Professional Documents
Culture Documents
Management
for 2023 Foundation School
Course Code: FS 123
Business
Communication
Participant’s Manual
Course Course
Code:Code: FS
FS 101
101
2
3
Course Outline
Pg 3
4
Objectives
Module 1:
Fundamentals of Risk
and Risk Management
Introduction
The strategy of the organization will drive each arm of the business that make up the
organization, and each arm often have or adopt an information systems that support
its business function.
Examples of risk that corresponds to the categories shown in the previous slide
are:
• Strategic: Changes in customer preference or stakeholder preference,
executive turnover
• Environmental: Pollution or disturbance of protected areas
• Market: Foreign-exchange rates, availability of commodities and raw materials
• Credit: Interest rates, callable loans, damage to assets for which the
organization is an insurer
• Operational: Employee errors, fraud, theft etc.
• Compliance: Failure to meet regulatory requirements
• IT benefit/value enablement: Delivered projects do not create expected
business value
• IT program and project delivery: Projects are not delivered in a manner
consistent with plans
• IT operations and service delivery: Delivered services fall short of Service Level
Agreements/Requirements (SLA/Rs)
11
Fundamentals of Risk
Risk can be defined as the possibility of loss or injury; someone or something that
creates or suggests a hazard.
Risk is also the degree of probability of such loss; in financial terms it is the chance thatan
investment (such as a stock or commodity) will lose value.
For a bank, risk refers to the ability of a bank to access cash to meet funding
obligations. Obligations include allowing customers to take out their deposits. The
inability to provide cash in a timely manner to customers can result in a snowball effect.
Risk Management
Managing risks may involve three levels - the transaction level, Business Unit level and
the corporate level.
• Using this principle, low levels of uncertainty are associated with low potential
returns, and high levels of uncertainty or risk with high potential returns.
13
• Ensure risks are identified early – the most important principle, where you identify the
cause of a potential risk and design preventative measures and a response if it was
to occur. After risks have been identified and sourced, risk needs to be measured.
• Manage risk within context - consider both internal and external context when
planning for risk management, as they differ from bank to bank.
• Ensure responsibilities and roles are clear - everyone should know the role they play
in mitigating risk and responsibilities should be clear throughout the risk
management process.
• Create a cycle of risk review - create a step-by-step process to review risk and
during each step, all risks should be evaluated, and interventions or preventative
measures implemented.
• Strive for continuous improvement - always strive to adapt to how you manage risk
and take these learnings with you to your next project.
14
• Knowledge gap analysis can be used to design a personalized training plan for each
stakeholder.
• Accountability (RACI Matrix) is important for making sure that risk policies and
strategies are actively followed within the organization.
• Analyzing the gap between current and target risk culture helps in designing
intervention plans to improve risk attitudes and risk behaviors.
• Compliance Group – responsible for the regulation of all company activities to ensure
that they are in line with all applicable laws, rules and regulations, as well as internal
codes of conduct, policies and procedures (Chief Compliance Officer).
• Corporate Governance - the system of rules, practices and processes by which the
bank is directed and controlled which impacts all aspects of the organization e.g.
performance measurement standards, public disclosure of records, policies for the
16
• Internal Audit Group - periodically examines the efficiency and performance of both
the company's risk control functions and other to ensure that all aspects of the bank's
business are adhering to internal and external policies, laws and regulations.
• Risk Assessment and Reporting - researching and determining both current and future
risks that may become hazardous to the bank's business operations by identifying new
competitors, data security issues, reputational or Public Relations (PR) risk, financial or
liquidity risk, product recalls or even weather or natural disaster risks, among other
things.
• Enterprise risk management benefits strongly from the clear support from Senior
Management/Executive Team of the organization, which should require
consultation with risk practitioners to be part of any new project and ensure that
recommendations of the risk management program are evaluated and objectively
addressed before approving or funding projects or business initiatives.
• Organizations are required to comply with the laws and regulations of the jurisdictions
in which they operate and face penalties for failing to do so.
• It is important to know what laws apply to the organization and to understand their
requirements, which can be challenging because many laws are open to
interpretation and required levels of compliance are not always stipulated. For
example, a law may require adequate protection of sensitive data without specifying
what constitutes an adequate level of protection.
• Regulations may require organizations to report on their own compliance and impose
financial penalties or loss of a license to operate if these reports are made incorrectly
17
Key principles & Framework of Risk Management – Support Structure (Policies and RACI
Model)
• A critical part of establishing the risk management process is the development and
approval of a concise, coherent risk management policy that the attitude
and intent of management in relation to risk. A risk management policy should include
a statement relating to the reasoning or rationale behind the approach to accepting
or mitigating risk, set accountability, and articulate a commitment to continuous
improvement of the risk environment.
• The use of a RACI model (Responsible, Accountable, Consulted, Informed) can assist
in outlining the roles and responsibilities of the various stakeholders. The purpose of a
RACI model is to clearly show the relationships between the various stakeholders, the
interaction between the stakeholders and the roles that each stakeholder plays in the
successful completion of the risk management effort.
