risk Committee SSG III A Recent events suggest that firms are more likely to maintain a risk profile consistent with the board of
directors’ and senior management’s tolerance if firms establish risk management committees that discuss
all significant risk exposures across the firm (promoting a firm-wide approach to risk management), meet
on a frequent basis, and include executive and senior leaders from key business lines and independent
risk managers and control functions as equal partners.
CRMPG III The Policy Group recommends that, when schedules permit, the chief executive officer and the second-
IV-3a ranking officers of all large integrated financial intermediaries should frequently attend and participate
in meetings of risk-management–related committees.
CRMPG III The Policy Group recommends that the highest levels of management periodically review the
IV-3b functioning of the committee structure to ensure, among other things, that such committees are
appropriately chaired and staffed and there is an appropriate overlap of key business leaders, support
leaders, and enterprise executives across committees to help foster firm-wide cooperation and
communication.
AT 5 Risk Appetite IIF I.9 The board of directors should review and periodically affirm the firm’s risk appetite as proposed by senior
management. In so doing, the board should assure itself that management has comprehensively
considered the firm’s risks and has applied appropriate processes and resources to manage those risks.
(Comparable to CRMPG III IV-2b.)
IIF I.10 When defining its risk appetite, the firm should be able to demonstrate consideration of all relevant risks,
including noncontractual, contingent, and off-balance-sheet risks; reputational risks; counterparty risks;
and other risks arising from the firm’s relationship to off-balance-sheet vehicles (see the “Conduits and
Liquidity” section of IIF).
IIF I.11 A firm’s risk appetite will contain both qualitative and quantitative elements. Its quantitative elements
should be precisely identified. Clearly defined qualitative elements should help the board of directors
and senior management assess the firm’s current risk level relative to risk appetite, as adopted. Further,
by expressing various elements of the risk appetite quantitatively, the board can assess whether the firm
has performed in line with its stated risk appetite.
IIF I.12 Risk appetite should be the basis on which risk limits are established. Limits need to cascade down from
the firm-wide level to business lines and divisions, to regions, and to trading desks. Risk-appetite usage
should be measured on a global consolidated basis and constantly monitored against the limits.
IIF I.13 The firm’s risk appetite should be connected to its overall business strategy (including assessment
of business opportunities) and capital plan. It should dynamically consider the firm’s current capital
position, earnings plan, and ability to handle the range of results that may occur in an uncertain
economic environment. It is fundamental, therefore, that the appetite be grounded in the firm’s
financials. The appropriateness of the risk appetite should be monitored and evaluated by the firm
on an ongoing basis.
2
5. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
A. Governance (Continued )
AT 5 Risk Appetite (Continued ) SSG III. A Firms that experienced material unexpected losses in relevant business lines typically appeared to have
been under pressure over the short term either to expand the business aggressively to a point beyond the
capacity of the relevant control infrastructure, or to defend a market leadership position. In some cases,
concerns about the firm’s reputation in the marketplace may have motivated aggressive managerial
decisions in the months prior to the turmoil.
IIF I.14 Firms should involve the risk management function from the beginning of the business planning process
to test how growth or revenue targets fit with the firm’s risk appetite and to assess potential downsides.
There should be clear communication throughout the firm of the firm’s risk appetite and risk position.
CRMPG III The Policy Group recommends that large integrated financial intermediaries ensure that their treasury
IV-2c and risk management functions work with each other and with business units to manage balance sheet
size and composition in a manner that ensures that the established risk tolerance is consistent with
funding capabilities and ongoing efforts to manage liquidity risk.
AT 6 Incentives and Compensation CRMPG III The Policy Group recommends that, from time to time, all large integrated financial intermediaries must
IV-1a examine their framework of corporate governance in order to ensure that it is fostering the incentives
that will properly balance commercial success and disciplined behavior over the cycle while ensuring the
true decision-making independence of key control personnel from business units.
CRMPG III The Policy Group recommends that large integrated financial intermediaries ensure that a review
IV-12a of the systemic risk implications of incentives and consequent remedial actions is an integral
component of each firm’s risk management practices.
SSG III. A An issue for a number of firms is whether compensation and other incentives have been sufficiently well
designed to achieve an appropriate balance between risk appetite and risk controls, between short-run
and longer run performance, and between individual or local business units and firm-wide objectives.
IIF. II Compensation incentives should be based on performance and should be aligned with shareholder
Principles interests and long-term, firm-wide profitability, taking into account overall risk and the cost of capital.
of Conduct Compensation incentives should not induce risk taking in excess of the firm’s risk appetite. Payout of
compensation incentives should be based on risk-adjusted and cost-of-capital–adjusted profit and
phased, where possible, to coincide with the risk time horizon of such profit. Incentive compensation
should have a component reflecting the impact of business units’ returns on the overall value of related
business groups and the organization as a whole. Incentive compensation should have a component
reflecting the firm’s overall results and achievement of risk management and other general goals.
Severance pay should take into account realized performance for shareholders over time. The approach,
principles, and objectives of compensation incentives should be transparent to stakeholders.
AT 7 Role of the Chief Risk Officer CRMPG III The Policy Group recommends that risk management and other critical control functions be positioned
IV-1a within all large integrated financial intermediaries in a way that ensures that their actions and decisions
are appropriately independent of the income-producing business units and includes joint approval of key
products and transactions. This would generally mean having a chief risk officer (CRO) with a direct line
of responsibility to the CEO and having the CEO and the board take a highly active role in ensuring that
the culture of the organization as a whole recognizes and embraces the independence of its critical
control functions. Even without the direct reporting, the CRO should have a clear line of
communication to the board. (Comparable to IIF I.15, I.16.)
