Biah422 Module - NB Please Cover Only The First 3 Units of This Module and All Units in Fince305 Module

Bachelor of Commerce in
Internal Auditing Honours

Accounting Honours
Banking and Finance Honours
Risk Management
Module BIAH422
Published by: The Zimbabwe Open University
P.O. Box MP1119
Mount Pleasant
Harare, ZIMBABWE
The Zimbabwe Open University is a distance teaching and open

learning institution.
Year: 2011
Cover design: Terence Ndhlovu
Layout and design: C. S. Nhari
Typeset in Garamond, 12 point on auto leading
© Zimbabwe Open University. All rights reserved. No part of this publication

may be reproduced, stored in a retrieval system, or transmitted, in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without the
prior permission of the Zimbabwe Open University.
Author: K. Madzirerusa
Master of Science Finance and Investment (NUST)
Bachelor of Commerce (Honours) in Banking (NUST)
Institute of Bankers (Diploma)
Content Reviewer: L.F. Mareya

Masters of Arts (Mankato)
MA Mathematics (St. Olaf, USA)
Bachelor of Arts in Economics and Finance (St. Olaf, USA)
BA Mathematics (St. Olaf, USA)
Higher Diploma Education (Mutare Teachers' College)
Editor: S.T. Magumise

Master of Business Administration (ZOU)
Bachelor of Arts (London)
Graduate Certificate in Education (UZ)
Diploma in Personnel Management (IPMZ)
Diploma in Training Management (IPMZ)
Diploma in Public Relations (LCCI)
Certificate in Public Relations Techniques (UK)
Certificate in Middle Management Development (ZIPAM)
To the student
The demand for skills and knowledge academics, technologists and
and the requirement to adjust and administrators of varied backgrounds,
change with changing technology, places training, skills, experiences and personal
on us a need to learn continually interests. The combination of all these
throughout life. As all people need an qualities inevitably facilitates the
education of one form or another, it has production of learning materials that
been found that conventional education teach successfully any student, anywhere
institutions cannot cope with the and far removed from the tutor in space
demand for education of this magnitude. and time. We emphasize that our
It has, however, been discovered that learning materials should enable you to
distance education and open learning, solve both work-related problems and
now also exploiting e-learning other life challenges.
technology, itself an offshoot of e-
commerce, has become the most To avoid stereotyping and professional
effective way of transmitting these narrowness, our teams of learning
appropriate skills and knowledge materials producers come from different
required for national and international universities in and outside Zimbabwe,
development. and from Commerce and Industry. This
openness enables ZOU to produce
Since attainment of independence in materials that have a long shelf life and
1980, the Zimbabwe Government has are sufficiently comprehensive to cater
spearheaded the development of for the needs of all of you, our learners
distance education and open learning at in different walks of life. You, the
tertiary level, resulting in the learner, have a large number of optional
establishment of the Zimbabwe Open courses to choose from so that the
University (ZOU) on 1 March, 1999. knowledge and skills developed suit the
career path that you choose. Thus, we
ZOU is the first, leading, and currently strive to tailor-make the learning
materials so that they can suit your
the only university in Zimbabwe entirely
personal and professional needs. In
dedicated to teaching by distance
developing the ZOU learning materials,
education and open learning. We are
we are guided by the desire to provide
determined to maintain our leading
you, the learner, with all the knowledge
position by both satisfying our clients
and skill that will make you a better
and maintaining high academic performer all round, be this at certificate,
standards. To achieve the leading diploma, undergraduate or postgraduate
position, we have adopted the course level. We aim for products that will settle
team approach to producing the varied comfortably in the global village and
learning materials that will holistically competing successfully with anyone. Our
shape you, the learner to be an all-round target is, therefore, to satisfy your quest
performer in the field of your own for knowledge and skills through
choice. Our course teams comprise distance education and open learning
Any course or programme launched by ZOU is may never meet in life. It is our intention to
conceived from the cross-pollination of ideas bring the computer, email, internet chat-rooms,
from consumers of the product, chief among whiteboards and other modern methods of
whom are you, the students and your employers. delivering learning to all the doorsteps of our
We consult you and listen to your critical analysis learners, wherever they may be. For all these
of the concepts and how they are presented. We developments and for the latest information on
also consult other academics from universities what is taking place at ZOU, visit the ZOU
the world over and other international bodies website at www.zou.ac.co.zw
whose reputation in distance education and open
learning is of a very high calibre. We carry out Having worked as best we can to prepare your
pilot studies of the course outlines, the content learning path, hopefully like John the Baptist
and the programme component. We are only prepared for the coming of Jesus Christ, it is my
too glad to subject our learning materials to hope as your Vice Chancellor that all of you,
academic and professional criticism with the will experience unimpeded success in your
hope of improving them all the time. We are educational endeavours. We, on our part, shall
determined to continue improving by changing continually strive to improve the learning
the learning materials to suit the idiosyncratic materials through evaluation, transformation of
needs of our learners, their employers, research, delivery methodologies, adjustments and
economic circumstances, technological sometimes complete overhauls of both the
development, changing times and geographic materials and organizational structures and
location, in order to maintain our leading culture that are central to providing you with
position. We aim at giving you an education the high quality education that you deserve. Note
that will work for you at any time anywhere and that your needs, the learner ‘s needs, occupy a
in varying circumstances and that your central position within ZOU’s core activities.
performance should be second to none.
Best wishes and success in your studies.
As a progressive university that is forward
looking and determined to be a successful part
of the twenty-first century, ZOU has started to
introduce e-learning materials that will enable
you, our students, to access any source of
information, anywhere in the world through
internet and to communicate, converse, discuss _____________________
and collaborate synchronously and Dr. Primrose Kurasha
asynchronously, with peers and tutors whom you Vice Chancellor
The Six Hour Tutorial Session At
The Zimbabwe Open University
A s you embark on your studies with the Zimbabwe
Open University (ZOU) by open and distance
learning, we need to advise you so that you can make
This is where the six hour tutorial comes in. For it
to work, you need to know that:
· There is insufficient time for the tutor to
the best use of the learning materials, your time and
the tutors who are based at your regional office. lecture you
· Any ideas that you discuss in the tutorial,
The most important point that you need to note is originate from your experience as you
that in distance education and open learning, there work on the materials. All the issues
are no lectures like those found in conventional raised above are a good source of topics
universities. Instead, you have learning packages that (as they pertain to your learning) for
may comprise written modules, tapes, CDs, DVDs discussion during the tutorial
and other referral materials for extra reading. All these
· The answers come from you while the
including radio, television, telephone, fax and email
can be used to deliver learning to you. As such, at tutor’s task is to confirm, spur further
the ZOU, we do not expect the tutor to lecture you discussion, clarify, explain, give
when you meet him/her. We believe that that task is additional information, guide the
accomplished by the learning package that you receive discussion and help you put together full
at registration. What then is the purpose of the six answers for each question that you bring
hour tutorial for each course on offer? · You must prepare for the tutorial by
bringing all the questions and answers
At the ZOU, as at any other distance and open that you have found out on the topics to
learning university, you the student are at the centre the discussion
of learning. After you receive the learning package, · For the tutor to help you effectively, give
you study the tutorial letter and other guiding him/her the topics beforehand so that in
documents before using the learning materials. During cases where information has to be
the study, it is obvious that you will come across gathered, there is sufficient time to do
concepts/ideas that may not be that easy to understand so. If the questions can get to the tutor
or that are not so clearly explained. You may also at least two weeks before the tutorial,
come across issues that you do not agree with, that that will create enough time for thorough
actually conflict with the practice that you are familiar preparation.
with. In your discussion groups, your friends can bring
ideas that are totally different from yours and In the tutorial, you are expected and required to
arguments may begin. You may also find that an idea take part all the time through contributing in every
is not clearly explained and you remain with more way possible. You can give your views, even if
questions than answers. You need someone to help they are wrong, (many students may hold the same
you in such matters. wrong views and the discussion will help correct
The Six Hour Tutorial Session At The Zimbabwe Open University
the errors), they still help you learn the correct thing as the tutor may dwell on matters irrelevant to the
as much as the correct ideas. You also need to be ZOU course.
open-minded, frank, inquisitive and should leave no
stone unturned as you analyze ideas and seek
clarification on any issues. It has been found that Distance education, by its nature, keeps the tutor
those who take part in tutorials actively, do better in and student separate. By introducing the six hour
assignments and examinations because their ideas are tutorial, ZOU hopes to help you come in touch with
streamlined. Taking part properly means that you the physical being, who marks your assignments,
prepare for the tutorial beforehand by putting together assesses them, guides you on preparing for writing
relevant questions and their possible answers and examinations and assignments and who runs your
those areas that cause you confusion. general academic affairs. This helps you to settle
down in your course having been advised on how
Only in cases where the information being discussed to go about your learning. Personal human contact
is not found in the learning package can the tutor is, therefore, upheld by the ZOU.
provide extra learning materials, but this should not
be the dominant feature of the six hour tutorial. As
stated, it should be rare because the information
needed for the course is found in the learning package
together with the sources to which you are referred.
Fully-fledged lectures can, therefore, be misleading
The six hour tutorials should be so structured that the

tasks for each session are very clear. Work for each
session, as much as possible, follows the structure given
below.
Session I (Two Hours)

Session I should be held at the beginning of the semester. The main aim
of this session is to guide you, the student, on how you are going to
approach the course. During the session, you will be given the overview
of the course, how to tackle the assignments, how to organize the logistics
of the course and formation of study groups that you will belong to. It is
also during this session that you will be advised on how to use your
learning materials effectively.
The Six Hour Tutorial Session At The Zimbabwe Open University
Session II (Two Hours)

This session comes in the middle of the semester to respond to the
challenges, queries, experiences, uncertainties, and ideas that you are
facing as you go through the course. In this session, difficult areas in the
module are explained through the combined effort of the students and
the tutor. It should also give direction and feedback where you have not
done well in the first assignment as well as reinforce those areas where
performance in the first assignment is good.
Session III (Two Hours)

The final session, Session III, comes towards the end of the semester.
In this session, you polish up any areas that you still need clarification on.
Your tutor gives you feedback on the assignments so that you can use
the experience for preparation for the end of semester examination.
Note that in all the three sessions, you identify the areas
that your tutor should give help. You also take a very
important part in finding answers to the problems posed.
You are the most important part of the solutions to your
learning challenges.
Conclusion for this course, but also to prepare yourself to

contribute in the best way possible so that you
In conclusion, we should be very clear that six can maximally benefit from it. We also urge you
hours is too little for lectures and it is not to avoid forcing the tutor to lecture you.
necessary, in view of the provision of fully self-
contained learning materials in the package, to BEST WISHES IN YOUR STUDIES.
turn the little time into lectures. We, therefore,
urge you not only to attend the six hour tutorials ZOU
Contents
Course Overview_______________________________________________ 1
Unit One: Understanding the Concept of Risk

1.0. ________ Introduction _____________________________________________________ 3
1.1. ________ Objectives _______________________________________________________ 4
1.2. ________ What is Risk? _____________________________________________________ 4
__________ 1.2.1 Definition ____________________________________________________ 4
__________ 1.2.2 Three common fallacies about risk ________________________________ 5
__________ 1.2.3 Risk and uncertainty ___________________________________________ 5
__________ 1.2.4 The duality of risk _____________________________________________ 6
__________ 1.2.5 Risk and return _______________________________________________ 6
__________ 1.2.6 Risk and innovation ____________________________________________ 7
__________ 1.2.7 Risk and exposure _____________________________________________ 7
__________ 1.2.8 Attitudes to risk _______________________________________________ 8
1.3 ________ Primary Sources of Risk ____________________________________________ 8
__________ Activity 1.1 _______________________________________________________ 9
1.4 ________ Categorization of Risks ____________________________________________ 9
__________ 1.4.1 Business risks _________________________________________________ 9
__________ 1.4.2 Financial risks ________________________________________________ 10
__________ 1.4.3 The role of financial institutions _________________________________ 10
__________ Activity 1.2 _______________________________________________________ 13
1.5 ________ Summary ________________________________________________________ 13
__________ References _______________________________________________________ 14
Unit Two: The Risk Management Process

2.0 ________ Introduction _____________________________________________________ 15
2.1 ________ Objectives _______________________________________________________ 16
2.2 ________ Risk Management _________________________________________________ 16
__________ 2.2.1 Definition ___________________________________________________ 16
__________ 2.2.2 Importance of risk management _________________________________ 17
__________ 2.2.3 Risk management is not risk elimination ___________________________ 17
__________ 2.2.4 The narrow view of risk management _____________________________ 18
__________ 2.2.5 A more expansive view of risk management ________________________ 18
2.3 ________ The Risk Management Process ______________________________________ 19
__________ Activity 2.1 ______________________________________________________ 22
2.4 ________ The Risk Management Techniques __________________________________ 22
__________ 2.4.1 Four broad risk management techniques __________________________ 23
__________ 2.4.2 Risk hedging versus risk management ____________________________ 23
2.5 ________ Developing a Risk Management Strategy _____________________________ 24
__________ 2.5.1 Make an inventory of possible risks ______________________________ 24
__________ 2.5.2 Decide whether to hedge or not _________________________________ 24
__________ 2.5.3 Choose risk-hedging products __________________________________ 25
__________ 2.5.4 Determine the risk or risks that you understand better or deal with
__________ better than your competitors ________________________________________ 25
__________ 2.5.5 Devise strategies to take advantage of your differential advantage in
__________ the long term ____________________________________________________ 25
2.6 ________ Developing a Risk Profile __________________________________________ 26
__________ 2.6.1 List all the risks ______________________________________________ 26
__________ 2.6.2 Categorize the risks ___________________________________________ 26
__________ 2.6.3 Measure exposure to each risk __________________________________ 26
__________ 2.6.4 Analyze the risks _____________________________________________ 26
__________ Activity 2.1 ______________________________________________________ 27
2.7 ________ Summary _______________________________________________________ 27
__________ References ______________________________________________________ 28
Unit Three: The Risk Management Framework

3.0 ________ Introduction ____________________________________________________ 29
3.1 ________ Objectives ______________________________________________________ 30
3.2 ________ Risk management and Corporate Governance __________________________ 30
__________ Activity 3.1 ______________________________________________________ 32
__________ 3.2.1 Board of directors ____________________________________________ 32
__________ 3.2.2 Risk committees _____________________________________________ 32
3.3 ________ The Building Blocks of Risk Management ____________________________ 33
__________ 3.3.1 Active board and senior management oversight _____________________ 33
__________ 3.3.2 Adequate policies, procedures, and limits _________________________ 34
__________ 3.3.3 Adequate risk monitoring and management information systems ______ 36
__________ 3.3.4 Adequate internal controls _____________________________________ 36
3.4 ________ The Risk Management Function ____________________________________ 39
3.5 ________ Preserving an Institutional Memory of Risk ___________________________ 39
3.6 ________ A Risk Crisis Management Programme _______________________________ 40
__________ Activity 3.2 _______________________________________________________ 41
3.7 ________ Summary ________________________________________________________ 41
__________ References ______________________________________________________ 42
Unit Four: Enterprise-wide Risk Management Framework

4.0 ________ Introduction ____________________________________________________ 43
4.1 ________ Objectives ______________________________________________________ 44
4.2 ________ Definition of Enterprise-wide Risk Management _______________________ 44
4.3 ________ The Concept of Enterprise-wide Risk Management _____________________ 44
4.4 ________ Motivation for Enterprise-wide Risk Management ______________________ 45
4.5 ________ Key Steps in the Enterprise-wide Risk Management Process ______________ 46
__________ 4.5.1 Identification of risks _________________________________________ 46
__________ 4.5.2 Disaggregation of risks _______________________________________ 46
__________ 4.5.3 Quantification of disaggregated risks ____________________________ 46
__________ 4.5.4 Mapping of risks _____________________________________________ 46
__________ 4.5.5 Analysis of risk interdependencies _______________________________ 47
__________ 4.5.6 Creation of an integrated programme ____________________________ 47
__________ 4.5.7 Monitoring of results _________________________________________ 47
4.6 ________ Main features of the Enterprise-wide Risk Management System ___________ 48
__________ 4.6.1 Centralized data warehouse ____________________________________ 48
__________ 4.6.2 Analytics systems ____________________________________________ 48
__________ 4.6.3 Monitoring and evaluation _____________________________________ 48
__________ 4.6.4 Decision making _____________________________________________ 48
4.7 ________ Overall Comments on the Enterprise-wide Risk Management System _______ 49
__________ Activity 4.1 ______________________________________________________ 50
4.8 ________ Summary _______________________________________________________ 50
__________ References _______________________________________________________ 51
Unit Five: Market Risk Management