Key principles & Framework of Risk Management – Support Structure (RACI Model)
There are four main types of roles that are involved in the risk management process:
• The individuals responsible for managing the risk
• The individuals who are consulted and provide support and assistance to the risk
management effort
• The individuals who are informed of the risk management effort but may not
necessarily be involved in its execution
Financial Crisis
• Financial Crisis refers to a situation where there is a panic or a bank run, and investors
sell off assets or withdraw money from savings accounts because they fear that the
value of those assets will drop if they remain in a financial institution.
• It can also be seen as any situation where one or more significant financial assets –
such as stocks, real estate, or oil – suddenly (and usually unexpectedly) lose a
substantial amount of their nominal value.
18
Financial crisis can be caused by different factors, but the major cause is leverage, where there is
• Financial contagion is the spread of an economic crisis from one market or region to
another and can occur at both a domestic or international level.
• The four agents that influence financial boom or crisis are governments,
financial institutions, investors, and borrowers.
• To control financial crisis and financial risk, all the agents, especially Financial
Institutions, must adopt Risk management strategies and implement the processes in
Risk management.
• Where this is adopted in individual markets, financial crisis and contagion, can be
better controlled and prevented.
Class Exercise
How best can First Bank Nigeria Ltd implement the adoption of Enterprise Risk
Management in their organization?
19
Module 2:
Risk Management Process
It is an ongoing process of identifying, treating, and then managing risks. Identifying and
tracking risks that might arise in a project offers significant benefits, including:
1. Identify – identify the risks that the business is exposed to in its operating environment
as many of these risk factors as possible. These risks are then visible to every
stakeholder in the organization with access to the system.
Identifying risk before it happens reduces losses, boosts employee efficiency, reduces
the risk of unhappy customers and sustains the business.
2. Analyze – critically look at the risks to determine the scope, and understand the link
between the risk, different factors within the organization, determine the severity of the
risk and look at mapping a risk framework that will evaluate risks.
Analysis can be done by simulation, imitating the actual occurrence and seeking ways
to mitigate the said risk, or modelling (creating prototypes of the risk), or stress testing to
and out how resilient something is, including a financial instrument, investment portfolio,
financial institution, or whole economy is at dealing with extreme situations and
economic crises.
Qualitative Analysis is reviewing risk outside quantity to determine their significance e.g. by
the Probability/Impact Assessment. Quantitative Analysis is the numeric evaluation ofrisk.
3. Evaluate – rank and prioritize the risk, showing different categories of risks, depending
on their severity. Low level risks may cause some inconvenience, but risks that can result
in catastrophic loss are rated the highest. Risk appetite and tolerance limit
4. Treat - every risk needs to be eliminated or contained, by connecting with the experts
of the field to which the risk belongs. In a risk management solution, all the relevant
stakeholders can be sent notifications from within the system and can get updates
directly from within the risk management solution. Risk response includes Tolerate, Treat,
Transfer and Terminate.
21
5. Monitor – since not all risks can be eliminated as some risks are always present (e.g.
Market risks and environmental risks), they must be monitored always. If any factor or risk
changes, it is immediately visible to everyone and monitored to allows your business to
ensure continuity.
Risk Identification
Risk identification is the process of identifying and assessing threats to an organization, its
operations, and its workforce. For example, risk identification may include assessing IT
security threats such as malware and ransomware, accidents, natural disasters, and other
potentially harmful events that could disrupt business operations. Companies that develop
robust risk management plans are likely to and they’re able to minimize the impact of threats,
when and if they should occur.
Risk Analysis is a process that helps you to identify and manage potential problems that
could undermine key business initiatives or projects. However, it can also be applied to
other projects outside of business, such as organizing events or even buying a home!
To carry out a Risk Analysis, you must identify the possible threats that you face,
Risk Analysis can be complex, as you'll need to draw on detailed information such as
relevant information. However, it's an essential planning tool, and one that could save
time, money, and reputations.
23
The two main approaches to risk analysis are qualitative and quantitative. Qualitative risk
analysis typically means assessing the likelihood that a risk will occur based on subjective
qualities and the impact it could have on an organization using predefined ranking
scales.
The impact of risks is often categorized into three levels: low, medium or high. The
probability that a risk will occur can also be expressed the same way or categorized as
the likelihood it will occur, ranging from 0% to 100%.
A qualitative risk analysis produces subjective results because it gathers data from
participants in the risk analysis process based on their perceptions of the probability of a
risk and the risk's likely consequences. Categorizing risks in this way helps organizations
and/or project teams decide which risks can be considered low priority and which have
to be actively managed to reduce the effect on the enterprise or the project.
A quantitative risk analysis, in contrast, examines the overall risk of a project and generally
is conducted after a qualitative risk analysis. The quantitative risk analysis numerically
analyzes the probability of each risk and its consequences.
The goal of a quantitative risk analysis is to associate a specific financial amount to each
risk that has been identified, representing the potential cost to an organization if that risk
actually occurs. So, an organization that has done a quantitative risk analysis and is then
hit with a data breach should be able to easily determine the financial impact of the
incident on its operations.
Risk Evaluation
Risk Evaluation is the process used to compare the estimated risk against the given risk
criteria to determine the significance of the risk.
