risk management essentials for bankers
TRANSCRIPT
Presented by Mr. David Vu
Risk Management Essentials
Date: 24th and 25th Mar 2017
Venue: Sunway Resort Hotel
The purpose of this course is to provide attendees with crucialunderstanding of risk management in financial institutions. Firstly, anintroduction on basic principles of risk management, risk governance andkey risks are made to analyse how it affects the banking institutions,standard risk framework, and essential risk tools. Critical concepts arecovered in risk management like Enterprise Risk Management and standardinternal control framework. Attendees will tackle on case studies offinancial failures such as the financial crisis during 2007-2008. This willenable them to gain a better understanding of cause and effect and how toprevent it from happening in the future. The focus will also be on keyregulations for the banking sector, capital management and stress testing.All this will allow the attendees to gain a robust background of riskmanagement.
Introduction
Overview of Risk Management▫ Understanding corporate governance and risk management▫ Introduction to risk management and identify key risks in banking institutions▫ Analyzing internal control and enterprise risk management▫ Recapping financial failures and financial crisis▫ Understanding risk appetite framework and requirements of Basel II/III▫ Exploring internal capital adequacy assessment process and stress testing
Overview of Liquidity Risk Management▫ Understanding key principles of liquidity risk management▫ Identifying risk measurement, risk limits, and risk reports▫ Understanding stress testing and contingency planning policy
Overview of Interest Rate Risk Management in Banking Book▫ Understanding key principles of interest rate risk management in banking book▫ Identifying risk measurement, risk limits, and risk reports▫ Understanding stress testing
Overview of Operational Risk Management▫ Understanding key principles of operational risk management▫ Understanding risk assessment tools, key risk indicators, risk incidents capturing▫ Understanding technology risk, vendor risk, and insurance program
Training Outline
After completing this course, you will be able to:
• Understand key risks facing banking institutions
• Apply key principles of risk management into your work especially for riskanalysts, risk managers.
• Understand a standard framework of internal control and the concept ofEnterprise Risk Management.
• Understand compliance risk as well as essential regulations in bankingenvironment.
• Understand the financial crisis in 2007 – 2008 and lessons learnt.
• Build up a risk appetite framework for your institution with key principles,risk tolerances, and limit settings.
• Build up risk assessment tools and techniques for risk management.
• Understand Internal Capital Adequacy Assessment Process and criticality ofstress tests in capital management.
Expected Outcomes
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
5
Corporate Governance and Risk Management
Corporate Governance: Sample Definitions
“The system by which companies are directed andcontrolled” – Adrian Cadbury, 1992
“The structures, processes, cultures and systems thatengender the successful operation of the organisation” – KKeasey and M Wright, 1993
“The process of supervision and control intended toensure that the company’s management acts inaccordance with the interests of Shareholders” – JParkinson, 1994
6
Corporate Governance and Risk Management
Components of Corporate Governance
Ethics
Integrity
Code of Conduct
Accountability
Responsibility
Information
Investment Protection
Shareholder Action
Transparency
Internal Control System
Regulations
Why is Corporate Governance is so important?
Even best-run organisations can makemistakes or poor decisions on i.e. investment,recruitment, evaluation, etc.
While risk is an important and unavoidablecomponent of modern management, itshould not imply that governance ofenterprises is overlooked.
A good decision that leads to i.e. a successfulinvestment can be based on poor assessmentof risk. Also, good governance practice canlead to poor decision making. Hence, theremust be a balance.
To help avoid / mitigate agency cost problem.
7
Corporate Governance and Risk Management
Shareholders
Board of Directors
CEO / MD
Executive Directors
Front Office Functions
Middle Office Functions
Back Office Functions
Put in equity to set up the business
Shareholders nominate a BoD to run thebusiness on their behalf. They set thebusiness policies
Board includes a Management team lead byCEO/MD and Executive Directors who managethe business on a day-to-day basis. They designappropriate strategies to implement policies
Senior Management is recruited todevelop business plans / processes /procedures to execute the strategies
8
Corporate Governance and Risk Management
What is Risk Management?
In a concise context, Risk Management is the identification, assessment,measurement, monitoring and get corrective actions to risks facing the firm.
It is defined under ISO 31000 as the effect of uncertainty on objectives (whetherpositive or negative) followed by coordinated and economical application ofresources to minimize, monitor, and control the probability and/or impact ofunfortunate events or to maximize the realization of opportunities.
Key Issues
Probability (likelihood) of event occurring
Severity (impact) of the event on set objectives
The strategies to manage risk typically include transferring the risk to another party,avoiding the risk, reducing the negative effect or probability of the risk, or evenaccepting some or all of the potential or actual consequences of a particular risk.
9
Corporate Governance and Risk Management
Risk Governance in Practice
Select competent board members and establish guidelines to govern theboard organization and structures;
Select competent executive officers, evaluate and compensate themaccordingly;
Review and approve the management-developed strategy i.e. approve theoverall risk-appetite of the institution;
Develop risk culture and monitor the control of the environment;
Ensure that the necessary corrective actions are taken to remedy thesituation;
Ensure the compliance of the institution with its legal and regulatoryrequirements; and
Directors are to perform these functions in the best interest of theshareholders and other stakeholders.
10
Corporate Governance and Risk Management
8 Principles for Bank Boards & Senior Management
(Basel Committee)
Principle 1: Board qualifications, capabilities and responsibilities
Principle 2: Board’s role regarding the bank’s strategic objectives andcorporate values
Principle 3: Lines of responsibility & accountability
Principle 4: Ensuring oversight by senior management
Principle 5: Auditors and internal control functions
Principle 6: Board & key executive compensation
Principle 7: Transparent governance
Principle 8: “Know your operational structure”
11
Corporate Governance and Risk Management
12
A S
AM
PLE
OF
RIS
K G
OV
ERN
AN
CE
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
13
A Concise Typology of Key Risk Exposures in Banking Sector
14
Overview of Key Risks in Banking Institutions
RISKS
Market Risk
Credit Risk
Liquidity Risk
Operational Risk
Legal & Compliance Risk
Business Risk
Strategic Risk
Reputation Risk
Funding Liquidity Risk
Trading Liquidity Risk
A Schematic View of Key Financial Risks
15
Overview of Key Risks in Banking Institutions
Financial Risks
Market Risk
Credit Risk
Transaction Risk
Portfolio Concentration
Issue Risk
Issuer Risk
Counterparty Risk
Equity Price Risk
Interest Rate Risk
Foreign Exchange Risk
Commodity Price Risk
Trading Risk
Gap Risk
General risk
Specific risk
Effective tradeoff of risk and reward
Shared responsibility for risk management
Based on an understanding of risk
Avoid activities that are inconsistent with values
Focus on clients and core values
Use of judgment and common sense
Risk Management Principles
16
Overview of Key Risks in Banking Institutions
Key Risk Definitions
17
Overview of Key Risks in Banking Institutions
Reputational Risk: is the current or prospective risk to earnings and capital arisingfrom an adverse perception of a banking institution on the part of existing andpotential transactional stakeholders, i.e. clients, trading counterparties, employees,suppliers, regulators, governmental bodies, and investors.
Compliance Risk: is the current or prospective risk to earnings, capital andreputation arising from violations or non-compliance with laws, rules, regulations,agreements, prescribed practices, or ethical standards, as well as from incorrectinterpretation of relevant laws or regulations.
Strategic Risk: is the current and prospective impact on earnings, capital, reputationor good standing of a banking institution arising from poor business decisions,improper implementation of decisions or lack of response to industry, economic ortechnological changes. This risk is a function of the compatibility of the bank’sstrategic goals, the business strategies developed to achieve these goals, theresources deployed to meet these goals and the quality of implementation.
Key Risk Definitions (cont.)
18
Overview of Key Risks in Banking Institutions
Credit Risk: is the risk arising from the potential that an obligor is either unwilling toperform on an obligation or its ability to perform such obligation is impaired resulting ineconomic loss to the bank.
Market Risk: is the risk of losses in on and off balance sheet positions as a result of adversechanges in market prices i.e. interest rates, foreign exchange rates, equity prices andcommodity prices. Market risk exists in both trading and banking book. A trading bookconsists of positions in financial instruments and commodities held either with tradingintent or in order to hedge other items of the trading book.
Operational Risk: is the current and prospective risk to earnings and capital arising frominadequate or failed internal processes, people and systems or from external events.
Liquidity Risk: is the risk of losses to a banking institution arising from either its inability tomeet its obligations as they fall due or to fund increases in assets without incurringunacceptable cost or losses. Liquidity risk also arises from the failure to recognize or addresschanges in market conditions that affect the ability to liquidate assets quickly and withminimum loss in value.
19
Overview of Key Risks in Banking Institutions
Market Risk Liquidity Risk Credit RiskOperational
Risk
Framework & Policies
Market Risk
MgmtPolicies
Limits & Controls
Liquidity Mgmt
Policies
Compliance Triggers &
MATs
Credit Risk
MgmtPolicies
Portfolio Caps,
Triggers & Risk Conc.
Risk Models
OpRiskMgmt
Policies
RCSA / KRI / Loss
Capturing
Business Continuity
VaRModels
Valuation Models
Contingency Funding
FTP Model
ALM Model
Liquidity Models
Retail Scoring Model
Internal Credit Rating
Model (SME/Corp)
Scorecard Approach
Advanced Approach(LDA)Model Backtesting
BASEL II/III
ICAAP
IRRBBCredit
Concentration Risk
Stress Testing Framework
Capital Adequacy
Leverage Ratio
Liquidity Standards (LCR/NSFR)
Integrated Risk Management Framework in Practice
20
Overview of Key Risks in Banking Institutions
Credit Risk Management Framework in Practice
CREDIT RISK COMPONENTS
KEY ELEMENTS TO HAVE
Credit Risk Governance
Credit Risk Policy Framework
Credit Risk Model & Validation
Credit Risk Monitoring & Reporting
Risk-based Decision Making
Credit Risk Mgmt Structure
Credit Risk Mgmt TOR & Policies
Credit Risk Mgmt Policy
Collateral Mgmt Policy
Authority Limit Mgmt Framework
Corporate Rating Model
Retail Scoring Model
Model Validation Framework
Credit Risk Capital Charge
Risk Reporting Templates
Reporting Workflow
Risk-based PricingRAROC / RORAC
FrameworkRisk-based
Portfolio Strategy
PD, LGD & EADEstimation
Credit VaR Calculation
21
Overview of Key Risks in Banking Institutions
Market Risk Management Framework in Practice
MARKET RISK COMPONENTS
KEY ELEMENTS TO HAVE
Market Risk Governance
Market Risk Policy Framework
Market Risk Model & Validation
Credit Risk Monitoring & Reporting
Asset Liability Management
Market Risk Mgmt Structure
Market Risk Mgmt TOR & Policies
Market Risk Mgmt Policy
ALM PolicyLimits Mgmt Framework
Instruments & VaR Model
Valuation ModelModel Validation
Framework
Risk-based Decision Making
Risk Reporting Templates
Reporting Workflow
Liquidity Risk Management
Interest Rate Risk in Trading Book
Interest Rate Risk in Banking Book
Risk-based PricingRisk-based
Portfolio Strategy
22
Overview of Key Risks in Banking Institutions
Operational Risk Management Framework in Practice
OPERATIONAL RISK COMPONENTS
KEY ELEMENTS TO HAVE
Operational Risk Governance
Operational Risk Policy Framework
Other OpRisk Related Policy Framework
Operational Risk Measurement
Operational Risk Control
OpRisk Mgmt Structure
OpRisk Mgmt TOR & Policies
OpRisk Mgmt Policy
BCP/DRP Framework
New Product Program
Technology & Cyber Risk Policy
Vendor Risk Mgmt Policy
Insurance Program
Operational Risk Capital Charge
RCSA / KRIsLoss / Near Miss
Capturing
Control Design Program
Control Design Review
Corrective Action Plan
BIA / TSA / AMA Approach
OpVaR Calculation
Reporting & Monitoring
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
23
Internal Control
Objectives of Internal Controls
▫ Accurate Financial Information
▫ Compliance with Policies andProcedures
▫ Safeguarding Assets
▫ Efficient Use of Resources
▫ Accomplishment of Objectivesand Goals
Institute of Internal Auditors (IIA)
Why are Internal Controls Important?
