Anzeige
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Anzeige
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Anzeige
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Anzeige
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Anzeige
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Anzeige
Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank
Nächste SlideShare
Risk management in banksRisk management in banks
Wird geladen in ... 3
1 von 25

Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank

30. Nov 2016
Downloaden Sie, um offline zu lesen
Tomé Salgueiro
Anzeige
Anzeige
Anzeige

Recomendados

Risk management in banksRisk management in banks
Risk management in banksRahul Sir146 Aufrufe26 Folien
Credit Rate Risk Management In Banks-B.V.RaghunandanCredit Rate Risk Management In Banks-B.V.Raghunandan
Credit Rate Risk Management In Banks-B.V.RaghunandanSVS College1.2K Aufrufe18 Folien
Risk managementRisk management
Risk managementDharmik 2.2K Aufrufe68 Folien
risk managementrisk management
risk managementAshima Thakur2.8K Aufrufe43 Folien
Citizen act ang_basic_banking_knowledgeCitizen act ang_basic_banking_knowledge
Citizen act ang_basic_banking_knowledgeCITIZEN ACT345 Aufrufe19 Folien
RBI guidelines for risk managmentRBI guidelines for risk managment
RBI guidelines for risk managmentKavitha Ravi6.9K Aufrufe10 Folien

Más contenido relacionado

Presentaciones para ti(20)

Study on credit risk management of SBI CochiStudy on credit risk management of SBI Cochi
Study on credit risk management of SBI Cochi
Sreelakshmi_S9.6K Aufrufe
Liquidity and liquidity risksLiquidity and liquidity risks
Liquidity and liquidity risks
StudsPlanet.com2.5K Aufrufe
Understand current methods of credit risk assessment to understand their adva...Understand current methods of credit risk assessment to understand their adva...
Understand current methods of credit risk assessment to understand their adva...
The International Journal of Business Management and Technology52 Aufrufe
Report - Risk Management in BanksReport - Risk Management in Banks
Report - Risk Management in Banks
Sharad Srivastava38.5K Aufrufe
Credit risk managementCredit risk management
Credit risk management
azmatmengal2K Aufrufe
Introduction to Liquidity Risk ManagementIntroduction to Liquidity Risk Management
Introduction to Liquidity Risk Management
Mohamed Farouk, CFA, CFTe I2.6K Aufrufe
The 8 Steps of Credit Risk ManagementThe 8 Steps of Credit Risk Management
The 8 Steps of Credit Risk Management
Colleen Beck-Domanico87.2K Aufrufe
Non-Maturity Deposit Modeling in the Framework of Asset Liability ManagementNon-Maturity Deposit Modeling in the Framework of Asset Liability Management
Non-Maturity Deposit Modeling in the Framework of Asset Liability Management
International Journal of Economics and Financial Research342 Aufrufe
Risk based supervision in private and public sector banks in India,Risk based supervision in private and public sector banks in India,
Risk based supervision in private and public sector banks in India,
Pravas Ranjan Mahapatra2.6K Aufrufe
Credit Risk Management PresentationCredit Risk Management Presentation
Credit Risk Management Presentation
Sumant Palwankar94K Aufrufe
A study of credit risk management in commercial banksA study of credit risk management in commercial banks
A study of credit risk management in commercial banks
WriteKraft Dissertations422 Aufrufe
Risk management in e bankingRisk management in e banking
Risk management in e banking
Amer Mushtaq13.2K Aufrufe
liquidity risk managementliquidity risk management
liquidity risk management
Benett Momory2.5K Aufrufe
Onderzoek Zanders Risicomanagement SeminarOnderzoek Zanders Risicomanagement Seminar
Onderzoek Zanders Risicomanagement Seminar
Zanders Treasury, Risk and Finance609 Aufrufe
Asset liability management-in_the_indian_banks_issues_and_implicationsAsset liability management-in_the_indian_banks_issues_and_implications
Asset liability management-in_the_indian_banks_issues_and_implications
Vikas Patro1.9K Aufrufe
Risk management in bankingRisk management in banking
Risk management in banking
7939790a17.2K Aufrufe
Risk Management in Banking Sectors.Risk Management in Banking Sectors.
Risk Management in Banking Sectors.
Rupesh neupane2.6K Aufrufe
Risk management whartonpaperRisk management whartonpaper
Risk management whartonpaper
Krupashankar Nj591 Aufrufe
Risk management pptRisk management ppt
Risk management ppt
TharadeviK3.8K Aufrufe
Credit risk management presentationCredit risk management presentation
Credit risk management presentation
harsh raj9.6K Aufrufe

Similar a Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank(20)

MBA ProjectMBA Project
MBA Project
Jeniffer Queen Prasad229 Aufrufe
The Interest Rate Risk on the Banking BookThe Interest Rate Risk on the Banking Book
The Interest Rate Risk on the Banking Book
GRATeam98 Aufrufe
How to manage Interest Rate Risk in the Banking Book considering the monetary...How to manage Interest Rate Risk in the Banking Book considering the monetary...
How to manage Interest Rate Risk in the Banking Book considering the monetary...