In this step, levels of risk are compared according to risk evaluation criteria adopted by
the organization and risk acceptance criteria. The output is a prioritized list of risk elements
and the incident scenarios that lead to the identified risk elements.
Risk capacity: the amount and type of risk an organization is able to support in pursuit of its
business objectives.
Risk appetite: the amount and type of risk an organization is willing to accept in pursuit of
its business objectives.
24
Risk tolerance: the maximum risk that an organization is willing to take regarding
each relevant risk.
Risk target: the optimal level of risk that an organization wants to take in pursuit of a
business goal.
Risk limit: thresholds to monitor that actual risk exposure does not deviate too much from
the risk target and stays within an organization’s risk tolerance/risk appetite. Exceeding
risk limits will typically act as a trigger for management action.
Evaluation of an appropriate risk response is part of the risk management process cycle,
not a one-time effort. There are four commonly accepted options for risk response:
• Risk acceptance
• Risk mitigation
• Risk sharing (transfer)
• Risk avoidance
The purpose of defi of
the organization as cost-effectively as possible, not to eliminate or minimize the risk at all
costs.
Risk acceptance: The choice to accept risk is a conscious decision made by senior
management to recognize the existence of risk and knowingly decide to allow (assume)
the risk to remain without (further) mitigation. Management is responsible for the impact
of a risk event should it occur, so the decision to accept a risk is made according to the risk
appetite and risk tolerance set by senior management.
Risk mitigation: Risk mitigation refers to actions that the organization takes in order to
reduce a risk. Mitigation is typically achieved through security controls, which affect the
frequency and/or impact of the risk. Some examples of risk mitigation are:
• Strengthening overall risk management practices, such as implementing sufficiently
mature risk management processes
• Deploying new technical, management or operational controls that reduce either
the likelihood or the impact of an adverse event
• Installing a new access control system
• Implementing policies or operational procedures
• Developing an effective incident response and business continuity plan (BCP)
• Using compensating controls
Risk sharing (transfer): Risk transfer is a decision to reduce loss by having another
organization incur the cost. The most common example of risk transfer is the purchasing of
insurance, which provides a guarantee of compensation or replacement should a loss
occur. Partnerships are another form of risk transfer, in which two or more organizations
work together under an arrangement in which both risk of loss and potential for profit are
divided among the participants according to agreed-upon terms and conditions.
25
Risk Avoidance: Risk avoidance means exiting the activities or conditions that give rise to
risk. Risk avoidance is the choice that remains when no other response is adequate,
meaning all of the following are true:
• The exposure level is deemed unacceptable by management.
• The risk cannot be transferred.
• Mitigation that would bring the risk in line with acceptable levels is either Impossible or
would cost more than the benefits that the organization derives from the activities.
An example of risk avoidance is: Rejecting a partnership agreement in which potential
losses are allocated to your organization, but the partner stands to benefit from most
potential profits
Two of the most common forms of analysis used to prepare a business case for risk
response are cost-benefit analysis and return on investment (ROI).
Cost-benefit Analysis: this is used to justify the expense associated with the
implementation of controls. The expenditure on a control cannot be justified if the benefit
realized from the control is less than the cost. There are several factors that must be
included in calculating the total cost of the control:
• Cost of acquisition: Evaluation of solutions, Cost of the control, Cost of training, Cost to
rearchitect systems
• Ongoing cost of maintenance: License costs, Cost of staff to monitor and report on
control, Impact on productivity/performance, Cost of support and technical
assistance
Return on Investment: This is a calculation of how long it takes a business to recoup its cost
of investing in a projects, tools or new ventures through value added or other savings
produced. A new computer system, for example, might pay for itself over three years as a
result of better productivity; lower numbers of staff required or increased sales.
Calculating the ROI associated with the implementation of a control is often difficult, in
part because it depends on predicting the likelihood of a successful attack. An
additional complication is the goal of a control is to bring risk to an acceptable level
rather than eliminating it outright. In determining ROI, the organization is trying to forecast
the likelihood and impact of an incident and deciding what is an adequate level of
protection.
26
Controls may be grouped into managerial, technical or physical controls, and within
each of those groups of controls are various types of controls that can be used, such as
preventive, detective and corrective, recovery and compensating controls
Deterrent: Provide warnings that may dissuade threat agents from attempting
compromise. E.g., Warning banners and rewards for the arrest of a criminal examples of
deterrent controls.
Directive: Mandate behavior by specifying what actions are and are not permitted,
which may also have a deterrent effect. A policy is an example of directive control.
An effective risk management plan and following process takes a few steps to
achieve.
1. Who will be responsible for carrying out the initial risk assessment?
3. When will they initiate and complete this initial process or assessing risk?
Ensuring that controls are effective and in both design and operation
Obtaining further information to improve risk assessment
Analysing and learning lessons from risk events, including near-misses, changes, trends,
successes and failures
Detecting changes in the external and internal context, including changes to risk
criteria and to the risks, which may require revision of risk treatments and priorities
Identifying emerging risks.
29
Module 3:
Risk Governance and
Internal Reporting
§ Governance is the accountability for protection of the assets of an organization.