Internal controls are designed to providereasonable assurance regarding theachievement of objectives in the followingcategories:
▫ Effectiveness and Efficiency of Operations
▫ Reliability of Financial Reporting▫ Compliance with Laws and Regulations
Source: Internal Control – Integrated Framework Executive Summary, Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Internal Control and Enterprise Risk Management
24
Internal Control-Integrated Framework (2013 Edition)
• Consists of three parts:
▫ Executive Summary
▫ Framework and Appendices
▫ Illustrative Tools for AssessingEffectiveness of a System ofInternal Control
• Key items:
▫ Definition of internal control
▫ Categories of objectives
▫ Components and principles ofinternal control
▫ Requirements for effectiveness
Internal Control and Enterprise Risk Management
25
Internal Control-Integrated Framework (2013 Edition)
Environments changes... … have driven Framework updates
Expectations for governance oversight
Globalization of markets and operations
Changes and greater complexity in business
Demands and complexities in laws, rules, regulations, and standards
Expectations for competencies and accountabilities
Use of, and reliance on, evolving technologies
Expectations relating to preventing and detecting fraud
COSO Cube (2013 Edition)
Internal Control and Enterprise Risk Management
26
Internal Control-Integrated Framework (2013 Edition)
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies
13. Uses relevant information
14. Communicates internally
15. Communicates externally
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assesses fraud risk
9. Identifies and analyzes significant change
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring Activities
Internal Control and Enterprise Risk Management
27
Internal Control-Integrated Framework (2013 Edition)
1. The organization demonstrates a commitment tointegrity and ethical values.
2. The board of directors demonstrates independencefrom management and exercises oversight of thedevelopment and performance of internal control.
3. Management establishes, with board oversight,structures, reporting lines, and appropriate authoritiesand responsibilities in the pursuit of objectives.
4. The organization demonstrates a commitment toattract, develop, and retain competent individuals inalignment with objectives.
5. The organization holds individuals accountable fortheir internal control responsibilities in the pursuit ofobjectives.
Control Environment
Internal Control and Enterprise Risk Management
28
Internal Control-Integrated Framework (2013 Edition)
6. The organization specifies objectives with sufficientclarity to enable the identification and assessment ofrisks relating to objectives.
7. The organization identifies risks to the achievementof its objectives across the entity and analyzes risksas a basis for determining how the risks should bemanaged.
8. The organization considers the potential for fraud inassessing risks to the achievement of objectives.
9. The organization identifies and assesses changes thatcould significantly impact the system of internalcontrol.
Risk Assessment
Internal Control and Enterprise Risk Management
29
Internal Control-Integrated Framework (2013 Edition)
10. The organization selects and develops controlactivities that contribute to the mitigation of risksto the achievement of objectives to acceptablelevels.
11. The organization selects and develops generalcontrol activities over technology to support theachievement of objectives.
12. The organization deploys control activities throughpolicies that establish what is expected andprocedures that put policies in place.
Control Activities
Internal Control and Enterprise Risk Management
30
Internal Control-Integrated Framework (2013 Edition)
13. The organization obtains or generates and usesrelevant, quality information to support thefunctioning of internal control.
14. The organization internally communicatesinformation, including objectives andresponsibilities for internal control, necessary tosupport the functioning of internal control.
15. The organization communicates with externalparties regarding matters affecting the functioningof internal control.
Information & Communication
Internal Control and Enterprise Risk Management
28
Internal Control-Integrated Framework (2013 Edition)
16. The organization selects, develops, and performsongoing and/or separate evaluations to ascertainwhether the components of internal control arepresent and functioning.
17. The organization evaluates and communicatesinternal control deficiencies in a timely manner tothose parties responsible for taking correctiveaction, including senior management and theboard of directors, as appropriate.
Monitoring Activities
Internal Control and Enterprise Risk Management
32
Internal Control-Integrated Framework (2013 Edition)
Requirements for effective internal control
Effective internal control provides reasonable assurance regarding theachievement of objectives and requires that:▫ Each component and each relevant principle is present and functioning
▫ The five components are operating together in an integrated manner
Each principle is suitable to all entities; all principles are presumed relevantexcept in rare situations where management determines that a principle is notrelevant to a component (e.g., governance, technology)
Components operate together when all components are present and functioningand internal control deficiencies aggregated across components do not result inone or more major deficiencies
A major deficiency represents an internal control deficiency or combinationthereof that severely reduces the likelihood that an entity can achieve itsobjectives
Internal Control and Enterprise Risk Management
33
Enterprise Risk Management
ERM is a process, effected by an entity’s board of
directors, management, and other personnel, applied in
strategy setting and across the enterprise, designed to
identify potential events that may affect the entity,
manage risks to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity
objectives.
- Proposed by COSO (2003)
Internal Control and Enterprise Risk Management
34
Enterprise Risk Management (ERM)
Integrated Strategy - ERM is important because it supportsthe Department’s strategy and our Management Principlesincluding, “we will manage risk in fulfilling our mission”.
Consistency - Systematic approach for management andoperations – how we make decisions, govern how weestablish and implement requirements, and how we holdourselves accountable.
Better Communication - ERM will provide that frameworkfor clearly articulate the processes we use for programexecution, and governance.
Clear and Concrete Measures of Performance - It willimprove efficiency and allow a bank to consistently speakwith one voice to our contractors, customers, andstakeholders.
Why is ERM
important?
Internal Control and Enterprise Risk Management
35
COSO Enterprise Risk Management
Risk profiles are increasing
Regulatory/public scrutiny Expanding services increases risks Business change increases risk complexity Need for right kind of risk training Need for risk assessment methodologies/technology tools Stakeholders have different risk needs Inconsistent risk language used
Key Benefits from ERM
Awareness of risk increased Cross-enterprise risk identified Coordination across business units for more effective mitigation Consistent risk information Common risk language established Shareholder value protected or enhanced
Internal Control and Enterprise Risk Management
36
COSO Enterprise Risk Management
KEY SUCCESS FACTORS FOR ERM
Provide clear goals and objectives
Establish sponsorship or seniormanagement
Link to performance measuresand compensation
Drive the approach from thecorporate/head office
Establish a dedicated corporatefunction
COSO ERM Cube
Internal Control and Enterprise Risk Management
37
COSO Internal Control vs. Enterprise Risk Management
Internal Control and Enterprise Risk Management
38
ERM vs. Internal Control
• ERM elaborates and expands on those components of internal controlrelevant to risk:▫ Significantly expands on the “risk assessment” component
▫ Emphasizes and expands on other components as they relate to risk
• Internal control and ERM are 2 separate frameworks considerable overlap:▫ In some respects IC is broader and in others ERM is broader
▫ IC framework remains in tact
▫ ERM framework addresses risk management concepts more broadly and deeply
• ERM is effective only when:▫ IC components are present and functioning effectively▫ ERM components are present and functioning effectively
• You can have effective internal control without enterprise risk management, butyou cannot have effective enterprise risk management without effective internalcontrols
Internal Control and Enterprise Risk Management
39
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
40
Case #1 - Barings Bank
Incident
The incident involved the loss of nearly$1.25Bil due to the unauthorized tradingactivities during 1993 to 1995 of a singleand junior trader named Nick Leeson.
Result
The size of the losses relative to BaringsBank’s capital along with potentialadditional losses on outstanding tradesforced Barings into bankruptcy in Feb1995.
Causes
Rouge trading, failed control activities,and internal fraud.
Financial Failures and Lessons Learnt
41
Case #2 – Allied Irish Bank
IncidentJohn Rusnak, a currency option trader incharge of a very small trading book inAIB’s Allfirst First Maryland Bancorpsubsidiary, entered into massiveunauthorized trades during the period1997 through 2002, ultimately resultingin $691Mil in losses.
ResultThis resulted in a major blow to AIB’sreputation and stock price.
CausesRouge trading, failed control activities,and internal fraud.
Financial Failures and Lessons Learnt
42
Case #3 – Kidder Peabody
Incident
Between 1992 and 1994, Joseph Jett, head of thegovernment bond trading desk at Kidder Peabody,entered into a series of trades that were incorrectlyreported in the firm’s accounting system, artificiallyinflating reported profit. When corrected in Apr 1994,$350Mil in previously reported gains had to be reversed.
Result
Although Jett’s trades had not resulted in any actual lossof cash for Kidder, the announcement of such a massivemisreporting of earnings triggered a substantial loss ofconfidence in the competence of the firm’smanagement by customers and GE, which ownedKidder. In Oct 1994, GE sold Kidder to Paine Webber,which dismantled the firm later on.
Financial Failures and Lessons Learnt
43
Case #4 – Société Générale
IncidentIn Jan 2008, SG reported trading lossesof $7.1Bil that the firm attributed tounauthorized activity by a junior tradernamed Jerome Kerviel.
ResultThe large loss severely damaged SG’sreputation and required it to raise alarge amount of new capital.
CausesRouge trading, failed control activities,and internal fraud.
Financial Failures and Lessons Learnt
44
Other Cases
Sumitomo CorporationThe firm lost $2.6Bil in a failed attempt by Yasuo Hamanaka, a senior trader, to corner the world’s coppermarket – that is, to drive up prices by controlling a large portion of the available supply. Sumitomomanagement claimed that Hamanaka had used fraudulent means in hiding the size of his positions fromthem. He also claimed that he had disclosed the positions to senior management. He was sent to jail. SeeAsiaweek (1996), Dwyer (1996), and McKay (1999).
Daiwa BankToshihida Iguchi of Daiwa Bank’s New York office lost $1.1Bil trading Treasury bond between 1984 and 1995.He hid his losses and made his operation appear to be quite profitable by forging trading slips, whichenabled him to sell without authorization bonds held in customer accounts to produce funds he could claimwere part of his trading profit. His fraud was aided by a situation similar to Nick Leeson’s at Barings – Iguchiwas head of both trading and the back-office support function. Iguchi was sent to jail. See more atwww.erisk.com
Merrill LynchThe firm reportedly lost $350Mil in trading mortgage securities in 1987 due to risk reporting that used a 13-year duration for all securities created from a pool of 30-year mortgages. Although this duration is roughlycorrect for an undivided pool of 30-year mortgages, the correct duration is 30 years when the interest-onlypart is sold and the principal-only part is kept, as Merrill was doing. See Crouhy, Galai, and Mark (2001).
UBSThe Swiss bank in 2011 reported a loss of $2.3Bil due to unauthorized trading by Kweku Adoboli, a relativelyjunior equity trader. This incident cost the CEO of UBS his job. See Wilson (2011).
Financial Failures and Lessons Learnt
45
Financial Failures and Lessons Learnt
Lessons learnt from these financial failures
The necessity of an independent trading back office
Always make exhaustive inquiries about unexpected sources of profit or loss.
Always make thorough inquiries about any large unanticipated movement ofcash.
Control personnel are to tighten procedures that may lead to detection offictitious trade entries.
Flag any trader who appears to be using an unusually high number of suchcancellations of trading positions.
Control personnel should be aware of situations in which traders are beingsupervised by temporary or new managers.
Vacation policy needs to be mandatory.
Cash and collateral requirements should be monitored at trader level.
Any patterns of P&L that are unusual relative to expectations need to beidentified and investigated by both management and the control functions.
