Knowledge | Skills | Conduct

Principles of Risk Management

14 questions

Chapter 1

Further information

This chapter is an overview of risk management. It contains many definitions and key phrases with which you must become familiar.

This chapter has twelve questions in the exam.

5

Knowledge | Skills | Conduct

1.1 Risk and uncertainty

• The Concise Oxford Dictionary definition: - ‘The chance or possibility of damages, loss, injury or other adverse consequence’

• Probability – chance or possibility of something happening in the future

• Impact – adverse consequence – the potential outcome is thought of as negative

• Risk- Variables that can be quantified

• Uncertainty- Variables that cannot be quantified

1. Introduction to Business RiskFurther information

Risk score is driven by these two key variables of probability and impact.

Risk score = Probability x Impact

6

Knowledge | Skills | Conduct

1.1 Risk management

1. Introduction to Business Risk

Key Elements of a SimpleRisk Framework

Risk policies and governance at board level

Risk oversight

Day to day risk management

Identify Assess

ControlMonitor

BusinessUnit

BusinessUnit

BusinessUnit

Report

Further information

Risk management has three key aspects:• Identifying risk• Evaluating risk• Implementing a risk response plan

7

Knowledge | Skills | Conduct

1.2 External sources of risk• Economic risks• Political risks• Risks from competition, social and market forces• Technological risks, such as cyber security• Shocks and natural events

• Risks presented by external stakeholders and third parties, e.g.:• Parent company• Institutional investors• Large customers• Regulators• Suppliers/consultant etc.

• Environmental, Social and Governance (ESG) risks

1. Introduction to Business RiskFurther information

Environmental. Social and Governance (ESG) risksEnvironmental risks emanate from: • Climate change issues (such as firms’ vulnerability due to climate

change), and • Issues around the depletion of natural resources (such as water scarcity,

land use, and raw-material sourcing)

Social risks emanate from: • Human capital issues (such as labour management and health and

safety) • Pliability issues (such as product safety, quality, privacy and data safety

issues), and • Stakeholder opposition (such as local health and demographic risks and

controversial sourcing of materials).

Governance risks emanate from: • Corporate governance issues (such as management structure and board-

employee relations and compensation), and • Corporate behaviour issues (such as business ethics and anti-competitive

practices, tax, transparency and corruption and financial system instability)

Most business leaders acknowledge that addressing ESG concerns is either essential or good for business. This is in line with rising expectations from investors, consumers and other stakeholders.

8

Knowledge | Skills | Conduct

1.3 Assessing external sources of risk

• PESTLE analysis- Political- Economic- Social- Technical- Legislative- Environmental

• Business continuity planning- Disaster recovery

• Business process analysis- Internal and external impact on business processes

1. Introduction to Business Risk

9

Knowledge | Skills | Conduct

1.3 Assessing external sources of risk (cont.)

• Likelihood/probability rating

• Impact loss rating

• Risk score = likelihood (1-5) x impact (1-5)

1. Introduction to Business RiskFurther information

Firms have their own way of allocating values to relative likelihoods and impacts of risks.

The risk scoring process can be objective, subjective, or both.

10

Knowledge | Skills | Conduct

1.4 Internal drivers of business risk

• Strategic risk- Is the strategy right?- Is it being implemented properly?

• Operational risk- The risk of loss resulting in failed internal processes

• Compliance risk- Compliance with regulation and legislation

• Financial risk- Revenues vs. cost- Gearing/leverage - BIS three main types – credit, market, operational

1. Introduction to Business RiskFurther information

Strategic risk is the risk of loss of earnings or capital via:• Adverse business decisions• Improper implementation of decisions• Lack of adequate responsiveness to changing business environment• A lack of strategic information

11

Knowledge | Skills | Conduct

1.5 Assessing internal drivers of business risk

• From within the company:- Structured brainstorming (SWOT)- Stress testing- Scenario analysis- Risk assessment workshops

• External assessment:- Independent auditors- Industry best practice

1.6 The nature of external and internal risk

• External and internal risks overlap, and mutually influence one another- Example – new product development and launch

1. Introduction to Business RiskFurther informationSWOT analysis involves brainstorming, as a group, and identifying:• Strengths• Weaknesses• Opportunities• Threats…relevant to the internal and external environments of the organisation, and the strategy the organisation is attempting to implement.