5.0 ________ Introduction ____________________________________________________ 53
5.1 ________ Objectives ______________________________________________________ 54
5.2 ________ Definition ______________________________________________________ 54
5.3 ________ Common types of Market Risk _____________________________________ 54
__________ 5.3.1 Directional risk ______________________________________________ 54
__________ 5.3.2 Curve risk __________________________________________________ 55
__________ 5.3.3 Volatility risk or Vega _________________________________________ 56
__________ 5.3.4 Time decay risk ______________________________________________ 57
__________ 5.3.5 Spread risk __________________________________________________ 57
__________ 5.3.6 Basis risk ___________________________________________________ 57
__________ 5.3.7 Correlation risk ______________________________________________ 58
5.4 ________ Sources of Market Risk ___________________________________________ 58
__________ Activity 5.1 ______________________________________________________ 58
5.5 ________ Market Risk Management Policies ___________________________________ 58
__________ 5.5.1 Marking to market ___________________________________________ 59
__________ 5.5.2 Position limits _______________________________________________ 59
__________ 5.5.3 Stop loss provisions ___________________________________________ 59
__________ 5.5.4 Limits to new market presence __________________________________ 59
5.6 ________ Market Risk Measurement _________________________________________ 60
__________ 5.6.1 Interest rate risk ______________________________________________ 60
__________ 5.6.2 Equity risk ___________________________________________________ 61
__________ 5.6.3 Commodity risk ______________________________________________ 61
__________ 5.6.4 Currency risk _________________________________________________ 61
5.7 ________ Value-at-Risk (VAR) _______________________________________________ 61
5.8 ________ Stress Testing ___________________________________________________ 62
__________ Activity 5.1 ______________________________________________________ 63
5.9 ________ Summary _______________________________________________________ 64
__________ References ______________________________________________________ 65
Unit Six: Interest Rate Risk Management

6.0 ________ Introduction ____________________________________________________ 67
6.1 ________ Objectives ______________________________________________________ 68
6.2 ________ Definition ______________________________________________________ 68
6.3 ________ Sources of Interest Rate Risk _______________________________________ 68
__________ 6.3.1 Re-pricing risk _______________________________________________ 68
__________ 6.3.2 Yield curve risk ______________________________________________ 68
__________ 6.3.3 Basis risk ___________________________________________________ 69
__________ 6.3.4 Option risk _________________________________________________ 69
6.4 ________ Assessing Interest Rate Risk ________________________________________ 70
__________ 6.4.1 Earnings perspectives _________________________________________ 70
__________ 6.4.2 Economic value perspective ____________________________________ 70
6.5 ________ Embedded Losses _________________________________________________ 71
__________ Activity 6.1 _______________________________________________________ 71
6.6 ________ Models for the Management of Interest Rate Risk _______________________ 71
__________ 6.6.1 Static Gap Model _____________________________________________ 72
__________ 6.6.2 Sensitivity analysis ___________________________________________ 74
__________ 6.6.3 Simulation techniques ________________________________________ 74
__________ 6.6.4 Duration analysis ____________________________________________ 75
__________ 6.6.5 Stress testing ________________________________________________ 76
__________ 6.6.6 Limits _____________________________________________________ 76
__________ Activities 6.1 _____________________________________________________ 77
6.7 ________ Summary _______________________________________________________ 77
__________ References ______________________________________________________ 78
Unit Seven: Liquidity Risk Management

7.0 ________ Introduction ____________________________________________________ 79
7.1 ________ Objectives ______________________________________________________ 80
7.2 ________ Definition and Sources of Liquidity Risk _____________________________ 80
7.3 ________ Asset Liquidity Risk ______________________________________________ 80
7.4 ________ Funding Liquidity Risk _____________________________________________ 81
7.5 ________ Asset and Funding Liquidity Risk ___________________________________ 82
7.6 ________ Monitoring Liquidity Risk _________________________________________ 82
__________ 7.6.1 From an asset liquidity perspective, a firm must monitor its: __________ 82
__________ 7.6.2 Funding liquidity risk can be monitored by looking at: ______________ 83
7.7 ________ Managing Liquidity Risk __________________________________________ 84
__________ 7.7.1 Balance sheet targets __________________________________________ 84
__________ 7.7.2 Concentration limits __________________________________________ 85
__________ 7.7.3 Aged/illiquid inventory penalties _______________________________ 85
__________ 7.7.4 Adequate haircuts ____________________________________________ 85
__________ 7.7.5 Diversified funding ___________________________________________ 86
__________ Activity 7.1 ______________________________________________________ 86
7.8 ________ Summary _______________________________________________________ 87
__________ References ______________________________________________________ 88
Unit Eight: Currency Risk Management

8.0 ________ Introduction ____________________________________________________ 89
8.1 ________ Objectives ______________________________________________________ 90
8.2 ________ Sources of Currency Risk __________________________________________ 90
8.3 ________ Components of Currency Risk _______________________________________ 91
8.4 ________ Policies for Currency Risk Management _______________________________ 91
8.5 ________ Risk Exposure Limits ______________________________________________ 91
__________ 8.5.1 The net open position limit _____________________________________ 92
__________ 8.5.2 Currency position limits _______________________________________ 92
__________ 8.5.3 Stop loss provisions ___________________________________________ 92
__________ 8.5.4 Concentration limit ___________________________________________ 93
__________ 8.5.5 Settlement risk ______________________________________________ 93
__________ 8.5.6 Counterparty risk ____________________________________________ 93
__________ 8.5.7 Revaluation or translation _____________________________________ 94
__________ 8.5.8 Liquidity risk concerns ________________________________________ 94
8.6 ________ Currency Risk Management ________________________________________ 95
__________ Activity 8.1 ______________________________________________________ 95
8.7 ________ Summary _______________________________________________________ 96
__________ References ______________________________________________________ 97
Unit Nine: Credit Risk Management

9.0 ________ Introduction ____________________________________________________ 99
9.1 ________ Objectives ______________________________________________________ 100
9.2 ________ Components of Credit Risk ________________________________________ 100
9.3 ________ Credit Portfolio Management _______________________________________ 100
9.4 ________ Credit Origination _______________________________________________ 103
__________ Activity 9.1 ______________________________________________________ 104
9.5 ________ Nonperforming Loan Portfolio _____________________________________ 104
__________ 9.5.1 Signs of distorted credit culture _________________________________ 105
__________ 9.5.2 Loan loss provisions __________________________________________ 106
9.6 ________ Credit Risk Management Policies ___________________________________ 106
__________ 9.6.1 Workout procedures __________________________________________ 107
9.7 ________ Policies to Limit or Reduce Credit Risk _______________________________ 107
__________ 9.7.1 Large exposure limits _________________________________________ 107
__________ 9.7.2 Related-party lending _________________________________________ 107
__________ 9.7.3 Overexposure to geographical areas or economic sectors _____________ 108
__________ 9.7.4 Renegotiated credits __________________________________________ 108
__________ 9.7.5 Collateral/Guarantees ________________________________________ 108
9.8 ________ Internal Risk Rating Systems _______________________________________ 109
__________ Activity 9.1 ______________________________________________________ 110
9.9 ________ Summary _______________________________________________________ 110
__________ References ______________________________________________________ 112
Unit Ten: Operational Risk

10.0 _______ Introduction ____________________________________________________ 113
10.1 _______ Objectives ______________________________________________________ 114
10.2 _______ Definition ______________________________________________________ 114
10.3 _______ Aim and Scope of Operational Risk Management ______________________ 115
10.4 _______ Two Broad Categories of Operational Risk ____________________________ 116
__________ 10.4.1 Operational failure risk _______________________________________ 116
__________ 10.4.2 Operational strategic risk _____________________________________ 116
10.5 _______ Types of Operational Failure Risk ___________________________________ 117
__________ Activity 9.2 ______________________________________________________ 118
10.6 _______ Who should Manage Operational Risk? _______________________________ 118
10.7 _______ Managing Operational Risk as a Partnership ___________________________ 119
10.8 _______ The Key to Implementing Firm-wide Operational Risk Management _______ 120
10.9 _______ A Four Step Risk Assessment Process for Operational Risk _______________ 120
10.10 ______ The Operational Risk Control Process ________________________________ 122
10.11 ______ Methods used in Managing Operational Risk __________________________ 123
__________ Activity 10.1 _____________________________________________________ 124
10.12 ______ Summary _______________________________________________________ 124
__________ References ______________________________________________________ 125
Unit Eleven: Strategic Risk Management

11.0 _______ Introduction ____________________________________________________ 127
11.1 _______ Objectives ______________________________________________________ 128
11.2 _______ Definition ______________________________________________________ 128
11.3 _______ Terminology ____________________________________________________ 128
11.4 _______ Common Sources of Strategic Risk __________________________________ 129
11.5 _______ Strategic Planning Process _________________________________________ 129
11.6 _______ Strategic Risk Management Process _________________________________ 130
__________ 11.6.1 Strategic planning ___________________________________________ 130
__________ 11.6.2 Alignment and change management _____________________________ 130
__________ 11.6.3 Implementing and monitoring _________________________________ 131
__________ 11.6.4 Performance evaluation and feedback ___________________________ 131
11.7 _______ Key components of a Strategic Risk Management Framework ____________ 131
11.8 _______ Risk Mitigation Factors ___________________________________________ 131
11.9 _______ Board and Senior Management Oversight _____________________________ 132
__________ 11.9.1 Board oversight _____________________________________________ 132
__________ 11.9.2 Senior management oversight __________________________________ 133
11.10 ______ Policies, Procedures and Limits _____________________________________ 133
11.11 _______ Role of Strategic Risk Management Function __________________________ 134
11.12 ______ Internal Controls _________________________________________________ 135
__________ Activity 11.1 _____________________________________________________ 136
11.13 ______ Summary _______________________________________________________ 136
__________ References ______________________________________________________ 137
Unit Twelve: Basel II and Risk Management

12.0 _______ Introduction ____________________________________________________ 139
12.1 _______ Objectives ______________________________________________________ 140
12.2 _______ The Basel I Accord _______________________________________________ 140
12.3 _______ Criticisms of the Basel 1 Accord ____________________________________ 140
12.4 _______ The 1996 Amendment _____________________________________________ 141
12.5 _______ The 2004 Base II Accord ___________________________________________ 142
12.6 _______ Further Developments: Basel III ____________________________________ 143
12.7 _______ Definition of Capital ______________________________________________ 144
__________ 12.7.1 Basel I and II _______________________________________________ 144
__________ 12.7.2 Basel III ___________________________________________________ 146
12.8 _______ The Basel I Credit Risk Charge _____________________________________ 146
__________ 12.8.1 On-Balance-Sheet Risk Charges ________________________________ 146
__________ 12.8.2 Off-Balance-Sheet Risk Charges ________________________________ 147
__________ Activity 12.1 _____________________________________________________ 149
12.9 _______ Basel II Credit Risk Capital Charge __________________________________ 149
__________ 12.9.1 Standardized Approach _______________________________________ 150
__________ 12.9.2 Foundation Internal Ratings Based Approach (FIRB Approach) ______ 150
__________ 12.9.3 Advanced Internal Ratings-Based Approach (AIRB Approach) _______ 151
12.10 ______ Adoption of Approach ____________________________________________ 151
12.11 ______ The Market Risk Charge (MRC) ____________________________________ 152
__________ 12.11.1 The Standardized Method ____________________________________ 152
__________ 12.11.2 The Internal Models Approach ________________________________ 153
__________ Activity 12.2 _____________________________________________________ 154
12.12 ______ Summary _______________________________________________________ 154
__________ References ______________________________________________________ 155
Unit Thirteen: Case Study on Risk Management Failure

13.0 _______ Introduction ____________________________________________________ 157
13.1 _______ Objectives ______________________________________________________ 158
13.2 _______ Barings Bank ____________________________________________________ 158
__________ 13.2.1 Background ________________________________________________ 158
__________ 13.2.2 Cause _____________________________________________________ 159
__________ 13.2.3 How Leeson hid the trades ____________________________________ 163
__________ 13.2.4 Leeson's assumptions ________________________________________ 163
__________ 13.2.5 Effect _____________________________________________________ 164
__________ 13.2.6 The risk areas affected ________________________________________ 165
__________ 13.2.7 Information and risk reporting _________________________________ 168
__________ 13.2.8 Risk control ________________________________________________ 169
__________ 13.2.9 Risk management ___________________________________________ 169
__________ 13.2.10 Systemic risk ______________________________________________ 169
__________ 13.2.11 Additivity of Risk Management Framework ______________________ 169
__________ Activity 13.1 _____________________________________________________ 170
13.3 _______ Summary _______________________________________________________ 170
__________ References ______________________________________________________ 171
Course Overview
Introduction
T
he financial fiascos and corporate failures of recent years have indeed
increased the call for strong and effective risk management practices
within organisations. As a result, risk management has rapidly evolved
over the past decade and has become an indispensible function in many
organisations.
Risk management encompasses a broad range of concepts and techniques,

some of which may be quantified, while others must be treated in a more
subjective manner. Risk management is not about avoiding risk but it is about
understanding and communicating risk so that risk can be taken more
confidently and in a better way.
Risk Management BIAH422
This module is designed to provide you with the materials needed to gain the
knowledge and understanding of the building blocks of risk management.
In the module, Unit 1 covers the basic concept of risk, such as, the duality of
risk, sources of risk, classification of risk and so on. An understanding of
these basic concepts of risk provides a basis for what comes up in the preceding
units.
Units 2 and 3 look at the risk management process and the risk management
framework respectively. The management of risk is not an event but a process,
and is both an art and a science. For the risk management process to be
effective, it must be supported by an effective risk management framework or
structure.
Unit 4 discusses the Enterprise-wide Risk Management Framework and

distinguishes it from the traditional silo-risk management system. The
interconnectivity and correlations between types of risk has exposed the
shortcomings of trying to manage risk in silos. Risk management should be on
a consolidated basis.
Units 5, 6, 7, 8, 9, 10 and 11 focus on the main types of risks facing

organisations which include market risk, interest rate risk, liquidity risk, currency
risk, credit risk, operational risk, and strategic risk. These units discuss in
detail the factors contributing to these risks, and how these risks are identified,
measured, monitored and managed.
Unit 12 is about Basel II as it relates to risk management within those financial

institutions involved in financial intermediation. Banking organisations are
required to hold adequate capital commensurate with the levels of risk in their
books.
Lastly, Unit 13 is a case study on a British bank called the Barings Bank that
incurred huge losses due to a failure in its risk management process.
2 Zimbabwe Open University

Unit One
Understanding the Concept of

Risk
1.0 Introduction
A
lthough risks have increased significantly in recent years, the element of
risk is not a contemporary issue. Risk has always been there and will
always remain a phenomenon in human existence. This unit will define
risk, explain the major concepts of risk and briefly describe the major
categories of risk. The unit lays the foundations for the risk management topics
to be discussed in the ensuing units.
1.1. Objectives
After studying this unit, you should be able to:
 define risk
 distinguish between risk and uncertainty
 explain the basic risk concepts
 describe the three common fallacies about risk
 explain the duality of risk
 describe the major sources and classifications of risk
 explain the risk management roles of financial institutions
1.2. What is Risk?

1.2.1 Definition
Risk is incorporated into so many different disciplines from insurance to
engineering to portfolio theory that it should come as no surprise that it is
defined in different ways by each one. It is worth looking at some of the
definitions.
Risk versus probability

Whereas some definitions of risk focus only on the probability of an event
occurring, more comprehensive definitions incorporate both the probability
of the event occurring and the consequences of the event. Thus, the probability
of a severe earthquake may be small, but the consequences are so catastrophic
that it would be categorized as a high-risk event.
Risk versus threat

In some disciplines, a contrast is drawn between a risk and a threat. A threat
is a low-probability event with large negative consequences, where analysts
may be unable to assess the probability. A risk, on the other hand, is defined
to be a higher probability event, where there is enough information to assess
both the probability and the consequences.