46
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
47
Financial Crisis of 2007 - 2008
A Synopsis
Starting in 2000, mortgage originators in the US relaxed their lendingstandards and created large numbers of subprime first mortgages.
This, combined with very low interest rates, increased the demand for realestate and prices rose.
To continue to attract first time buyers and keep prices increasing theyrelaxed lending standards further
Features of the market: 100% mortgages, ARMs, teaser rates, NINJAs, liarloans, non-recourse borrowing
Mortgages were packaged in financial products and sold to investors
48
Financial Crisis of 2007 - 2008
A Synopsis (cont.)
Banks found it profitable to invest in the AAA rated tranches because thepromised return was significantly higher than the cost of funds and capitalrequirements were low
The property bubble burst in in 2007. Some borrowers could not affordtheir payments when the teaser rates ended. Others had negative equityand recognized that it was optimal for them to exercise their put options.
U.S. real estate prices fell and products, created from the mortgages, thatwere previously thought to be safe began to be viewed as risky
There was a “flight to quality” and credit spreads increased to very highlevels
49
Financial Crisis of 2007 - 2008
An Origination Model of Asset-Backed Securities (ABS)
Asset 1 (eg Auto loans)
Asset 2 (eg Home loans)
Asset 3 (eg Bonds)
Asset 4 (eg Credit Cards)
Asset n
Total Principal is:
$100 million
SPE
or
SPV
Senior Tranche
Principal: $80 million
Return = 5%
Mezzanine Tranche
Principal: $15 million
Return = 10%
Equity Tranche
Principal: $5 million
Return = 20%
50
Financial Crisis of 2007 - 2008
And Continue with ABS Collateralized Debt Obligation
Asset Cash Flows
Including
Subprime Mortgages
Senior Tranches (75%)
AAA
Mezzanine Tranches (20%)
BBB
Equity Tranches (5%)
Not Rated
Senior Tranche
(80%) AAA
Mezzanine Tranche
(15%) BBB
Equity Tranche
(5%) BB-
Which one is riskier between a ABS Senior Tranch and ABS CDO Senior Tranch?
51
Financial Crisis of 2007 - 2008
BBB Tranches BBB tranches of ABSs were often quite thin (1% wide)
This means that they have a quite different loss distribution from BBB bonds andshould not be treated as equivalent to BBB bonds
They tend to be either safe or completely wiped out
What does this mean for the tranches of the Mezzanine ABS CDO?
Regulatory Capital Capital required for securities created from a portfolio of mortgages was
considerably less than capital that would be required if mortgages had been kept onthe balance sheet
Role of Incentives Arguably the incentives of valuers, the creators of ABSs and ABS CDOs, and rating
agencies helped to create the crisis
Compensation plans of traders created short-term horizons for decision making
52
Financial Crisis of 2007 - 2008
Lessons learnt from the crisis
Be aware of irrational exuberance
Do not underestimate default correlations in stressed markets
Recovery rate depends on default rate
Compensation structures did not create the right incentives
If a deal seems too good to be true (eg, a AAA earning LIBOR plus 100 bp) it probably is
Do not rely on ratings without any due diligence
Transparency is important in financial markets
Resecuritization was a not good idea
53
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
54
Background and Approach
Many reports (e.g. 2009 SSG) showed that most board of directors and seniormanagement did not actively articulate, measure, and adhere to a level of riskacceptable to firms.
Most firms acknowledged some need for improvement in their procedures forsetting and monitoring risk appetite, and many acknowledged the need torenovate the way in which their boards were receiving financial and riskinformation.
As a result, the Basel Committee on Banking Supervision, in its report Principlesfor Enhancing Corporate Governance, outlined expectations that it is the board’sresponsibility to “approve and oversee the implementation of the bank’s overallrisk strategy, including its risk tolerance/appetite”.
Lastly, for a modern risk management universe today, the Risk AppetiteFramework (RAF) is seen as a critically strategic decision-making tool.
Risk Appetite Framework
55
Linking to Strategic Objectives
Risk appetite articulates the level of risk a company is prepared to acceptin order to achieve its strategic objectives.
Capital Adequacy (CAR)
Earnings Volatility (EAR)
Credit Rating Target
Risk / Reward Tradeoff
Risk Preference / Aversion
Me
asure
s
Regulators
Investors
Debt holders
Stakeh
old
ers
Rating Agencies
Enterprise Risk Tolerance
Risk Appetite for Each Risk Category
Risk Limits
Risk Appetite Framework
56
Linking to Strategic Objectives
Risk Appetite Framework (RAF)
Strategic Planning
Asset Allocation
Business Planning
Liquidity Management
Capital Allocation
Performance Measurement Others
Understand the constraint and
ability to take risk
Understand the risk/reward
tradeoff
Risk Appetite Framework
57
Measure Risk Profile
Ensure appropriate action is taken prior Risk Profile surpassing Risk Appetite
Set Risk Limits and Tolerances
Ensure that risk-taking activities are within Risk Appetite
Establish Risk Appetite
Self-Imposed Constraints & Drivers
Define Risk Capacity
Identify regulatory constraints
Risk
Appetite
Framework
A Standard Flow for RAF Implementation
Risk Appetite Framework
58
Monitoring Risk Profile
Firms with more developed RAFs combine multiple risk metrics that help in managingor mitigating downside risk in a thoughtful, deliberate way. The metrics used shouldrange from the dynamic and forward looking to the static and point-in-time; they mayinclude but not limited to:
Capital targets beyond solely regulatory measures (economic capital, tangible common equity,and total leverage);
Capital at risk amounts; A variety of liquidity ratios, terms, and survival horizons; Net interest income volatility or earnings-at-risk calculations; VaR limits in trading book; Risk sensitivity limits; Risk concentrations by internal and/or external credit ratings; Expected loss ratios; The firm’s own credit spreads; Asset growth ceilings by business line or exposure type; Performance of internal audit ratings; and Economic value added;
Risk Appetite Framework
59
Risk Appetite Statement (RAS)
KEY OBJECTIVES FOR BUILDING A RISK APPETITE STATEMENT
• By considering the risk and return trade-off, RAS plays a critical role in guiding senior managementon how to govern bank risks to be able to achieve key objectives of the Board and shareholders.
• RAS will help a bank to be able to withstand contingencies such as a market turmoil influencing thebalance sheet of the bank, a deterioration of loan portfolio, a decline in capital adequacy,operational losses, or a liquidity crisis.
• RAS will play as a cornerstone to help bank managers do commitments with the Board in buildinga robust risk management framework with a risk practice in vogue.
• RAS will help to define risk profiles, risk limits, and risk thresholds for each kind of risks.
Shareholders’Objectives
The Board approves RAS to hook into the
business strategy
RAS will define risk profiles and prudential limits
Control and monitor risks based on RAS
RAS is seen as a critical element for a standard RAF
Risk Appetite Framework
60
Risk Appetite Statement
SHAREHOLDERS
BOARD OF DIRECTORS
BUSINESS STRATEGY
Liquidity Risk
Operational Risk
Market Risk
Credit Risk
Reputational Risk Regulatory Risk
Non-financial Objectives
Financial Objectives
Ap
pro
ve
RISK APPETITE STATEMENT
The Board of a bank will approve the business strategy based on RAS in the hope to achieve non-financial and financial objectives.
Ho
ok
Shareholders of a bank often look at financial objectives.
Risk Appetite Framework
61
A Sample RAS Report
Type of metric Name Description MAT Green Amber RedAs of
Dec‘XX
Returns
ROE NPAT / Average equity 10.60% >13.2% 8.0% to 13.2% <8% 16.5%
ROA NPAT / Average assets 1.50% >1.91% 1.4% to 1.91% <1.4% 2.5%
Cost to Income Operating Cost / Gross Income 55.00% <50% 50% to 60% >60% 55.5%
Credit Risk
Non-performing Loans
Non-performing loans / Total Loan Outstanding
0.55% <0.5% 0.5% to 0.6% >0.6% 0.45%
Loan Loss Coverage Net Operating profit / Cost of Credit 3.2x >4.0x 2.5x - 4.0x <2.5x 7.0xSingle Borrowing Concentration
Proportion of single loan to total net worth 16.50% <15% 15% to 18% >18% 5.5%
Liquidity Risk
Liquidity Coverage Ratio
Follow Prakas B7-015-349 established on 23 Dec 2015
70.00% >70% 65% to 70% <65% 99.1%
Single lender concentration
Maximum % of contribution from a single lender / Net Worth
16.50% <15% 15% to 18% >18% 7.5%
Overall Capital Total Capital on total Risk Weighted Assets 19.50% >24% 19%-24% <19% 20.5%
Tier 1 Capital Buffer Tier 1 Capital of Total Net Worth 67.50% >75% 65% to 75% <65% 95.2%
Operational Risk Operational Loss % of Annual Revenue 0.55% <0.5% 0.5% - 1% >1% 0.01%
Reputation /Compliance Risk
Major breaches in regulatory reporting
Number of delays in regulatory reporting/submission in last recorded quarter (without management awareness)
0 0 0 0 0
Major monetary finesNumber of monetary fines in last recorded quarter
0 0 0 0 0
Risk Appetite Framework
62
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
63
Overview of Basel II
History of Banking Regulations
• Pre-1988
• 1988: BIS Accord (Basel I)
• 1996: Amendment to BIS Accord
• 1999: Basel II first proposed, implemented in 2007
Key Elements of Basel II/III Pacts
• Capital Types
• Key pillars
• Risk Weighted Capital
• Capital Adequacy Ratio
• Capital charges
64
Overview of Basel II
CAPITAL TIERS
Tier 1 Capital: common equity tier (CET), non-cumulative perpetualpreferred shares
Tier 2 Capital: cumulative preferred stock, certain types of 99-yeardebentures, subordinated debt with an original life of more than 5years
CAPITAL TYPES
Economic Capital (EC) is an estimate of the level of capital that abank needs to run its business as usual (BAU).
Regulatory Capital (RC) is the capital that a bank needs to hold byregulators in order to operate or remain its operations.
65
Overview of Basel II
3 KEY PILLARS UNDER BASEL II
Pillar I
Minimum Capital Requirements
Pillar II
Supervisory Review Process
Pillar III
Market Discipline
Minimum standards forcapital management on arisk-based basis:
Credit Risk
Operational Risk
Market Risk
Increases responsibilitiesand levels of discretion forsupervisory reviews andcontrols covering:
Capital Adequacy
Internal Models
Capital charges
Capital Monitoring
Banks are required toincrease informationdisclosure relating tomeasurement of creditand operational risks, andimprove the transparencyof financial information tothe market.
66
Overview of Basel II
3 KEY PILLARS UNDER BASEL II
Basel II
Supervisory review process
• How will supervisory bodies assess, monitor and ensure capital adequacy?
• Internal process for
assessing capital adequacy
in relation to risk profile
• Supervisors to review and
evaluate banks’ internal
processes
• Supervisors to require banks
to hold capital in excess of
minimum to cover other
risks, e.g. strategic risk
• Supervisors seek to
intervene and ensure
compliance
Market disclosure
• What and how should banks disclose to external parties?
• Effective disclosure of:
- Banks’ risk profiles
- Adequacy of capital
positions
• Specific qualitative and
quantitative disclosures
- Scope of application
- Composition of capital
- Risk exposure
assessment
- Capital adequacy
Minimum capital requirements
• How is capital adequacy measured particularly for Advanced approaches?