IIF I.17 While firms retain freedom to determine their internal structures, firms should strongly consider having
the CRO report directly to the CEO and assign the CRO a seat on the management committee. The
CRO should be engaged directly on a regular basis with a risk committee of the board of directors.
Regular reporting to the full board to review risk issues and exposures is generally advisable, as well as
more frequent reporting to the risk committee.
IIF I.18 Chief risk officers should have a mandate to bring to the attention of both line and senior management
or the board of directors, as appropriate, any situation that is of concern from a risk management
perspective or that could materially violate any risk-appetite guidelines.
IIF I.19 Firms should define the role of the CRO in such a way that, without compromising his or her
independence, he or she is in frequent interaction with the business lines so that the CRO and all risk
managers have sufficient access to business information.
3
6. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
A. Governance (Continued )
AT 7 Role of the Chief Risk Officer IIF I.20 Firms should consider assigning the following key responsibilities to the chief risk officer:
(Continued ) • guiding senior management in their risk management responsibilities;
• bringing a particularly risk-focused viewpoint to strategic planning and other activities of senior
management;
• overseeing the risk management organization;
• assessing and communicating the institution’s current risk level and outlook;
• strengthening systems, policies, processes, and measurement tools as needed to provide robust
underpinnings for risk management;
• ensuring that the firm’s risk levels and business processes are consistent with the firm’s risk appetite,
internal risk policies, and regulatory requirements for risk management; and
• identifying developing risks, concentrations, and other situations that need to be studied through
stress testing or other techniques.
IIF I.21 The CRO should report to senior management and, as appropriate, to the board of directors or its risk
committee, on material concentrations as they develop, discuss material market imbalances, and assess
their potential impact on the firm’s risk appetite and strategy. The CRO should ensure a thoughtful,
integrated view of the overall risks faced by the firm (including related off-balance-sheet vehicles).
At a more technical level, the risk management function should oversee internal risk-rating systems,
segmentation systems, and models, and ensure that they are adequately controlled and validated.
Assumptions behind models, grading systems, and other components of quantification should be
recognized, and appropriate updates should be made when assumptions no longer hold.
IIF I.22 The CRO and risk management function should be a key part of analyzing the development and
introduction of new products, including the extension of products into new markets. New products
with risk exposure, including those for which the bank accepts contingent liquidity or credit exposure,
should be explicitly approved by the risk organization.
AT 8 Resources IIF I.24 During the planning and budgeting process, firms should ensure that adequate resources include
personnel, data systems, and support and access to the internal and external information necessary
to assess risk. It is important that the allocation of resources be made under careful cost/benefit
considerations as well in proportionality to the firm’s size and mix of business.
IIF I.23 Firms should ensure that the risk management function has a sufficient amount and quality of resources
to fulfill its roles. Senior management should be directly responsible for this, under the oversight of the
board of directors. (Comparable to CRMPG III IV-1b.)
CRMPG III The Policy Group recommends that sustained investment in risk management systems and processes,
IV-4a and the careful calibration of such investment to business opportunities being pursued, be a key area
of focus for a firm’s senior management team.
CRMPG III The Policy Group recommends that each firm’s CRO commission a periodic review and assessment
IV-4b of the firm’s investments in risk management for presentation to its senior management and the audit
committee of its board of directors.
B. Identification and Measurement
AT 9 Scope and Procedures SSG V.B-8 Successful firms had in place granular profit-and-loss reporting systems, which were often used in
conjunction with risk management tools subject to regular senior management review.
IIF I.26 Risk managers should manage and measure risks on the basis of the firms’ approved risk parameters,
in addition to any regulatory requirements. External ratings of transactions should not be a substitute
for a firm’s own due diligence processes, especially because such ratings may not address the firm’s specific
issues or not be calibrated to the firm’s standards and risk management goals.
IIF I.28 Firms should improve, where needed, their approaches to portfolio-level risk management. The
identification of the key risk factors and associated risk measures for a specific portfolio allows for
the potential impact of changes in market fundamentals to be assessed, thereby facilitating effective
risk management.
IIF I.33 Firms should implement a comprehensive approach to risk, establishing procedures and techniques
that adequately integrate different risk strands (in particular, credit, market, operational, liquidity, and
reputational risk). Effective communication channels, as well as common metrics and IT systems,
should be put in place in order to achieve a sufficient degree of integration of the different risk areas.
4
7. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
B. Identification and Measurement (Continued )
AT 9 Scope and Procedures CRMPG III The Policy Group recommends that credit risks be viewed in aggregate across exposures, giving full
(Continued ) IV-7c consideration to the effects of correlations between exposures. Further, counterparty credit risks,
including correlations and directionality, should be evaluated based not only on positions within a large
integrated financial intermediary, but also considering available data regarding the size and direction
of positions the counterparty has at other firms.
IIF I.29 Firms should implement procedures so that portfolio information is designed and organized in a way
to facilitate aggregation of a soundly based, firm-wide view of all risks, including concentrations.
AT 10 Metrics SSG V.B Most firms that avoided significant unexpected losses used a wide range of risk measures to discuss and
challenge views on credit and market risk broadly across business lines in a disciplined fashion. Some
firms gave particularly thorough consideration to the interplay of market sensitivities to derivatives
exposures (the “greeks”), notional limits, value-at-risk, static single factor stress tests, and historical
and forward-looking scenario analysis.