In a corporate structure, the directors of an organization (frequently organized as a
board) are accountable for governance and entrust the senior management team
with the responsibility to manage the day-to-day operations of the organization in
alignment with the strategic mandates that the directors approve.
§ Governance answers 4 Strategic questions:
• Are we doing the right things?
• Are we doing them the right way?
• Are we getting them done well?
• Are we getting the benefits?
§ Risk Governance helps ensure that risk management practices are embedded
in the enterprise, enabling it to secure optimal risk-adjusted return.
Risk Reporting
A report to management on the status of the risk management program and the overall
risk profile of the organization will be required for the ERM cycle to be complete. Making
such a report requires the review of the effectiveness of the controls in the organization
and their compliance with established policy. Controls may need adjustment,
replacement or removal depending on the changes in the risk environment and the
acceptance and appropriateness of the controls.
Routine use of a capability maturity model (CMM) shows the maturation of the risk
management process year over year. A CMM starts with level zero— undefined and ad
hoc activities and progresses—through the steps of defining and following a program;
learning and enhancement of the program; and finally, a mature program that represents
stable, quality processes and reliable, accurate information.
32
Module 4:
Market Risk: Market Risk
Concept
Market Risk
Market risk is the risk of losses in positions arising from movements in market prices – interest
rates, fx rates, equity prices, etc.
Market risk is the possibility that an individual or other entity will experience losses due to
factors that affect the overall performance of investments in the financial markets.
1. Interest Rate Risk - Interest rate risk arises from unanticipated fluctuations in the interest
rates due to monetary policy measures undertaken by the central bank. The yields offered
on securities across all markets must get equalized in the long run by adjustment of market
demand and supply of the instrument. Hence, an increase in the rates would cause a fall in
the security price. It is primarily associated with fixed-income securities.
2. Commodity Risk - Certain commodities, such as oil or food grain, are necessities for any
economy and compliment the production process of many goods due to their utilization
as indirect inputs. Any volatility in the prices of the commodities trickles down to affect the
performance of the entire market, often causing a supply-side crisis. Such shocks result in a
decline in not only stock prices and performance-based dividends, but also reduce a
company’s ability to honor the value of the principal itself.
3. Currency Risk - Currency risk is also known as exchange rate risk. It refers to the possibility
of a decline in the value of the return accruing to an investor owing to the depreciation of
the value of the domestic currency. The risk is usually taken into consideration when an
international investment is being made. In order to mitigate the risk of losing out on foreign
investment, many emerging market economies maintain high foreign exchange reserves in
order to ensure that any possible depreciation can be negated by selling the reserves.
4. Country Risk - Many macro variables that are outside the control of a financial market
can impact the level of return due to an investment. They include the degree of political
stability, level of fiscal deficit, proneness to natural disasters, regulatory environment, easeof
doing business, etc. The degree of risk associated with such factors must be taken into
33
Emerging markets are nations that are investing in more productive capacity. They are
moving away from their traditional economies that have relied on agriculture and the
export of raw materials.
Note
34
Module 5:
Market Risk Measurement
Market risk factors that affect the value of traded portfolios and the income stream or
value of non-traded portfolio and other business activities should be identified and
quantified using data that can be directly observed in markets or implied from
observation or history.
Risk Monitoring is aimed at evaluating adherence to the risk’s strategies, policies and
procedures in achieving the overall goals of management of Market Risk.
35
Module 6:
Market Risk in
“Trading” book
Trading Activity
The trading activity means the Bank's proprietary positions in financial instruments
which are intentionally held for short-term resale and/or which are taken by the
Bank with the intention of benefiting in the short-term from actual and/or expected
differences between their buying and selling prices, or from other price or interest-
rate variations, and positions in financial instruments arising from matched principal
brokering and market making, or positions taken in order to hedge other elements
of the trading book.
Security classification
• Held to Maturity (HTM): Only securities which the Bank intends and have the
ability to hold to maturity will be placed in the Held-to-Maturity (HTM) portfolio. The
bank shall not have a positive intention to hold to maturity an investment with an
undefined maturity date and if it stands ready to sell the financial asset (other than if a
situation arises that is non-recurring and could not have been reasonably anticipated
by the bank) in response to changes in market interest rates, risks or liquidity needs.
• Held for Trade: The Bank’s securities will be classified into HFT if acquired for the
purpose of selling or repurchasing in the short term, or a security that has recent
evidence of actual pattern of short-term profit-taking. The key criterion shall be
intention to make profit out of short-term price movements. Investments in securities
that do not have a quoted market price in an active market and whose fair value
cannot be reliably measured shall not be classified as HFT.
• Available for Sale (AFS):Investment securities are securities that are designated
as available for sale (any time) or when it is not in any of the other two classifications
(HTM or HFT).Securities to be held for indefinite periods of time, but not necessarily to
be held-to-maturity or on a long-term basis shall be classified as available-for-sale. If
36
the bank decides to sell a security that has been classified as available-for-sale, it
should not be transferred to trading. The Bank shall include its investments in equity
shares in AFS category.
