Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Knowledge | Skills | Conduct
Principles of Risk Management
14 questions
Chapter 1
Further information
This chapter is an overview of risk management. It contains many definitions and key phrases with which you must become familiar.
This chapter has twelve questions in the exam.
5
Knowledge | Skills | Conduct
1.1 Risk and uncertainty
• The Concise Oxford Dictionary definition: - ‘The chance or possibility of damages, loss, injury or other adverse consequence’
• Probability – chance or possibility of something happening in the future
• Impact – adverse consequence – the potential outcome is thought of as negative
• Risk- Variables that can be quantified
• Uncertainty- Variables that cannot be quantified
1. Introduction to Business RiskFurther information
Risk score is driven by these two key variables of probability and impact.
Risk score = Probability x Impact
6
Knowledge | Skills | Conduct
1.1 Risk management
1. Introduction to Business Risk
Key Elements of a SimpleRisk Framework
Risk policies and governance at board level
Risk oversight
Day to day risk management
Identify Assess
ControlMonitor
BusinessUnit
BusinessUnit
BusinessUnit
Report
Further information
Risk management has three key aspects:• Identifying risk• Evaluating risk• Implementing a risk response plan
7
Knowledge | Skills | Conduct
1.2 External sources of risk• Economic risks• Political risks• Risks from competition, social and market forces• Technological risks, such as cyber security• Shocks and natural events
• Risks presented by external stakeholders and third parties, e.g.:• Parent company• Institutional investors• Large customers• Regulators• Suppliers/consultant etc.
• Environmental, Social and Governance (ESG) risks
1. Introduction to Business RiskFurther information
Environmental. Social and Governance (ESG) risksEnvironmental risks emanate from: • Climate change issues (such as firms’ vulnerability due to climate
change), and • Issues around the depletion of natural resources (such as water scarcity,
land use, and raw-material sourcing)
Social risks emanate from: • Human capital issues (such as labour management and health and
safety) • Pliability issues (such as product safety, quality, privacy and data safety
issues), and • Stakeholder opposition (such as local health and demographic risks and
controversial sourcing of materials).
Governance risks emanate from: • Corporate governance issues (such as management structure and board-
employee relations and compensation), and • Corporate behaviour issues (such as business ethics and anti-competitive
practices, tax, transparency and corruption and financial system instability)
Most business leaders acknowledge that addressing ESG concerns is either essential or good for business. This is in line with rising expectations from investors, consumers and other stakeholders.
8
Knowledge | Skills | Conduct
1.3 Assessing external sources of risk
• PESTLE analysis- Political- Economic- Social- Technical- Legislative- Environmental
• Business continuity planning- Disaster recovery
• Business process analysis- Internal and external impact on business processes
1. Introduction to Business Risk
9
Knowledge | Skills | Conduct
1.3 Assessing external sources of risk (cont.)
• Likelihood/probability rating
• Impact loss rating
• Risk score = likelihood (1-5) x impact (1-5)
1. Introduction to Business RiskFurther information
Firms have their own way of allocating values to relative likelihoods and impacts of risks.
The risk scoring process can be objective, subjective, or both.
10
Knowledge | Skills | Conduct
1.4 Internal drivers of business risk
• Strategic risk- Is the strategy right?- Is it being implemented properly?
• Operational risk- The risk of loss resulting in failed internal processes
• Compliance risk- Compliance with regulation and legislation
• Financial risk- Revenues vs. cost- Gearing/leverage - BIS three main types – credit, market, operational
1. Introduction to Business RiskFurther information
Strategic risk is the risk of loss of earnings or capital via:• Adverse business decisions• Improper implementation of decisions• Lack of adequate responsiveness to changing business environment• A lack of strategic information
11
Knowledge | Skills | Conduct
1.5 Assessing internal drivers of business risk
• From within the company:- Structured brainstorming (SWOT)- Stress testing- Scenario analysis- Risk assessment workshops
• External assessment:- Independent auditors- Industry best practice
1.6 The nature of external and internal risk
• External and internal risks overlap, and mutually influence one another- Example – new product development and launch
1. Introduction to Business RiskFurther informationSWOT analysis involves brainstorming, as a group, and identifying:• Strengths• Weaknesses• Opportunities• Threats…relevant to the internal and external environments of the organisation, and the strategy the organisation is attempting to implement.