Unit 1 Understanding the Concept of Risk
All outcomes versus negative outcomes

Some definitions of risk tend to focus only on the downside scenarios, whereas
others are more expansive and consider all variability as risk.
The engineering definition of risk is defined as the product of the probability

of an event occurring, that is viewed as undesirable, and an assessment of the
expected harm from the event occurring as shown below:
Risk = Probability of an accident times consequence in lost money/deaths.
In contrast, risk in finance is defined in terms of variability of actual returns on

investment around an expected return, even when those returns represent
positive outcomes.
Building on the last distinction, broader definitions of risk that capture both
the positive (upside potential) and negative outcomes (downside risk) should
be considered.
1.2.2 Three common fallacies about risk

a) Risk is always bad
This fails to view risk as representing both a threat and an opportunity.
If risk is viewed in this light, then potential opportunities are missed out.
b) Some risks are so bad that they must be eliminated at all costs
There is no risk so great that it must be eliminated at all costs. Reducing
risk should not be viewed as the same thing as risk elimination. Risk
reduction involves moving from high risk to low risk, while risk elimination
is moving from high/low risk to zero risk. Risks cannot be completely
eliminated at reasonable costs. Instead of being eliminated, risks must
be managed.
c) Playing it safe is the safest thing to do.
This amounts to risk avoidance at the expense of missing out potential
opportunities. For example, the guy who tries to avoid the risk of being
hit by a car by staying at home is incurring the risk of not exploring the
world for opportunities that can improve his life.
1.2.3 Risk and uncertainty

The authors Vernon (1981) and Diekmann et al. (1988) consider that the
terms risk and uncertainty may be used interchangeably but have somewhat
different meanings, where risk refers to statistically predictable occurrences
and uncertainty to an unknown of generally unpredictable variability.
Zimbabwe Open University 5

Uncertainty is used to describe the situation when it is not possible to attach a

probability to the likelihood of occurrence of an event. Uncertainty causes a
rift between good decision and good outcome. The distinguishing factor
between risk and uncertainty is that risk is taken to have quantifiable attributes,
and a place in the calculus of probabilities, whereas uncertainty does not.
Uncertainty is said to exist in situations where decision-makers lack complete

knowledge, information or understanding concerning the proposed decision
and its possible consequences.
Uncertainty can often be interpreted as prophecy, since a prophecy is not

based on data or experience. A prediction, however, is normally based on
data or past experience and thus offers a basis for potential risk.
1.2.4 The duality of risk

As human beings, we have decidedly mixed feelings about risk and its
consequences. On the one hand, we actively seek out risk in some of our
pursuits, sometimes with no rewards, and on the other, we manifest a dislike
for it when we are forced to make choices. It is this duality of risk that makes
it so challenging.
In this sense, risk taking and risk management aren't opposites, but two sides
of the same coin. Together they drive all our modern economies. The capacity
to make forward-looking choices about risk in relation to reward lies at the
heart of the management process of all enduringly successful corporations.
1.2.5 Risk and return

Aswath Damodaran (2008) argues hat the "no free lunch" mantra has a logical
extension. Those who desire large rewards have to be willing to expose
themselves to considerable risk. The link between risk and return is most
visible when making investment choices; stocks are riskier than bonds but
generate higher returns over long periods. The presence of risk is less visible
but just as important when making career choices; a job in sales and trading
at an investment bank may be more lucrative than a corporate finance job at
a corporation, but it does come with a greater likelihood that you will be laid
off if you don't produce results.
Not surprisingly, therefore, the decisions on how much risk to take and what
type of risks to take are critical to the success of a business. A business that
decides to protect itself against all risk is unlikely to generate much upside for

its owners; however, a business that exposes itself to the wrong types of risk
may be even worse off, because it is more likely to be damaged than helped
by the risk exposure. In short, the essence of good management is making the
right choices when it comes to dealing with different risks.
1.2.6 Risk and innovation

The other aspect of risk that needs examination is the role that risk taking
plays in creating innovation. Over history, many of our most durable and
valuable inventions have come from a desire to either remove risk or expose
ourselves to it. Consider the example of spice trade. The risks at sea and
from hostile forces created a need for more seaworthy crafts and powerful
weapons, innovations designed to exploit risk.
The first full-fledged examples of insurance and risk pooling showed up at

about the same time in history. While there were sporadic attempts at offering
insurance in previous years, the first organized insurance business was founded
in 1688 by merchants, ship owners, and underwriters in Lloyd's Coffee Shop
in London in response to increased demands from ship owners for protection
against risk.
Over the past few decades, innovations have come to financial markets at a
dizzying pace. Some of these innovations have been designed to help investors
and businesses protect themselves against risk, but many have been offered
as ways of exploiting risk for higher returns. In some cases, the same
instruments (options and futures, for example) have played both risk-hedging
and risk-exploiting roles, albeit to different audiences.
1.2.7 Risk and exposure

Risk provides the basis for opportunity. The terms risk and exposure have
subtle differences in their meaning. Risk refers to the probability of loss, while
exposure is the possibility of loss, although they are often used interchangeably.
Risk arises as a result of exposure. Exposure to financial markets affects most
organizations, either directly or indirectly. When an organisation has financial
market exposure, there is a possibility of loss but also an opportunity for gain
or profit. Financial market exposure may provide strategic or competitive
benefits.
Risk is the likelihood of losses resulting from events such as changes in market
prices. Events with a low probability of occurring, but that may result in a high

loss, are particularly troublesome because they are often not anticipated. Put
another way, risk is the probable variability of returns.
1.2.8 Attitudes to risk

Different organisations will have different attitudes to risk. Some organisations
may be considered to be risk averse, whilst others will be risk aggressive. To
some extent, the attitude of the organisation to risk will depend on the sector
and the nature and maturity of the marketplace within which it operates, as
well as the attitude of the individual board members.
Risks cannot be considered outside the context that gave rise to the risks. It
may appear that an organisation is being risk aggressive, when in fact the
board has decided that there is an opportunity that should not be missed.
However, the fact that the opportunity is high risk may not have been fully
considered.
One of the major contributions from successful risk management is to ensure

that strategic decisions that appear to be high risk are actually taken with all of
the information available. Improvement in the robustness of decision-making
processes is one of the key benefits of risk management.
Other key factors that will determine the attitude of the organisation to risk
include the stage in the maturity cycle. For an organisation that is in the start-
up phase, a more aggressive attitude to risk is required than for an organisation
that is enjoying growth or one that is a mature organisation in a mature
marketplace. Where an organisation is operating in a mature marketplace
and is suffering from decline, the attitude to risk will be much more risk averse.
1.3 Primary Sources of Risk

A source of risk is any factor that can affect business performance. Risk
arises when this effect is both uncertain and significant in its impact on business
performance.
Risk comes from many sources as follows:

 Risk can be human created, such as business cycles, inflation, changes
in government policies, and wars
 Risk also occurs from unforeseen natural phenomena, including weather
and earthquakes

 Risk also arises from the primary sources of long-term economic growth,
technological innovations, which can render existing technologies
obsolete and create dislocations in employment. Thus risk and
willingness to take risk are essential to the growth of any economy
Activity 1.1
1. Explain the differences between risk and loss.
? 2. Risk and uncertainty are often erroneously used interchangeably.
Discuss, using examples, the distinguishing features of the two terms.
3. Explain the duality of risk in investment terms.
4. Why should organisations bother about risk?
5. Risk and innovation are twin sisters in our everyday lives. Discuss.
1.4 Categorization of Risks

In order to establish a firm's risk appetite, it is important to define the different
categories of risk that might arise in the normal course of business. Risk is
complex, and can assume many forms; care must be taken to ensure that
those in the governance process understand, and distinguish between, various
risk categories.
It should be noted that risk classes can change over time as new products,
markets and participants are introduced. It is therefore necessary to review
and amend risk classifications accordingly.
Corporate risks are broadly classified into:

 Business risks
 Financial risks
1.4.1 Business risks

Business risks are those which corporations assume willingly to create a
competitive advantage and to add value for shareholders.
Business risk includes the business decisions which companies make and the
business environment in which they operate.
Business decisions include investment decisions, product development choices,

marketing strategies, and the choice of the company's organisational structure.

This includes strategic risk, which is broad in nature and reflects decisions
made at the level of the company's board of directors or top executives.
The business environment includes competition and broad macroeconomic

risks. Judicious exposure to business risk is a core competency of all business
activity.
Industrial corporations are good at managing business risks and are less
competent to deal with financial risks.
1.4.2 Financial risks

These relate to possible losses owing to financial market activities such as
interest rate movements, defaults on financial obligations.
Philippe Jorion (2010) classifies financial risks into the following four categories:
 Market risk
 Credit risk
 Liquidity risk
 Operational risk
The overall business risk classes and their definitions are shown in Figure 1.1
and Table 1.1 below respectively.
1.4.3 The role of financial institutions

Financial institutions serve as financial intermediaries for managing financial
risks. Financial institutions create markets and instruments to share and hedge
risks, provide risk advisory services, and act as counterparties by assuming
the risk of others. Because of the roles that financial institutions serve, the
institutions must excel at measuring and pricing financial risks.

The major categories of risks are presented below:
Overall Business Risk Classes
Market Credit Liquidity Legal Operational

Risk Risk Risk Risk Risk
Directional Volatility Default Asset Documentation Confirmation

Risk Risk Risk Risk Risks Risk
Curve Basis Settlement Funding Suitability Control

Risk Risk Risk Risk Risk Risk
Spread Model Sovereign Other Risks Other Risks Fraud

Risk Risk Risk Risk
Time decay Correlation Model Infrastructure

Risk
Risk Risk Risk
Concentration Other Risks Other Risks Other Risks

Risk
Figure 1.1 Overall Business Classes

(Source: Erik Banks, 2002; The Simple Rules of Risk: Revisiting the Art
of Financial Risk Management)

Table 1.1: A Brief Glossary of Risk
Term Definition
Market Risk Risk of loss due to unfavourable movement in an underlying
reference asset, index or market
Basis Risk Risk of loss due to unfavourable movement between target
instrument and hedge instrument
Concentration Risk Risk of loss due to unfavourable movement in, or
performance of, a concentrated risk position
Correlation Risk Risk of loss due to changing magnitude/relationship of
correlations between assets
Curve Risk Risk of loss due to unfavourable movement in the shape
of the reference curve
Directional Risk Risk of loss due to unfavourable movement in the direction
of the underlying reference asset, index or market
Model Risk Risk of loss due to errors in the financial mathematics or
assumptions underlying a model used for market risk
management/valuation purposes
Spread Risk Risk of loss due to unfavourable movement of a spread
between two assets
Volatility Risk Risk of loss due to unfavourable movement in volatility
Credit Risk Risk of loss due to failure by a counterparty to perform on
a contractual obligation
Default Risk Risk of loss due to counterparty default
Model Risk Risk of loss due to errors in the financial mathematics or
assumptions underlying a model used for credit risk
management/valuation purposes
Settlement Risk Risk of loss due to failure by a counterparty to settle trade/
cash flow
Sovereign Risk Risk of loss due to sovereign action
Liquidity Risk Risk of loss due to inability to liquidate assets or obtain
funding
Asset Risk Risk of loss due to inability to liquidate assets, risk
positions or collateral
Funding Risk Risk of loss due to inability to secure new funding or
rollover existing funding
Legal Risk Risk of loss due to legal events
Documentation Risk Risk of loss due to errors in, or lack of, documentation
Suitability Risk Risk of loss due to client suitability issues
Operational Risk Risk of loss due to errors in processes and controls
Confirmation Risk Risk of loss due to unconfirmed transactions
Control Risk Risk of loss due to human error or lack of control over
cash, securities and other assets
Fraud Risk Risk of loss due to internal/external fraud
Infrastructure Risk Risk of loss due to failure of internal/external infrastructure
(Source: Erik Banks (2002): The Simple Rules of Risk: Revisiting the Art

Activity 1.2
? 1. Why is it important for organisations to understand the sources of risks?

Further, explain why categorization of risks is essential in an organisation
set up.
2. Explain the functions of financial institutions in terms of management of
financial risks. Why do you think non-financial institutions i.e. industrial
corporations are not good at managing financial risks?
1.5 Summary
There is no single definition of risk. Risk is ubiquitous and it affects every
aspect of our lives. Risk has two dimensions to it, the upside potential and the
downside risk. Broader definitions of risk should therefore these two
dimensions. Risk and uncertainty should not be treated as one thing. The
former is measurable while the latter is not measurable. Risks are classified in
several ways. However, in corporate terms, risks are broadly classified into
business and financial risks. Non-financial institutions are disposed towards
managing the business risks while financial institutions have developed
competencies to manage the latter.

References
Aswath Damodaran (2003) Strategic Risk Taking. A Framework for Risk
Management, Wharton School Publishing.
Erik Banks (2004) Alternative Risk Transfer: An Integrated Risk
Management through Insurance, Reinsurance and the Capital
Market.
Erik Banks and Richard Dunn (2003) Practical Risk Management: An
Executive Guide to Avoiding Surprises and Losses, John Wiley &
Sons.
Erik Banks (2002) The Simple Rules of Risk: Revisiting the Art of Financial
Risk Management.
Karen, A. Horcher (2005) Essentials of Financial Risk Management.
Kevin Dowd (1999) Beyond Value at Risk: The New Science of Risk
Management.
Peter, F. Christoffersen (2003) Elements of Financial Risk Management.
Philippe Jorion (2010) Financial Risk Manager Handbook, John Wiley &
Sons.
Robert Mark, Dan Galai and Michel Crouhy (2000) Risk Management,
McGraw Hill.
Tony Merna and Faisal (2005) Corporate Risk Management; An
Organisational Perspective.

Unit Two
The Risk Management Process
2.0 Introduction
R
isk management provides a framework for organisations to deal with
and to react to uncertainty. Whilst it acknowledges that nothing in life is
certain, the modern practice of risk management is a systematic and
comprehensive approach, drawing on transferable tools and techniques. These
basic principles are sector-independent and should improve business resilience,
increase predictability and contribute to improved returns.
2.1 Objectives
 define risk management

 describe the risk management process
 describe the risk management techniques
 explain the difference between risk hedging and risk management
 outline the key steps involved in developing a risk management strategy
 articulate the key steps involved in risk profiling
2.2 Risk Management

2.2.1 Definition
Risk management is a shifting concept that has had different definitions and
interpretations. Risk management is basically a scientific approach to the
problem of managing the pure risks faced by individuals and institutions. The
concept of risk management evolved from corporate insurance management
and has as its focal point the possibility of accidental losses to the assets and
income of the organisation.
Those who carry the responsibility for risk management are called risk
managers. The term risk management is a recent creation, but the actual practice
of risk management is as old as civilization itself.
Traditionally, risk management has been confined to the view of risk hedging
or risk reduction. However, risk management is more than risk reduction.
Actually, risk reduction should be seen as a component of risk management,
not the totality of risk management.
Indeed, much of what distinguishes modern economies from those of the past
is the new ability to identify risk, to measure it, to appreciate its consequences,
and then to take action accordingly, such as transferring or mitigating the risk.
Risk management refers to the design and implementation of procedures

for identifying, measuring, and managing risks. It involves assessing the existing
and potential risks facing an organization and developing management strategies
consistent with internal priorities and policies. Addressing risks proactively
may provide an organisation with a competitive advantage.

Unit 2 The Risk Management Process
2.2.2 Importance of risk management

Risk management has become increasingly high profile in recent times, because
of the global financial crisis and the number of high profile corporate failures
across the world that preceded it. Also, risk management has become more
important because of increasing stakeholder expectations and the ever-
increasing ease of communication.
As well as assisting with better decision making and improved efficiency, risk
management can also contribute to the provision of greater assurance to
stakeholders. This assurance has two important components. The directors
of any organisation need to be confident that risks have been identified and
that appropriate steps have been taken to manage risk to an appropriate
level.
2.2.3 Risk management is not risk elimination

It is increasingly common in the corporate world of the twenty-first century
for companies to implement a risk management process to control risks. It is
important to stress at the outset that the exercise relates to controlling risks,
not eliminating them. This is an important distinction because risk is not
inherently bad, and is not a variable that must be removed from corporate
operations at any cost. There are times when it makes sense for a company to
retain, and even increase, its risk exposure, as this helps to increase the value
of the firm to shareholders. The focus is on controlling, that is, understanding
and closely managing risk exposures, so that stakeholders are fully aware of
how the firm might be impacted. The essential element of controlling risks is
ensuring that no surprises arise. Losses are acceptable if the possibility that
they may occur is understood by stakeholders, and if the appropriate economic
evaluation occurs.
Indeed, risk is a game of chance: speculative risks will produce favourable

outcomes and losses, pure risk events only losses. The risk-taking firm must
expect both, and if it is controlling its exposures properly it is helping to increase
its value. Unexpected losses that occur when the company and its stakeholders
have no idea that the firm is exposed to particular types, or amount, of risk,
must be regarded as unacceptable; this essentially means that risk is not being
controlled. The development and use of a formalized risk management process
must therefore be a central part of overall corporate operations and
governance.