• Better align regulatory
capital with economic risk
• Evolutionary approach to
assessing credit risk
- Standardised (external
factors)
- Foundation IRB
- Advanced IRB
• Evolutionary approaches to
operational risk
- Basic indicator
- Standardised
- Advanced Measurement
Issu
eP
rin
cip
le
• Continue to promote safety and soundness in the banking system
• Ensure capital adequacy is sensitive to the level of risks borne by banks
• Constitute a more comprehensive approach to addressing risks
• Continue to enhance competitive equality
67
Overview of Basel II
RISK WEIGHTED CAPITAL
A risk weight is applied to each on-balance-sheet asset accordingto its risk (e.g. 0% to cash and govt bonds; 20% to claims on OECDbanks; 50% to residential mortgages; 100% to corporate loans,corporate bonds, etc.)
For each off-balance-sheet item we first calculate a creditequivalent amount and then apply a risk weight
Risk weighted amount (RWA) consists of▫ sum of risk weight times asset amount for on-balance sheet items▫ Sum of risk weight times credit equivalent amount for off-balance sheet
items
68
Overview of Basel II
CAPITAL ADEQUACY RATIO
Capital adequacy ratio is a measure of the amount of a bank's capitalexpressed as a percentage of its risk weighted credit exposures.
An international standard which recommends minimum capitaladequacy ratios has been developed to ensure a bank can absorb areasonable level of losses before becoming insolvent.
69
Overview of Basel II
CAPITAL ADEQUACY RATIO
70
Overview of Basel IICapital Charges under Basel II
Approaches that can befollowed in determination
of Regulatory Capitalunder Basel II
Total Regulatory
Capital
Operational Risk
Capital
CreditRisk
Capital
MarketRisk
Capital
Basic IndicatorApproach
Standardized Approach
Advanced Measurement Approach (AMA)
Standardized Approach
Internal Ratings Based (IRB)
Foundation IRB
Advanced IRB
Standard Model
Internal Model
Score Card
Loss Distribution
Internal Modeling
71
Overview of Basel III
Capital Definition and Requirements
Capital Conservation Buffer
Countercyclical Buffer
Leverage Ratio
Liquidity Ratios
Capital for CVA Risk
Contingent Convertible Bonds
72
Overview of Basel III
Capital Definition and Requirements
Three types:– Common equity Tier 1
– Additional Tier 1
– Tier 2
Definitions tightened
Limits– Common equity > 4.5% of RWA
– Tier 1 > 6% of RWA
– Tier 1 plus Tier 2 > 8% of RWA
Phased implementation of capital levels stretching to January 1, 2015
Phased implementation of capital definition stretching to January 1, 2018
73
Overview of Basel III
Capital Conservation Buffer
Extra 2.5% of common equity required in normal times to absorb lossesin periods of stress
If total common equity is less than 7% (=4.5%+2.5%) dividends arerestricted
To be phased in between January 1, 2016 and January 1, 2019
Countercyclical Buffer
Extra equity capital to allow for cyclicality of bank earnings
Left to the discretion of national regulators
Can be as high as 2.5% of RWA
Dividends restricted when capital is below required level
To be phased in between January 1, 2016 and January 1, 2019
74
Overview of Basel III
Leverage Ratio
Objective is to constrain the build-up of leverage in the banking sectorwhich would help to avoid destabilization of deleveraging processesthat may shock the broader financial system and the economy.
This is not a risk-based ratio that the ratio of Tier 1 capital to totalexposure (not risk weighted) must be greater than 3%
Exposure includes all items on balance sheet and some off-balancesheet items
To be introduced on January 1, 2018 after a transition period
75
Overview of Basel III
Liquidity Risk Ratios
Objective of Liquidity Coverage Ratio (LCR) is to ensure that a bank meets its liquidity needsfor a 30 calendar days under liquidity stress scenarios and has adequate stock ofunencumbered High Quality Liquid Assets (HQLA) that can be converted into cash at a littleor no value loss in financial markets.
Objective of NSFR is to promote resilience over a longer time span by creating additionalincentives for a bank to fund their activities with more stable sources of funding on anongoing basis. NSFR complements and supports the LCR and it has been developed toprovide a sustainable maturity structure of assets and liabilities.
76
Overview of Basel III
Key Ratios in Basel III
77
Overview of Basel III
Capital for CVA Risk
CVA is the adjustment to the value of transactions with a counterparty toallow for counterparty credit risk
Basel III requires CVA risk arising from changing credit spreads to beincorporated into market-risk VaR calculations
Contingent Convertible Bonds
Bonds which automatically get converted into equity if certain conditionsare satisfied
For example, in the case of Credit Suisse, a Swiss bank, there is conversionif:
• Tier 1 equity falls below 7% of RWA, or
• Swiss regulator determines that the bank needs public sector support
78
Overview of Basel III
Key Comparisons between Basel II and Basel III
Requirements Under Basel II Under Basel III
Minimum Ratio of Total Capital to RWAs 8% 10.5%
Minimum Ratio of Common Equity Tier to RWAs 2% 4.5% to 7%
Tier I Capital to RWAs 4% 6%
Capital Conservation Buffer (CCB) to RWAs n/a 2.5%
Countercyclical Buffer n/a 0% to 2.5%
Leverage Ratio n/a 3%
Liquidity Coverage Ratio * n/a 100%
Net Stable Funding Ratio * n/a 100%
* The ratio to be differently defined across regulators and timelines
79
Overview of Basel III
Transition period of compliance to Basel III
80
OVERVIEW OF RISK MANAGEMENT
CORPORATE GOVERNANCE AND RISK MANAGEMENT
AN INTRODUCTION TO KEY RISKS IN BANKING INSTITUTIONS
INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT
FINANCIAL FAILURES AND LESSONS LEARNT
FINANCIAL CRISIS OF 2007 - 2008
RISK APPETITE FRAMEWORK
OVERVIEW OF BASEL II / III
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
81
A typical bank’s Internal Capital Adequacy Assessment Process(ICAAP) must exhaustively estimate capital required for risks notsufficiently covered or not included under Pillar I
A typical bank’s ICAAP must meet the following objectives:
• Exhaustively identifies and measures all material risks in the bank’sbusiness and the assessment of capital required to support these risks.
• Risk-based and forward-looking
• Integrated into the management process and decision-making culture ofthe bank
• Ability to determine the overall level of capital and the assessmentsupporting such outcome
Internal Capital Adequacy Assessment Process
82
Process flow of ICAAP
Banks are required to put in place an internal process to assess its own capital adequacy.
Board & Senior Management
Oversight
Exhaustive Assessment of
Risks
Sound Capital Assessment
Monitoring and Reporting
Review of ICAAP
Approval of all risk policies
Setting of Risk Appetite Statement
Assess all material risks and required additional capital against such risks
Assess the impact on capital arising from stress events
Assess capital adequacy to support growth
Capital plan and action for capital raising
Ensure that a bank is able to meet minimum capital requirements to operate as a going concern even under stress conditions
Independent review of the implementation of ICAAP
Internal Capital Adequacy Assessment Process
83
Capital Demand and Capital Availability
ICAAP requires a bank to ensure that it has adequate capital to support allits risks in both current and in the future.
This requires banks to determine their DEMAND and SUPPLY of Capital
The ICAAP Operating Framework implemented provides the processes tosystematically identify the bank’s Demand for and availability of capital.
CAPITAL DEMAND
Capital requirements for current Pillar I and Pillar II risk items
Additional Capital to support planned future business growth
Risk appetite and target credit ratings – required capital buffer
CAPITAL AVAILABILITY
Availability of current financial resources
Retained earnings from future P/L
Possible actions to make available previously committed capital
Ability to tap external sources for capital
Internal Capital Adequacy Assessment Process
84
Key Elements under ICAAP
The ICAAP Operating Framework is based on Basel II requirements and best practicesadopted by banks for ICAAP / Capital Management and comprises four key components
Bank Governance at Board & Senior Management Level
Assessment of Capital Demand and Supply
Calibrating Capital Adequacy
Capital Management
Capital Management Policy
Risk Appetite Setting
Business Strategic Planning
Point-in-time Capital Assessment
Core capital, add-on capital
Capital Projection & Forecasting
Availability of Capital
Financial resources
Capital Adequacy Assessment
Capital Planning Capital Allocation
Internal Capital Adequacy Assessment Process
85
Assessment of Capital Demand
Internal Capital Adequacy Assessment Process
CAPITAL DEMAND
Capital Conservation Buffer
Capital Conservation Buffer
Countercyclical Capital Buffer
Increase in Capital Demand under Stress
Events
Pillar 2 Risks(Credit Con. Risk, IRRBB,
Liquidity, Reputation, Legal, Compliance, etc.)
Operational Risk
Market Risk
Credit Risk
Re
gulato
ry Cap
ital R
eq
uire
men
t
Pill
ar 1
+ P
illar
2C
apit
al R
eq
uir
em
en
tsB
ase
l III
R
eq
uir
em
en
t
CAPITAL SUPPLY
Tier 1Common
Equity
Tier 2 Capital
Tier 1Others
Ban
k’s
Re
gula
tory
C
apit
al P
osi
tio
n
Any availability of
financial resources?
Any stress loss
adjustment?
Any Solvency Capital
Adjustment?
86
Risk Materiality Assessment Guidelines
Internal Capital Adequacy Assessment Process
These risk areas are considered materialdue to their criticality and pervasivenessin the bank’s business operations:
All Pillar 1 Risks:
Credit Risk Market Risk Operational Risk
Pillar 2 risk areas:
IRRBB Liquidity Risk Credit Concentration Risk
Reputation Risk
Legal and Compliance Risk
Strategic Risk
For other surging risk areas, a bankshould determine their materiality riskat the episode of Risk Identification:
Is there a plausible scenario in which therisk may result in a negative impact of 5%or more on the bank’s P/L?
Is there a plausible scenario in which therisk may result in critically negativeimpact on the bank’s reputation?
Is there a plausible scenario in which therisk may result in significant customerattrition of more than 10%?
Qualitative Assessment by risk typeowner, in consultation with risk managers/ advisors and business support units?
Material risks that can be quantified
87
Stress Test Impact on Capital Demand and Supply
Internal Capital Adequacy Assessment Process
Increase in Capital Demand Decrease in Capital Supply
Credit Risk Stress Test
Increase in RWA will increaseCapital Requirement for up to 2-3years more.
Credit Risk Stress Test
Credit Risk Stress losses deductedfrom Capital Supply
Market Risk Stress Test
Market Risk Stress losses deductedfrom Capital Supply
Interest Rate Risk in Banking Book
IRRBB stress losses from EVEsimulation deducted from CapitalSupply
Example:
CR Stress Test RWA: $10 MilCR Stress Test Loss: $2 MilMR Stress Test Loss: $0.5 MilIRRBB Stress Test Loss: $1 Mil
88
Stress Testing Methodology
Internal Capital Adequacy Assessment ProcessO
vera
ll M
eth
od
olo
gyEv
en
ts
Multiple possible scenarios with different combination of political/ natural / macro-economic events
Stress is assumed to hit during a time span and peaks over a timepoint before easing off by end of another time point
Appropriate level of stressing on Growth, Yield, Cost of Risk,Expense at both portfolio and product level
Summarization of P/L and Balance Sheet impact for each scenario
Global Events
Local Events
QE tapering by US Fed going to impact every economy around the world Brent price hike in global market Pandemic impacting multiple geographies
• Strong currencies (USD, EUR) appreciation leading to pressure on SME sector• Reform in banking industry with the advent of tough government policies• Conflict ties across countries (i.e. India-Pakistan, China-Japan, etc.)• Pricing cap by regulators impacting on P/L• Exclamities – flood, earthquake, nuclear factories, etc.
89
Stress Testing Framework and Process
Internal Capital Adequacy Assessment Process
Events Identification
Scenario Description
Macro Factors Portfolio ImpactFinalize
Stress Test Report
1. Global Recession
2. Country Rating Downgrade
3. Brexit
4. Natural Disaster
5. Cyber Attack
6. Pandemic
Preparation of stress scenarios for each event identified and extent of economic impact on each risk factor.