Ziad Fares12.7K Aufrufe
Credit risk mgtCredit risk mgt
Credit risk mgt
samarpita274.6K Aufrufe
Risk management in banks summaryRisk management in banks summary
Risk management in banks summary
Shalini Singh554 Aufrufe
Enterprise risk management_for_banksEnterprise risk management_for_banks
Enterprise risk management_for_banks
Mukesh Nathan658 Aufrufe
Risk govjuly2012Risk govjuly2012
Risk govjuly2012
Dr Lendy Spires194 Aufrufe
Certs-UEM-2015Certs-UEM-2015
Certs-UEM-2015
Yusof Mohd156 Aufrufe
PM-Guide-Module_07.pdfPM-Guide-Module_07.pdf
PM-Guide-Module_07.pdf
RansfordArmahACCAMSc111 Aufrufe
Deloitte risk committee guidanceDeloitte risk committee guidance
Deloitte risk committee guidance
Lutangu Lutangu1.1K Aufrufe
Risk managementRisk management
Risk management
Dinesh Sankar1.1K Aufrufe
Ifc good practicehandbook_cumulativeimpactassessment(1)Ifc good practicehandbook_cumulativeimpactassessment(1)
Ifc good practicehandbook_cumulativeimpactassessment(1)
Dr Lendy Spires270 Aufrufe
Bank gaboroneBank gaborone
Bank gaborone
nguquko change189 Aufrufe
40 whats different in the corporate world40 whats different in the corporate world
40 whats different in the corporate world
Carlos T.C. Fernandes630 Aufrufe
Cap markets news sep2002Cap markets news sep2002
Cap markets news sep2002
Gloria Ikosi76 Aufrufe
Bank risk managementBank risk management
Bank risk management
Ashima Thakur22K Aufrufe
Operational risk-white-paperOperational risk-white-paper
Operational risk-white-paper
Vincenzo Dimase919 Aufrufe
Rating riskRating risk
Rating risk
plo1231.1K Aufrufe
The importance of risk analysis and management, and corporate governanceThe importance of risk analysis and management, and corporate governance
The importance of risk analysis and management, and corporate governance
Atul 5.8K Aufrufe
project on credit-risk-managementproject on credit-risk-management
project on credit-risk-management
Shanky Rana11.5K Aufrufe
Anzeige

Tome Salgueiro - 3448 - Corporate Governance Take-home Exam - Risk Area in a Bank

  1. Take-Home Exam: A comprehensive discussion of the role, organization and composition of the Risk Area in a Bank 2217: Corporate Governance Lecturers: Duarte Pitta Ferraz & Mariana Carvalho Coelho Submitted by: Tomé Guerreiro de Oliveira Salgueiro Student nº 3448 24 October, 2016
  2. A comprehensive discussion of the role, organization and composition of the risk area in a bank i NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 Executive Summary Purpose and method of this report Within the evaluation framework of Nova’s SBE 2217: Corporate Governance Course it was requested the submission of a take-home exam in the form of a report that would convey a short insight on the risk area of banks. Therefore, this short report intends to analyze, in a straightforward way, the role, organization and composition of risk departments in banks. This report is submitted as a final exam and is not, by its own nature, intended to be an extensive dissertation on the complex topic of risk management in the banking sector, but instead a simplified approach on the topic. The methods used to create this report include an extensive overview of the available bibliography and regulation guidelines about the topic, specifically those recommended by the Bank of International Settlements (BIS) and European Banking Authority (EBA). In order to enrich the discussion some external sources were also used, namely McKinsey, IFC and other academic reports. For full disclosure of these sources please check the References at the end of this report Main findings and conclusions Through the elaboration of this report a main conclusion was reached: risk is an intrinsic part of all of bank activities. There are a lot of different risks, going from operational risk to foreign exchange risk, but it is clear that all of them have potential gains and losses associated to them. Risk governance is all about detection, assessment and the remedial action needed to manage those risks. It is of the outmost importance for a bank to define very clearly its own risk appetite, culture in order to better design its risk profile. The 3 lines of defense model is, nowadays, the most consensual model used to devise risk management responsibilities in any institution. It represents the current benchmark and, when applied correctly, can help strengthen the entire bank and, at the same time, assure regulators and costumers of the bank’s soundness and strength.