2.2.4 The narrow view of risk management

Many risk management offerings are really risk reduction or hedging products,
with little or no attention paid to exploiting risk. In finance, especially, the
definition of risk has been narrowed more and more over time to the point
where risk is defined statistically and is often thought of as a negative when it
comes to assessing value.
The following factors have contributed to the narrow definition of risk

management:
 The bulk of risk management products are risk-hedging products, be
they insurance, derivatives, or swaps. Because these products generate
substantial revenues for those offering them, it should come as no surprise
that they become the centrepieces for the risk management story.
 It is human nature to remember losses (the downside of risk) more than
profits (the upside of risk); we are easy prey, especially after disasters,
calamities, and market meltdowns for purveyors of risk-hedging
products.
 The separation of management from ownership in most publicly traded
firms creates a potential conflict of interest between what is good for
the business (and its stockholders) and what is good for the mangers.
Because it is the managers of firms and not the owners who decide
how much and how to hedge risk, it is possible that the managers will
hedge risks that the owners would never want hedged in the first place.
2.2.5 A more expansive view of risk management

If the allure of risk is that it offers upside potential, risk management has to be
more than risk hedging. Businesses that are in a constant defensive crouch
when it comes to risk are in no position to survey the landscape and find risks
that they are suited to take.
Thus risk management encompasses both risk hedging at one end and strategic
risk taking on the other. Organisations practicing effective risk management
tend to know which risks to ignore, which risks to hedge and; which risks to
actively seek out and exploit, ultimately building sustainable competitive
advantages.

2.3 The Risk Management Process

Because of the vast diversity in risk that firms face, there is no single prescribed
risk management system that works for all firms. Each firm should tailor its
risk management programme to its needs and circumstances. Regardless of
the risk management programme design, the standard risk management process
can be seen as a four-stage process centred on identification, quantification,
management, and reporting. Each element is a vital link in the chain and must
be implemented correctly in order to be effective.
 Risk identification: In order to properly manage risks, firms must
recognize and understand risks that may arise from both existing and
new business initiatives. The identification process centres on identifying
and defining all of the firm's actual, perceived, or anticipated risks. In a
large firm, this might encompass dozens of financial and operating risk
drivers, implying a significant degree of complexity. In some cases risks
are readily identifiable, at other times they are more difficult to discern.
For instance, a firm that produces goods in the US for dollars and sells
them in Japan for yen is exposed to changes in the $/¥ foreign exchange
rate, and identifying this risk is relatively simple. Likewise, a company
that has a factory located in the path of hurricanes can easily identify
potential exposure to catastrophic damage. Alternatively, a firm that
has to purchase power in the spot electricity market when temperatures
rise above 95 degrees Celsius is actually exposed to the absolute level
of, and correlation between, electricity prices and temperature; in this
case the different dimensions of exposure are somewhat more difficult
to identify. This stage of the process is vital, of course, as failure to
properly identify all financial or operating risks impacting the firm may
lead to surprise losses (for example, those coming from an 'unknown'
source). Risk identification should be a continuing process, not a once
off event.
 Risk quantification: The quantification process determines the financial
impact that risks can have on corporate operations. This is typically
done through various quantitative tools. Returning to the $/¥ example,
a company with a foreign exchange exposure will be interested in
knowing, as precisely as possible, the impact of the risk on its profit
and loss (P&L) account (for example, a 5% decline in the value of the
yen might produce a $5m loss). The company with a factory in the
hurricane path may need to quantify a number of different types of
scenarios, including smaller losses from temporary business interruption
(for example, if a hurricane causes damage that forces it to suspend
operations for 2 months) to larger losses from total destruction (for

example, the hurricane destroys the facility beyond repair). Specific

techniques for measuring the financial impact of risks vary widely, and
depend largely on the nature of the underlying exposures. Some, such
as credit and market risks, can be measured through financial
mathematics based on analytic computation, closed-form pricing
models, and simulation methods. Others, such as high-frequency
insurance-related risks, can often be estimated by using actuarial
techniques; certain low-frequency insurance exposures, such as
catastrophic risks, may be modelled through simulation.
 Risk management: After risks have been identified and quantified,
they must be managed. Through the core process of active decision-
making, a firm must decide whether it will control, retain, eliminate or
expand its exposures. For instance, a firm may decide that it is
comfortable retaining a potential loss (or gain) of $10m on its $/¥ foreign
exchange exposure and will constrain it at that level; alternatively, if it
wants to face zero chance of loss, it might eliminate the risk entirely (for
a price). Similarly, the potential cost of sustaining partial or complete
destruction as a result of a powerful hurricane may be too great for the
firm, so it might decide to transfer the exposure entirely. Risk
management decisions ultimately depend on several variables, including
the financial resources of the firm, the operating philosophy of
management, the expectations of shareholders, and the costs and benefits
of various risk strategies.
 Risk monitoring: Once the firm has decided how it wants to manage
its risk profile, it must actively monitor its exposures. This means regularly
tracking and reporting both risks and risk decision experience, and
communicating information internally and externally so that interested
parties (for example, executive management, board directors, regulators,
creditors and investors) are aware of any possible upside or downside.
Good monitoring is especially important for internal decision-makers,
who require feedback in order to assess, and even adjust, their decisions.
Thus, the $/¥ exposure that the firm has chosen to retain must be
measured and reported regularly (for example, daily, weekly) so that
managers are aware of its size and potential impact as the market moves
and the risk position changes. The catastrophic hurricane exposure,
which is unlikely to change very often (unless the firm expands or
contracts the size of its factories), must still be monitored and reported,
but less frequently. An important by-product of the risk-monitoring
process is the ability to change how risks are managed; without such
visibility, a firm's risk strategies remain static. Monitoring thus feeds
back into management.

A schematic view of the generic Risk Management Process is shown below:
Risk Risk Risk Risk

Identification Measurement Management Monitoring
Define and Estimate the Decide how to Track and assess

identify all financial manage all the performance
sources of risk; impact on the risks loss of the risk
actual, firm of all control, loss management
anticipated and risks identified financing or strategy in light
perceived risk reduction of actual
experience
Figure 2.1: The Generic Risk Management Process

(Source: Erik Banks (2004). Alternative Risk Transfer: Integrated Risk
Management through Insurance, Reinsurance and Capital Markets)
This simple sequence of activities, shown above is unfortunately often used to
define risk management as a formal discipline. But it is a sequence that rarely
runs smoothly in practice. Sometimes simply identifying a risk is the critical
problem, while at other times arranging an efficient economic transfer of the
risk is the skill that makes one risk manager stand out from another.
To the unwary, the above risk management process might suggest that risk
management is a continual process of corporate risk reduction. But we must
not think of the modern attempt to master risk in defensive terms alone. Risk
management is really about how firms actively select the type and level of risk
that it is appropriate for them to assume. Most business decisions are about
sacrificing current resources for future uncertain returns. In this sense, risk
management and risk taking are not opposites, but two sides of the same
coin. Together they drive all our modern economies. The capacity to make
forward-looking choices about risk in relation to reward lies at the heart of
the management process of all enduringly successful corporations.

Activity 2.1
?
1. Describe the generic risk management process.
2. Outline the reasons why there is no prescribed risk management system
that works for all firms.
3. Why do you think firms should bother about risk management?
4. "Risk management should be viewed as both a corporate defensive
and offensive strategy". Discuss.
5. Discuss why risk management should not be treated as risk avoidance.
2.4 The Risk Management Techniques

A company with any degree of risk exposure is wise to develop a philosophy
that explicitly indicates its approach to risk and the resources it is willing to
allocate (and potentially lose) in its endeavours. Best practice governance
calls for a firm's board of directors to clearly express risk tolerance (or appetite)
by relating exposures to overall corporate goals, stakeholder expectations,
and financial/technical resources.
Firms that are in business primarily to take risks, and have the financial
resources to support potentially large losses, might choose to take a large
amount of financial and operating risk. For instance, a bank might assume a
considerable amount of credit and market risk as the core of its operation;
given sufficient financial resources and proper controls, it should be able to
actively retain and manage such exposures. Those that are in business primarily
to produce goods or services that are not based on active risk-taking, or
those that lack sufficient financial resources to absorb large losses, are unlikely
to favour significant risk exposure. For instance, a company that produces
automobiles might be exposed to a series of input risks, such as steel and
rubber; these form part of the core business and the board might wish to
manage them by retaining them or hedging a portion of them.
However, in order not to be distracted from its primary operations, it may not
want to assume any risks related to non-core business activities, such as foreign
exchange risk from sourcing raw materials or selling completed automobiles
in other countries; these might not only be a distraction, but they might fall
outside the firm's technical expertise. Assuming that the costs of doing so are
consistent with its risk/return goals, the company may eliminate non-core risks.
The importance of risk management was aptly summed up byAllan Greenspan,

the former chairman of the U.S Federal Reserve Board:

The development of our paradigms for containing risk has emphasized dispersion
of risk to those willing, and presumably able, to bear it. If risk is properly
dispersed, shocks to the overall economic system will be better absorbed and
less likely to create cascading failures that could threaten financial stability.
2.4.1 Four broad risk management techniques

Once risks have been identified and assessed, all techniques to manage the
risk fall into one or more of four major categories. Some ways of managing
risk fall into multiple categories:
 Risk transfer means causing another party to accept the risk, typically
by contract or by hedging
 Risk avoidance includes not performing an activity that could carry
risk. An example would be not buying a property or business in order
not to take on the liability that comes with it
 Risk reduction (mitigation) involves methods that reduce the severity
of the loss. Examples include sprinklers designed to put out a fire to
reduce the risk of loss by fire, even though water damage can be severe
 Risk acceptance (retention) involves accepting the loss when it occurs.
True self insurance falls in this category. Risk retention is a viable strategy
for small risks where the cost of insuring against the risk would be
greater over time than the total losses sustained.
A convenient "rule of thumb" related to risk management techniques suggests
that core risks - those that are central to a firm's daily business - should be
retained, while non-core risks - those that are a by-product of daily business
- should be transferred or hedged. The premise is that a company has
information and expertise regarding its core risks and, therefore, great ability
to manage its exposures intelligently (for example, safely, efficiently, and cost-
effectively). Exposure to risks where it lacks knowledge or competitive
advantage can be more dangerous and costly.
The risk management decision process is complicated and must generally be

considered through a rigorous analytical framework, such as a cost/benefit
analysis. This can help a company to determine how it should manage its
individual and aggregate risk exposures in order to maximize value.
2.4.2 Risk hedging versus risk management

The key to successful risk management in a business is the decomposition of
risk into risk that should be passed on to investors in the company, risk to be
hedged or avoided and risk to be exploited.

While risk hedging focuses on reducing or eliminating risk, risk management

encompasses reduction of some risks, ignoring other risks, and seeking out to
exploit others. Table 2.0 below shows some of the distinguishing features of
risk hedging and risk management.
Table 2.1 Risk Hedging versus Risk Management
Risk hedging Risk management
View of risk Risk is a danger Risk is a danger and an

opportunity
Objective To protect against the To exploit the upside
downside of risk created by uncertainty
Functional Financial Strategic, stretching across
emphasis all functions
Process Product oriented. Process oriented. Identify
Primarily focused on the key risk dimensions and try
use of derivatives and to develop better ways of
insurances to hedge handling and taking
against risks advantage of these risks
than the competition
Mostly suitable for Smaller firms with high Larger firms in volatile
financial leverage and businesses with significant
substantial distress costs potential or excess returns
(if successful)
(Source: Aswath Damodaran (2008) Strategic Risk Taking- A Framework

for Risk Management)
2.5 Developing a Risk Management Strategy

To deal with risk effectively, firms should follow the key five steps listed below:
2.5.1 Make an inventory of possible risks

The process has to begin with an inventory of all the potential risks that a firm
is exposed to. This will include risks that are specific to the firm, risks that
affect the entire sector, and macroeconomic risks that influence the firm value.
2.5.2 Decide whether to hedge or not

Having made an inventory of risks, the firm has to decide which risks it will
attempt to hedge and which ones it will allow to flow through to its investors.
The size of the firm, the type of stockholders that it has, and its financial

leverage, will all play a role in making this decision. In addition, the firm has to
consider whether investors can buy protection against the risks in the market
on their own.
2.5.3 Choose risk-hedging products

If a firm decides to hedge risk, it has a number of choices. Some of these
choices are market traded (currency and interest rate derivatives, for example),
some are customized solutions (prepared by investment banks to hedge against
risk that may be unique to the firm), and some are insurance products. The
firm has to consider both the effectiveness of each of the choices and the
costs.
2.5.4 Determine the risk or risks that you understand better

or deal with better than your competitors
This is the step where the firm moves from risk hedging to risk management
and from viewing risk as a threat to risk as a potential opportunity. Why
would one firm be better at dealing with certain kinds of risk than its
competitors? It may have to do with experience. A firm that has operated in
emerging markets for decades clearly will have a much better sense of both
what to expect in a market meltdown and how to deal with it. It may also
come from the control of a resource - physical or human - that provides the
company an advantage when exposed to the risk. Having access to low-cost
oil reserves may give an oil company an advantage in the event of a drop in oil
prices, and having a top-notch legal staff may give a tobacco company a
competitive advantage when it comes to litigation risk.
2.5.5 Devise strategies to take advantage of your differential

advantage in the long term
In the final step in the process, firms build on their competitive edge and lay
out what they will do to create the maximum benefit. The oil company with
low-cost reserves may decide that it will use its cost advantage the next time
oil prices drop to acquire oil companies with higher-cost reserves and high
leverage.
It should be noted that risk hedging and risk management are not mutually
exclusive strategies. In fact, risk hedging should be considered to be part of
broader risk management strategy where protecting against certain types of
risk and trying to exploit others go hand in hand.

2.6 Developing a Risk Profile

The risk profile of a firm is unique. It describes the risk characteristics of the
firm. The combination of the firm's business, products, markets, and people
makes each firm's exposure to risk unique. The risk profile of any firm depends
on the following attributes:
 risk tolerance
 financial position within the industry
 management culture, stakeholders
 the competitive landscape in which the firm operates
Every business faces risk and the first step in managing risks is making an
inventory of risks, and get a measure of the exposure to each risk. There are
four steps involved:
2.6.1 List all the risks

List all risks that a firm is exposed to, from all sources and without consideration
to the type of risk.
2.6.2 Categorize the risks

A listing of all risks that a firm faces can be overwhelming. One step toward
making the risks manageable is to sort them into broad categories. Categorizing
the risks organizes them into groups and is a key step toward determining
what to do.
2.6.3 Measure exposure to each risk

A logical follow-up to categorizing risk is measuring exposure to risk. To
make this measurement, though, we first have to decide what it is that risk
affects. At its simplest level, we can measure the effect of risk on the earnings
of a company. At its broadest level, we can capture the risk exposure by
examining how the value of a firm changes as a consequence.
2.6.4 Analyze the risks

After we have listed, categorized, and measured risk exposure, the last step
in the process requires us to consider the choices we can make in dealing with
each type of risk. Not all choices are feasible or economical with all risks, and
it is worthwhile making an inventory of the available choices with each one.

Risk profiles should be subjected to constant reviews to account for changes

taking place within the firm's business environment and internal processes.
Therefore, risk profiling is not a once off activity but is a continuous process.
Activity 2.1
1. Discuss the difference between risk hedging and risk management.
? 2. List and explain the key steps involved in developing a risk management
strategy.
3. Give reasons why risk profiling is critical in the risk management process.
4. Risk Management is a form of engineering; it uses science but ultimately
depends on judgment. Discuss.
2.7 Summary
The unit has proffered the definitions of risk management, both from the narrow
and more expanded views. The unit established that risk hedging should be
seen as one of the pieces that constitute risk management. Risk management
and risk taking are not opposites but are complementary corporate activities.
The unit also outlined the risk management process and the various risk
management techniques that can be employed to manage risk.