IIF I.30 Metrics should be calibrated closely to risk-appetite horizons. It may not be sufficient to rely on short-
term VaR and long-term economic capital, but metrics at other intervals may be necessary depending
on the firm’s business.
IIF I.31 Widely recognized weaknesses in VaR, such as dependence on historical data and inadequate volatility
estimates, should be explicitly addressed by firms when revising and adapting their VaR methodologies.
Back testing and stress testing provide powerful tools to identify VaR shortcomings and offset
deficiencies.
CRMPG III The Policy Group recommends that large integrated financial intermediaries’ risk analytics incorporate
IV-7a sufficient granularity to reveal less obvious risks that can occur infrequently but that may potentially have
a significant impact (for example, basis risks between single name underliers and index hedges). However,
risk management professionals and senior management must recognize the limitations of mathematical
models, and that the tendency to overly formalize arcane aspects of an analysis can often detract from an
understanding of the bigger picture implications of the total risk position. Incremental analytical detail
must not be allowed to overwhelm users of the data. The salient risk points must be drawn out and made
apparent, especially to senior management. Adequate time and attention by senior management must
also be allotted to socializing the implications of the risk data. (Comparable to IIF I.32.)
CRMPG III The Policy Group recommends that large integrated financial intermediaries ensure that assumptions
IV-7b underlying portfolio analyses are clearly articulated and subject to frequent, comprehensive review.
Alternative measures should be presented to demonstrate the sensitivity of the calculated metrics
to changes in underlying assumptions.
CRMPG III The Policy Group recommends that large integrated financial intermediaries work to supplement VaR
IV-7d as the dominant risk measure of market risk and current exposure as the dominant risk measure for credit
risk, both for public reporting and for risk discussion purposes. Supplemental measures should include
statistical information intended to display the most likely ways a large integrated financial intermediary
or a managed portfolio could sustain significant losses, as well as an indication of the potential size
of those losses.
AT 11 Monitoring CRMPG III The Policy Group recommends that all large integrated financial intermediaries must have, or be
Precept II developing, the capacity (1) to monitor risk concentrations to asset classes as well as estimated exposures,
both gross and net, to all institutional counterparties in a matter of hours and (2) to provide effective
and coherent reports to senior management regarding such exposures to high-risk counterparties.
CRMPG III The Policy Group recommends that all large integrated financial intermediaries must engage in a
Precept IV periodic process of systemic “brainstorming” aimed at identifying potential contagion “hot spots” and
analyzing how such “hot spots” might play out in the future. The point of the exercise, of course, is that
even if the “hot spots” do not materialize or even if unanticipated “hot spots” do not materialize, the
insights gained in the brainstorming exercise will be of considerable value in managing future sources
of contagion risk.
5
8. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
B. Identification and Measurement (Continued )
AT 12 New Products CRMPG III The Policy Group recommends that for certain classes of firm-wide committees, such as those
IV-3c responsible for the approval of new products—especially new products having high financial, operational,
or reputational risks—the committee oversight process should include a systematic post-approval review
process. This post-approval review process would assess the extent to which new products have, in
commercial terms, performed as expected. Equally important, the process would assess whether the risk
characteristics of the new product have been consistent with expectations, including the burden of the
new products on technology and operating systems. Further, it is particularly appropriate to review at
the earliest opportunity outsized profitability and market share gains to ensure that they do not reflect
a problem with the original pricing or risk assessment of the product.
CRMPG III The Policy Group recommends that, when considering new trade structures, strategies, or other
IV-12b opportunities, senior management of large integrated financial intermediaries evaluate systemic risk
implications. Trades or structures that materially add to systemic risk should be subject
to particular scrutiny.
IIF I.34 Firms should develop, as needed, an integrated treatment of risk in the new-product process. Such an
approach should include periodic review of new products. Firms should consider that migration of
underlying assets or other relatively subtle changes in a product over time can affect the risk implications
of a product or business.
AT 13 Concentration Risk IIF I.41 Risk concentrations should be adequately identified and managed by all firms. An integrated approach
to risk across the firm is fundamental so that all sources of risk (including on- and off-balance-sheet
risks, contractual and noncontractual risks, and contingent and noncontingent risks, and including
underwriting, and pipeline risks) will be effectively captured. Models and procedures should be
implemented in such a way that they will be able to capture concentrations of risk to individual obligors,
risk factors, industries, geographic regions, and counterparties (including financial guarantors). Firms
should also consider risk concentrations in global markets and how they may affect individual firms
(for example, by increasing asset volatility or reducing available liquidity).
IIF I.42 Firms should explicitly take into consideration, when defining their risk appetites and associated limits,
the prevention of undue risk concentrations. Limits can play a fundamental role in preventing a firm
from building risk concentrations.
IIF I.43 Risk metrics should include, when appropriate, a notional and asset-class view, recognizing that absolute
size of position is important and a consolidated view of positions is essential if held by different trading
desks or business units.
SSG V-D Firms that avoided substantial losses at certain points in the financial turmoil made the decision to
implement hedges based on their consolidated risk position across businesses and in light of a wide range
of available qualitative and quantitative risk information available. As a result of lessons learned during
the financial turmoil, risk managers at several firms are rethinking their market-risk hedging practices.
Among the issues under consideration are the degree of acceptable basis risk and its measurement, the
absolute notional size of hedges and underlying positions, and the likely performance of hedges during
severe market movements.