  3. A comprehensive discussion of the role, organization and composition of the risk area in a bank ii NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 Table of Contents Executive Summary......................................................................................................i Table of Contents ........................................................................................................ii 1 – What is risk in banking? .................................................................................... 1 1.1 Different types of risk in banking ................................................................... 1 1.1.1 Operational risk....................................................................................... 1 1.1.2 Credit risk................................................................................................ 1 1.1.3 Liquidity risk ............................................................................................ 2 1.1.4 Interest rate risk ...................................................................................... 2 1.1.5 Mismatch risk.......................................................................................... 2 1.1.6 Market price risk...................................................................................... 2 1.1.7 Market risk .............................................................................................. 2 1.1.8 Solvency risk........................................................................................... 2 1.1.9 Foreign exchange risk............................................................................. 2 2 – An overview of Risk Governance in banking..................................................... 3 2.1 What is 'Risk Governance'?........................................................................... 3 2.2 Identification and risk Frameworks ................................................................ 3 2.2.1 Identification of risk ................................................................................. 3 2.2.2 Risk Management Framework ................................................................ 4 2.2.3 Internal Control Framework..................................................................... 5 2.3 Risk appetite.................................................................................................. 5 2.4 Risk Culture and Conduct.............................................................................. 5 2.4.1 Risk culture ............................................................................................. 5 2.4.2 Risk communication and transparency ................................................... 6 2.4.3 Alignment of remuneration with risk profile ............................................. 7 3 – Structure of the Risk Area................................................................................. 8
  4. A comprehensive discussion of the role, organization and composition of the risk area in a bank iii NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 3.1 The three lines of defense model .................................................................. 8 3.1.1 1st LOD.................................................................................................... 8 3.1.2 2nd LOD................................................................................................... 8 3.1.3 3rd LOD ................................................................................................... 8 3.2 Risk Committee ........................................................................................... 10 3.3 Risk management function.......................................................................... 10 3.4 Chief Risk Officer......................................................................................... 11 3.5 Risk Control Function .................................................................................. 12 3.6 Compliance Function................................................................................... 13 3.7 Internal Audit Function................................................................................. 14 3.8 Role of supervisors and regulators.............................................................. 15 4 – Conclusions .................................................................................................... 16 5 – Recommendations .......................................................................................... 17 5.1 To the reader............................................................................................... 17 5.2 To banks...................................................................................................... 17 5.3 To clients..................................................................................................... 19 5.4 To regulators ............................................................................................... 19 6 – References...................................................................................................... 21 Papers, reports and guidelines.............................................................................. 21 Electronic Sources ................................................................................................ 21
  5. A comprehensive discussion of the role, organization and composition of the risk area in a bank 1 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 1 – What is risk in banking? It is impossible to talk about risk management without first defining risk, and therefore acknowledge that it is intrinsically connected to uncertainty. In fact, it is because we have a randomness of possible outcomes, that we have risk. Bessis put it better in his book Risk Management in Banking (Bessis, 2010): “Risk exists only when uncertainty can have a potential adverse effect, which is a possibility of loss.”. Ultimately a bank is an entity that seeks to maximize its profits and therefore it must engage in risk, exposing itself to the markets that it operates in, in order to return results for its shareholders. Exposure to risk does not necessarily mean a loss, but it is definitely something bankers have to engage in in order to add equity to the bank. But for a bank there are several types of risk namely: operational risk; credit risk; liquidity risk; interest rate risk; mismatch risk; market price risk; market risk; solvency risk and foreign exchange risk (Bessis, 2010). Of course all these risks in banking are associated with potential losses and should be quantified and managed to the extent that is possible. Next, we briefly look at some of these risks. 1.1 Different types of risk in banking 1.1.1 Operational risk Operational risk is the risk associated with the breakdown in internal processes, malfunctions of the information system and/or management failure. This risk is usually cause by such events as a law suit, systems failure or damage to assets and there is still no clear method of measuring and assessing it (UKessays3, 2016). 1.1.2 Credit risk Credit risk is the risk that the counterparty might default on payment obligations that are expected by the bank. Default usually leads to a partial or total loss of the amount lent and it can come in various degrees, namely as a delay in payments, restructuring of debt or a plain and simple inability to pay, usually associated with bankruptcy.
  6. A comprehensive discussion of the role, organization and composition of the risk area in a bank 2 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 1.1.3 Liquidity risk Liquidity risk is the risk that the cost of funding might become higher and higher, creating the impossibility of raising funds. It depends on how the market perceives the bank and the willingness to lend it short term liquidity. 1.1.4 Interest rate risk Most assets on the balance sheet of banks either generate revenues or costs that are associated with interest rates. Therefore, interest rate is associated with the drop in net interest income (interest revenues – interest costs) due to swings in interest rates. 1.1.5 Mismatch risk Mismatch risk is associated with both the liquidity and the interest rate risk. Mismatch can occur when there is a gap between maturities of assets and liabilities. Obviously this is associated with the way banks conduct their business: by lending on a long term and being financed in the short term, banks try to capture the positive spread of long- term and short-term rates. If that gap is not filled, the bank might default. 1.1.6 Market price risk A risk associated with assets for which trading volume is low or non-existent. Some assets can lose a lot of value (price drops) if there is no market liquidity. 1.1.7 Market risk Market risk is directly associated with the valuation of the trading portfolio of the bank. It is influenced by the natural movements of the market and the period of liquidation is important for the holder of those assets. Usually over longer horizons, volatility tends to increase and any decline in value can lead to market loss. 1.1.8 Solvency risk Usually associated with the risk of being unable to absorb losses with the available capital. Solvency is related to the actual net worth of the bank and should follow the principal of “capital adequacy”, this meaning that the bank is able to sustain potential losses by showing an acceptable solvency level. 1.1.9 Foreign exchange risk The risk associated with incurring losses due to changes in exchange rates and the fact that a bank might have assets or liabilities in different foreign currencies.