References
Market.
Sons.
Risk Management.
Karen A. Horcher (2005) Essentials of Financial Risk Management.
Sons.
McGraw Hill.

Unit Three
The Risk Management

Framework
3.0 Introduction
T
he risk management process cannot take place in isolation or in a vacuum.
It needs to be supported by a framework within the organisation. This
unit will cover the risk governance process; which is the framework
within which risk management activities are performed.
3.1 Objectives
 describe the general risk governance process

 explain the building blocks of an effective risk management system
 outline the importance of risk policies and risk limits in the risk
management process
 describe the functions of risk committees, risk management function,
and internal audit
3.2 Risk management and Corporate Governance

Governance permits articulation of the firm's risk mandate, establishment of a
structure that provides for authority, delegation and accountability, and
development of a control framework. Risk management cannot exist in a
vacuum; in order to be an effective part of a corporation's processes and
culture, management and communication links between the board of directors,
executive managers, business units and control functions must be strong.
Risk governance must involve all relevant parties and should be sanctioned
by the firm's leadership; there is little point in creating a risk control process if
the underlying vision is not shared by senior executives, business managers
and risk takers.
Proper risk governance - which requires active participation by the board of

directors (to sanction the process), a risk committee (to guide the process),
an independent risk management function (to manage the daily process), internal
audit and other control functions (to audit and strengthen the process)-helps
ensure that a firm develops a robust framework to control risks.
Governance fosters continuous communication between senior management,

business unit professionals and control personnel, and ensures that external
parties are apprised of all relevant issues.

Unit 3 The Risk Management Framework
A governance process can thus be regarded as the structure that gives a risk
philosophy its shape and form. The general governance process is shown in
Figure 3.1 below:
Board of Directors
Risk mandates,
appetite,
authorities
Reporting
Risk Committee
Broad limits,
policies & External Parties
authorities (Regulators,
Internal Audit Auditors)
Independent Risk
Function
Audit Specific limits

Reviews Reporting
Business Units
Figure 2.0 General Governance Process

(Source: Erik Banks, 2002; The Simple Rules of Risk: Revisiting the Art

Activity 3.1
? 1. What are the building blocks of an effective risk management system?

2. Why do you think the risk governance process is a precondition for
effective risk management?
3.2.1 Board of directors

The board of directors creates a risk mandate which defines the risk appetite
and operating parameters; sanctions the creation of a risk committee and risk
policies. The risk mandate may delegate specific risk authorities to senior
officials within the firm.
3.2.2 Risk committees

The risk committee, chaired by the chief risk officer, and comprised of senior
business unit and control managers, is charged by the board with creating a
risk process that includes development of risk policies and establishment of
high level risk limits that reflects the firm's risk appetite.
The risk committee may delegate risk authorities to the chief risk officer in his
or her role as head of the firm's independent risk management function. The
chief risk officer, in his turn, may sub-allocate risk authorities to senior market
and credit risk officers, who can then exercise decision-making authority within
set parameters.
Assuming risks in excess of authorities should, in most cases, be elevated

through the governance structure. The chief risk officer may be granted authority
by the risk committee to exceed pre-established limits by a certain percentage
without first reporting back to the committee. The committee might itself be
granted similar approval authority by the board. Any requests in excess of a
priori approval levels might require the full board to convene.
This type of approach ensures that the corporate governance structure is

flexible enough to accommodate the demands of a fast moving market place.
This approach instils discipline and accountability by ensuring that the board
and risk committee are aware of, and accountable for, all risks within the firm.
The board, of course, has ultimate responsibility.

3.3 The Building Blocks of Risk Management

A sound risk management system should have the following elements:
 active board and senior management oversight
 adequate policies, procedures and limits
 adequate risk measurement, monitoring and management information
system (MIS)
 comprehensive internal controls
3.3.1 Active board and senior management oversight

Boards of directors have ultimate responsibility for the level of risk taken by
their institutions. Accordingly, they should approve the overall business
strategies and significant policies of their institutions, including those related to
managing and taking risks, and should also ensure that senior management is
fully capable of managing the activities that their institutions undertake. While
all boards of directors are responsible for understanding the nature of the
risks significant to their institutions and for ensuring that management is taking
the steps necessary to identify, measure, monitor, and control these risks, the
level of technical knowledge required of directors may vary depending on the
particular circumstances at the institution.
Directors should have a clear understanding of the types of risks to which

their institutions are exposed and should receive reports that identify the size
and significance of the risks in terms that are meaningful to them. In fulfilling
this responsibility, directors should take steps to develop an appropriate
understanding of the risks their institutions face, possibly through briefings
from auditors and experts external to the institution. Using this knowledge
and information, directors should provide clear guidance regarding the level
of exposures acceptable to their institutions and have the responsibility to
ensure that senior management implements the procedures and controls
necessary to comply with adopted policies.
Senior management is responsible for implementing strategies in a manner

that limits risks associated with each strategy and that ensures compliance
with laws and regulations on both a long-term and day-to-day basis.
Accordingly, management should be fully involved in the activities of their
institutions and possess sufficient knowledge of all major business lines to
ensure that appropriate policies, controls, and risk monitoring systems are in
place and that accountability and lines of authority are clearly delineated. Senior
management is also responsible for establishing and communicating a strong
awareness of and need for effective internal controls and high ethical standards.

Meeting these responsibilities requires senior managers of an institution to

have a thorough understanding of banking and financial market activities and
detailed knowledge of the activities their institution conducts, including the
nature of internal controls necessary to limit the related risks.
3.3.2 Adequate policies, procedures, and limits

An institution's directors and senior management should tailor their risk
management policies and procedures to the types of risks that arise from the
activities the institution conducts. Once the risks are properly identified, the
institution's policies and its more fully articulated procedures should provide
detailed guidance for the day-to-day implementation of broad business
strategies, and generally include limits designed to shield the institution from
excessive and imprudent risks. While all institutions should have policies and
procedures that address their significant activities and risks, management is
expected to ensure that they are modified when necessary to respond to
significant changes in the firm's activities or business conditions.
Risk policies…
Risk policies that define a firm's risk-taking activities should be created by the
independent risk function, approved by the risk committee and sanctioned by
the board. Risk policies are typically designed to express what can, and cannot,
be done in individual risk-taking businesses and products. In order for business
leaders to understand the constraints placed on their operations, they must be
able to refer to a policy document which outlines, as succinctly as possible,
the control parameters of the business. Risk policies must cover any business
activity that generates risk; failure to apply a risk policy when required could
lead to unexpected losses.
Policies should be as clear, and unambiguous, as possible; under no

circumstances should they be subject to "interpretation." To ensure that a
firm's policies, procedures, and limits are adequate, the same should at minimum
address the following:
 policies, procedures, and limits should provide for adequate
identification, measurement, monitoring, and control of the risks posed
by its significant activities
 policies, procedures, and limits should be consistent with management's
experience level, the institution's stated goals and objectives, and the
overall financial strength of the institution

 policies should clearly delineate accountability and lines of authority

across the institution's activities
 policies should provide for the review of activities new to the banking
institution to ensure that the infrastructures necessary to identify, monitor,
and control risks associated with an activity are in place before the
activity is initiated
Risk limits
Risk limits are generally used to numerically define a firm's risk appetite and
effectively constrain the amount of risk that can be taken or granted in specific
markets, assets or credits. Though they are only one tool in the arsenal of the
independent risk function, they are perhaps the most useful, and tangible,
mechanism for controlling risk. Limits also provide a common communication
link between risk officers and business managers.
A suite of risk limits that properly constrains all risks that have been identified
is a necessary dimension of effective risk management. Limits must be
constructed and applied in a way that corrals all exposures; failure to limit a
significant exposure can lead to potential losses. A balance, however, must be
struck. At a certain point, a matrix of limits that seeks to constrain risk in
combinations that are unlikely to occur can be counterproductive. A great
deal of time may be spent trying to compute exposures and interpret risk limit
matrices that may serve no practical purpose. It is far more useful for a risk
officer to create limits that control the critical risk dimensions of a business.
Indeed, risk limits should exist to control the exposures of a specific business;
since individual desks may have very different risk measures, it is likely that
some aggregation of risk limits will be required at higher levels within the
governance structure.
Striking the right balance of limits is a critical part of the risk management
process. Risk officers should resist imposing too many limits, which creates a
tedious and unworkable process, but must not impose too few limits, which
might allow risks to go unmanaged.
Risk limits should neither be too restrictive nor too lax, as the former case
causes firms to lose out potential business opportunities while the latter allows
firms to absorb huge risks.

3.3.3 Adequate risk monitoring and management information

systems
Effective risk monitoring requires institutions to identify and measure all material
risk exposures. Consequently, risk monitoring activities must be supported
by information systems that provide senior managers and directors with timely
reports on the financial condition, operating performance, and risk exposure
of the institution, as well as with regular and sufficiently detailed reports for
line managers engaged in the day-to-day management of the institution's
activities.
Institutions should have risk monitoring and management information systems

in place that provide directors and senior management with a clear
understanding of the banking institution's positions and risk exposures.
In order to ensure effective measurement and monitoring of risk and

management information systems, the following should be observed:
 the institution's risk monitoring practices and reports should address all
of its material risks
 key assumptions, data sources, and procedures used in measuring and
monitoring risk should be appropriate and adequately documented and
tested for reliability on an on-going basis
 reports and other forms of communication should be consistent with
the institution's activities, structured to monitor exposures and compliance
with established limits, goals, or objectives and, as appropriate, compare
actual versus expected performance
 reports to management or to the institution's directors should be accurate
and timely and contain sufficient information for decision-makers to
identify any adverse trends and to evaluate adequately the level of risk
faced by the institution
3.3.4 Adequate internal controls

An institution's internal control structure is critical to the safe and sound
functioning of the institution generally and to its risk management system, in
particular. Establishing and maintaining an effective system of controls, including
the enforcement of official lines of authority and the appropriate separation of
duties such as trading, custodial, and back-office is one of management's
more important responsibilities. Indeed, appropriately segregating duties is a
fundamental and essential element of a sound risk management and internal
control system. Failure to implement and maintain an adequate separation of
duties can constitute an unsafe and unsound practice and possibly lead to
serious losses or otherwise compromise the financial integrity of the institution.

Serious lapses or deficiencies in internal controls, including inadequate

segregation of duties, may warrant supervisory action, including formal
enforcement action. When properly structured, a system of internal controls
promotes effective operations and reliable financial and regulatory reporting,
safeguards assets, and helps to ensure compliance with relevant laws,
regulations, and institutional policies. Ideally, internal controls are tested by an
independent internal auditor who reports directly either to the institution's board
of directors or its audit committee. Given the importance of appropriate internal
controls, the results of audits or reviews, whether conducted by an internal
auditor or by other personnel, should be adequately documented, as should
management's responses to them.
In order to ensure the adequacy of an institution's internal controls and audit

procedures, the following should be observed:
 The system of internal controls should be appropriate to the type and
level of risks posed by the nature and scope of the institution's activities
 The institution's organisational structure should establish clear lines of
authority and responsibility for monitoring adherence to policies,
procedures, and limits
 Reporting lines should provide sufficient independence of the control
areas from the business lines and adequate separation of duties
throughout the institution such as those relating to trading, custodial,
and back-office activities
 Official institutional structures should reflect actual operating practices
 Financial, operational, and regulatory reports should be reliable, accurate
and timely; wherever applicable, exceptions are noted and promptly
investigated
 Adequate procedures for ensuring compliance with applicable laws
and regulations should be in place
 Internal audit or other control review practices should provide for
independence and objectivity
 Internal controls and information systems should be adequately tested
and reviewed; the coverage, procedures, findings, and responses to
audits and review tests should be adequately documented; identified
material weaknesses should be given appropriate and timely high level
attention; and management's actions to address material weaknesses
should be objectively verified and reviewed
 The institution's audit committee or board of directors should review
the effectiveness of internal audits and other control review activities on
a regular basis

Ineffective internal control processes

A risk process that is ineffective in controlling risk is itself, an incremental
source of risk. A firm that believes its risk process is effective when it really is
not derives a false sense of comfort that might lead it to do things it would not
ordinarily do-such as assuming larger risks or expanding into new markets;
and this can lead to potentially severe consequences.
Factors contributing to an ineffective risk process include:

 senior management may not be an active participant in, or supporter
of, risk management, meaning the function has little authority
 the governance structure may be flawed, with directors, senior executive
managers or risk committee members shirking responsibilities
 the staff of the independent risk function may be comprised of relatively
junior and inexperienced professionals who are not fully capable of
dealing with the intricacies the discipline demands
 violators of risk policies and limits may go unpunished
 risk models and analytics may be overly flawed and of limited value in
managing risk
Internal Audit Function

In order to ensure that the risk governance structure in general, and the risk
management process in particular, operates in an effective manner, regular
audits should be performed by the firm's internal audit function. The audit
programme should be thorough enough to identify potential failures in risk
process, communication, policy, enforcement, and so on.
Large firms often have auditors dedicated to ongoing review of the risk
function. Since the discipline is specialized, and since it covers a diverse group
of areas (including credit risk, market risk, risk technology, quantitative risk,
and so on), this is often an effective use of resources. When dedicated risk
auditors are available, they can review individual components of the risk
process; by the time they have completed their overall work they will be
ready to commence the process again.
Smaller firms that do not have the resources necessary to hire dedicated risk
auditors may opt to conduct general external audits of the governance process;
these can be supplemented by reviews of select "priority" areas. For example,
if a firm has implemented a new risk technology platform that produces risk
aggregation and reporting for management and regulators, a specific audit of
the platform is advisable. Likewise, if special limits have been created to cap

a specific type of risk, an audit of their efficacy in controlling risk exposure

might be warranted.
3.4 The Risk Management Function

Firms should institute a setup that supervises overall risk management within
the firms. Such a setup could be in the form of a risk manager, committee or
department depending on the size and complexity of the institution. Ideally,
overall risk management function should be independent from those who take
or accept risk on behalf of the institution. Where individuals responsible for
overall risk management function are involved in day to day operations, then
sufficient checks and balances should be established to ensure that risk
management is not compromised. Overall risk management function provides
an oversight of the management of risks inherent in the institution's activities.
The function must carry stature, experience and authority in order to command
respect. It must possess the right mix of skills.
The function is tasked to:

 identify current and emerging risks
 develop risk assessment and measurement systems
 establish policies, practices and other control mechanisms to manage
risks
 develop risk tolerance limits for senior management and board approval
 monitor positions against approved risk tolerance limits
 report results of risk monitoring to senior management and the board
However, it must not be construed that risk management is only restricted to
individual(s) responsible for overall risk management function. Business lines
are equally responsible for the risks they are taking. Because line personnel,
more than anyone else, understand the risks of their activities, and a lack of
accountability on their part can run counter to sound and effective risk
management.
3.5 Preserving an Institutional Memory of Risk

Every organisation is exposed to personnel turnover; either within or outside
the firm, it is important to create a mechanism that allows the memory of
institutional risk management to be preserved. This allows a firm to continually

expand its core knowledge base. Any device that preserves risk memory will
help build a stronger risk culture.
The following different mechanisms can be used to preserve an institutional

memory:
 requiring senior managers within the firm's top management committee
to be involved with risk issues on an ongoing basis (for example, by
becoming participants in the risk governance process)
 documenting in detail how different risk structures have evolved, how
different financial crises have impacted risk-bearing operations and what
lessons have been learned during market dislocations, and making such
material part of the ongoing risk education process
 rotating key trading managers through the risk management function so
that they develop, and disseminate, an understanding of the risk function
 permitting risk managers to rotate through different parts of the
organisation so that they can impart risk knowledge to a broader
audience
3.6 A Risk Crisis Management Programme

When a market crisis or some other disruptive event strikes, it is important for
a firm to be able to immediately activate a pre-established crisis management
programme with an appropriate "chain of command." This helps ensure that
critical risk and funding tasks are prioritized, information is directed to the
right parties and timely decisions are taken.
It is virtually impossible to create an effective "emergency" risk process while

a crisis is underway. Communication links are poor, misinformation
characterizes most activities, and actions may be taken on the basis of erroneous
facts. Accordingly, it is crucial to establish a crisis management process in
advance of any dislocation. Given the relative frequency of financial dislocations
over the past two decades, this effectively means that a firm needs to establish
a programme as a priority. By creating a crisis programme a firm's senior
executives can quickly focus their attention on areas that might be impacted
by market stress; accessing funding on an emergency basis, "liquefying" the
balance sheet, neutralizing risk positions with proxy hedges, and so forth.
By instituting a well publicized "chain of command" risk officers, treasury

officers and business unit managers know whom to contact, how to share
information and how to escalate news and information so that risk and financial
decisions can be made quickly.