IIF I.44 Firms should develop and continue to refine stress-testing methodologies that adequately deal with risk
concentrations.
C. Counterparty Risk
AT 14 Close-Out Practices CRMPG III The Policy Group recommends that all large integrated financial intermediaries (for example, the major
V-18 dealers) should promptly adopt the close-out amount approach for early termination upon default in
their counterparty relationships with each other. The Policy Group notes that this can be agreed and
suitably documented without making any other changes to the International Swaps and Derivatives
Association (ISDA) Master. The Policy Group expects that these arrangements will be in place in
the very near term.
CRMPG III The Policy Group recommends that all major market participants should periodically conduct
V-20 hypothetical simulations of close-out situations, including a comprehensive review of key documentation,
identification of legal risks and issues, establishing the speed and accuracy with which comprehensive
counterparty exposure data and net cash outflows can be compiled, and ascertaining the sequencing
of critical tasks and decision-making responsibilities associated with events leading up to and including
the execution of a close-out event.
6
9. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
C. Counterparty Risk (Continued )
AT 14 Close-Out Practices CRMPG III The Policy Group recommends that all market participants should both promptly and periodically
(Continued ) V-21 review their existing documentation covering counterparty terminations and ensure that they have
in place appropriate and current agreements, including the definition of events of default and the
termination methodology that will be used. Where such documents are not current, market participants
should take immediate steps to update them. Moreover, each market participant should make explicit
judgments about the risks of trading with counterparties who are unwilling or unable to maintain
appropriate and current documentation and procedures.
AT 15 Risk Monitoring and CRMPG III The Policy Group recommends that large integrated financial intermediaries ensure that their credit
Mitigation IV-6a systems are adequate to compile detailed exposures to each of their institutional counterparties on an
end-of-day basis by the opening of business the subsequent morning. In addition, the Policy Group
recommends that large integrated financial intermediaries ensure their credit systems are capable of
compiling, on an ad hoc basis and within a matter of hours, detailed and accurate estimates of market
and credit risk exposure data across all counterparties and the risk parameters set out below. Within a
slightly longer timeframe, this information should be expandable to include: (1) the directionality of the
portfolio and of individual trades; (2) the incorporation of additional risk types, including contingent
exposures and second and third order exposures (for example, structured investment vehicles [SIVs] and
asset-backed securities [ABS]); and (3) such other information as would be required to optimally manage
risk exposures to a troubled counterparty. Large integrated financial intermediaries should be able to use
exposure aggregation data both prospectively to avoid undue concentrations and, if necessary, in real
time to react to unanticipated counterparty credit events.
CRMPG III To demonstrate compliance with the aforementioned standards, the Policy Group recommends
IV-6b that firms conduct periodic exercises for both individual and multiple institutional counterparties,
and, to the extent that deficiencies are observed, develop remediation plans as a matter of urgency.
CRMPG III The Policy Group recommends that large integrated financial intermediaries adjust quantitative
IV-9a measures of potential credit risk with margined counterparties to take into account exceptionally large
positions as well as position concentrations in less liquid instruments. The adjustment should anticipate
potentially protracted unwind periods and the risk of price gapping during unwinds.
CRMPG III The Policy Group further recommends that consideration be given to collecting higher initial margins
IV-9b and higher haircuts from counterparties with outsized positions relative to market liquidity. Large
integrated financial intermediaries should also evaluate the need to adjust internal pricing for
large positions.
CRMPG III The Policy Group recommends that large integrated financial intermediaries ensure that they employ
IV-10a robust, consistent pricing policies and procedures, incorporating disciplined price verification for both
proprietary and counterparty risk trades. Special attention should be given to bespoke trades, structured
products, illiquid products, and other difficult-to-price assets. A robust monitoring process should be
employed to track stale prices and elevate unresolved issues.
CRMPG III The Policy Group recommends that firms and industry groups promote standardized and strengthened
IV-10b dispute resolution mechanisms and encourage the application of higher levels of resources to position
pricing. Firms should also promote enhanced understanding of the need for cooperative behavior among
firms (for example, when requested to provide indicative bids).
SSG V. F The rapid growth of current exposures, in excess of prior estimates of potential future exposure,
highlights the reliance of measures of potential future exposure on historical volatility measures and
illustrates the need to augment those measures with other approaches, such as scenario analysis or stress
testing. In turn, such scenarios or stress tests should be designed to consider the vulnerabilities of hedges
(that is, credit quality of counterparties providing them), as in the case of hedges purchased from, or
referencing, financial guarantors.
D. Liquidity Risk
AT 16 Funding and Reserve IIF III.2 Firms should mandate that assets held to back their liquidity positions need to be dimensioned in
Management relation to the anticipated liquidity and currency denomination of such assets and with respect to the
reasonably anticipated depth and sustainability of the money markets and capital markets. Portfolios
held for such purposes should be well diversified by type of instrument and counterparty. The assessment
of assets held primarily for liquidity purposes should not be established solely on the basis of credit
ratings. Reporting should keep senior management and relevant control functions apprised of risks
associated with assets held for liquidity purposes.
7
10. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
D. Liquidity Risk (Continued )
AT 16 Funding and Reserve IIF III.5 Firms should ensure access to diversified funding sources (for example, funding providers, products,
Management (Continued ) regions, currencies) to avoid the risk of overdependence on any form of funding. This includes access
to securities and secured financing markets, in their day-to-day liquidity risk management, and for stress
testing and contingency planning purposes. Firms should periodically reevaluate the appropriateness
of the metrics employed and use a variety of firm-specific and market-related events in carrying out this
analysis. Market-sensitivity analyses encompassing such items as the effects of contingent drains on
liquidity and the adequate pricing of such facilities are important.