• Sensitivity analysis
• Stress testing
• Value-at-Risk
Market risk in the trading portfolio arises from the possibility of losses arising from
unfavourable market movements. It is the risk of losing money because the perceived
value of an instrument that is being traded has changed due to changes in factors
such as interest rate, foreign exchange rates, equity prices etc.
Managing market risks in the trading portfolio therefore involves understanding the
relationship between the changes in the value of the instrument or portfolio of
instruments and the related charges in the market factors.
• Exposure Limits
• Risk Limits
• Nominal trading Limits
• Stop – loss Limits
37
Module 7:
Investment Risk:
Investment Risk Concept
Definition of 'Investment Risk’
There are different types of investment risks. The main ones are
Systematic risks
Unsystematic risks
38
Systematic risks are also known as market risks, and they tend to have an effect on the
entire economic market or at least a large percentage of it. This type of risk represents the
risk of losing investments because of factors like macroeconomic risk and political risk,
which usually have a negative effect on the market’s performance. It is not easy to manage
market risk by using portfolio diversification.
Apart from this type of risk, systematic risks also include currency risk, inflation risk, country
risk, rate risk, liquidity risk, and sociopolitical risk.
Unsystematic risks
an effect on a certain company or an industry. It represents the risk of losing an investment
due to any hazard specific to the industry or the company.
Some situations like this could be a product recall, a new competitor, or a management
change. Diversification is often used to combat this.
Other types of investment risks apart from these include business risk, country risk, foreign-
exchange risk, counterparty risk, political risk, interest rate risk, liquidity risk, and default or
credit risk.
Note
39
Module 8:
Investment Risk Measurement
Framework/Process
Overview
Risk measures are statistical measures that are historical predictors of investment risk
and volatility, and they are also major components in modern portfolio theory (MPT).
MPT is a standard financial methodology for assessing the performance of an investment
as compared to its benchmark index.
• Standard deviation
• Sharpe ratio
• Beta
• Value-at-risk (VaR)
• R-squared
• Beta - Beta measures the volatility or systemic risk of a fund in comparison to the
market or the selected benchmark index.
Module 9:
Investment Risk
Management
Overview
All investments carry with them some degree of risk. In the financial world, individuals,
professional money managers, financial institutions, and many others encounter and
must deal with risk. Investors can either accept or try to mitigate the risk in investment
decision-making. If they choose inaction and engage in inadequate risk management,
they are likely to experience severe consequences. If investors take appropriate actions
given their investment objectives and risk tolerances, they may lessen the potential for
investment losses. Thus, risk management should be proactive as opposed to reactive.
• Volatility
• Correlation
• Holding Period
• Portfolio size
41
Module 10:
Portfolio Management
Overview
Portfolio management is the art and science of selecting and overseeing a group of
investments that meet the long-term financial objectives and risk tolerance of a client,a
company, or an institution.
Some individuals do their own investment portfolio management. That requires a basic
understanding of the key elements of portfolio building and maintenance that make
for success, including asset allocation, diversification, and rebalancing.
• Securities Analysis – This refers to analyzing the value of securities like shares and
other instruments to assess the business's total value.
Performance Management
There are three sets of performance measurement tools to assist with portfolio
evaluations. The Treynor, Sharpe, and Jensen ratios combine risk and return performance
into a single value, but each is slightly different.
43
Module 11:
Buying and Selling Activities
Portfolio management
• Asset allocation is based on the understanding that different types of assets do not
move in concert, and some are more volatile than others. A mix of assets provides
balance and protects against risk.
• Diversification involves spreading the risk and reward of individual securities within
an asset class, or between asset classes. Because it is difficult to know which subset
of an asset class or sector is likely to outperform another.
Module 12:
Liquidity Risk: Liquidity
Risk Concept
Overview of Liquidity Risk
Liquidity is a bank's ability to meet its cash and collateral obligations without sustaining
unacceptable losses. Liquidity risk refers to how a bank’s inability to meet its obligations
(whether real or perceived) threatens its financial position or existence. Institutions
manage their liquidity risk through effective asset liability management (ALM).
Prior to the global financial crisis, financial institutions of all shapes and sizes took liquidity and
balance sheet management for granted. But during the crisis, many institutions struggled
to maintain adequate liquidity and appropriate balance sheet structure, whichled to both
bank failures and the need for central banks to inject liquidity into national
financial systems to keep the economy afloat.
As the dust from the crisis began to settle, one thing became clear: Banks and capital
markets firms need to do a better job managing their liquidity and balance sheets. And
self-preservation isn’t the only motive for doing so. The consequences of poor asset-liability
management can reach far beyond the walls of any one financial institution. It can affect
the entire financial ecosystem and even the global economy.
Regulatory bodies are doing their part to prevent another financial crisis in the future. The
onus is now on the financial institutions themselves to shore up liquidity risk and balance
sheet management, both for the good of the firm and the economy.
Banks can increase their liquidity in multiple ways, each of which ordinarily has a cost,
Including:
• Shorten asset maturities
• Improve the average liquidity of assets
• Lengthen liability maturities
• Issue more equity
• Reduce contingent commitments
• Obtain liquidity protection
45
Individual financial institutions are not the only ones who can have a liquidity problem.