For instance, once a crisis is underway the chain of command might require
junior risk mangers to elevate issues directly to the senior risk officer or chief
financial officer; they, in turn, might have direct access to a subgroup of board
members in order to advise on risk decisions or seek approval for exceptional
circumstances. Senior business leaders might receive special dispensation to
approve certain risk-related trades on a unilateral basis.
Any crisis management programme that temporarily circumvents established

governance procedures must, of course, be well defined, codified and
approved by the governance parties before being implemented. The process
should also define when temporary crisis measures are no longer required
and when business and control procedures are expected to return to normal.
Activity 3.2
1. Why do you think the independence of the risk management function
? in an organisation is a critical element of the risk management process?
2. Distinguish between the role of the risk management and internal audit
function in an organisational setup.
3. Explain the importance of effective limits in risk management.
4. Describe the relationship between risk management and corporate
governance.
5. Explain the benefits of having a risk crisis management programme in
place?
6. What are the benefits of preserving an institutional memory of risk in
an organisation set up?
3.7 Summary
The unit has described in detail the four main building blocks of a sound risk
management system which comprise adequate board and senior management
oversight; adequate policies, procedures and limits; adequate risk monitoring
and management information systems; and adequate internal controls. Any
shortfall in any one of the building blocks would produce a flawed risk
management system.

References
Aswath Damodaran (2003) Strategic Risk Taking. A Framework for
Risk Management, Wharton School Publishing.
Market.
Sons.
Erik Banks (2002) The Simple Rules of Risk: Revisiting the Art of
Financial Risk Management.
John Besis (1998) Risk Management in Banking, John Wiley & Sons.
Peter F. Christoffersen (2003) Elements of Financial Risk Management.
Philippe Jorion (2010) Financial Risk Manager Handbook, John Wiley
& Sons.
McGraw Hill.

Unit Four
Enterprise-wide Risk
Management Framework
4.0 Introduction
T
he silo-approach to risk management has not produced the desired
results as demonstrated by a string of corporate failures in recent times,
the fresh one being the credit crisis that started in 2007. The argument
for firm-wide risk management has gathered momentum and some organisations
have already started implementing the system and reaping the benefits thereof.
This unit covers the main features of enterprise-wide risk management and
the motivations for establishing the same.
4.1 Objectives
 define enterprise-wide risk management

 explain the motivation for enterprise-wide risk management
 describe the key features of the enterprise-wide risk management
systems
 outline the key steps in the enterprise-wide risk management system
4.2 Definition of Enterprise-wide Risk Management

The Committee of Sponsoring Organisations (COSO) defines enterprise risk
management as:
"a process, effected by an entity's board of directors, management and other

personnel, applied in a strategy setting and across the enterprise, designed to
identify potential events that may affect the entity, and manage risk to be within
its risk appetite, to provide reasonable assurance regarding the achievement of
entity objectives".
The concept behind the ERM framework is to provide a model for

organisations to consider and understand their risk-related activities at all levels
of the organisation as well as their impacts on one another.
Enterprise-wide risk management is a technique for managing risk holistically

and for closely linking risk management to the financial and business objectives
of the firm. Risk is managed in an integrated fashion, across business units,
business functions and sources of risks.
4.3 The Concept of Enterprise-wide Risk

Management
Enterprise risk management considers all the risks faced by the firm and
attempts to integrate these disparate risks into a single unified analytical
framework. Traditionally, risk has been managed in the compartments of
financial risk, operating risk, and credit risk. Rather than allowing risk to remain
in such "silos," enterprise risk management insists that these must be brought
together into one system of risk management.

Unit 4 Enterprise-wide Risk Management Framework
Enterprise-wide risk management promotes a "big picture" approach to risk

management. It recognizes that various events may converge to increase a
firm's risk exposure and resulting losses.
4.4 Motivation for Enterprise-wide Risk

Management
The following are some of the reasons why it is important to analyze and
manage risk in a global integrated fashion:
 Examining risk factors in isolation makes it difficult to understand
interrelationships and correlation among risk factors. This increases risk
management costs, since firms may unnecessarily hedge certain risks
that are in reality offset by others
 Many risks are interrelated; traditional risk management fails to address
the interrelations and correlations between risks. With the enterprise-
wide risk management approach, the interrelationships between risks
are identified so that the total risk exposure of the firm may be compiled
 A fragmented approach to risk management increases the likelihood of
ignoring material risks. Even for known risks, it is important to consider
their impact on the firm as a whole. Otherwise mitigation attempts may
only introduce new risks or shift the risk to less visible parts of the firm
 Failure to consider risk interactions can cause firms to grossly
underestimate their risk exposures
 Measuring risk on a wider basis prevents the tendency by business
units of moving risks to where they are less visible and measured
Some firms are adopting enterprise-wide risk management in response to
direct and indirect pressures from corporate governance bodies and institutional
investors. Failures in corporate risk management have led to efforts by
regulators, rating agencies, stock exchanges, institutional investors and
corporate governance oversight bodies to insist that senior management and
directors take greater responsibility for managing risks on an enterprise-wide
scale.

4.5 Key Steps in the Enterprise-wide Risk

Management Process
The process of developing a strategy to manage risks on an integrated basis
consists of the following logical steps:
4.5.1 Identification of risks

The programme begins with an identification of all sources of risk that might
impact a firm. According to proper governance, a company should feature a
team of skilled professionals that can accurately identify all sources of risk.
Identification should focus on causes, consequences, and timing. During this
assessment stage it is also important for a firm to prioritize any exposures it
identifies. A company is bound to have dozens, perhaps even hundreds, of
sources of risk, and not all of them can be given the same level of attention;
some will invariably have a much larger significance on the volatility of earnings
or the structure of the balance sheet, and must therefore be given proper
priority.
4.5.2 Disaggregation of risks

Every risk identified must be isolated and decomposed so that it can be analyzed
and understood. In many instances this is quite easy to do, particularly if the
risk is transparent; in other cases it is more difficult, as the risk might be
embedded with others.
4.5.3 Quantification of disaggregated risks

The economic impact of each disaggregated risk must be estimated in order
to determine its contribution to the total risk profile of the firm and its effect on
cash flows and the balance sheet. Quantification can take a variety of forms,
including financial analytics, simulation, actuarial techniques, regression/factor
analysis, scoring, and so on, and must take account of potential time frames
during which losses might occur.
4.5.4 Mapping of risks

Once disaggregated, risks must be analyzed through a correlation process to
enable the firm to determine how each source of risk interacts with others.
The end result is often a correlated map of risks that reveals how specific
sources of risk impact the totality of a firm's operations (for example, whether

they are reduced or amplified when particular events occur); this leads to a
summary of interdependencies.
4.5.5 Analysis of risk interdependencies

With mapping information on interdependencies, a firm can identify natural
hedges within its existing portfolio and consider diversification techniques to
reduce its overall cost of risk. This typically centres on using uncorrelated or
negatively correlated risks to produce mini-risk portfolios. The analysis stage
should include testing of "what if" scenarios under stressed market conditions,
and inclusion/exclusion of risk variables from the portfolio; these actions can
help to reveal weak points or possible changes in portfolio dynamics as risk
exposure correlations change and losses (or gains) mount. It is important for
a company to consider the impact of loss from low-frequency/high-severity
events that it may never have experienced previously. Since these may be
new and unique, the apparent cost of risk transfer may well outweigh any
supposed gains; accordingly, a simulation process, which can clearly
demonstrate how the cost/benefit trade-off can change under different
scenarios, is an important part of the process.
4.5.6 Creation of an integrated programme

The end goal of the process should be the creation of a programme with a
lower cost of risk than can be obtained through incremental management. If
this cannot be achieved, then no increase in enterprise value is possible through
the integrated programme.
4.5.7 Monitoring of results

The Enterprise Risk Management (ERM) process does not end once a
programme has been implemented. Risk management is dynamic, and impacted
by internal and external events, meaning the review of an ERM programme
must be just as dynamic. Again, good governance requires that appropriate
tools/metrics and regular audits/reviews be put in place to gauge the efficacy
of the programme. If necessary, a firm must be prepared to adjust the
programme as shortcomings are discovered, new risks are added, market
variables shift, the firm's operating strategies change, and so on.

4.6 Main features of the Enterprise-wide Risk

Management System
Any ERM system has the following basic features:
4.6.1 Centralized data warehouse

This is where the firm's critical risk data is kept and stored. Establishing a
centralized data warehouse requires that the firm get to grips with enormous
mass of information, establish standardized procedures across the firm, collect
and clean data from every business unit.
4.6.2 Analytics systems

There is need for an analytics system to process data into meaningful
information. These systems will depend on the risks the firm and the level of
sophistication required by management.
4.6.3 Monitoring and evaluation

The analytics of an ERM system would feed into centralized systems of
monitoring and evaluation. These would include:
 Systems to verify data and flag up data problems
 One or more systems to monitor and enforce compliance with position
limits and other constraints on decision makers
 Systems to collect and process data for purposes of risk adjustment
and performance evaluation
 Systems to validate pricing and models used for analytical purposes
4.6.4 Decision making

The output produced by these systems then feed into the risk measurement
and risk management purposes. Reports on data verification problems and
compliance issues would be fed to the people responsible for ensuring that
data are sound and that limits are complied with. Some output would be
inputted directly into the computer systems that enable decision makers to
choose between alternative positions.

4.7 Overall Comments on the Enterprise-wide Risk

Management System
The enterprise risk management movement has prompted companies to
consider their exposure to all categories of risks. Companies that implement
enterprise risk management must be careful to ensure that they coordinate
their risk management activities across all categories of risks.
Enterprise-wide risk management also requires changes to organisation,

business processes, and staffing. It centralizes risk management decision making
to optimize the allocation of investment to various risk mitigation activities.
Many companies have created the position of a chief risk officer, who reports
to the chief executive officer, to oversee the management of risk across the
enterprise. The shift in decision-making authority from line functions to the
chief risk officer is likely to have political implications that should not be
underestimated.
New business processes must also be designed and implemented to manage

the flow of information and decisions among the various risk management
groups and the chief risk officer.
It is also helpful to recruit or develop staff that has experience in a broad

range of risk products and markets, that is, risk management generalists, to
overcome the trend toward specialization.
Organisational, process, and staffing changes can prove to be a greater hurdle

to overcome in implementing integrated risk management. Notwithstanding
the analytical and organisational challenges in implementing integrated risk
management, the benefits are worth it.
The creation of a chief risk officer position in many companies indicates the
critical role risk management plays in the current economic environment.
Companies compete in their ability to manage risks as well as their ability to
generate returns. Investors, analysts, rating bureaus, and regulators are now
paying closer attention to companies' ability to control risks and are rewarding
or penalizing them accordingly. An incremental approach to implementing
integrated risk management that provides time to overcome its challenges, yet
conveys to the markets the focus on risk management, provides the best
balance between risk and opportunity.

Activity 4.1
? 1. Compare and contrast the silo-approach and the enterprise-wide risk

management systems.
2. Outline the key benefits of the enterprise-wide risk management system.
3. What are the challenges of implementing the enterprise-wide risk
management framework?
4. What are the key steps involved in the enterprise-wide risk management
process?
4.8 Summary
Enterprise-wide risk management has recently gained momentum in the
corporate world in response to recent financial crises. The silo-approach risk
management fails to account for interrelationships and correlations between
different categories of risk. As a result, firms were underestimating their total
risk exposures. Enterprise-wide risk management is a further development
that involves managing risk on a firm wide basis. It takes into account the
interconnections and correlations between risks.

References
Market.
Sons.
Risk Management.
Sons.
Robert R. Moeller (2007) COSO Enterprise Risk Management:
Understanding the New Integrated ERM framework.


Unit Five
Market Risk Management
5.0 Introduction
T
his unit focuses primarily on the main types of market risk which are:
directional risk; curve risk, volatility risk, time decay risk, spread risk,
basis risk and correlation risk. The unit also discusses the main sources
of market risk, and these include positions in equity markets, foreign exchange
markets, money markets and options markets.
5.1 Objectives
 define market risk

 outline the main sources and components of market risk
 explain the different types of market risk
 describe the three main methods used in the measurement of market
risk
 explain the various ways of controlling market risk
5.2 Definition
Market risk is the risk of loss due to unfavourable movements in market
prices. It results from the volatility of positions taken in the four fundamental
economic markets: interest-sensitive debt securities, equities, currencies, and
commodities. The volatility of each of these markets exposes institutions to
fluctuations in the price or value of marketable financial instruments.
5.3 Common types of Market Risk

Some of the most common types of market risk are given as follows:
5.3.1 Directional risk

Directional risk is the risk of loss due to an adverse move in the direction of
the underlying reference asset. Changes in market direction happen because
supply and demand forces are constantly at work - bargains struck between
buyers and sellers set asset prices. These move both up and down and are
used as reference points for valuing many outstanding assets.
Measurement of directional risk

Some asset prices move in tandem with the latest bargain struck between
buyers and sellers. Others move differently. Assets that are the same as those
in the latest bargain price obviously move accordingly. For example, the value
of Old Mutual stock moves up and down with the latest price on the Zimbabwe
Stock Exchange. These assets are referred to as "cash" or "spot" assets or
positions. Financial instruments or contracts that mimic their movement (such
as a futures contract or a forward contract) are considered linear, that is, a

Unit 5 Market Risk Management
small increase in the market leads to the same small increase in the value of a
long position, while a large increase in the market leads to the same large
increase in the value of a long position. The opposite is true for a short position:
if the price of Old Mutual rises by 1, the contract value falls by 1 and if it falls
by 10, the contract value rises by 10.
Contracts that are non-linear behave differently. While a small increase in the
market leads to the same small increase in the value of a long cash position, a
large market increase leads to an even larger increase in the value of the long
call option position. Now a 10 point market increase could lead to an 11
point contract value increase, a 20 point market increase could lead to a 24
point contract value increase, and so on.
The rate at which the contract value changes relative to the reference
asset is known as the delta and is an important measure of directional
risk. Thus, if a contract has a delta of 0.5, a unit change in the market creates
a 0.5 change in the contract. The rate at which delta changes is known as the
gamma and is a reflection of the non-linearity of the contract - the greater the
gamma, the greater the non-linearity, the greater the change in contract value
for some large market change.
The distinction between delta and gamma is important when dealing with
directional risk, as large market moves can create ever-increasing gains or
losses. This is critical, for example, when a firm sells options (e.g. a short
gamma position) - very sharp and sudden market moves can create large
losses before positions can be re-hedged. For instance, if a firm owns 100
barrels of crude oil at $20 per barrel, the value of the oil position is $2000: if
the price falls to $19, a directional move of $1, the value of the oil is $1900;
a directional risk loss of $100; if the price falls $5, the directional risk loss is
$500. But if the position is based on options, the $5 fall might create an $800
loss as a result of gamma.
5.3.2 Curve risk

Curve risk is the risk of loss due to an adverse change in the maturity structure
(known as the curve) of a reference asset; that is, an interest rate, security
price, volatility level, and so forth.
Buyers and sellers reach bargains on financial instruments with varying maturities.
A curve defines the structure of these prices (or imputed interest rates, and so
on) across these maturities; from one day out to many years. For instance,

overnight interest rates might be 4%, six-month rates 4.5%, five-year rates
5.5%, and so on; connecting these individual points creates a curve.
Any change in the prices of bargains reached can create parallel shifts or
twists in this curve, resulting in a gain or loss in any position that references it.
For instance, if traders perceive short-term equity markets will continue to be
very turbulent in response to corporate earnings announcements, but medium-
term markets will be calmer as the economic picture improves, the equity
volatility curve might be "downward sloping" (for example, high in the short
maturities and lower in the medium maturities). If the equity volatility curve
twists - perhaps declining in the short-end and rising in the long-end - a firm
will gain if it is short the curve (that is, placed a bet on the volatility curve
steepening) and lose if it is long (that is, placed a bet on the volatility curve
inverting further).
In the interest rate markets, fiscal and monetary forces - including economic
strength, supply of, and demand for, government bonds, and inflation,
investment and spending expectations - can influence the shape of the interest
rate curve. A curve risk loss in interest rates might occur when an upward
parallel curve shift impacts a firm's long 5-year and 30-year Treasury bonds,
for example. In the case of a yield curve twist (where the curve moves up or
down by different amounts in different maturities), an upward rise in the 5-
year rate and a downward move in the 30-year rate create a loss in the 5-
year bond and a profit in the 30-year bond.
5.3.3 Volatility risk or Vega

Volatility risk is the risk of loss due to an adverse movement in volatility prices.
Volatility is a measure of turbulence or tranquillity in a particular market: a
calm market has low volatility, a turbulent market high volatility. Buyers and
sellers place bets on whether they believe markets are going to be turbulent
or not. They do so by agreeing on volatility prices and these prices in turn
influence the value of other assets.
Options use volatility as one of the factors to obtain a price; when volatility is
perceived to be low, the implied volatility valuation of the option will be lower
than when it is perceived to be high. For instance, if a firm sells hedged options
that lose $1000 of value for each 1% increase in volatility, it loses $2000 if
unstable markets cause volatility to rise by 2%. On the other hand, calm
markets dampen volatility, and can produce a gain on this same position. This
risk is commonly referred to as Vega.