  7. A comprehensive discussion of the role, organization and composition of the risk area in a bank 3 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 2 – An overview of Risk Governance in banking 2.1 What is 'Risk Governance'? Before the 2007-2008 crisis it was the responsibility of bank directors to coordinate and manage long-term strategies, as well as assuming risk management ownership in processes like credit extension, investment decisions and other bank activities (Gontarek, 2016). However, after those turbulent years, the entire industry started looking more seriously into risk and risk management, not only because regulatory authorities introduced new regulations, but also because they realized they could very easily jeopardize their business if they didn’t learn from their past mistakes in risk assessment. In fact, it is widely agreed that the recession that began in 2008 was largely caused by a very loose and irresponsible credit risk management by banks operating in the real estate market (Investopedia2, 2016). It is therefore important to define risk governance as the process by which the board and management establish the firm’s strategy, articulates and monitors adherence to risk appetite and risk limits, and identify, measure and manage said risks (FSB1, 2013). Basically, every time someone analyses and quantifies the potential losses in the investment portfolio and then takes appropriate mitigation action, accordingly with their risk tolerance, they are managing risk. Following the Bank of international Settlements (BIS) principles and the European Banking Authority (EBA) guidelines we will now explore some of the attributes of risk governance in banking, as stated in their most recent reports: 2.2 Identification and risk Frameworks 2.2.1 Identification of risk According to the 7th BIS principle, a bank should constantly pursue the identification, monitoring and control of risk. The sophistication of the identification tools should always pair with the sophistication of its own infrastructure and products, and up to date with the constant changes associated with external risks and industry practices. These risk identification tools should be both quantitative and qualitative and bring
  8. A comprehensive discussion of the role, organization and composition of the risk area in a bank 4 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 together internal and external data that can help make strategic business decisions. Usually a series of models with different macroeconomic trends/data and practical or conceptual limits are used to identify risk. 2.2.2 Risk Management Framework After identifying existing or emerging risks the bank needs a strong risk governance framework that include procedures and processes in order to take action. For each risk alert there should be a corresponding internal control with a policy or process associated that is applied upon identification. According to the EBA - Guidelines on Internal Governance: “An institution's risk governance framework shall include policies, procedures, limits and controls providing adequate, timely and continuous identification, measurement or assessment, monitoring, mitigation and reporting of the risks posed by its activities at the business line and institution-wide levels.” (EBA, 2011). It is important that this framework encompasses reporting mechanisms that will help ensure the management team and all the other business units are provided with accurate and timely information on risk. Only in this fashion can this framework ensure that the institutions risk profile (an aggregate of its actual risk and potential risk) is kept within the limits established and that, if there are any exceptions, they are immediately addressed. Once weaknesses and potential unwanted risks are identified this information should be used to improve budgeting, liquidity planning, capital adequacy and risk appetite. An excellent way to identify risks is to utilize stress tests or reverse stress tests. These should include different scenarios and circumstances based on certain assumptions, dependencies and correlations.
  9. A comprehensive discussion of the role, organization and composition of the risk area in a bank 5 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 2.2.3 Internal Control Framework To ensure effective and efficient operations and appropriate risk control, the bank should have a strong internal control framework. This framework should cover the entire firm, and include all business activities and control units, with the ultimate goal of assuring the compliance of law, regulations and the prudent conduct of business. The control functions in a bank should include a Risk Control function, a Compliance function and an Internal Audit function, all of them with very clear and transparent administrative and accounting procedures. All these functions should be independent of the business they monitor and independent from each other. Their staff should receive proper training in a regular fashion and have free access to internal information in order to submit their findings to the management body. 2.3 Risk appetite The risk appetite of a bank is the aggregate level and type of risk a bank is willing to assume to achieve its strategic objectives and business plan (BIS, 2015). Usually risk appetite is detailed in a risk appetite statement (RAS), a document in which the bank explains its position regarding risk in different parts of its business, including quantitative measures relative to earnings, capital, liquidity and risk. This document should be very clearly state what the risk limits are and outline the roles and responsibilities of the people in charge. Best practices suggest that the bank should also address some reputation and conduct risks as well as qualitative statements regarding different possible unethical practices. 2.4 Risk Culture and Conduct 2.4.1 Risk culture According to the EBA (EBA, 2011): “An institution shall develop an integrated and institution-wide risk culture, based on a full understanding of the risks it faces and how they are managed, taking into account its risk tolerance/appetite.”. This risk culture is enforced through example, but also policies, communication and training. From the beginning, every employee, in every business unit of the bank, should be fully aware
  10. A comprehensive discussion of the role, organization and composition of the risk area in a bank 6 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 of their responsibilities relating to risk and also the baselines of risk appetite of the institution. Risk management framework comes into action to underline the risk culture importance. It should enable the entire institution to make informed decisions that include not only credit, market or operational risks, but also compliance and reputational risks. 2.4.2 Risk communication and transparency In order to successfully deal with risk issues, a bank needs a strong communication policy across the organization and through the senior management level. Communication allows risk awareness and information on risk-taking policy to flow vertically from the board to the business units (might they be the branches, the investment/market department or other control functions). Management should be proactive to engage with the lower seniority levels, but it is absolutely crucial that control functions at the business units’ level are forthcoming with information about their activities in order to be discharged of responsibility. According to Principle 12 of the BIS guidelines the bank should be “adequately transparent to its shareholders, depositors, other relevant stakeholders and market participants.” This principle allows all the interested parties to effectively assess the effectiveness of the governance at the board and senior level and check if they are compliant. In practice, the following information should be disclosed:  Material information on the bank’s objectives;  Organizational and governance structures and policies (including established committees, mandates and composition;  Major share ownership and voting rights;  Incentive and compensation policy;  Measures that reflect the longer-term performance of the bank;  Key points concerning its risk exposures and risk management strategies without breaching necessary confidentiality;  The nature, extent, purpose and economic substance of transactions with affiliates and related parties.