When many financial institutions experience a simultaneous shortage of liquidity and draw
down their self-financed reserves, seek additional short-term debt from credit markets, or try
to sell-off assets to generate cash, a liquidity crisis can occur. Interest rates rise, minimum
required reserve limits become a binding constraint, and assets fall in value or become
unsaleable as everyone tries to sell at once.
The acute need for liquidity across institutions becomes a mutually self-reinforcing positive
feedback loop that can spread to impact institutions and businesses that were not initially
facing any liquidity problem on their own.
Entire countries—and their economies—can become engulfed in this situation. For the
economy as a whole, a liquidity crisis means that the two main sources of liquidity in the
economy—banks loans and the commercial paper market—become suddenly scarce.
Banks reduce the number of loans they make or stop making loans altogether.
Fundamental principle for the management and supervision of liquidity risk Principle 1: A
bank is responsible for the sound management of liquidity risk. A bank should establish a
robust liquidity risk management framework that ensures it maintains sufficient liquidity,
including a cushion of unencumbered, high quality liquid assets, to withstand a range of
stress events, including those involving the loss or impairment of both unsecured and
secured funding sources. Supervisors should assess the adequacy of both a bank's
liquidity risk management framework and its liquidity position and should take prompt
action if a bank is deficient in either area in order to protect depositors and to limit
potential damage to the financial system.
Liquidity conditions interact with operational risk, market risk and credit risk through the
horizon over which assets can be liquidated. In particular, deteriorating market liquidity
often forces banks to lengthen the horizon over which they can execute their risk
management strategies. As this time horizon lengthens, overall risk exposures generally
increase, as does the contribution of credit risk relative to market risk. The liquidity of
traded products can vary substantially over time and in unpredictable ways. Such
liquidity fluctuations, all else equal, should have a larger impact on prices of products with
greater credit risk. Conversely, as the financial crisis illustrates, valuation uncertainties or
other shocks that enhance actual or perceived credit risks can have adverse effects on
liquidity and put in motion a downward spiral between market prices and liquidity of
traded credit products.
46
Role of Supervision
Supervisors should have in place a supervisory framework which allows them to make
thorough assessments of banks’ liquidity risk management practices and the adequacy
of their liquidity, in both normal times and periods of stress. Such assessments may be
conducted through on-site inspections and off-site monitoring and should include regular
communication with a bank’s senior management and/or the board of directors. The
supervisory framework should be publicly available.
47
Module 13:
Liquidity Risk Governance
A bank should clearly articulate a liquidity risk tolerance that is appropriate for its business
strategy and its role in the financial system.
This is often referred to the level of liquidity risk that the firm is willing to assume.
A bank should set a liquidity risk tolerance in light of its business objectives, strategic
direction and overall risk appetite. The board of directors is ultimately responsible for the
liquidity risk assumed by the bank and the manner in which this risk is managed and
therefore should establish the bank’s liquidity risk tolerance. The tolerance, which should
define the level of liquidity risk that the bank is willing to assume, should be appropriate for
the business strategy of the bank and its role in the financial system and should reflect the
bank’s financial condition and funding capacity.
The tolerance should ensure that the firm manages its liquidity strongly in normal times in
such a way that it is able to withstand a prolonged period of stress. The risk tolerance
should be articulated in such a way that all levels of management clearly understand the
trade-off between risks and profits. There are a variety of qualitative and quantitative ways
in which a bank can express its risk tolerance. For example, a bank may quantify its
liquidity risk tolerance in terms of the level of unmitigated funding liquidity risk the bank
decides to take under normal and stressed business conditions.
The liquidity strategy should be appropriate for the nature, scale and complexity of a
bank’s activities. In formulating this strategy, the bank should take into consideration its
legal structures (e.g mix of foreign branches versus foreign operating subsidiaries),
key business lines, the breadth and diversity of markets, products, and jurisdictions in
which it operates, and home and host regulatory requirements.
Banks are expected to incorporate liquidity costs, benefits and risks in the internal pricing,
performance measurement and new product approval process for all significant
business activities (both on- and off-balance sheet), thereby aligning the risk-taking
incentives of individual business lines with the liquidity risk exposures their activities create
for the bank as a whole.
Senior management should ensure that a bank’s liquidity management process includes
measurement of the liquidity costs, benefits and risks implicit in all significant business
activities, including activities that involve the creation of contingent exposures which
may not immediately have a direct balance sheet impact. These costs, benefits and risks
should then be explicitly attributed to the relevant activity so that line management
incentives are consistent with and reinforce the overarching liquidity risk tolerance and
strategy of the bank, with a liquidity charge assigned as appropriate to positions,
portfolios, or individual transactions. This assignment of liquidity costs, benefits and risks
should incorporate factors related to the anticipated holding periods of assets and
liabilities, their market liquidity risk characteristics, and any other relevant factors,
including the benefits from having access to relatively stable sources of funding, such as
some types of retail deposits.