1. S0 – Base2. S1 – Mild3. S2 – Moderate
4. S3 – Severe
1. GDP
2. Inflation (CPI)
3. Interest Rate
4. Property Price
5. Unemployment
6. FDI
7. Stock market
8. Government Revenue
9. Currency stability
10. Oil Price
11. Deposit Run
12. Credit crunch
1. Impact on Credit Risk• Consumer
Lending – by programs
• Business Lending – by economic sectors
2. Market & Liquidity Risk Impact• Interest rate• Price risk
3. Operational Risk Impact
1. Run stress test impact on earnings, asset quality and capital for S1, S2, and S3.
2. Report review and acceptance
3. BOD approval
90
Internal Assumptions for Stress Testing
Internal Capital Adequacy Assessment Process
Severity impact of macroeconomic factors on the impaired loans for each product / industrysector under stress condition is delivered using the following NPL Multiplier (benchmark).
Stress NPL impact on vulnerable segments and Large Borrowers is derived using the same NPLmultiplier above plus add-on factor, i.e. 10% add-on for Large Borrowers and 20% add-on forvulnerable segments.
Stress LGD is derived from Consumer Banking and SME Banking’s actual LGD:
91
Understanding the difference between Corporate Governance andRisk Management
Recognizing specific risks in banking environment
Be aware of a standard risk management framework
Recognizing COSO framework on Internal Control and EnterpriseRisk Management
Understanding financial failures with lessons learnt
Understanding financial crisis during 2007 to 2008
Recognizing a standard risk appetite framework
Recognizing requirements under Basel II/III
Understanding ICAAP and Stress Testing
Overview of Risk Management: Wrap-up
92
Q & A
OVERVIEW OF LIQUIDITY RISK MANAGEMENT
KEY PRINCIPLES OF LIQUIDITY RISK MANAGEMENT
LIQUIDITY RISK MEASUREMENT
LIQUIDITY RISK LIMITS AND RISK REPORTS
LIQUIDITY STRESS TESTING
CONTINGENCY FUNDING PLAN
94
95
Definition
Liquidity is the ability of a bank to fund increases in assets and meet obligationsas they come due, without incurring unacceptable losses. The fundamental roleof banks in the maturity transformation of short-term deposits into long-termloans makes banks inherently vulnerable to liquidity risk, both of an institution-specific nature and that which affects markets as a whole. Virtually everyfinancial transaction or commitment has implications for a bank’s liquidity.
Effective liquidity risk management helps ensure a bank's ability to meet cashflow obligations, which are uncertain as they are affected by external events andother agents' behavior. Liquidity risk management is of paramount importancebecause a liquidity shortfall at a single institution can have system-widerepercussions. Financial market developments in the past decade haveincreased the complexity of liquidity risk and its management.
Management Principles of Liquidity Risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)
96
Principle 1
A bank is responsible for the sound management of liquidity risk. A bank shouldestablish a robust liquidity risk management framework that ensures itmaintains sufficient liquidity, including a cushion of unencumbered, high qualityliquid assets, to withstand a range of stress events, including those involving theloss or impairment of both unsecured and secured funding sources. Supervisorsshould assess the adequacy of both a bank's liquidity risk managementframework and its liquidity position and should take prompt action if a bank isdeficient in either area in order to protect depositors and to limit potentialdamage to the financial system.
Management Principles of Liquidity Risk
Fundamental principle for the management and supervision ofliquidity risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)
97
Principle 2
A bank should clearly articulate a liquidity risk tolerance that is appropriate for its businessstrategy and its role in the financial system.
Principle 3
Senior management should develop a strategy, policies and practices to manage liquidity risk inaccordance with the risk tolerance and to ensure that the bank maintains sufficient liquidity.Senior management should continuously review information on the bank’s liquiditydevelopments and report to the board of directors on a regular basis. A bank’s board ofdirectors should review and approve the strategy, policies and practices related to themanagement of liquidity at least annually and ensure that senior management managesliquidity risk effectively.
Principle 4
A bank should incorporate liquidity costs, benefits and risks in the internal pricing, performancemeasurement and new product approval process for all significant business activities (both on-and off-balance sheet), thereby aligning the risk-taking incentives of individual business lineswith the liquidity risk exposures their activities create for the bank as a whole.
Management Principles of Liquidity Risk
Governance of liquidity risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)
98
Principle 5
A bank should have a sound process for identifying, measuring, monitoring and controllingliquidity risk. This process should include a robust framework for comprehensivelyprojecting cash flows arising from assets, liabilities and off-balance sheet items over anappropriate set of time horizons.
Principle 6
A bank should actively monitor and control liquidity risk exposures and funding needswithin and across legal entities, business lines and currencies, taking into account legal,regulatory and operational limitations to the transferability of liquidity.
Principle 7
A bank should establish a funding strategy that provides effective diversification in the sourcesand tenor of funding. It should maintain an ongoing presence in its chosen funding markets andstrong relationships with funds providers to promote effective diversification of funding sources.A bank should regularly gauge its capacity to raise funds quickly from each source. It shouldidentify the main factors that affect its ability to raise funds and monitor those factors closely toensure that estimates of fund raising capacity remain valid.
Management Principles of Liquidity Risk
Measurement and Management of Liquidity Risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)
99
Principle 8
A bank should actively manage its intraday liquidity positions and risks to meet paymentand settlement obligations on a timely basis under both normal and stressed conditionsand thus contribute to the smooth functioning of payment and settlement systems.
Principle 9
A bank should actively manage its collateral positions, differentiating betweenencumbered and unencumbered assets. A bank should monitor the legal entity andphysical location where collateral is held and how it may be mobilised in a timely manner.
Principle 10
A bank should conduct stress tests on a regular basis for a variety of short-term andprotracted institution-specific and market-wide stress scenarios (individually and incombination) to identify sources of potential liquidity strain and to ensure that currentexposures remain in accordance with a bank’s established liquidity risk tolerance. A bankshould use stress test outcomes to adjust its liquidity risk management strategies, policies,and positions and to develop effective contingency plans.
Management Principles of Liquidity Risk
Measurement and Management of Liquidity Risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)
100
Principle 11
A bank should have a formal contingency funding plan (CFP) that clearly sets out thestrategies for addressing liquidity shortfalls in emergency situations. A CFP should outlinepolicies to manage a range of stress environments, establish clear lines of responsibility,include clear invocation and escalation procedures and be regularly tested and updated toensure that it is operationally robust.
Principle 12
A bank should maintain a cushion of unencumbered, high quality liquid assets to be heldas insurance against a range of liquidity stress scenarios, including those that involve theloss or impairment of unsecured and typically available secured funding sources. Thereshould be no legal, regulatory or operational impediment to using these assets to obtainfunding.
◦ The principle 13 talks about public disclosure and principle 14 to 17 talks about the role ofsupervisors.
Management Principles of Liquidity Risk
Measurement and Management of Liquidity Risk
Source: Principles for sound liquidity risk management and supervision (BCBS, Sep 2008)
OVERVIEW OF LIQUIDITY RISK MANAGEMENT
KEY PRINCIPLES OF LIQUIDITY RISK MANAGEMENT
LIQUIDITY RISK MEASUREMENT
LIQUIDITY RISK LIMITS AND RISK REPORTS
LIQUIDITY STRESS TESTING
CONTINGENCY FUNDING PLAN
101
102
Purpose
It’s critical for a bank to establish an appropriate set of liquidity risk measures (or liquidityratios) so as to facilitate the bank in monitoring and controlling liquidity risk. The mainpurpose of liquidity risk measures is to enable the entity to capture various aspects ofliquidity risk, such as deposit concentration, level of highly liquid financial assets andamount of undrawn commitments.
Key Liquidity Ratios
• Liquidity Ratio – defined as the ratio of total liquid assets to total short term (less than 1year) liabilities.
• Loan to Deposit Ratio – defined as the ratio of of total non-bank loans to the total 3rd
party deposits, but excluding interbank deposits.
• CASA to Total Deposit Ratio – defined as the ratio of the total current and savingsaccount deposits to total deposits.
• Interbank Deposit to Total Liabilities Ratio – defined as the ratio of the short terminterbank deposits to total liabilities.
Measurement of Liquidity Risk
103
Other Liquidity Ratios to Consider
• Core Deposit Ratio
• Secondary Reserve Ratio
• Head Office Excess Cash Reserve Ratio
• Large Fund Provider / Total Deposits Ratio
• Total Undrawn Commitments
• Maximum Cash Outflow (MCO) Limits
Cash-flow Modelling
Cash flow profiling under different operating conditions is a useful approach formanaging liquidity risk. Under this approach, a bank should put in place appropriatesystem and procedures to achieve the following objectives:
◦ To monitor on a daily basis the net funding requirements under normal businessconditions.
◦ To conduct at least monthly cash flow analyses based on stress scenarios.
Measurement of Liquidity Risk
OVERVIEW OF LIQUIDITY RISK MANAGEMENT
KEY PRINCIPLES OF LIQUIDITY RISK MANAGEMENT
LIQUIDITY RISK MEASUREMENT
LIQUIDITY RISK LIMITS AND RISK REPORTS
LIQUIDITY STRESS TESTING
CONTINGENCY FUNDING PLAN
104
105
Liquidity Risk Limits and Reports
Limit Purpose
Liquidity Ratio Limits To facilitate in monitoring the extent to which it can liquidate assets to cover short-term liabilities.
Loan-to-Deposit Ratio LimitsTo facilitate in monitoring the extent of its reliance on external funding sources as compared with
non-bank deposits.
Wholesale Deposits Ratio Limits To facilitate in monitoring deposit concentration with respect to non-retail and non-bank deposits.
Liquidity Gap Ratio Limits To facilitate in monitoring its contractual cumulative cash-flow over the next 90 days.
Core Deposit Ratio Limits To facilitate in monitoring the stability of its deposit base.
Secondary Reserves Ratio LimitsTo monitor whether a bank maintains sufficient amount of highly liquid assets as secondary
reserves.
Head Office Excess Cash Reserve
Ratio Limits
To ensure that on a bank-wide basis, a bank maintains sufficient cash in the clearing accounts for
daily clearing.
Large Fund Provider / Total Deposits
Ratio Limits
To facilitate in monitoring the stability and reliance on external funding sources as compared to
total deposit base.
Interbank Deposit Ratio Limits To facilitate in monitoring its deposit concentration with respect to interbank deposits.
Total Undrawn Commitment Limits To facilitate in monitoring the total undrawn commitments granted to its customers.
Maximum Cash Outflow (“MCO”)
Limits
To facilitate in monitoring the potential cash outflows projected by the behavioral cash flow
models over the next business day and next week and under the business-as-usual conditions.
A set of MCO limits should be imposed for each major currency in which a bank operates in. a
separate set of MCO limits should also be imposed for stress testing purposes (see below).
Stress MCO Limits
These limits are used to facilitate in monitoring the potential cash outflows projected by the
behavioral cash flow models over the next 5 business days under stressful conditions.
A set of MCO limits shall be imposed for each major currency in which a bank operates in.