SSG IV Individual business lines should be encouraged to assess and communicate their likely needs for funding
to the treasury function, and to price those internal claims on liquidity appropriately in light of actual
market conditions.
CRMPG III The Policy Group recommends that increased emphasis be given to using, wherever possible, transparent
IV-10c and liquid instruments rather than bespoke products. To incentivize this conduct, large integrated
financial intermediaries should consider imposing internal charges against the profit and loss of hard-
to-value and illiquid transactions, or other methods, such as higher capital charges, higher haircuts to
collateralized borrowers, and the imposition of limits on allowed trade volumes. The recommendations
incorporated in the section on high-risk complex financial instruments regarding documents and
disclosure are of particular relevance to bespoke products.
CRMPG III The Policy Group recommends that all large integrated financial intermediaries should maintain, on
IV-14 an ongoing basis, an unencumbered liquidity reserve of cash and the highest grade and most liquid
securities. The liquidity reserve should be sized in relation to the firm’s stress tests and “maximum
liquidity outflow” and should explicitly reflect the firm’s liquidity risk tolerance and desired
survival periods.
CRMPG III The Policy Group recommends that all large integrated financial intermediaries maintain long-term
IV-15 structural liquidity in excess of their illiquid assets. In making this assessment, large integrated financial
intermediaries should analyze the term structure of their long-term liabilities, the long-term stable
portion of their deposits (where applicable), as well as equity capital. Illiquid assets should include those
assets that cannot be converted to cash within a specified horizon and potential growth of those assets,
as well as the haircuts necessary to convert generally liquid assets to cash through sale, securitization,
or secured financing. The baseline assessment of whether a large integrated financial intermediary has
long-term structural liquidity in excess of its illiquid assets should reflect current business conditions.
However, the amount of this excess (“the cushion”) should reflect an evaluation of the assets and
liabilities under stressed conditions. This cushion should be replenished with structured long-term
liabilities, with tenors appropriate to market conditions, business strategy, and existing debt maturities.
CRMPG III The Policy Group recommends that a firm’s liquidity plan and any stress tests mentioned above include,
IV-16 in all instances, the full set of on- and off-balance-sheet obligations. In addition, they must reflect a clear
view of how the firm will address noncontractual obligations that have significant franchise implications.
While some noncontractual obligations may not lend themselves to incorporation into the core stress
scenarios, an evaluation of how such exposures will play out in different market environments should be
an overlay to the core stress scenarios. In addition, a clear assessment of how practices in relevant markets
(for example, structured investment vehicles and auction rate securities) will affect an individual firm’s
conduct should be directly factored into liquidity planning. The above liquidity exposures should be
fully priced under the firm’s transfer pricing policies (see Recommendation V-17 in CRMPG).
CRMPG III The Policy Group recommends that to manage, monitor, and control funding liquidity risk, treasury
IV-18 officials in particular need to be included in an enterprise-wide risk management process with
appropriate channels of communication. The evaluation of the interconnected elements of these risks
requires seamless communication across all risk disciplines, as well as between risk management
functions, treasury, and the underlying businesses. All integrated financial services firms should hold
regularly scheduled meetings of an oversight committee represented by the above disciplines to monitor
the firm’s liquidity positions.
CRMPG III The Policy Group recommends that firms explicitly coordinate across their liquidity and capital planning
IV-19 processes and, at a minimum, ensure that critical information flows between the two processes. Executive
management must have the capacity to evaluate and incorporate the highly integrated nature of the two
disciplines into its planning activities.
8
11. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
D. Liquidity Risk (Continued )
AT 17 Monitoring and Planning IIF III.1 Firms should ensure implementation of sound industry practice for liquidity risk management through
a continuous review and critical assessment process as appropriate for their business, using the Revised
and Restated Recommendations set out in Appendix B and in the body of this report [the Final Report
of the IIF Committee on Market Best Practices] as benchmarks.
IIF III.3 Firms should ensure that reporting to the appropriate committees (for example, asset and liquidity
committee, credit committee) disaggregates between direct and indirect risks relating to securitizations,
so that information on gross as well as net possible positions is available, in order to ensure full
transparency within the firm. At the same time, reporting should aggregate liquidity risks on a firm-wide
basis, including on- and off-balance-sheet transactions.
SSG IV. A Risks related to off-balance-sheet obligations should be monitored and incorporated into the
contingency funding plan.
SSG IV. B Firms should utilize flexible funding liquidity management tools, including those that lack built-in
assumptions and therefore help firms to more easily understand the impact of unanticipated and
evolving market events.
SSG IV. C Contingency funding plans should consider the need to balance funding liquidity management with
business decisions required to maintain the firm’s reputation and market position, as well as key business
relationships.
SSG IV. C Contingency funding plans should take into account lessons learned from the current crisis in terms of
nature, severity, and duration of scenarios and assumptions about asset market liquidity, balance sheet
growth, and ability to obtain funding in major currencies.
AT 18 Transfer Pricing IIF III.4 Firms should ensure that they have in place effective internal transfer pricing policies to reflect implied
or incurred actual or potential costs related to reasonably anticipated liquidity demands from both
on- and off-balance-sheet business. Transfer pricing should closely take into account the liquidity of
relevant underlying assets, the structure of underlying liabilities, and any legal or reasonably anticipated
reputational contingent liquidity risk exposures. Transfer pricing should be designed to ensure that lines
of business within the firm that create liquidity exposures are proportionately charged for the cost to
the firm of maintaining corresponding prudent liquidity positions.