Keeping on targetWhich of the following best describes operational risk? The risk of loss:

A. Resulting from failed internal processesB. Failing to comply with regulations and legislationC. Due to customer defaultD. Caused by a fall in asset values

12

Knowledge | Skills | Conduct

1.7 Additional risk terminology

Risk culture• A common understanding and awareness of what risk is• A common understanding of where risk occurs and how to manage it• Drivers of risk culture:

- Attitude towards risk and ethics of senior managers and directors- Quality and integrity of staff- Extent of change the organisation is going through- Effectiveness of communication- Reward practices

Conduct risk• The risk that a firm’s behaviour will result in poor outcomes for customers

- Culture, incentives and processes result in moving away from putting the customer first, and putting profit first

1. Introduction to Business Risk

Answer to question on the previous slideAnswer A.

13

Knowledge | Skills | Conduct

1.7 Additional risk terminology (cont.)

Risk appetite (risk tolerance)

• Acceptable loss at a given confidence level

• Quantifiable vs. non-quantifiable risks

• Top-down and bottom-up

1. Introduction to Business RiskFurther informationTop-down approach:• Identify threats to strategic objectives or goals• Relate these to the resources held by the firm• Generate plans to address threats

Bottom-up approach:• Set departmental ‘acceptable occurrence’ levels for errors and losses• Develop key risk indicators (KRIs) to track performance vs. target

14

Knowledge | Skills | Conduct

1.7 Additional risk terminology (cont.)

Inherent (gross) risk

• Risk exposure without controls

Residual (net) risk

• Risk exposure with controls

1. Introduction to Business Risk

Control risk

Residual risk

Inherent risk

15

Knowledge | Skills | Conduct

1.7 Additional risk terminology (cont.)

Risk profile

• Prioritising risks (likelihood and impact)

• Responding to risks (4 Ts)- Terminate – avoid- Transfer – outsource- Take – retain and budget- Treat – reduce impact/likelihood

1. Introduction to Business RiskFurther information‘Risk profile’ means the overall ‘picture’ of external and internal risks affecting the firm, and proposals to deal with them.

16

Knowledge | Skills | Conduct

1.7 Additional risk terminology (cont.)

Risk mitigation – methods to reduce impact/likelihood depending on risk type

• Improve processes (operational)

• Hedging (market)

• Holding collateral (credit)

1.8 Risk management and shareholder value

Risk management helps with accurate decision making

• Proper appreciation of costs and benefits of project decisions

1. Introduction to Business Risk

17

Knowledge | Skills | Conduct

2.1 Risk in financial services (BIS definitions)

• Operational risk- ‘The risk of loss resulting from inadequate or failed internal processes, people and

systems or from external events’

• Credit risk - Risk relating to lending or agreeing to trade with another counterparty

• Market risk- Potential loss of earnings or capital arising from a change in the value of financial

instruments

• Liquidity risk- The risk that a firm will be unable to close out a position due to the market being

illiquid

2. Specific Risks in Financial ServicesFurther information‘BIS’ refers to the Bank for International Settlements – this is discussed in detail in chapter 2.

18

Knowledge | Skills | Conduct

2.2 Systemic risk in financial services

• Contagion

• Sovereign risk

• Recovery and resolution plans

2. Specific Risks in Financial Services

19

Knowledge | Skills | Conduct

2.3 Compared to other industries

• The following impact all industries but affect the financial services industry in particular:- Reputation risk- Organisation risk

• Internal complexity• External interrelationships (contagion)

- Compliance risk- Conflict of interest

2. Specific Risks in Financial Services

20

Knowledge | Skills | Conduct

3.1 Fintech and Regtech

• Companies use technology to improve the customer experience, and to better compete with their rivals- Fintech involves the use of technology by financial services firms for this purpose- Regtech applies this idea to meeting increasing regulatory requirements, such as

reporting and compliance- But increased cybercrime and data security risks

3.2 Cryptoassets

• Digital assets that do not require intervention by middlemen, and uses decentralised distributed ledger technology (DLT), such as blockchain- Unclear or no regulation of cryptoassets and their markets- Increased financial crime risk, and market risk

3. Emerging Considerations

21