Deposit insurance schemes are designed to minimize or eliminate the risk that depositors
placing funds with a bank will suffer a loss. Deposit insurance thus offers protection to the
deposits of households and small business enterprises, which may represent life savings or
vital transactions balances. With a deposit insurance system in place, these households
and businesses can “go about their business” with some assurance that their funds are
secure. This in turn supports the stability and smooth operations of the economy.
49
Module 14:
Asset Liquidity and
Funding Needs
Overview
Breaking this goal of ALM down, this means accomplishing three key objectives:
• Meet financial goals
• Manage risks
• Maintain safety and soundness.
Stability of funding and appropriateness for asset base refers to the types and amounts
of equity and liability financing expected to be reliable sources of funds over a time
horizon under conditions of extended stress".
Level 1 assets include listed stocks, bonds, funds, or any assets that have a regular mark-
to-market mechanism for setting a fair market value.
Level 2 assets are financial assets and liabilities that are difficult to value. Although a fair
value can be determined based on other data values or market prices, these assets do
not have regular market pricing.
Level 3 assets are financial assets and liabilities considered to be the most illiquid and
hardest to value. They are not traded frequently, so it is difficult to give them a reliable
and accurate market price.
50
Collateral Assessment
This is the methodology used by a bank to measure the value of collateral linked to their
lending or trading activities. This involves;
Early warning signals (EWSs) are a group of statistical time-series signals which could be
used to anticipate a critical transition before it is reached. Examples of EWS is a liquidity
spiral
Liquidity spiral: a situation in which falling asset prices can prompt banks to reduce the
supply of credit, causing further falls in asset prices.
Stress scenarios
Systemic risk
company, industry, financial institution, or an entire economy. It is the risk of a major
failure of a financial system, whereby a crisis occurs when providers of capital, i.e.,
depositors, investors, and capital markets, lose trust in the users of capital, i.e., banks,
borrowers, leveraged investors, etc. or in a given medium of exchange. It is inherent in a
market system, and hence unavoidable.
51
Stress testing
Trigger events
Module 15:
Liquidity Risk Management
Liquidity risk tolerance refers to both the absolute risk a Bank is open to take and the
actual limits that the Bank pursues.
All investments involve some degree of risk and knowing their risk tolerance level
helps investors plan their entire portfolio, determining how they invest. Based on how
much risk they can tolerate, investors are classified as aggressive, moderate, and
conservative.
• Regulators are to communicate with other public authorities, such as central banks,
both within and across national borders, to facilitate effective cooperation
regarding the supervision and oversight of liquidity risk management.
• A bank should have a sound process for identifying, measuring, monitoring and
controlling liquidity risk.
• A bank should actively monitor and control liquidity risk exposures and funding needs
within and across legal entities, business lines and currencies, taking into account
legal, regulatory and operational limitations to the transferability of liquidity.
• A bank should actively manage its intraday liquidity positions and risks to meet
payment and settlement obligations on a timely basis under both normal and
stressed conditions.
• A bank should conduct stress tests on a regular basis for a variety of short-term and
protracted institution- -wide stress scenarios (individually and in
combination) to identify sources of potential liquidity strain and to ensure that current
exposures remain in accordance with a bank’s established liquidity risk tolerance.
• A bank should have a formal contingency funding plan (CFP) that clearly sets out the
strategies for addressing liquidity shortfalls in emergency situations.
Module 16:
Credit Risk: Overview
of Credit Risk
Overview of Credit Risk
Credit risk arises from both lending and trading activities. In lending business, credit risk is
the potential that an obligor is either unwilling to perform on an obligation or its ability to
perform such obligation is impaired resulting in economic loss to the Bank. In the case of
trading activity, credit risk reflects the possibility that the trading counterparty will not be
able to complete the contract at any stage.
Losses due to credit risk could emanate from the Bank’s dealings with an individual,
corporate, financial institution or a sovereign.
Settlement Risk
Settlement risk is occurs when payments are not exchanged simultaneously. For instance,
a bank makes a payment to a counterparty but will not be recompensed until sometime
later; the risk is that the counterparty may default before making the counter payment.
Default Risk
This is the risk that companies or individuals will be unable to pay the contractual interest
or principal on their debt obligations. For example, a debt issuer is said to be in default
when it indicates it will not make a contractual interest payments to lenders.
The likelihood of the default occurring is known as the probability of default.
Counterparty Risk
Counterparty credit risk is the risk that a counterparty to a transaction will fail to perform
according to the terms and conditions of the contract, thus causing the holder of the
claim to suffer a loss in cash or market value.
55
Exposure at default
Exposure at default is the predicted amount of loss a lender may incur if a debtor defaults
on their loan. It is the realized value of what the bank may lose if one of its borrowers is
unable to satisfy their debt obligation.
Probability of default
Probability of default (PD), is the likelihood that a borrower will fail to pay back a debt. For
individuals, a credit scorecard is used to gauge credit risk. For businesses, probability of
default is reflected in credit ratings.
Default correlation measures whether credit risky assets are more likely to default
together or separately.
Credit scoring
A credit rating is an opinion of a particular credit agency regarding the ability and
willingness an entity (government, business, or individual) to fulfill its financial obligations in
completeness and within the established due dates. A credit rating also signifies the
likelihood a debtor will default.