  11. A comprehensive discussion of the role, organization and composition of the risk area in a bank 7 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 It is increasingly important that the entire institutions staff understand and adhere to policies and procedures, and at the same time are informed of the bank strategy in a clear and consistent way. 2.4.3 Alignment of remuneration with risk profile Remuneration plays an important role when structuring the risk profile of a bank, especially because it is common practice to award bank workers with bonus that correlate with the gains they are able to generate to the bank and its clients. EBA does not impose strict limitations to this type of remuneration but it argues that it should be consistent with the risk profile of the bank and help promote sound and effective risk management. Remuneration should not encourage excessive risk taking and should be in line with the values and long term interests of the bank itself. If there are severance payments that reward failure, then the entire risk management structure could go to ruin. An excellent way for the bank to be forthcoming with information is to issue a risk governance statement in its annual corporate report where it clearly states risk- related information, making it available to all interested parts. A way to ensure remuneration is fair is assuring bonus are based on a combination of individual and collective performance and include a flexible risk-adjusted component.
  12. A comprehensive discussion of the role, organization and composition of the risk area in a bank 8 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 3 – Structure of the Risk Area 3.1 The three lines of defense model In 2013 the Institute of Internal Auditors schematized a three-lines-of-defense model, a benchmark for control and risk management responsibilities in complex organizations. This model’s goal is to help establish a coordination of control responsibilities in an effective and efficient manner, while allowing for a clear communication of risk to every group of professionals involved. Very shortly, the 3 Lines Of Defense (LOD) in a bank are (Arndorfer, 2015): 3.1.1 1st LOD Constitutes the revenue-generating business units that are primarily responsible for trading, sales, client relationships and asset management. The staff at this level is familiar with the usual workflow and potential weaknesses, so it should be easier for them to detect problems early on, provide immediate information to management levels and take immediate action to minimize risk. 3.1.2 2nd LOD When the 1st LOD fails or is absent, a second line should be present in functions like risk management, compliance, finance, risk control, model validation and information. This LOD has expanded in the last few decades, along with the tighter regulatory requirements of the industry and with the advent of progressively more complex products in banking. The 2nd LOD defines preventive and detective control requirements, and at the same time assuring that they conform with the policies and procedures of the institution. It should be independent of the 1st LOD and based on clear risk assessment criteria, that are applied in an ongoing or periodical basis. 3.1.3 3rd LOD This LOD comprises the internal audit functions that should provide independent and direct assurance to senior management and have unrestricted access to the board. It should provide, at least annually, a risk assessment of the bank and identify areas that
  13. A comprehensive discussion of the role, organization and composition of the risk area in a bank 9 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 exhibit high levels of risk, providing some intuitive lines of action for monitoring and/or reparation. It should be able to report on a number of issues including: efficiency and effectiveness of operations, safeguarding of assets, reliability of reporting processes and compliance with regulation/law. The next figure illustrates a comprehensively example of the 3 LOD model previously described. This model was adapted by the author of this report so it could apply to the structure of a bank, keeping in mind the main functions in a risk area that are described by the Basel Committee - Bank of International Settlements (BIS). Figure 1 - The 3 Lines of Defense Model (Adapted and redesigned for banks from the original IIA publication) Disclosure: This is a model proposed by the author of this report and in no way is it a binding structure directly proposed by any regulator. Next, we will be looking at the exact structure of the risk area, making sure to highlight the most important functions in the model proposed by the BIS and the European Banking Authority (EBA): Supported by strong Risk Management and Internal Control Frameworks
  14. A comprehensive discussion of the role, organization and composition of the risk area in a bank 10 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 3.2 Risk Committee The risk committee is one of the most important structures in a bank. Every bank should have a risk committee responsible for advising the board on issues like the current and future risk appetite and the implementation of the Risk Appetite Statement. A risk committee should be made up of a majority of independent members, including some with experience and practice in risk management. It should also have an independent director that does not sit on the board or any other committee in the bank. Following the 6th Principle guidance, the committee receives regular reporting from the CRO about the risk profile of the bank, limit breaches, mitigation plans and makes suggestions regarding needed adjustments on the governance framework of the bank. For an easier understanding of their role, here follows a list of functions of the risk committee, according to the BIS:  Review and discuss all risk strategies on an aggregate basis and by type to make recommendations to the board;  Review the bank’s risk policy at least annually;  Oversee the processes put forward by the management to promote adherence to the approver risk policy;  Oversee the activity and role of the Chief Risk Officer (CRO), and serve as a bridge between him/her, the audit committee and the board. 3.3 Risk management function Following the 6th BIS Principle every bank should have, in their 2nd line of defense, an independent risk management function with sufficient stature, immediate access to the senior management, independence and enough resources to be effective. Overall, the risk committee should oversee all strategies for capital and liquidity management and also all sorts of risks like: operational risk, credit risk, market risk and reputational risk.