106
Liquidity Risk Limits and Reports
A Sample of Structural Liquidity Flow
107
Liquidity Risk Limits and Reports
A Sample of Liquidity Coverage Ratio Report
OVERVIEW OF LIQUIDITY RISK MANAGEMENT
KEY PRINCIPLES OF LIQUIDITY RISK MANAGEMENT
LIQUIDITY RISK MEASUREMENT
LIQUIDITY RISK LIMITS AND RISK REPORTS
LIQUIDITY STRESS TESTING
CONTINGENCY FUNDING PLAN
108
109
Liquidity Stress Testing
Required under ALM Policy on Funding & Liquidity RiskManagement
Ensure sufficient diversified funding sources
Liquidity Stress Testing should include key liquidity metrics:
Liquidity Ratios
Loans to Deposits
Bank Policy Metrics
Liquidity Coverage Ratio (LCR)
Net Stable Funding Ratio (NSFR)
110
Liquidity Stress Testing
Contractual and modeled Cash Flows
Scenario Analysis
aggregationCash Flow Profile of Assets
Liability Roll-over Vectors
Liquidity Gap
Asset Liquidation and Counterbalancing
Net Liquidity Position resulting from Scenario
parameterization
+
=
+
=
OVERVIEW OF LIQUIDITY RISK MANAGEMENT
KEY PRINCIPLES OF LIQUIDITY RISK MANAGEMENT
LIQUIDITY RISK MEASUREMENT
LIQUIDITY RISK LIMITS AND RISK REPORTS
LIQUIDITY STRESS TESTING
CONTINGENCY FUNDING PLAN
111
112
Contingency Funding Plan
The liquidity contingency plan mentions alternative funding sources ifcurrent projections of funding sources and uses are not correct.
The contingency plan will act as the bridge between the actual liquidity thatis being held by a bank and the maximum that would be needed in the eventof a run on liquidity.
The plan will address:
• Identifying and developing potential funding sources
• Setting up plans for assigning responsibilities under various definedhypothetical liquidity situations.
• Predefining triggers that would initiate liquidity management andremedial action plans.
113
Contingency Funding Plan
SCOPE
The scope of Contingency Funding Plan (CFP) is to build an action plan totackle stressed conditions of liquidity due to some factors from the marketimpacting on a bank.
Funding sources used to solve stressed liquidity will be referenced toLiquidity Policy Manual of a bank.
PURPOSE
The purpose is to come up with a well-organized action plan to be able tocontrol a liquidity contingency efficiently and effectively.
Identifying events resulting in a liquidity contingency and coming up withpromptly corrective actions to control the liquidity situation.
114
Contingency Funding Plan
EARLY WARNINGS
It is very important to identify of early warnings of a liquidity contingency tobe able to come up with actions in place. A bank needs to look at followingwarning signals in order to take promptly corrective actions:
• Some liquidity indicators lie on management action triggers.
• There is a general liquidity stress in the market.
• Some rumors on the market that not certified.
• Hardship in making loan disbursements.
• Hardship in finding funding sources.
• Damage or robbery occurred at HO or one of branches of a bank.
• Any liquidity problem happened with another bank/MFI in the market.
• Reports of cash deficiency at branches.
115
Contingency Funding Plan
TRIGGER EVENTS
Some following events maybe trigger for a liquidity crisis:
- Depositors are queuing for a long row at one or some branches or at ATMmachines for withdrawals.
- Many calls from VIP customers or even from central bank requesting toknow the current status of a bank.
- Some journalists want to meet top managers of a bank for someenquiries relating to the current status of a bank.
- Many depositors are earlier withdrawing their deposits.
- Many VIP customers request to withdraw cash with their FD accountsabnormally.
- Many customers keep withdrawing all or very little of their balances.
116
Contingency Funding Plan
MAIN ACTIVITIES
The CFP will include but not limited to following main activities:
• Forming a management team to face with the liquidity crisis in whichresponsibilities and functions need to be clearly defined;
• Roles and responsibilities of relevant departments in case of a liquidity crisis;
• Indicators for early warnings to find out potential liquidity risk;
• The list and plan of liquid assets that are available for sale or hypothecation tobe able to convert into cash when necessary;
• The list, classification, orders of funding sources in case of a liquidity crisis inwhich includes financial institutions, individuals, big corporations withestimated deposits to be mobilized as well as the strategy to remain therelationship according to the importance and scope;
• Funding sources mobilized from central bank through OMO;
• Plan for assets and liabilities in case of a liquidity crisis;
• Plan for internal and external communication when a liquidity crisis exists;
117
Contingency Funding Plan
Liquidity Funding Plan
Review AFS marketable securities, reliability and ability to liquidate or makeREPOs with central bank under a liquidity crisis.
Review the structure of other assets as well as the liquidity degree of them.
Review other available sources of funds on money market and capital market.
Money Market
• Term deposits.
• Repos.
• Swap.
NBC• Repos T-Notes with central bank.• Any bailouts with some assets to be discounted.
Vault Cash
118
Contingency Funding Plan
Reporting
• Daily MCO Report & Unencumbered assets Report.
• Maturity Mismatch Report with local currency and FCY.
• Duration Gap Report on the balance sheet.
• Daily MCO Report in details with products impacted by the contingency.
• Report on reserve requirements on both local currency and FCY.
• Report on FX position.
• Report on forecast of depositors’ behaviors.
Funding Sources
• Review all external funding sources including interbank lines.
• Review the capital structure and adjust the durations of assets andliabilities components.
• Call for funds from FX markets.
• Contact with potential partners in funding the bank.
OVERVIEW OF INTEREST RATE RISK MANAGEMENT IN BANKING BOOK
KEY PRINCIPLES OF INTEREST RATE RISK MANAGEMENT INBANKING BOOK
INTEREST RATE RISK MEASUREMENT IN BANKING BOOK
INTEREST RATE RISK LIMITS AND REPORTS
INTEREST RATE RISK STRESS TESTING
119
Management Principles of Interest Rate Risk in Banking Book (IRRBB)
120
DefinitionInterest rate risk is a bank’s exposure to adverse movements in interest rates.Interest rate risk in the banking book (IRRBB) more specifically refers to thecurrent or prospective risk to the bank’s capital and earnings arising from adversemovements in interest rates that affect the institution’s banking book positions.When interest rates change, the present value and timing of future cash flowschange. This in turn changes the underlying value of a bank’s assets, liabilities andoff-balance sheet instruments and hence its economic value (EV).
Banking and supervisory practicesAccording to a survey of supervisory and regulatory practices with respect toIRRBB among member jurisdictions of the Committee, most jurisdictions employa Pillar 2 approach based on an economic value (EV) or economic value of equity(EVE) 10 measure, together with some version of Pillar 3 or other disclosurestandard. IRRBB frameworks in these jurisdictions are typically applied to all legalentities.
Source: Interest Rate Risk in the Banking Book (BCBS, Jun 2015)
Management Principles of Interest Rate Risk in Banking Book (IRRBB)
121
Principle 1IRRBB is an important risk for all banks that should be specifically identified,measured, monitored and controlled.
Principle 2The board of directors of each bank is responsible for oversight of the IRRBB riskmanagement framework, and for agreeing the bank’s risk appetite for IRRBB.Directors should collectively have adequate knowledge and understanding ofIRRBB for this task. Monitoring and management of IRRBB may be delegated bythe board to appropriate expert individuals or groups/committees.
Principle 3The risk appetite of a bank for IRRBB should be calibrated in terms of both riskeconomic value and risk to earnings. Risk appetite should be expressed thoughappropriate policy limits and internal controls.
Source: Interest Rate Risk in the Banking Book (BCBS, Jun 2015)
Management Principles of Interest Rate Risk in Banking Book (IRRBB)
122
Principle 4Measurement of IRRBB should be based on outcomes for both economic valueand earnings arising from a wide and appropriate range of interest rate shockscenarios (including stress scenarios) that result in changes to interest ratesacross the term structure.
Principle 5In measuring IRRBB, key behavioral and strategic assumptions should be fullyunderstood, conceptually sound and documented. Such assumptions should berigorously tested and should be aligned with the corporate plan. Assumptionsshould not be adjusted sole to take account of expectations for changes ininterest rates.
Principle 6Measurement systems and models used for IRRBB should be based on completeand accurate data, and subject to appropriate documentation, testing andcontrols to give assurance on the accuracy of calculations. Models used tomeasure IRRBB should be comprehensive and covered by strong internalvalidation process.
Source: Interest Rate Risk in the Banking Book (BCBS, Jun 2015)
Management Principles of Interest Rate Risk in Banking Book (IRRBB)
123
Principle 7Measurement outcomes of IRRBB levels and hedging strategies should bereported to management and the board on a regular basis, at relevant levels ofaggregation (by consolidation level and currency)
Principle 8Information on IRRBB positions and limits should be reported to supervisorswhen requested and public disclosure should be made on a regular basis
Principle 9Internal capital should be specifically allocated to IRRBB as approved by theboard, in line with the agreed risk appetite.
Source: Interest Rate Risk in the Banking Book (BCBS, Jun 2015)
OVERVIEW OF INTEREST RATE RISK MANAGEMENT IN BANKING BOOK
KEY PRINCIPLES OF INTEREST RATE RISK MANAGEMENT INBANKING BOOK
INTEREST RATE RISK MEASUREMENT IN BANKING BOOK
INTEREST RATE RISK LIMITS AND REPORTS
INTEREST RATE RISK STRESS TESTING
124
Measurement of Interest Rate Risk in Banking Book (IRRBB)
125
• The purposes of measuring IRRBB▫ establish the amount of economic capital to be held against such risks
▫ how to reduce the risks by buying or selling interest-rate-sensitiveinstruments
• Although ALM risk is a form of market risk, it cannot be effectively measured using the trading- VaR framework
• This VaR framework is inadequate for two reasons.▫ first, the ALM cash flows are complex functions of customer behavior.
▫ second, interest-rate movements over long time horizons are not wellmodeled by the simple assumptions used for VaR.
Measurement of Interest Rate Risk in Banking Book (IRRBB)
126
• Banks use three alternative approaches to measure ALM interest-raterisk, as listed below:
▫ Gap reports
▫ Rate-shift scenarios
▫ Simulation methods similar to Monte Carlo VaR
• GAP REPORTS
▫ The “gap” is the difference between the cash flows from assets andliabilities
▫ Gap reports are useful because they are relatively easy to create
▫ This measure is only approximate because gap reports do not includeinformation on the way customers exercise their implicit options indifferent interest environments
▫ There are three types of gap reports: contractual maturity, re-pricingfrequency, and effective maturity.
Measurement of Interest Rate Risk in Banking Book (IRRBB)
127
• Contractual-Maturity Gap Reports
▫ A contractual-maturity gap report indicates when cash flows arecontracted to be paid for liabilities, it is the time when payments wouldbe due from the bank, assuming that customers did not roll over theiraccounts.
▫ For example, the contractual maturity for checking accounts is zerobecause customers have the right to withdraw their funds immediately.
▫ The contractual maturity for a portfolio of three-month certificates ofdeposit would (on average) be a ladder of equal payments from zero tothree months.
▫ The contractual maturity for assets may or may not includeassumptions about prepayments. In the most simple reports, allpayments are assumed to occur on the last day of the contract.
Measurement of Interest Rate Risk in Banking Book (IRRBB)
128
• Re-pricing Gap Reports
▫ Re-pricing refers to when and how the interest payments will be reset
• Effective-Maturity Gap Reports
▫ Although the re-pricing report includes the effect of interest-ratechanges, it does not include the effects of customer behavior.
▫ This additional interest-rate risk is captured by showing the effectivematurity.
▫ For example, the effective maturity for a mortgage includes the expectedprepayments, and may include an adjustment to approximate the riskarising from the response of prepayments to changes in interest rates.
▫ Gap reports give an intuitive view of the balance sheet, but theyrepresent the instruments as fixed cash flows, and therefore do not allowany analysis of the nonlinearity of the value of the customers' options. Tocapture this nonlinear risk requires approaches that allow cash flows tochange as a function of rates.
Measurement of Interest Rate Risk in Banking Book (IRRBB)
129
• Estimating Economic Capital Based on Gap Reports
OVERVIEW OF INTEREST RATE RISK MANAGEMENT IN BANKING BOOK
KEY PRINCIPLES OF INTEREST RATE RISK MANAGEMENT INBANKING BOOK
INTEREST RATE RISK MEASUREMENT IN BANKING BOOK
INTEREST RATE RISK LIMITS AND REPORTS
INTEREST RATE RISK STRESS TESTING
130
131
IRRBB Limits and Reports
Position Limits. Any position limit imposed should be consistently monitored on a
daily basis against its applicable set of positions.