There are many alternatives for estimating the probability of default. Default probabilities
may be estimated from a historical data base of actual defaults. This may be further
segmented in two categories; Historical data and statistical technique.
For historical data, Banks use logistic regression to estimate actual default in small
businesses and external credit rating in much larger Businesses.
56
Altman’s Z-Score model is a numerical measurement that is used to predict the chances
of a business going bankrupt in the next two years. It is considered an effective method of
predicting the state of financial distress of any organization by using multiple balance
sheet values and corporate income.
In contrast, negative working capital means that a company will struggle to meet its
short-term financial obligations because there are inadequate current assets.
On the other hand, a high retained earnings to total assets ratio shows that a company
uses its retained earnings to fund capital expenditure. It shows that the company
achieved profitability over the years, and it does not need to rely on borrowings.
The market value of the equity/total liabilities ratio shows the degree to which a
company’s market value would decline when it declares bankruptcy before the value of
liabilities exceeds the value of assets on the balance sheet. A high market value of equity
to total liabilities ratio can be interpreted to mean high investor confidence in the
company’s financial strength.
5. Sales/Total Assets
The sales to total assets ratio shows how efficiently the management uses assets to
generate revenues vis-à-vis the competition. A high sale to total assets ratio is translated
to mean that the management requires a small investment to generate sales, which
increases the overall profitability of the company.
In contrast, a low or falling sales to total assets ratio means that the management will
need to use more resources to generate enough sales, which will reduce the company’s
profitability.
Risk rating models are tools used to assess the probability of default. The concept of a risk
rating model is deeply interconnected with the concept of default risk and a key tool in
areas such as risk management, underwriting, capital allocation, and portfolio
management.
Long-term ratings are assigned to issuers or obligations with an original maturity of one
year or more and reflect both on the likelihood of a default on contractually promised
payments and the expected financial loss suffered in the event of default.
Short-term ratings are assigned to obligations with an original maturity of thirteen months
or less and reflect both on the likelihood of a default on contractually promised payments
and the expected financial loss suffered in the event of default.
Issuer Ratings are opinions of the ability of entities to honor senior unsecured debt and
debt like obligations. As such, Issuer Ratings incorporate any external support that is
expected to apply to all current and future issuance of senior unsecured financial
obligations and contracts.
Ratings scales
59
A change in a rating reflects the assessment that the company’s credit quality has
improved (upgrade) or deteriorated (downgrade).
Module 17:
Basel System
Basel permits banks a choice between two broad methodologies for calculating credit
risk. One alternative, the Standardized Approach, will be to measure credit risk in a
standardized manner, supported by external credit assessments
The other alternative, the Internal Ratings-based Approach, which is subject to the explicit
approval of the bank’s supervisor, would allow banks to use their internal rating systems for
credit risk.
The internal ratings-based approach to credit risk allows banks to model their own inputs
for calculating risk-weighted assets from credit exposures to retail, corporate, financial
institution and sovereign borrowers, subject to supervisory approval. Under foundation IRB,
banks model only the probability of default.
Under the advanced IRB approach, banks can also model their own loss given default
(LGD) and exposure-at-default (EAD) levels. LGD is the absolute amount of money lost if a
borrower defaults while EAD is the amount a bank is exposed to at the time of the same
default.
61
This process describes the requirements for internal validation for both the PD estimates
assigned to the rating grades and the techniques used to assign the ratings. It is one of the
most important requirements for banks to properly execute if they are to credibly estimate
their level of credit risk and the resulting regulatory capital requirements. As a result of its
importance, validation will likely receive significant supervisory attention prior to allowing a
bank to adopt the IRB approach. A bank should also be able to readily demonstrate these
capabilities to its supervisor prior to adoption of the IRB approach and on an ongoing
basis.
62
Module 18:
Portfolio Credit Risk
Management
Understanding approaches of model portfolio
The KMV model supposes that the company is in situation of defect when the value of
its asset is less than the value of its debts.
63
Module 19:
Credit Risk Derivatives
Overview
A credit derivative is a financial contract that allows parties to minimize their exposure to
credit risk. Credit derivatives consist of a privately held, negotiable bilateral contract
traded over-the-counter (OTC) between two parties in a creditor/debtor relationship.
These allow the creditor to effectively transfer some or all of the risk of a debtor defaulting
to a third party. This third party accepts the risk in return for payment, known as the
premium.
Credit default swap (CDS) is a financial derivative that allows an investor to swap or offset
their credit risk with that of another investor. To swap the risk of default, the lender buys a
CDS from another investor who agrees to reimburse them if the borrower defaults.
Credit-linked note (CLN) is a security with an embedded credit default swap permitting
-linked notes are created
through a special purpose vehicle (SPV), or trust, which is collateralized with AAA-rated
securities.
Interest Rate Swap (IRS) is a derivative financial instrument in the form of an agreement
between various parties (counterparties) to exchange periodic interest payments at a
certain amount of a specified nominal value, called the notional principal amount.
Forex options are derivatives based on underlying currency pairs. Trading forex options
involves a wide variety of strategies available for use in forex markets, where foreign
currencies are traded.