CRMPG III The Policy Group recommends that all large integrated financial intermediaries incorporate appropriate
IV-17 pricing-based incentives for the full spectrum of their funding activities. This includes a funds transfer
pricing policy that assigns the cost of funding to businesses that use funding and credits the benefits of
funding to businesses that provide it. This must encompass both on- and off-balance-sheet activities (for
example, contingent funding), as well as potential funding needs related to actions that might be taken to
preserve the institution’s reputation. The funds transfer pricing process should be informed by stress-
testing efforts that identify potential vulnerabilities and assign the related costs to the businesses that
create them. The methodology should provide direct economic incentives factoring in the related
liquidity value of assets and behavioral patterns of liabilities. The costs and benefits identified should be
assigned to specific businesses and, under all circumstances, used in evaluating the businesses’
performance.
E. Market Risk
AT 19 Valuations: Oversight, IIF IV.1 Traders, desk heads, and heads of business all should be accountable for and sign off on proposed
Accountability, valuations to ensure the business takes primary responsibility for appropriate valuation, subject to
Policies, and Procedures proper review and governance as outlined in Recommendations IV.2-IV.8.
IIF IV.2 Firms should ensure consistent application of independent and rigorous valuation practices.
IIF IV.3 Firms should apply appropriate expert judgment and discipline in valuing complex or illiquid
instruments, making use of all available modeling techniques and external and internal inputs
such as consensus-pricing services while recognizing and managing their limitations.
IIF IV.4 For assets that are measured at fair value on a basis related to intended use rather than their actual current
status (for example, whole loans in a warehouse or pipeline that are likely to be distributed or securitized
and are measured as a pool), there should be additional internal monitoring of the valuations at which
they could be disposed of in their current form if securitization is not carried out.
IIF IV.5 The firm’s governance framework around valuation processes should integrate input from risk
management, finance, and accounting policy to ensure proper product and risk control. The process
should include senior management involvement.
9
12. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
E. Market Risk (Continued )
AT 19 Valuations: Oversight, IIF IV.6 Internal governance should ensure independence of these responsible for control and validation
Accountability, Policies, and of valuations. This should be structured to ensure that valuation control groups are not too remote
Procedures (Continued ) from market functions to understand developments or too close to the sales and trading functions
as to compromise their independent posture.
IIF IV.7 Relevant control functions within a firm should regularly review independent price verification
procedures and sources and challenge their usage as appropriate. There should be clear procedures
for resolution of disagreements about valuation issues and for escalation of material valuation issues
to the audit or risk committee of the board of directors, when appropriate.
IIF IV.8 There should be regular involvement of the CRO and/or chief financial officer (CFO, or equivalent
positions) in considering valuation issues, including valuations of assets held by off-balance-sheet
vehicles. Finance committees and the CFO should be aware of and consider valuation issues on
a regular basis.
IIF IV.9 Firms should ensure that new product and associated models and pricing approval processes are in place
to ensure that new products, asset classes, and risk types are valued appropriately, given volumes and
other operational risk factors.
IIF IV.10 Firms should have business-as-usual model-review and price-verification organizational structures,
processes, and policies in place.
CRMPG III The Policy Group recommends that large integrated financial intermediaries ensure, in the absence
IV-11a of exceptional circumstances, that when the same instrument is held by different business units, such
instrument is marked at the same price in each unit. Large integrated financial intermediaries should
restrict those personnel and groups that are authorized to provide marks to internal and external
audiences. Any differentials in pricing across applications or units should be carefully considered and
the rationale for such differences should be fully documented. Notwithstanding the above, it is
recognized that for large integrated financial intermediaries, there are communication walls that are
designed to fulfill regulatory requirements for the restriction of information flows. In these instances,
it is understood that legitimate differences in pricing may occur. (Comparable to IIF IV.11.)
IIF IV.13 Firms should have a robust framework in place to oversee and ensure the integrity and consistency
of accounting policy applied within the firm.
IIF IV.17 Firms should have valuation procedures, with appropriate governance processes, in place for times
of market stress, including ways to recognize and react when changes in market liquidity or volatility
require changes in valuation approaches for individual assets.
IIF IV.19 Firms should have adequate resources to accommodate the demands of producing valuations during
a period of market disruption.
SSG V.A Firms should devote resources to establishing specialized product financial control staff able to perform
a fundamental analysis of underlying positions and enforce discipline internally in marking their assets
to their estimated prices. Firms should also factor position size (to account for the market impact of
immediate sales of such size) and the dispersion of observed prices into their valuation models.
AT 20 Valuations: Metrics and IIF IV.12 Valuations should be subject to sensitivity analysis to evaluate and inform the organization about
Analysis the range of uncertainty and potential variability around point estimates.
IIF IV.15 Firms should recognize that transaction prices may become dated and dealer quotes may not reflect
prices at which transactions could occur, especially during periods of low liquidity. Firms should devote
the analytical resources necessary to checking valuations made on such bases and make adjustments
when deemed appropriate.
IIF IV.16 Small- to medium-sized firms, given their limited resources, should develop at least internal
benchmarking and not rely purely on dealer quotes for valuations.