  15. A comprehensive discussion of the role, organization and composition of the risk area in a bank 11 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 The risk management function should be composed of qualified and experienced personnel, with a high level of knowledge of the bank’s products. They should do this, despite being sufficiently independent of the business units that generate revenue. For an easier understanding of their role, here follows a list of functions of risk management, according to the BIS:  Identification of present and emerging risks as well as on-going monitoring;  Assessment and measurement of the bank’s exposure;  Defining the bank’s risk culture, appetite and limits (subject to approval from the board);  Establishing an early warning system for breaches of the bank’s risk appetite or limits;  Reporting to senior management, board and risk committee and challenging their decisions when necessary. 3.4 Chief Risk Officer An increasingly important role in the bank is that of before mentioned Chief Risk Officer (CRO). The CRO should have the authority and stature, as well as the necessary skills, to oversee all the risk management activities of a bank. They are appointed and dismissed either by the board and/or by the risk committee members, and these decisions should be justified and presented to the regulator supervisor. He/she should be independent and have no other overlapping responsibilities or be engaged in any operational lines of business in the bank. It should be part of its powers to hire the staff with the necessary skills and attributes to help with oversight, as well as developing a plan for continuous training and development of skills for existing staff. The CRO has the overall responsibility for monitoring the bank’s risk management framework across the entire organization.
  16. A comprehensive discussion of the role, organization and composition of the risk area in a bank 12 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 The CRO should have free access and priority to all information in the banks books that will allow the pursuit of its oversight duties. This regular access should extend itself to the board and the risk committee where the CRO should have specific timeframes to intervene and report. For an easier understanding of its role, here follows a list of functions of the CRO, according to the BIS:  Oversight over risk management function;  Provide comprehensive information on risk to the board so that they understand the bank’s risk profile;  Decision making power when it comes to risk policy, processes, models, limits and reports.  Participating in, or even managing issues like strategic planning, capital and liquidity planning, new products, compensation policy;  Veto power over all important risk management decisions. 3.5 Risk Control Function In order to identify and manage risk at the business unit level, each bank should have an independent Risk Control Function (RCF). It should be independent of the business units it supports, but not isolated from them, in order to have a deep knowledge of all aspects of the business. The RCF should be a central organizational feature of the bank, structured so that it can implement risk policies and control the risk management framework. The RCF is actively involved in the elaboration of the bank’s risk strategy and in all material risk management decisions, ensuring those processes are in place.
  17. A comprehensive discussion of the role, organization and composition of the risk area in a bank 13 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 For an easier understanding of its role, here follows a list of functions of the RCF, according to the EBA:  Provide independent information, technical analysis and judgement on risk exposures ensuring the bank complies with the previously defined risk appetite;  Provide advice on all risk decisions made by management and business units;  Recommend improvements on the risk management framework;  Recommend changes on the risk policies, procedures and limits; 3.6 Compliance Function According to the BIS 9th Principle, the bank’s senior management should establish an independent compliance function as part of the 2nd line of defense. The compliance function must have sufficient stature, authority, resources, and once established, management should not interfere with the fulfilment of their duties. A Compliance Officer (a.k.a Head of Compliance) can be appointed to be responsible for this function across the entire bank. The firm should approve and implement a compliance policy that contains the main processes by which compliance risks are identified, reported and managed by all levels of the organization. For an easier understanding of its role, here follows a list of roles of the Compliance Function, according to the BIS:  Ensure that the bank acts responsibly by following all internal policies, processes and corporate values;  Advise senior management on the compliance with laws, rules and standards;  Report its findings at the business unit level to the senior management (could also include direct access to board);  Assess the possible impact of changes in regulation and law; The Compliance Function main goal is to ensure that the bank operates within the frame of integrity and compliance associated with internal regulations, laws and regulations.
  18. A comprehensive discussion of the role, organization and composition of the risk area in a bank 14 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448  Inform and educate staff on compliance issues, providing direct guidance on how to effectively apply regulation;  Verify if new products and procedures comply;  Elaborate compliance manuals or codes of conduct with practical guidelines. 3.7 Internal Audit Function Following the BIS 10th Principle, every bank should have an independent Internal Audit Function (IAF), helping the board to ensure an effective governance process and long-term soundness of the bank. The internal audit function is part of third line of defense and should be independent of the audited activities and accountable to the board. It should be provided to them sufficient authority, standing and resources in order to effectively carry on their duties, as well as unconditional access to any data or records in the bank. The IAF reports directly to the management or to an audit committee created for that effect. The job of this audit committee is to make sure that the audit’s recommendations are implemented by all levels of management in a follow-up procedure. For an easier understanding of its role, here follows a list of functions of the Internal Audit Function, according to the BIS and EBA:  Provide independent guarantees to the board of directors on the effectiveness of the bank’s internal control, risk management and governance processes;  Perform periodic assessments of the bank’s internal control framework;  Evaluate the compliance of all units of the institution with policies, procedures and regulatory requirements. This should include the evaluation of the Risk Control Function and Compliance Function;  Verify the integrity of processes, techniques, assumptions and sources of information in the internal models of the bank;  Evaluate the quality of risk identification and assessment tools. An important part of the Internal Audit Function’s role is to help the bank’s management protect the reputation of the bank.