Re-pricing Gap Limits. Re-pricing gap limits, by tenor bucket, should be monitored
against the net re-pricing gap observed in each re-pricing bucket as measured in the
static re-pricing gap analysis.
Interest Rate PV01 Limits. This measures the maximum change in value as a result of a
basis point change in interest rate. It provides the most specific measure of
diminution in value due to interest rate risk. The entity should apply different levels of
interest rate shocks and set specific PV01 limits for its portfolios.
NII and EVE Limits
NII limit should be compared against the largest drop in NII estimated in the dynamic NII
simulation under various interest rate scenarios.
EVE limit should be compared against the largest drop in EVE estimated in the static EVE
simulation under various interest rate scenarios.
NII stress limit should be compared against the largest drop in NII estimated in the NII stress
testing under various interest rate stress scenarios.
132
IRRBB Limits and Reports
The data as at 31-Dec-20XX (equivalents in USD Million) (based on residual tenors)
Maturity / Re-pricing < 1M 1M-3M >3M-6M >6M-9M >9M-12M >1Y-2Y >2Y-3Y >3Y
RATE-SENSITIVE ASSETS (RSA)
Cash on hand 10,089 - - - - - - -
Balances with the NBC 60,834 2,500 - - - - - -
Balances with other banks 63,244 4,050 200 - - - - -
Loans and advances 122 200 730 1,487 2,438 21,087 42,751 177,321
Total RSA 154,290 6,750 930 1,487 2,438 21,087 42,751 177,321
RATE-SENSITIVE LIABILITIES (RSL)
Deposits from non-individuals 17,275 24,674 12,026 7,143 14,583 - - -
Deposits from individuals 44,420 43,803 48,657 58,329 46,041 21,324 2 2
Borrowings - - - - 10,000 - 6,000 -
Total RSL 61,695 68,477 60,683 65,472 70,624 21,324 6,002 2
Dollar Gap 72,595 -61,727 -59,753 -63,986 -68,186 -237 36,749 177,319
Dollar Gap Cum. 72,595 10,868 -48,885 -112,871 -181,057 -181,293 -144,544 32,774
Interest Sensitivity Ratio 2.2 0.1 0.0 0.0 0.0 1.0 7.1
Dollar Gap % Liabilities 20.5% -17.4% -16.9% -18.1% -19.2% -0.1% 10.4% 50.1%
Dollar Gap % Assets 16.7% -14.2% -13.7% -15.7% -0.1% 8.4% 11.1% 18.7%
133
IRRBB Limits and Reports
The data as at 31-Dec-20XX (equivalents in USD Million)
Maturity / Re-pricing Date USD KHR THB Total
RATE-SENSITIVE ASSETS (RSA)
Cash on hand 9,367 551 171 10,089
Cash in banks 168,274 2,300 195 170,769
Loans and advances 242,763 5,823 6,076 254,662
Total RSA 420,404 8,673 6,443 435,520
RATE-SENSITIVE LIABILITIES (RSL)
Deposits from non-individuals 64,718 6,314 4,669 75,701
Deposits from individuals 261,622 533 424 262,579
Borrowings 16,000 - - 16,000
Total RSL 342,341 6,847 5,093 354,280
FX Gap Position 78,063 1,826 1,350 81,239
FX Gap Position % Assets 17.9% 0.4% 0.3% 18.7%
OVERVIEW OF INTEREST RATE RISK MANAGEMENT IN BANKING BOOK
KEY PRINCIPLES OF INTEREST RATE RISK MANAGEMENT INBANKING BOOK
INTEREST RATE RISK MEASUREMENT IN BANKING BOOK
INTEREST RATE RISK LIMITS AND REPORTS
INTEREST RATE RISK STRESS TESTING
134
IRRBB Stress Testing
135
• Rate-shift scenarios attempt to capture the nonlinear behavior ofcustomers.
• A common scenario test is to shift all rates up by 1%. After shiftingthe rates, the cash flows are changed according to the behaviorexpected in the new environment
• For example, mortgage prepayments may increase, some of thechecking and savings accounts may be withdrawn, and the primerate may increase after a delay.
• The NPV of this new set of cash flows is then calculated using thenew rates.
136
• As an example, let us consider a bank with $90 million in savingsaccounts and $100 million in fixed-rate mortgages. Assume that thecurrent interbank rate is 5%, the savings accounts pay 2%, and themortgages pay 10%. The expected net income over the next year is $8.2million:
Interest Income = 10% x $100M - 2% x $90M = $8.2M
• If interbank rates move up by 1 %, assume that savings customers willexpect to be paid an extra 25 basis points, and 10% of them will movefrom savings accounts to money-market accounts paying 5%. Nothingwill happen to the mortgages. In this case the expected income fallsslightly to $7.5 million:
Interest Income = 10% x $100M - 2.25% x $81M - 5% x $9M = $7.5M
• Now assume that interbank rates fall by 1 %. Savings customers areexpected to be satisfied with 25 basis points less, but 10% of themortgages are expected to prepay and refinance at 9%. The expectedincome in these circumstances is $8.3 million:
Interest Income = 10% x $90M + 9% x $10M - 1.75% x $90M = $8.3M
IRRBB Stress Testing
137
IRRBB Stress Testing
• The example above shows the nonlinear change of income. We can extend this toshow changes over several years. By discounting these changes, we can get ameasure of the change in value.
• An approximate estimate of the economic capital can be obtained by assumingthat rates shift up or down equal to three times their annual standard deviation,and then calculating the cash flows and value changes in that scenario. Theeconomic capital is then estimated as the worst loss from either the up or downshifts.
• The rate-shift scenarios are useful in giving a measure of the changes in value andincome caused by implicit options, but they can miss losses caused by complexchanges in interest rates such as a shift up at one time followed by a fall. Tocapture such effects properly we need a simulation engine that assesses valuechanges in many scenarios.
• The purpose of using simulation methods is to test the nonlinear effects withmany complex rate scenarios and obtain a probabilistic measure of the economiccapital to be held against ALM interest-rate risks.
• Monte Carlo simulation can use the same behavior models as the rate-shiftscenarios. The difference is that in a simulation, the scenarios are complex, time-varying interest-rate paths rather than simple yield-curve shifts.
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
138
Definition of Operational Risk
Current Basel II definition is “the risk of loss resulting frominadequate or failed internal processes, people and systemsor from external events”
Includes both internal and external event risk
Legal risk is also included, but strategic, reputational and systemicrisks are not
Direct losses are included, but indirect losses (opportunity costs) andnear misses are not
Key Principles of Operational Risk Management
139
Drivers of Operational Risk
Internal ProcessLosses that have incurred due to a deficiency in an existing procedure, absenceof a procedure or failure to follow any existing procedure.
PeopleThe risk that people do not follow the organization's policies, procedures orestablished practices or are not adequately trained to carry out their duties,resulting in errors, omissions.
SystemsRisks relating to systems are: system availability, virus attacks, data corruption,data integrity, confidential client information compromised etc.
External EventsExternal fraud, natural disaster, terrorist attacks etc.
Key Principles of Operational Risk Management
140
Key Principles of Operational Risk Management
Source: Principles for the Sound Management of Operational Risk (BCBS, Jun 2011)141
Key Principles of Operational Risk Management
Source: Principles for the Sound Management of Operational Risk (BCBS, Jun 2011)
142
Key Principles of Operational Risk Management
Source: Principles for the Sound Management of Operational Risk (BCBS, Jun 2011)143
Key Principles of Operational Risk Management
144
A Sample of Operational Risk Heatmap
145
Key Principles of Operational Risk Management
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
146
Operational Risk
Identification of Risk Events
• Assessment and evaluation
• Scenario analysis
• Questionnaires
Insurance
Business Continuity Planning
Control Self-Assessment
Operational Risk Capital Calculation
Risk Assessment Tools in Flow
Risk Assessment Tools
147
Operational Risk
Control Activities
• CSA process
• Review control weaknesses
• Track actions
• Link control evidence to risks
• Review incidents as evidence of control failures
Insurance
Business Continuity Planning
Control Self-Assessment
Operational Risk Capital Calculation
Risk Assessment Tools in Flow
Risk Assessment Tools
148
Operational Risk
Mitigation of Operational Risks
• Crisis Management Team & Plan
• Incident Management Teams
• Crisis Management Centre
• Work-Area Recovery
• Disaster Recovery strategy
Insurance
Business Continuity Planning
Control Self-Assessment
Operational Risk Capital Calculation
Risk Assessment Tools in Flow
Risk Assessment Tools
149
Operational Risk
Risk Transfer
• Placement
• Claims Handling
• Specific perils e.g. Buildings/Contents, Business Interruption Insurance, Transit Insurance, Fidelity Insurance
• Advice & Guidance
Insurance
Business Continuity Planning
Control Self-Assessment
Operational Risk Capital Calculation
Risk Assessment Tools in Flow
Risk Assessment Tools
150
Operational Risk
Capital Charge Calculation
• Apply specific methods for calculations
• Planning
Insurance
Business Continuity Planning
Control Self-Assessment
Operational Risk Capital Calculation
Risk Assessment Tools in Flow
Risk Assessment Tools
151
Purpose
Vision
5-Year Strategic Plan
Strategy
Core Processes
Critical Systems
Colleagues
External Eventsi.e. Calamities,
Terrorism
Change agenda
Bottom-up Operational Risk
Profile
Scenarios
Top-down Operational Risk
Profile
Facilities
Operational Risk Capital
Operational Risk Appetite
Business Continuity
Incident & Near-Miss Reporting
Resilience
Work-Area Recovery
Disaster Recovery
Incident & Crisis Management
Insurance Programme
Operational Risk strategy and plan
ReportingSuppliers & Outsource Vendors
Operational Risk
End-to-end Process view
Key Controls
Control Self-Assessment
Policies
Claims
Risk Assessment Tools
152
153
Risk Register Template for Event Identification and Risk Assessment
RISK IDENTIFICATION INHERENT RISK ASSESSMENT
No.RISK
CATEGORYRISK/THREAT TO BE IDENTIFIED
SCOPE LIKELIHOOD IMPACT SEVERITY
1 OperationalThe risk of AML, KYC & Black Person Compliance will severe impact on Bank-wide.
Bank-wide Possible (3) High (4) High
2 OperationalThe risk of misconduct on Account Opening will moderately impact on Operation function.
Bank-wide Possible (3) High (4) Medium
RISK IDENTIFICATION RESIDUAL RISK ASSESSMENT
No.RISK
CATEGORYRISK/THREAT TO BE IDENTIFIED RISK
TOLERANCERISK
RESPONSECONTROL ACTIVITIES
1 OperationalThe risk of AML, KYC & Black Person Compliance will severe impact on Bank-wide.
<12 MitigateUsing policies, checklists, checks and trainings.IT procedures/reports are in place.
2 OperationalThe risk of misconduct on Account Opening will moderately impact on Operation function.
<12 MitigateUsing policies, checklists, checks and trainings
Risk Assessment Tools
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
154
Key Performance Indicators (KPIs)
Used for managers to monitorbusiness performance to assurethat the business operations arefollowed and congruent withbusiness objectives.
Key Risk Indicators (KRIs)
Used for forecast purpose and tofacilitate for managers to be ableto manage risks and threats inthe future and not just forrecent incidents/risks.
Key Risk Indicators
155
Definition of Key Risk Indicator (KRI)
Indicator: is a figure presented as a number or a percentage originatingfrom a series of events that are observed and implementable withrelevant changes.