Keeping on targetWhich of the following best describes operational risk? The risk of loss:
A. Resulting from failed internal processesB. Failing to comply with regulations and legislationC. Due to customer defaultD. Caused by a fall in asset values
12
Knowledge | Skills | Conduct
1.7 Additional risk terminology
Risk culture• A common understanding and awareness of what risk is• A common understanding of where risk occurs and how to manage it• Drivers of risk culture:
- Attitude towards risk and ethics of senior managers and directors- Quality and integrity of staff- Extent of change the organisation is going through- Effectiveness of communication- Reward practices
Conduct risk• The risk that a firm’s behaviour will result in poor outcomes for customers
- Culture, incentives and processes result in moving away from putting the customer first, and putting profit first
1. Introduction to Business Risk
Answer to question on the previous slideAnswer A.
13
Knowledge | Skills | Conduct
1.7 Additional risk terminology (cont.)
Risk appetite (risk tolerance)
• Acceptable loss at a given confidence level
• Quantifiable vs. non-quantifiable risks
• Top-down and bottom-up
1. Introduction to Business RiskFurther informationTop-down approach:• Identify threats to strategic objectives or goals• Relate these to the resources held by the firm• Generate plans to address threats
Bottom-up approach:• Set departmental ‘acceptable occurrence’ levels for errors and losses• Develop key risk indicators (KRIs) to track performance vs. target
14
Knowledge | Skills | Conduct
1.7 Additional risk terminology (cont.)
Inherent (gross) risk
• Risk exposure without controls
Residual (net) risk
• Risk exposure with controls
1. Introduction to Business Risk
Control risk
Residual risk
Inherent risk
15
Knowledge | Skills | Conduct
1.7 Additional risk terminology (cont.)
Risk profile
• Prioritising risks (likelihood and impact)
• Responding to risks (4 Ts)- Terminate – avoid- Transfer – outsource- Take – retain and budget- Treat – reduce impact/likelihood
1. Introduction to Business RiskFurther information‘Risk profile’ means the overall ‘picture’ of external and internal risks affecting the firm, and proposals to deal with them.
16
Knowledge | Skills | Conduct
1.7 Additional risk terminology (cont.)
Risk mitigation – methods to reduce impact/likelihood depending on risk type
• Improve processes (operational)
• Hedging (market)
• Holding collateral (credit)
1.8 Risk management and shareholder value
Risk management helps with accurate decision making
• Proper appreciation of costs and benefits of project decisions
1. Introduction to Business Risk
17
Knowledge | Skills | Conduct
2.1 Risk in financial services (BIS definitions)
• Operational risk- ‘The risk of loss resulting from inadequate or failed internal processes, people and
systems or from external events’
• Credit risk - Risk relating to lending or agreeing to trade with another counterparty
• Market risk- Potential loss of earnings or capital arising from a change in the value of financial
instruments
• Liquidity risk- The risk that a firm will be unable to close out a position due to the market being
illiquid
2. Specific Risks in Financial ServicesFurther information‘BIS’ refers to the Bank for International Settlements – this is discussed in detail in chapter 2.
18
Knowledge | Skills | Conduct
2.2 Systemic risk in financial services
• Contagion
• Sovereign risk
• Recovery and resolution plans
2. Specific Risks in Financial Services
19
Knowledge | Skills | Conduct
2.3 Compared to other industries
• The following impact all industries but affect the financial services industry in particular:- Reputation risk- Organisation risk
• Internal complexity• External interrelationships (contagion)
- Compliance risk- Conflict of interest
2. Specific Risks in Financial Services
20
Knowledge | Skills | Conduct
3.1 Fintech and Regtech
• Companies use technology to improve the customer experience, and to better compete with their rivals- Fintech involves the use of technology by financial services firms for this purpose- Regtech applies this idea to meeting increasing regulatory requirements, such as
reporting and compliance- But increased cybercrime and data security risks
3.2 Cryptoassets
• Digital assets that do not require intervention by middlemen, and uses decentralised distributed ledger technology (DLT), such as blockchain- Unclear or no regulation of cryptoassets and their markets- Increased financial crime risk, and market risk
3. Emerging Considerations
21