  19. A comprehensive discussion of the role, organization and composition of the risk area in a bank 15 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 3.8 Role of supervisors and regulators Despite not being part of the banks risk structure, the BIS guidelines has a word regarding the role of supervisors. According to the 13th Principle, supervisors should provide guidance and supervise the corporate governance of the bank. Supervisors should have access to comprehensive reports to assess the performance of the senior managers of the bank. Supervisors should require that banks follow the national and international law, regulations and codes as well as providing guidance on how to do so. Regulators should provide expectations for checks and balances, allocation of responsibility and transparency, while sharing the best practices of corporate governance with other banks they supervise and other supervisors/authorities. Supervisors should have regular interaction with the board and senior management, requiring improvement and remedial action if necessary. This could be achieved by way of written report, access to documents of self-assessment developed by the bank, but also through interviews with board members and other personnel.
  20. A comprehensive discussion of the role, organization and composition of the risk area in a bank 16 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 4 – Conclusions After exploring the topic of risk in banks it is clear that risk if at the core of what the banking sector is. Through this investigation it was possible to find at least 9 different kinds of risk. Risk pervades all bank operations and business units, and it goes far beyond just credit risk. It seems that all these different risks can be associated with potential losses but are often times associated with possible gains, so the balance of forces and the lengths they are willing to go to on risk management should be one of the primary focus in their overall governance. In fact, risk governance is all about detection, assessment and remedial action of risks, and it is clear that banks are still trying to adjust to the fast pace technology-driven environment that surrounds them, especially after the 2007-2008 global crisis debacle. It is of the outmost importance that each and every bank defines their own risk appetite and culture, but more importantly, that it really takes a strong stance and effort to enforce it. This might include steps like a redefinition of goals, procedures and policies, as it became clear when the transparency and communication topics were explored in this report. Banks need to become less opaque organizations, in order to regain the trust of customers and re-establish the way people perceive the entire segment. As of 2016, it seems clear that there is no magical all-solving panacea when it comes to designing the risk area structure in banks. This being said, with the help of the work done by the Basel committee (BIS), the Institute of Internal Auditors, central banks and authorities like the EBA, there seems to be an agreement on the overall lines of reference. So far the Three Lines of Defense model seems to gather more consensus and it is apparent that it represents a great improvement from the lather models. It provides a simple and effective way to enhance control and communication of risk by clarifying important roles and duties and therefore improving its effectiveness. It does so by dividing the risk structure in 3 main functions: functions that own and manage risks; functions of oversight; functions of independent assurance. Finally, it can be concluded that the implementation of the main guidelines presented throughout this report will ensure the bank’s risk area (and therefore the entire business) becomes stronger and, furthermore, will allow the bank to improve its standing in the eyes of the regulators and garner important reputational advantages that will probably allow them to grow in a safe and sound fashion.
  21. A comprehensive discussion of the role, organization and composition of the risk area in a bank 17 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 5 – Recommendations 5.1 To the reader First and foremost, this report (excluding the Conclusions and Recommendations) was based solemnly on the information provided by external sources, with great emphasis in the guidelines and regulations provided both by the Bank of International Settlements and the European Banking Authority. The author of this report intended to compile and present the information in an easier way for the reader to access it. Despite this, in no way is this document a replacement for the full and detailed reports that are mentioned. To a reader with interest in knowing more about this topic there are no substitute for the original reports, which you can access online by following the references detailed at the end of this report. Those original reports, for which we recommend a careful reading, are: EBA Guidelines on Internal Governance (2011) and Basel Committee on Banking Supervision - Guidelines: Corporate governance principles for banks (2015). If the reader just wants to be more aware of the general framework and a simplified version of the roles and structure of the risk area in a bank, this report might fulfill that requirement. If the reader is interested in more information about the real application of the aforementioned frameworks in banks, we also recommend the reading of some recent reports on risk in banking, in particular one elaborated by McKinsey & Company entitled McKinsey on Risk - Nº1, Summer 2016. In this report Mckinsey underlines the importance of issues like Compliance in 2016, and Nonfinancial risk and the Future of bank risk management. It is interesting to understand what are the most recent trends in the risk area in banking, especially because the issues are addressed from the point of view of the actual banks. 5.2 To banks Regarding the positioning of banks in the risk area, it is clear there must be a concerted effort from both senior management and boards to allow for a smooth transition into a more regulated environment post-2008 crisis. Most banks have already implemented