5.3.4 Time decay risk

Time decay risk, sometimes known as theta risk, is the risk of loss due to the
passage of time. This risk is found primarily in derivatives, which obtain some
of their value from time. In general, the more time until the maturity of the
contract, the greater its value, and vice versa; time is therefore a "wasting
asset" for most derivatives prices. If a firm buys a portfolio of options with
time decay risk of $10 000/day, it will lose $10 000 each and every day,
assuming all other option inputs (for example, price, volatility, interest rate)
stay the same. A firm might buy options and expose itself to this certain time
decay risk because it believes it can make money through trading its long
gamma position - what it will lose for certain in time decay it might gain back
from being long gamma in what it hopes will be a volatile market.
5.3.5 Spread risk

Spread risk is the risk of loss due to adverse changes between two reference
assets that may not have a common link, such as a risk-free asset (for example,
Government Treasury bond) and a risky bond (for example, corporate bond
with some probability of default). The spread between the two assets fluctuates
all the time based on supply and demand forces, market and liquidity conditions,
credit events, and so on. Thus, if a firm owns a corporate bond which it
decides to "hedge" with a risk-free Government Treasury benchmark, it loses
money as the spread widens - either the price of the Treasury rises and its
yield falls (while the corporate bond remains constant), or the price of the
corporate bond falls and its yield rises (while the Treasury remains constant),
or both. The hedge, however, protects the firm from changes in interest rates,
which will affect both assets to some degree.
5.3.6 Basis risk

Basis risk, like spread risk, is the risk of loss due to adverse changes between
two reference assets. In this case the reference assets are related in some
way, but are not perfectly fungible. Some event might push the price of one up
and the other down, causing a loss or gain. For instance, if an oil company
attempts to hedge a position in Brent crude oil with NY Mercantile Exchange
oil futures (based on light sweet crude), it may lose money from the changing
basis between Brent and West Texas Intermediate (WTI, the proxy for light
sweet crude). While Brent and WTI generally move together (meaning the
hedge can remove much of the directional risk mentioned above), changing
supply/demand, quality and transportation issues might make one of them
more valuable at a particular point in time, creating a basis risk loss or gain.

5.3.7 Correlation risk

Correlation risk is the risk of loss due to an adverse move in the correlations,
or price relationships, between assets or markets. When looking at the history
of financial prices it is clear that assets sometimes trade with, or against, one
another; these price relationships, expressed in terms of correlation, are often
used as the basis for hedging or investing. Correlation risk is actually contained
in asset/asset and asset/hedge relationships (and is a key component of the
spread and basis risks described above). An investment manager might look
at the historical price movement between two securities and determine there
is a high probability that their prices will converge - she may thus buy one
asset and sell the other; if the asset prices decouple, the historical correlation
between the two breaks down and she loses money.
5.4 Sources of Market Risk

Market risk results from changes in the prices of equity instruments,
commodities, money, and currencies. Its major components are therefore:
 equity position risk
 commodities risk
 interest rate risk
 currency risk
Activity 5.1
1. Describe the main components of market risk.
? 2. Outline the different types of market risk.
3. Discuss the measurement of directional risk.
4. Discuss the main sources of market risk.
5.5 Market Risk Management Policies

By its very nature, market risk requires constant management attention and
adequate analysis. Prudent managers should be aware of exactly how an
institution's market risk exposure relates to its capital. Market risk management
policies should specifically state the institution's objectives and the related
policy guidelines that have been established to protect capital from the negative

impact of unfavourable market price movements. The policies should cover

the following:
5.5.1 Marking to market

This refers to the (re)pricing of portfolios to reflect changes in asset prices
due to market price movements. This policy requires that the asset be (re)priced
at the market value of the asset. Positions in stable liquidity investment portfolios
are evaluated and (re)priced on a monthly basis while positions in trading
portfolios should be evaluated and (re)priced on a daily basis. These reports
should be submitted to senior management. The marking to market exercise
has to be done by people who are independent from the dealers or traders
who initiated the positions.
5.5.2 Position limits

Market risk management policy should provide for limits on positions (long,
short, or net positions), bearing in mind the liquidity risk that could arise on
execution of unrealized transactions such as open contracts or repurchase
agreements). Such position limits should be related to the capital available to
cover market risk.
5.5.3 Stop loss provisions

Market risk management policy should also include stop-loss sale or
consultation requirements that relate to a predetermined loss exposure limit
(risk budget). The stop-loss exposure limit should be determined with regard
to a bank's capital structure and earning trends, as well as to its overall risk
profile. When losses on a bank's positions reach unacceptable levels, the
positions should either be automatically closed or consultations with risk
management officers or the ALCO (asset and liability committee) initiated in
order to establish or reconfirm the stop-loss strategy.
5.5.4 Limits to new market presence

Financial innovations involve profits that are much higher than those of standard
instruments, because profit is a key motivating factor to innovate. In a highly
competitive market environment, innovation also places pressure on
competitors to engage in new business to make profits or to not lose a market
presence. However, innovation involves a special kind of risk taking, requiring
that a bank be willing to invest in or trade a new instrument even though its

return and variance may not have been tested in a market setting, or even
though the appropriate market for the instrument may not yet exist.
A prudent bank should have risk management policies that prescribe its
presence in new markets and its trading in new financial instruments. Limits
related to a new market presence should be frequently reviewed and adjusted.
Because the high spreads initially available in new market segments attract
competitors, markets may pick up at a fast pace. Increasing use of a new
instrument also helps to increase the breadth and depth of related secondary
markets and to increase their liquidity. Once a market becomes established
and sufficiently liquid, a bank should readjust the limits to levels applicable to
mature markets.
5.6 Market Risk Measurement

The timely and accurate measurement of market risk is a necessity. A simplistic
approach to market risk assessment treats every market to which the bank is
exposed as a separate entity and does not take into account the relationships
that may exist among various markets. Each risk is therefore measured on an
individual basis.
A more comprehensive approach assumes risk assessment from a consolidated

perspective, which takes into consideration the relationships among markets
and the fact that a movement in one market may impact several others. For
example, a fluctuation in the exchange rate may also affect the price of bonds
issued in a particular currency.
Market risk factors include interest rates, exchange rates, equity prices and
commodity prices.
5.6.1 Interest rate risk

It relates to positions in fixed-income securities and their derivatives (for
example, exchange-traded futures, forward rate agreements, swaps, and
options). Risk factors related to interest rate risk are estimated in each currency
in which a bank has interest-rate-sensitive on- and off-balance-sheet positions.
The risk factors refer to the aggregate market sensitivity of the portfolio, where
the short and long positions in different instruments may be offset.

5.6.2 Equity risk

Equity risk relates to taking or holding trading-book positions in equities or
instruments that display equity-like behaviour (for example, convertible
securities) and their derivatives (for example, futures and swaps on individual
equities or on stock indices). Similarly, equity-related risk is calculated for the
specific risk of holding a security (beta) and for the position in a market as a
whole. For derivatives, the risk is measured by converting the derivative into
a notional equity position in the relevant underlying instrument.
5.6.3 Commodity risk

Commodity risk refers to holding or taking positions in exchange traded
commodities, futures, and other derivatives. Commodity prices may be volatile,
as commodity markets are often less liquid than financial markets and changes
in supply and demand can have dramatic effects on prices. Managing a
commodity book can be a complex task, as it entails directional risk from
changes in spot prices; basis risk due to changes in the price relationship
between two similar, but not identical, commodities; and gap risk, which
captures the changes in forward prices arising from maturity mismatches.
Another operational aspect of commodities risk relates to delivery risk and
the necessity to close out positions before delivery.
5.6.4 Currency risk

Currency risk refers to proprietary trading positions in currencies and gold.
The net open position in a currency normally includes the spot position, the
forward position, the delta-based equivalent of the total book of foreign
currency options, and any other items in the trading books that represent
profit or loss in foreign currencies.
5.7 Value-at-Risk (VAR)

VAR is a modelling technique that typically measures a bank's aggregate market
risk exposure and, given a probability level, estimates the amount a bank
would lose if it were to hold specific assets for a certain period of time.
Inputs to a VAR-based model include data on the bank's positions and on

prices, volatility, and risk factors. The risks covered by the model should
include all interest, currency, equity, and commodity and option positions
inherent in the bank's portfolio, for both on- and off-balance-sheet positions.

The measurement parameters include a holding period, a historical time horizon

at which risk factor prices are observed, and a confidence interval that allows
for the prudent judgment of the level of protection. The observation period is
chosen by the bank to capture market conditions that are relevant to its risk
management strategy.
VAR-based models typically combine the potential change in the value of

each position that would result from specific movements in underlying risk
factors with the probability of such movements occurring. The changes in
value are aggregated at the level of trading book segments and/or across all
trading activities and markets. The VAR amount may be calculated using one
of a number of methodologies that include the historical simulation, the delta-
normal or variance/covariance and the Monte Carlo simulation.
The historical simulation approach calculates the hypothetical change in

value of the current portfolio, based on the historical past movements of risk
factors (at a 99 percent confidence level, one could take the lowest of 100
daily observations and apply that return to the current portfolio to determine
the maximum loss over the following day).
The delta-normal or variance/covariance methodology is the

methodology most widely used by portfolio managers. This approach assumes
that the distribution of asset returns is normal and that returns are serially
independent (that is, are not influenced by the previous day's return). To
calculate the potential change in value of the current portfolio, one computes
the mean and standard deviation of asset returns to achieve a combination of
risk factor sensitivities of individual positions in a covariance matrix, representing
risk factor volatilities and correlations between each asset.
The Monte Carlo simulation method constructs the distribution of the

current portfolio using a large sample of random combinations of price
scenarios, the probabilities of which are typically based on historical experience.
This approach is more flexible than the other two methodologies and does
not rely on assumptions regarding the normality of returns, but the number of
scenarios grows rapidly with the complexity of a portfolio and its risk factors.
5.8 Stress Testing

The purpose of stress testing is to identify events or influences that may result
in a loss - that is, that have a negative impact on a bank's capital position.
Stress tests should be both qualitative and quantitative in nature. Quantitative

criteria should identify plausible stress scenarios that could occur in a bank's
specific market environment. Qualitative criteria should focus on two key
aspects of stress testing: evaluation of the bank's capacity to absorb potentially
large losses, and identification of measures that the bank can take to reduce
risk and conserve capital.
Stress testing methodology usually entails a number of steps, including the

following:
 Review of information on the largest actual losses experienced during a
specific period, compared to the level of losses estimated by a bank's
internal risk measurement system. Such a review provides information
on the degree of peak losses covered by a given VAR estimate
 Simulation of extreme stress scenarios, including testing of a current
portfolio against past periods of significant disturbance. Such testing
should incorporate both the large price movements and the sharp
reductions in liquidity that are normally associated with these events
 Evaluation of the degree of sensitivity of a bank's market risk exposure
to changes in assumptions about volatilities and correlations. In other
words, the bank's current position should be compared to extreme
values within the historical range of variations for volatilities and
correlations
 Execution of bank-specific test scenarios that capture specific
characteristics of a bank's trading portfolio under the most adverse
conditions
The results of stress tests should be reviewed periodically by senior
management and the board and should be reflected, as necessary, in changes
in specific risk management policies and exposure limits. If the stress tests
reveal a particular vulnerability, the bank should promptly address the situations
and risks that give rise to that vulnerability.
Activity 5.1
? 1. What are the critical components of Market Risk Management Policies?

2. Discuss the various methods used to manage market risk.
3. Why do you think management of market risk is very important in
Zimbabwe?

5.9 Summary
This unit has defined what market risk is, and has explained in detailed the
common types of market risk. The unit also looked at the various limits used
in controlling exposure to market risk. The key steps involved in stress testing
were also covered in the unit.

References
Sons.
Risk Management.
Greuning, H. and Bratanovic, S.B. (2003) Analysing Banking Risk, A
Framework for Assessing Corporate Governance and Risk
Management, The World Bank.
Kevin Dowd (1999) Beyond Value at Risk; The New Science of Risk
Management.
Sons.
Reto Gallati (2003) Risk Management and Capital Adequacy, McGraw
Hill.
McGraw Hill.


Unit Six
Interest Rate Risk Management
6.0 Introduction
I
nterest rate risk is inherent in financial intermediation and can be an
important source of profitability and shareholder value. However, excessive
interest rate risk taking can pose a significant threat to a banking institution's
earnings and capital base. Banks should therefore have a process to identify,
measure, monitor and manage interest rate risk in a timely and comprehensive
fashion. This unit will cover the various techniques used in managing interest
rate risk.
6.1 Objectives
 define interest rate risk

 describe the main sources and components of interest rate risk
 describe the two main approaches used in the assessment of interest
rate risk
 explain the main models used for management of interest rate risk
6.2 Definition
Interest rate risk is the exposure of an institution's financial condition to adverse
movements in interest rates. Changes in interest rates affect a banking
institution's earnings by changing its net interest income and the level of other
interest-sensitive income and operating expenses.
6.3 Sources of Interest Rate Risk

The primary forms of interest rate risk are:
 Re-pricing or (maturity mismatch) risk
 Yield curve risk
 Basis risk
 Option risk
6.3.1 Re-pricing risk

Variations in interest rates expose a bank's income and the underlying value of
its instruments to fluctuations. The most common type of interest rate risk
arises from timing differences in the maturity of fixed rates and the re-pricing
of the floating rates of bank assets, liabilities, and off balance sheet positions.
6.3.2 Yield curve risk

Re-pricing mismatches can also expose a banking institution to changes in the
slope and shape of the yield curve. Yield curve risk arises when unanticipated
shifts of the yield curve have adverse effects on a banking institution's income
or underlying economic value. For instance, the underlying economic value of
a long position in 10-year government bonds hedged by a short position in 5-

Unit 6 Interest Rate Risk Management
year government notes could decline sharply if the yield curve steepens, even
if the position is hedged against parallel movements in the yield curve.
6.3.3 Basis risk

Another important source of interest rate risk (commonly referred to as basis
risk) arises from imperfect correlation in the adjustment of the rates earned
and paid on different instruments with otherwise similar re-pricing characteristics.
When interest rates change, these differences can give rise to unexpected
changes in the cash flows and earnings spread between assets, liabilities and
off balance sheet instruments of similar maturities or re-pricing frequencies.
For example, a strategy of funding a one year loan that re-prices monthly
based on prime rate, with a one-year deposit that re-prices monthly based on
one month Treasury Bill rate, exposes the institution to the risk that the spread
between the two index rates may change unexpectedly.
6.3.4 Option risk

An additional and increasingly important source of interest rate risk arises
from the options embedded in many banking institution assets, liabilities and
off balance sheet portfolios. Formally, an option provides the holder with the
right, but not the obligation, to buy, sell, or in some manner alter the cash flow
of an instrument or financial contract. Options may be stand alone instruments
or they may be embedded within otherwise standard instruments. While
banking institutions use options in both trading and non-trading accounts,
instruments with embedded options are generally most important in non-trading
activities. They include various types of bonds and notes with call or put
provisions, loans which give borrowers the right to prepay balances, and
various types of non-maturity deposit instruments which give depositors the
right to withdraw funds at any time, often without any penalties. If not adequately
managed, the asymmetrical payoff characteristics of instruments with optionality
features can pose significant risk particularly to those who sell them, since the
options held, both explicit and embedded, are generally exercised to the
advantage of the holder and the disadvantage of the seller. Moreover, an
increasing array of options can involve significant leverage which can magnify
the influences (both negative and positive) of option positions on the financial
condition of the firm.