IIF IV.18 Firms should assess the infrastructure and price-testing implications of moving from observable market
prices to other valuations techniques, including mark-to-model for material asset classes, and incorporate
such implications in resource planning.
IIF IV.20 For the purposes of regulatory capital, the process of evaluating whether an instrument should be placed
in the trading or banking book should be subject to objective criteria and control procedures. Firms
should provide clear explanations internally and to auditors as to why instruments were initially
placed in the trading book or the banking book under prudential and accounting tests.
10
13. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
E. Market Risk (Continued )
AT 20 Valuations: Metrics and IIF IV.22 Firms should have appropriate controls over prices submitted to utilities to ensure not only that
Analysis (Continued ) high-quality prices, consistent with the rules or requirements of each service, are submitted but
also that the firm submits prices for as many material positions as possible when available.
IIF IV.24 Where other valuation indications are less than satisfactory, firms may wish to consider using available
information about valuations from collateral and repo experience.
SSG V.A Firms should take into account the challenges of pricing information from primary market transactions
that may not indicate the true value of retained positions in the absence of secondary market trading.
Firms should also not rely too heavily on rating agencies’ assessments of complex securities, and pay
sufficient attention to internal assessments and the quality of the underlying assets.
SSG V.A Firms should have processes in place to both verify and challenge business units’ estimates of the value of
their holdings. Some practices for price verification include requiring the trading desks to sell a sufficient
portion of the exposure to observe a market price, and monitoring disputes over the market value of
collateral value posted by counterparties to help mark firm holdings of the same of similar securities.
AT 21 Trading Patterns IIF V.6 Firms should implement mechanisms for escalating potential conflicts or contradiction between their
trading and placing strategies to an appropriate senior management body. Such body should be at a level
with sufficient authority to adopt measures deemed necessary to resolve any such conflict, including
change of sales or trading strategy, where appropriate. Clear policies also should be in place to determine
when to disclose any such conflict to potential investors in a particular product.
F. Market Infrastructure
AT 22 Market Infrastructure CRMPG III The Policy Group recommends incentives to buy-side participants. It is important to recognize that
V-4 buy-side market participants will operate at different volumes. Moderate- to large-volume participants
(more than four trades per month) will be expected to adhere to the same standards as dealer-side firms
with respect to transmission standards, trade date confirmation, settlement, and mark-to-market
comparisons. As with adoption of the Novation Protocol, dealers should consider limiting trading
activity with firms that do not adhere to industry standards. Adherence to industry standards should
be part of a routine dealer operational due diligence (side-by-side with the normal credit due diligence).
Goal: Ongoing.
CRMPG III The Policy Group recommends that market participants should seek to streamline their methods for
V-5 trade execution and confirmation/affirmation, which should facilitate an end-to-end process flow
consistent with same-day matching and legal confirmation.
CRMPG III The Policy Group recommends that senior leaders of trading support functions should clearly articulate
V-6 to senior management the resource requirements necessary to achieve the same-day standards.
Recognizing the expense management imperatives driven by recent market conditions, senior
management should make every effort to help support functions achieve these standards for
the overarching benefit of enhancing market resilience. Goal: Ongoing.
CRMPG III The Policy Group strongly urges that major market participants should deploy a combination of utility
V-7 and vendor-supplied solutions and should, at a minimum, ensure interoperability of those solutions.
Goal: End of 2009.
CRMPG III The Policy Group recommends that major market participants on both the sell- and buy-sides should
V-8 make every reasonable effort to speed up the adoption of electronic platform usage. This should entail
revisiting the priorities in development and testing schedules. Goal: End of 2009.
CRMPG III Consistent with Recommendation V-7 above, the Policy Group further recommends that major market
V-9 participants on both the sell- and buy-sides should hasten their adoption of tools that facilitate
standardization in the marketplace. This will in turn facilitate the achievement of the next-generation
goals for the timeliness and integrity of transaction details. Goal: End of 2009.
CRMPG III The Policy Group further recommends frequent portfolio reconciliations and mark-to-market
V-10 comparisons, including on collateralized instruments. Goal: Weekly by the end of 2008, moving
to daily for electronically eligible trades by mid-2009.
11
14. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
F. Market Infrastructure (Continued )
AT 22 Market Infrastructure CRMPG III The Policy Group recommends that, as mark-to-market disputes inevitably surface through the collateral
(Continued ) V-12 portfolio reconciliation process, the information should be passed to the executing trading desks on a
real-time basis to allow for research and resolution. This should, of course, be done with appropriate
anonymity of the counterparty’s identity, positions, and broader portfolio. A close alignment of the
collateral team with trading desks—without violating the fire walls and controls that are critically
important to the integrity of the financial system—would facilitate such information sharing. As
necessary, significant and large-value collateral disputes should promptly be escalated to the appropriate
senior officers. Goal: Immediate.
CRMPG III The Policy Group recommends that market participants should actively engage in single-name and
V-14 index collateralized default swap trade compression. ISDA has agreed on a mechanism to facilitate
single-name trade compression with Creditex and Markit Partners. Established vendor platforms
exist for termination of offsetting index trades, and the Policy Group urges major market participants
to aggressively pursue their use.
G. Origination Standards
AT 23 Origination Standards IIF V.1 Originators, sponsors, and underwriters should:
• adopt and follow appropriate due diligence standard(s);
• ensure that appropriate and relevant information is released in a timely manner; and
• ensure that appropriate ongoing monitoring and disclosure of the performance of the underlying
collateral are carried out.