  22. A comprehensive discussion of the role, organization and composition of the risk area in a bank 18 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 changes brought forth by de EBA and BIS, but if not, it would be helpful to constitute a temporary committee to help reorganize the banks structure. This committee, to be dissolved once the changes are in place, should have a previously established time schedule and clear objectives, as well as the necessary funds and manpower to achieve their goals. It should be made up of people with previous experience in all units of business and deep knowledge of the new regulation. They should be allowed to get advice and feedback from staff, but also have the capacity to employ people with the necessary skills to put in place the new risk framework and structure. Once in place, there should be a robust culture of accountability for workers and management. This implies that the remuneration and reward system be reanalyzed and possibly changed in order to make it fairer and also not encourage excessive risk- taking behaviors. Inside the bank there should be a philosophy of actively looking for unethical behavior and reporting, either to senior management, or to the regulator. Employees should be free to request and consult with regulators without suffering any adverse consequences inside the institution, and they should have a right of privacy when doing so. The recruiting processes might also be improved, especially for those working directly with investment and financial markets. It would be important to previously assess the risk profile of each individual before positioning them in different roles. The bank should also be aware and active regarding the constant change in the technological side of the business. A strong investment in the talent pool and more advanced analytic capabilities will surely help ease the transition towards a more connected business world. A relatively recent change in the way banks process big data and the way they use machine-learning, will definitely facilitate the introduction of new alerts and triggers when excessive exposure to risk occurs. New risk models need to be created and they should be carefully analyzed and updated based on that big data. This will help move the decision making process from a more bias-one to a more data-oriented one. Inside the bank it is also important to reinforce collaboration and communication between different business units. This will help improve the customer experience and implement rules to protect clients, for instance, by disclosing more risk related
  23. A comprehensive discussion of the role, organization and composition of the risk area in a bank 19 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 information and being more transparent as an organization. This will definitely bring reputational gains to the institution. Finally, it is increasingly important for the institution to be aware of new and upcoming risks, many of them related, for example, with cybersecurity. This is one of the reasons why it is of the outmost importance to continually invest in staff training, IT- infrastructure and skill development, so that the bank, as a whole, might be more prepared to face the challenges that the future reserves. 5.3 To clients For many clients, especially in commercial banks, having more knowledge of the risk profile of their bank might not appear important. Nonetheless, risk is an inherent characteristic of banking activity and it pervades all its business units, so it surely has a significant role in the way the client should perceive their bank. It is important to remain informed about the way the bank conducts its businesses and operations and if their risk profile is compatible with the client’s values and ways. This is particularly important if the client conducts business and/or investments through their bank. Banks have a reputation to maintain so they can, often times, be opaque institutions. Despite this, sometimes it might be apparent for the client that some ways of conducting business are not up to standards and they should report those situations to management or ultimately the regulators and supervisors. Clients have the responsibility of disclosing their own experience, and might actually be of great help when it comes to the identification of problems in a bank. 5.4 To regulators It is of the outmost importance to keep guidelines and information clear. In reading the extensive reports issued by the regulators, it might not be easy for banks to implement, if a timely manner, all the different guidelines. It is the author’s opinion that regulators should keep documents concise and simple. The simple listing of tasks for the different roles in banking is a lot more helpful, when compared to extensive text on the issue. Perhaps it would be possible to use those lists and then add more detailed information in a subsequent section of the text. In that
  24. A comprehensive discussion of the role, organization and composition of the risk area in a bank 20 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 way it would be easier for the bank’s personnel and management to be immediately aware of their roles and the skills necessary to execute them. There should also be an effort to disclose and publicize the information on important risk issues to the general public. Keeping in mind that the regulators have a responsibility of privacy and that they have access to classified information that pertains to each bank, the clients should, nonetheless, be informed about the way their bank is conducting business and the risks they are taking. Only in this way can the client’s rights be effectively defended, allowing them to make informed decisions when it comes to choosing their bank.
  25. A comprehensive discussion of the role, organization and composition of the risk area in a bank 21 NOVASBE – 2217: Corporate Governance – 2016 Tomé Salgueiro, nº3448 6 – References Papers, reports and guidelines Arndorfer, I. December 2015. Occasional Paper No 11 - The “four lines of defence model” for financial institutions - Taking the three-lines-of-defence model further to reflect specific governance features of regulated financial institutions. Bank for International Settlements (BIS), Utrecht University. Bank for International Settlements (BIS). July 2015. Guidelines Corporate governance principles for banks. Basel Committee on Banking Supervision. Bessis, J. 2010. Risk management in banking. Third edition. John Wiley & Sons Ltd. European Banking Authority (EBA). 27 September 2011. Guidelines on Internal Governance (GL 44). EBA, London. Gontarek W. January 2016. Risk governance of financial institutions: The growing importance of risk appetite and culture. Journal of Risk Management in Financial Institutions, Vol. 9,2 120-129. Cranfield School of Management, UK. Härle P., Havas A., Kremer A., Rona D., Samandari H. December 2015. McKinsey Working Papers on Risk: The future of bank risk management. McKinsey & Company, USA. Institute of Internal Auditors (IIA), January 2013. Position Paper: The three lines of defense in effective risk management and control. IIA, Florida, USA. International Finance Corporation Advisory Services in Europe and Central Asia. 2012. Standards on risk governance in financial institutions. World Bank Group, Financial Market Crisis Response Program in Eastern Europe and Central Asia, Ukraine. McKinsey & Company. July 2016. Number 1, Summer 2016 - McKinsey on Risk. USA. Electronic Sources Financial Stability Board (FSB1). ‘Thematic review on risk governance’ [Online] Available: http://www.fsb.org/2013/02/r_130212/ Accessed 20th October 2016. Investopedia2. ‘What is risk management?’ [Online] Available: http://www.investopedia.com/terms/r/riskmanagement.asp#ixzz4NICFvyHH Accessed: 20th October 2016. Ukessays3. ‘Risks faced by banks.’ [Online] Available: https://www.ukessays.com/essays/banking/risks-faced-by-banks.php Accessed: 20th October 2016.
Anzeige