Therefore, KRI is a combination of indicator and the risk perspective tocome up with a measurement of early risk warnings.
Key Risk Indicators for a banking institution will come from differentbranches and various departments at HO such as IT, HR, Finance, Risk,Credit, Operations, Legal & Compliance, Marketing, Internal Audit.
Key Risk Indicators
156
Key Risk Indicators - Key Traits
1. KRIs should imply an ability to forecast withpotential risk factors and should bequantifiable.
2. After establishing KRIs, we need toadequately collect data on time with thecheapest cost.
3. The data needs to be analyzed andmonitored to identify the heat map ofoperational risks.
4. Indicators need to be evaluated periodicallyto assure the reliability and long-termmanagement.
5. KRIs need to be updated when we havechanges in the business environment.
1. Identify & Define
2. Collect data
3. Analyze & Monitor
4. Evaluation
5. Update & Adjust
Key Risk Indicators
157
Key Risk Indicators - Sequential Cycles
Control Self-Assessment
Business Impact
KRI Identification
Data Recording
Analysis of Indicators
ReportingAdjustment & Update KRIs
Control Self-Assessment
Key Risk Indicators
158
Key Risk Indicators - Setting Thresholds
1. So much data to do analysis,and we need ORM unit toevaluate the heat map ofoperational risks.
2. Set up thresholds to filterdata to focus on excesses ofpermitted limits.
3. Improve the efficacy ofanalyses.
4. Data for categorizing riskswill facilitate to identify theheat map of operationalrisks.
Threshold
Low Risk Medium Risk High Risk
Key Risk Indicators
159
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
160
Operational Loss should be classified and linked to Basel II riskcategorization in order to maintain close compliance with central bank’sregulations. Linkages to three levels of risks are part of the frameworkallowing effective means of loss data capture, analysis and reporting.
Operational Loss
Data
Internal
Fraud
External
Fraud
Employee
Claims
Client & Third
Party Claims
Damage to
Physical
Assets
Business
Disruption &
System
Failures
Transaction
Processing
Errors /
Omissions
We would internationalize Op-Risk practice based on 7 Event Types under Basel II criteria.
Introduction
Capturing Operational Risk Incidents
161
Cycle of Best Practice
Awareness and
Training
sessions
Identification
Escalation and
Reporting
Investigation and
Analysis
Corrective Action
Plan
Processenhancementto reduce /avoidrecurrence ofincidents
Organization culture and clarity on roles & responsibilities
Re-classification and realization of losses vs. general expenses
Data relating to the loss or near loss incidents
Commence investigation works
The Cycle of Operational
Incident Reporting
Capturing Operational Risk Incidents
162
Categorizing key elements
RISK DRIVERS
1. People2. Systems3. Processes4. External events
INCIDENT EVENT TYPES
1. Internal Fraud2. External Fraud3. Employment Practices
& Workplace Safety4. Clients, Products &
Business Practice5. Damage to Physical
Assets6. Business Disruptions &
Systems Failure7. Execution, Delivery &
Process Management
LOSS TYPES
1. Legal & Liability2. Regulatory
Penalties3. Loss or Damage
to Assets4. Restitution5. Loss of Recourse6. Write Downs
Capturing Operational Risk Incidents
163
Risk Drivers
PROCESSS
- Undocumented processes and procedures.- Ineffective design of processes and procedures.- Lack of control self-assessments at some critical functions but too many
control self-assessments at some non-critical functions.
SYSTEMS
- Errors of systems (Core banking, ATM machines, LOS, Reporting, Call center, software, hardware, etc.)
- External hacks to systems.- Lack of automatic procedures or back-up systems.
EXTERNAL EVENTS
- Calamities (fires, flood, heavy rains, earthquake, storm, terrorist, etc.)- Externalities from third parties (vendors, customers, partners, etc.)- Changes of regulatory policies from the government, central bank.- Systemic effects from macro changes.
- Ineffective control & self-assessment.- Lack of skills, experience to operate smoothly and effectively.- Incompliance with internal policies and procedures.- Involving in fraudulent activities.
PEOPLE
Capturing Operational Risk Incidents
164
Definition of Event Types under Basel II
Event Type Examples
Internal Fraud Unauthorized transaction resulting in monetary loss
Embezzlement of funds
External Fraud Branch robbery
Hacking damage (systems security)
Employment Practices & Workplace Safety
Employee discrimination issues
Inadequate employee health or safety rules
Clients, Products & Business Practices
Money laundering
Lender liability from disclosure violations or aggressive sales
Damage to Physical Assets Natural disasters, e.g. earthquakes
Terrorist activities
Business Disruption and System Failures
Utility outage (e.g. blackout)
Execution, Delivery & Process Management
Data entry error
Incomplete or missing legal documents
Disputes with vendors/outsourcing
Capturing Operational Risk Incidents
165
Risk Incident Reporting
The Purpose of Collecting Operational Risk Incidents
Identifying raising or existing operational risks in the institution so that we can conductanalysis, evaluation, reporting, monitoring, and controlling operational risks.
Providing helpful information, causes of raising operational risks to enhance controllingenvironment and help to alleviate frequency and impact of operational risks.
Identifying and collecting Op-Risk Incidents
ProcessingData analyzing and
Reporting
DATAORMUnit
Branches
HO Depts.
Capturing Operational Risk Incidents
166
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
167
168
Overview of Technology Risk
Objectives
The objective of the Technology Risk Management is to provide a consistent approachto address the various technology risks that may surface with changing businessenvironments, evolving technology and threats, in order to minimizeunexpected/catastrophic losses and enable new business opportunities to be pursuedin a risk controlled manner.
Coverage
IT Standards and Guidelines
Components of Technology Risk Management Framework
IT Risk Domains
IT Business Process
IT Systems
IT Business Model
169
Overview of Technology Risk
170
Overview of Technology Risk
171
Overview of Technology Risk
172
Overview of Technology Risk
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
173
174
Objectives
The objective of the vendor risk management is to ensure that the risks associated withoutsourcing arrangements are identified and addressed prior to the engagement of third-partyservice providers, and that is conforms with appropriate legal and regulatory requirements aswell as the entity’s risk management policies and systems.
Key Risks Associated with Outsourcing
Operational Risk – The operational risks arise because the intermediary losses direct control overthe activities and the processes, procedures, systems and people engaged in these activities.Hence, if failed to to exercise due diligence if the activity / service falls short of the regulatorystandards.
Reputation Risk – arise from failure by the 3rd party to deliver as per regulatory standards whichmay invite regulatory actions.
Legal Risk – the risk emanates from the failure to enforce the contractual obligations particularlywhen the contractual relationship is not redefined with every change in activities outsourced orthe way these are discharged.
Other circumstances risk like Country Risk arise when activities are outsourced to offshore centers/ foreign firm.
Concentration and systemic risk if we focus so much on a few 3rd parties for the same activity.
Overview of Vendor Risk
175
Overview of Vendor Risk
PLAN SELECT NEGOTIATE MONITOR TERMINATE
IDENTIFY NEED
DEVELOP RFP
DUE DILIGENCE
EVALUATE
DEVELOP KPI
REVIEW CONTRACT
AUDIT ACCESS
FOLLOW UP
REVOKE ACCESS
TRANSITION PLAN
Vendor Risk Management Flow
High Risk Vendor Categories
Core Processors
Internet Banking / Bill Payment / Cash Management Providers / etc.
Credit / Debit Card Processors
Cheque Printers
Network Security Consultants
ATM Networks
Network Security Providers
Web site / Email hosting
CRM Providers
Payroll Processors
And not limited to other categories etc.
176
Overview of Vendor Risk
Vendor Risk Management Framework
Planning / Risk Assessment
Vendor Due Diligence
Risk Measurement & Control
Cost Benefit Analysis
Business outsourcing with Risk Assessment
Regulatory & Process Compliance
Pre-Contract
3rd Party experience
Referrals, qualifications
Data security and member confidentiality
Business resumption or contingency planning
Network & Desktop Security
Personnel Control Security
Client Confidentiality Agreement (e.g NDA)
HR Review – staff background checks
Info Security – physical security & controls
177
Overview of Vendor Risk
Key Risks and Business Impact
# Key Risks Business Impact
1 Loss of key staff or technology infrastructureResponding to these ERMrisks would require a robustvendor risk managementframework.
2Adverse changes in law and government affecting the firm’s business model
3 Loss of market share or revenue through competition
4Introduction of competitive products and technologies by other firms Associating with improper
vendors may cause additionalunforeseen risks such aswasted capital, product lossesand reputation risk
5 Inability to attract and retain key employees
6 Failure to develop global management and information systems
7 Exposures to litigation related to the firm’s products or services
8 Deficient products/services provided resulting in reputation loss
9Inability to react to changes in overseas legal, economic or regulatory environment
Any lapse in controls at 3rd
party service provider couldpotentially defeat thepurpose of an effective ERM.
10 Increased pricing pressure from competitors and/or custmers
… Other unlimited risks to take into account
178
Overview of Vendor Risk
Key Principles when Outsourcing
An Exhaustive policy to guide – whether and how activities can be properlyoutsourced.
A comprehensive outsourcing risk management program to address the outsourcedactivities and the relationship with the 3rd party.
The intermediary should ensure that outsourcing arrangements neither diminish itsability to fullfil its obligations to customers and regulators.
Due Diligence (financial soundness, length of service, job seniority, compatibilitywith objective of intermediary, 3rd party business reputation, etc.) in selecting the 3rd
party.
Outsourcing relationships should be governed by written contracts / agreements.
Establish and maintain contingency plans, including a plan for disaster recovery andperiodic testing of backup facilities.
OVERVIEW OF OPERATIONAL RISK MANAGEMENT
KEY PRINCIPLES OF OPERATIONAL RISK MANAGEMENT
RISK ASSESSMENT TOOLS
KEY RISK INDICATORS
CAPTURING OPERATIONAL RISK INCIDENTS
OVERVIEW OF TECHNOLOGY RISK
OVERVIEW OF VENDOR RISK
INSURANCE PROGRAM
179
180
Objectives
A banking institution should put in place various classes of insurance coverage for itsassets and to mitigate operational risks in order to protect itself against potentiallosses. The objectives of an Insurance Policy is to set out appropriate guidelines onthe identification of new risks to be insured, assessment, review and renewal ofexisting insurance policies, and the administration of insurance policies in terms ofpremium payment and claims processes.
Insurance Coverage
Roles of relevant parties
Essential Insurance Policies
Identification of new risks to be insured
Review and Renewal of Insurance Policies
Cost-benefit analysis
Payment of Insurance Premium
Processes for Making Insurance Claims
Custodian of Insurance Policies
Insurance Program
181
Essential Insurance Policies
Banker Blanket Bonds (BBB) Insurance Policy to cover operational risksarising from banking activities, e.g. fraudulent acts of employee, moneylost in premises and in transit, forgery of documents, responsibilities ofdirectors and officers, etc.
Property Damage / Business Interruption and Liability Insurance Policy tocover property damage and public / products liability.
Directors’ Liability Policy to protect the Directors from any liability whenperforming individual role as BOD members.
Electronic and Computer Prime Insurance Policy.
Insurance Program
Understanding the difference between Corporate Governance and RiskManagement
Recognizing specific risks in banking environment
Be aware of a standard risk management framework
Recognizing COSO framework on Internal Control and Enterprise RiskManagement
Understanding financial failures with lessons learnt
Understanding financial crisis during 2007 to 2008
Recognizing a standard risk appetite framework
Recognizing requirements under Basel II/III
Understanding ICAAP and Stress Testing
Understanding Liquidity Risk and Interest Rate Risk in Banking Book
Understanding Operational Risk Management
Wrap-up of the course
182
Q & A
THANK YOU