IIF V.2 Firms should subject assets that they help originate and distribute to the same credit due diligence standards
as used for similar assets that are to be carried on the firm’s own balance sheet. For third-party assets for
which financial institutions act as sponsors, an appropriate due diligence process should be conducted.
Alternately, firms should disclose reasons for not observing their usual credit due diligence process.
CRMPG III With respect to high-risk complex asset-backed securitizations, underwriters and placement agents
III-4a-b should have in place an ongoing framework for evaluating the performance and reputation of issuers,
as well as effective and clearly articulated procedures for evaluating the quality of assets. The Policy
Group strongly urges that underwriters and placement agents redouble efforts to adhere fully to the
letter and spirit of existing diligence standards, and seek opportunities to standardize and enhance
such standards. These enhancements include the following recommendations:
• III-4a. Requiring all firms to follow statistically valid sampling techniques in assessing the quality
of assets in a securitization; and
• III-4b. Encouraging disclosure to investors of due diligence results, including making the agreed-
upon-procedures letter publicly available.
IIF V.4 All originators of assets underlying securitized instruments, whether regulated as banks or not, should
adhere to basic credit principles, such as making a reasonable assessment of a borrower’s ability to pay;
documentation should be commensurate with such basic requirements.
IIF V.5 Basic credit principles need to be followed during negotiations between borrowers and lenders (including
underwriters, sponsors, and other agents), and the risk implications of negotiated terms of lending
transactions need to be analyzed carefully.
CRMPG III The Policy Group recommends that each firm’s senior management commission a periodic review
IV-5b of credit terms extended over a cycle, together with an assessment of the stability of such terms,
for discussion with the firm’s senior management.
PWG III To limit rating shopping, underwriters and sponsors of structured finance products should publicly disclose
B3 whether—after submitting final data and information about a proposed structure to one or more credit
rating agencies and receiving preliminary ratings from the agency(ies) based on the information—they
choose to publish some but not all of the preliminary rating(s) as final ratings. The disclosure should
include the reason for not having any such preliminary ratings published as final ratings.
12
15. RISK MANAGEMENT LESSONS FROM THE GLOBAL BANKING CRISIS OF 2008: SUPPLEMENT
Self-Assessment Template (Continued )
I. Management of Risk
H. Securitization and Complex Products
AT 24 Appropriate Investors CRMPG III B The Policy Group strongly recommends that high-risk complex financial instruments should be sold
only to sophisticated investors.
CRMPG III The Policy Group recommends establishing standards of sophistication for all market participants in
III-1 high-risk complex financial instruments. In recommending specific characteristics and practices for
participants, it is guided by the overriding principle that all participants should be capable of assessing
and managing the risk of their positions in a manner consistent with their needs and objectives. All
participants in the market for high-risk complex financial instruments should ensure that they possess
the following characteristics and make reasonable efforts to determine that their counterparties possess
them as well:
• the capability to understand the risk and return characteristics of the specific type of financial
instrument under consideration;
• the capability, or access to the capability, to price and run stress tests on the instrument;
• the governance procedures, technology, and internal controls necessary for trading and managing
the risk of the instrument;
• the financial resources sufficient to withstand potential losses associated with the instrument; and
• authorization to invest in high-risk complex financial instruments from the highest level of
management or, where relevant, from authorizing bodies for the particular counterparty.
Large integrated financial intermediaries should adopt policies and procedures to identify when it would
be appropriate to seek written confirmation that the counterparty possesses the aforementioned
characteristics.
IIF V.3 Firms should consider the general appropriateness of products for specific types of institutional investors.
Sale processes within firms should be reviewed to ensure proper consideration of the risk factors of
products and risk profiles of investors at the time of sale.
AT 25 Documentation CRMPG III The documentation of all high-risk complex financial instruments in cash or derivative form should
III-2a include a term sheet: a concise summary highlighting deal terms and, where appropriate, collateral
manager capabilities and portfolio and deal payment structure. The term sheets for all high-risk complex
financial instruments, the full scope of which is outlined in Appendix A to CRMPG, must, among
other factors, include the following:
• a clear explanation of the economics of the instrument, including a discussion of the key assumptions
that give rise to the expected returns; and
• rigorous scenario analyses and stress tests that prominently illustrate how the instrument will perform
in extreme scenarios, in addition to more probable scenarios.
CRMPG III The documentation associated with asset-backed high-risk complex financial instruments should include:
III-2b • A Preliminary and Final Offering Memorandum: The offering memorandum should include
prominently within its first several pages the nature of the economic interest of the underwriter or
placement agent (and its affiliates) in the transaction, including a clear statement of the roles to be
undertaken and services to be provided by the underwriter or placement agent (or its affiliates) to
the transaction, as well as any interests in the transaction (if any) that the underwriter or placement
agent (or its affiliates) are required or expected to retain.
• A Marketing Book: The marketing book should include an in-depth description of the materials
contained in the term sheet. It should especially focus on the collateral manager (in the case
of a managed portfolio) and deal structure.
• Portfolio Stratifications: This documentation should be in the form of spreadsheets containing bond
level information (sector, rating, par balance, etc.), where known, and weighted-average loan level
information (FICO, service, loan-to-value, percent fixed, occupancy, geographic distribution,
second liens, etc.).
• Cash Flow/Stress Scenarios: This documentation should be in the form of spreadsheets and cash flow
model outputs. Standard runs should be provided for each tranche offered. The output will typically
be in the form of tranche cash flows and default/loss percentages for the tranches and collateral.
13