6.4 Assessing Interest Rate Risk

There are two separate but complementary approaches for assessing interest
rate risk.
6.4.1 Earnings perspectives

In the earnings perspective, the focus of analysis is the impact of changes in
interest rates on accrual or reported earnings. This is the traditional approach
to interest rate risk assessment taken by many banking institutions. Variation
in earnings is an important focal point for interest rate risk analysis because
reduced earnings or outright losses can threaten the financial stability of an
institution by undermining its capital adequacy and by reducing market
confidence. In this regard, the component of earnings that has traditionally
received the most attention is net interest income (that is, the difference between
total interest income and total interest expense). This focus reflects both the
importance of net interest income in banking institutions' overall earnings and
its direct and easily understood link to changes in interest rates.
However, as banking institutions have expanded increasingly into activities

that generate fee-based and other non-interest income, a broader focus on
overall net income, incorporating both interest and non-interest income and
expenses, has become more common. Even traditional sources of non-interest
income such as transaction processing fees are becoming more interest rate
sensitive. This increased sensitivity should lead management to take a broader
view of the potential effects of changes in market interest rates on earnings
and to factor these broader effects into their estimated earnings under different
interest rate environments.
6.4.2 Economic value perspective

Variation in market interest rates can also affect the economic value of a banking
institution's assets, liabilities and off balance sheet positions. Thus, the sensitivity
of a banking institution's economic value to fluctuations in interest rates should
be given consideration by board and management of institutions.
The economic value of an instrument represents an assessment of the present

value of its expected net cash flows, discounted to reflect market rates. By
extension, the economic value of a banking institution can be viewed as the
present value of expected net cash flows, defined as the expected cash flows
on assets minus the expected cash flows on liabilities plus the expected net
cash flows on off balance sheet positions. In this sense, the economic value

perspective reflects one view of the sensitivity of the net worth of the banking
institution to fluctuations in interest rates. Since the economic value perspective
considers the potential impact of interest rate changes on the present value of
all future cash flows, it provides a more comprehensive view of the potential
long-term effects of changes in interest rates than is offered by the earnings
perspective. This comprehensive view is important since changes in near-
term earnings, the typical focus of the earnings perspective, may not provide
an accurate indication of the impact of interest rate movements on the banking
institution's overall positions.
6.5 Embedded Losses

The earnings and economic value perspectives discussed thus far focus on
how future changes in interest rates may affect a banking institution's financial
performance. When evaluating the level of interest rate risk it is willing and
able to assume, a banking institution should also consider the impact that past
interest rates may have on future performance. In particular, instruments that
are not marked to market may already contain embedded gains or losses due
to past rate movements. These gains or losses may be reflected over time in
the banking institution's earnings. For example, a long term fixed rate loan
entered into when interest rates were low and refunded more recently with
liabilities bearing a higher rate of interest will, over its remaining life, represent
a drain on the banking institution's resources.
Activity 6.1
? 1. Discuss the primary forms of interest rate risk.

2. Describe the linkages between market risk and interest rate risk.
3. Explain why the economic perspective may be considered to be a
more comprehensive approach than the earnings perspective in the
assessment of interest rate risk.
6.6 Models for the Management of Interest Rate

Risk
Banks should have clearly defined policies and procedures for limiting and
controlling interest rate risk. The interest rate risk measurement system

employed by a bank should comprise all material sources of interest rate risk
and should be sufficient to assess the effect of interest rate changes on both
earnings and economic value.
The system should also provide a meaningful measure of the bank's interest
rate exposure and should be capable of identifying any excessive exposures
that may arise. It is important that it be based on well-documented and realistic
assumptions and parameters. The system should cover all assets, liabilities,
and parameters.
A number of techniques are available for measuring the interest rate risk
exposure of both earnings and economic value. Their complexity ranges from
simple calculations to static simulations using current holdings to highly
sophisticated dynamic modelling techniques that reflect potential future business
and business decisions.
The system should cover all assets, liabilities, and off-balance-sheet positions,
should utilize generally accepted financial concepts and risk measurement
techniques, and should provide bank management with an integrated and
consistent view of risk in relation to all products and business lines.
6.6.1 Static Gap Model

This approach is so named because it aims to allocate assets and liabilities to
maturity "buckets," defined according to their re-pricing characteristics and
to measure the "gap" at each maturity point.
In a gap model, the components of the balance sheet are separated into items
that are sensitive to interest rates and those that are not. These are in turn
sorted by re-pricing period (or modified duration) and allocated to time periods
known as time or maturity buckets. Maturity buckets should be set up based
on key rates (described as specific maturity points on the spot rate curve) and
should take into consideration the correlation of yields.
It is important to note that the focus of this analysis is on re-pricing (that is, the
point at which interest rates may be changed); and not on the concept of
liquidity and cash flow. In terms of this approach to risk management, the gap
is closed when the re-pricing of rate-sensitive assets and liabilities is adequately
matched. Table 6.1 illustrates a simplified framework for conducting a re-
pricing gap analysis.`

Table 6.1: A Re-pricing Gap Model for Interest Rate Risk Management
Re-pricing Gap
Periods
Short Medium Long
Fixed rate re-pricing gap
Variable rate re-pricing gap
Capital and non-rate items
Subtotal
Increase/decrease in gap as a result of derivatives
Re-pricing gap after derivatives
Interest rate changes-forwards
Impact on income statement of yield curve changes
caused by an increase/decrease in bank rate
Percentage capital exposed as a result of potential
bank rate changes
A positive gap indicates that a higher level of assets than liabilities re-price in
the timeframe of the maturity bucket - a balance sheet position that is also
referred to as asset-sensitive. This would give rise to higher income should
the specific yield increase. The opposite balance sheet position is referred to
as liability-sensitive or as negative gap, and describes a situation in which a
similar increase in the yields associated with a specific time interval would
produce a decrease in net interest income.
Theoretically, once a balance sheet re-pricing position is known, a framework

is put into place to judge the overall exposure of a bank to interest rate
fluctuations. Management then has the option of structuring a balance sheet to
produce a zero gap, which would presumably immunize a bank from interest
rate fluctuations. Such protection may, however, also result in a lower level of
net interest margins. Banks generally attempt to ensure that the re-pricing
structure of their balance sheet generates maximum benefits from expected
interest rate movements. For example, if a bank expects short term yields to
increase, it would want more assets than liabilities to be re-priced in the short
term. This is not always possible in practice because of the structural difficulties
in illiquid markets, or because exchange controls limit access to offshore
markets and to instruments that are designed to help manage risk exposure.
One of the benefits of a re-pricing gap model is the single numeric result,
which provides a straightforward target for hedging purposes. Unfortunately,
a re-pricing gap is a static measure and does not give the complete picture.
Where management uses only current-year income to judge rate sensitivity,

the re-pricing approach tends to overlook or downplay the effects of
mismatches on medium- or long-term positions. Gap analysis also does not

take into account variations in the characteristics of different positions within

a time band; in other words, all positions within a time band are assumed to
mature or re-price simultaneously. In reality, this will happen only to the extent
the yields within the maturity bucket are highly or perfectly correlated and re-
price off the same yield curve. A cumulative gap can arise from a number of
different incremental gap patterns and may obscure yield curve exposures,
that is, sensitivity to the changes in the shape of the yield curve. In addition,
gap analysis does not consider expected changes in balance sheet structure
and ignores both basis risk and the sensitivity of income to option-related
positions.
There are other limitations also to the efficacy of gap analysis. The level of net
interest margin (the ultimate target of interest rate risk management) is normally
determined by the relative yields and volumes of balance sheet items, the
ongoing dynamics of which cannot be fully addressed by a static model.
Moreover, a static gap model assumes linear reinvestment - a constant
reinvestment pattern for forecast net interest income - and that funding decisions
in the future will be similar to the decisions that resulted in the bank's original
re-pricing schedule. A static gap model thus usually fails to predict the impact
of a change in funding strategy on net interest margins.
Re-pricing gap models nonetheless are a useful starting point for the assessment
of interest rate exposure.
6.6.2 Sensitivity analysis

This process applies different interest rate scenarios to a static gap model of
a bank's balance sheet.
6.6.3 Simulation techniques

This process involves constructing a large and often complex model of a bank's
balance sheet. Such a model will be dynamic over time and will integrate
numerous variables. The objective of a simulation exercise is to measure the
sensitivity of net interest income, earnings, and capital to changes in key
variables. The risk variables used include varying interest rate paths and balance
sheet volumes. Simulation is highly dependent on assumptions, and requires
significant time before the inputs made yield meaningful results; it may therefore
be more useful as a business planning tool than for interest rate risk
measurement. If it is used as a risk measurement tool, the parameters should
be highly controlled to generate as objective a measure of risk as possible.

In static simulations, the cash flows arising solely from the banking institution's
current on- and off-balance sheet positions are assessed. For assessing the
exposure of earnings, simulations estimating the cash flows and resulting earnings
streams over a specific period should be conducted based on one or more
assumed interest rate scenarios. These simulations should entail straight forward
shifts or tilts of the yield curve or changes of spreads between different interest
rates. When the resulting cash flows are simulated over the entire expected
lives of the banking institution's holdings and discounted back to their present
values, an estimate of the change in the banking institution's economic value
should be calculated.
In a dynamic simulation approach, the simulation builds in more detailed

assumptions about the future course of interest rates and expected changes in
a banking institution's business activity over that time. These more sophisticated
techniques allow for dynamic interaction of payments streams and interest
rates, and better capture the effect of embedded or explicit options.
6.6.4 Duration analysis

Modified duration is a measure of price sensitivity to changes in interest rates.
Specifically, modified duration gives the percentage change in the price of a
fixed income security for a one basis point change in interest rates. This measure
has become the single most common measure of interest rate risk for fixed
income investment portfolios.
Modified duration was introduced to measure the sensitivity of the economic

value of capital to a change in interest rates. The model is based on the time to
receipt of future cash flows. When interest rates rise, the net present value of
a fixed set of future cash flows will decline. For marketable securities, this will
translate into a commensurate decline in price. Conversely, when interest rates
decline, the net present value or price of a series of future cash flows will
increase. Modified duration indicates by how much the price will change in
percentage terms given a one basis point change in rates.
This model requires bank management to focus on the modified duration of

the investment portfolio as a whole, including the duration contribution of any
derivatives position. Risk is measured on a net basis: the duration of the portfolio
minus the duration of the benchmark or the duration of the underlying funding.
From an economic perspective, risk is measured by calculating the present

value of all assets, liabilities and off-balance-sheet positions and then measuring
the sensitivity of the net value to a change in interest rates. This model is

sometimes referred to as a "duration gap" model. It has the advantage of

providing a longer-term perspective than other models, such as simulation
and interest rate gap models, which focus on current earnings, and is thus
typically used as a complementary measure to set acceptable bands within
which the duration exposure of capital may vary.
6.6.5 Stress testing

The risk measurement system should also support a meaningful evaluation of
the effect of stressful market conditions on the banking institution. Stress testing
should be designed to provide information on the kinds of conditions under
which strategies or positions would be most vulnerable, and thus may be
tailored to the risk characteristics of the banking institution. Possible stress
scenarios might include:
 abrupt changes in the general level of interest rates
 changes in the relationships among key market rates (that is, basis risk)
 changes in the slope and the shape of the yield curve (that is, yield
curve risk)
 changes in the liquidity of key financial markets or changes in the volatility
of market rates
 conditions under which key business assumptions and parameters break
down
The stress testing of assumptions used for illiquid instruments and instruments
with uncertain contractual maturities is particularly critical to achieving an
understanding of the banking institution's risk profile. In conducting stress
tests, special consideration should be given to instruments or markets where
concentrations exist as such positions may be more difficult to liquidate or
offset in stressful situations. Banking institutions should consider "worst case"
scenarios in addition to more probable events. Management and the board of
directors should periodically review both the design and the results of such
stress tests, and ensure that appropriate contingency plans are in place.
6.6.6 Limits
Institutions should put in place risk taking guidelines in order to maintain a
banking institution's interest rate risk exposure within self-imposed parameters
over a range of possible changes in interest rates. Such guidelines should set
limits for the level of interest rate risk for the banking institution and those
limits could be applied on individual portfolios, activities or business units. An
appropriate limit system should enable management to control interest rate

risk exposures, initiate discussion about opportunities and risks, and monitor
actual risk taking against predetermined risk tolerances.
Limit systems should also ensure that positions that exceed certain
predetermined levels receive prompt management attention. Interest rate risk
limits clearly articulating the amount of interest rate risk acceptable to the
banking institution should be approved by the board of directors and re-
evaluated periodically. Such limits should be appropriate to the size, complexity
and capital adequacy of the banking institution as well as its ability to measure
and manage its risk. Limit exceptions should be made known to appropriate
senior management without delay. There should be a clear policy as to how
senior management will be informed and what action should be taken by
management in such cases. Particularly important is whether limits are absolute
in the sense that they should never be exceeded or whether, under specific
circumstances, which should be clearly described, breaches of limits can be
tolerated for a short period of time. In that context, the relative conservatism
of the chosen limits may be an important factor.
Activities 6.1
? 1. Discuss the strengths and weaknesses of the Static Gap Model.

2. Describe the various models used in measuring and managing interest
rate risk.
6.7 Summary
This unit has outlined the main components of interest rate risk which are re-
pricing risk, yield curve risk, basis risk and option risk. The unit also dwelt on
the various models for the management of interest rate risk, which include the
static gap model, duration analysis, simulation techniques, among others.

References
Management, Wharton School Publishing,
Sons.
Risk Management.
Management.
Sons.
Hill.

Unit Seven
Liquidity Risk Management
7.0 Introduction
I
t is often said that liquidity is the lifeblood or the oxygen of any company.
Liquidity risk is so critical to the performance of any business.
Mismanagement of liquidity risk can lead to severe financial losses and, in
extreme situations, even bankruptcy. Indeed, loss of liquidity - rather than a
loss in risk taking that might spark a liquidity crisis - has ultimately been the
reason for most bankruptcies or liquidations in the financial industry.
7.1 Objectives
 define liquidity risk

 describe the main sources and components of liquidity risk
 explain the tools used in monitoring liquidity risk
 describe techniques used in managing liquidity risk
7.2 Definition and Sources of Liquidity Risk

Liquidity risk is the risk of loss due to a mismatch between cash inflows and
outflows and can arise from an inability to sell a position (asset liquidity risk),
fund a position (funding liquidity risk), or both.
Asset sales may be required to meet anticipated outflows, cover unexpected

payments or realign/reduce an asset portfolio. If assets are lower quality,
complex or less liquid (for example, non-current issues, those with a more
limited investor base or simply very large concentrated positions), or if the
sale has to be done quickly under stressed market conditions, an unanticipated
loss may ensue.
When a firm cannot fund itself through its normal sources as needed, it faces
the spectre of a funding liquidity risk loss. Inability to tap alternate sources of
funding (for example, commercial paper or medium-term note programme,
bank credit line/revolver, repurchase agreements) quickly and easily might
force a firm to arrange more expensive financing or post collateral. In the
extreme, a self-fulfilling liquidity crisis might follow - failure to rollover existing
funds or arrange new financing might lead credit providers to withdraw their
facilities; upon hearing the news, more lenders might cancel their facilities; and
so forth, until the firm is left without any financing options.
The nexus of asset and funding liquidity risk, where a firm is simultaneously
unable to raise funding and is forced to liquidate assets at "distressed" prices,
can quickly lead to very large losses or bankruptcy.
7.3 Asset Liquidity Risk

A firm might have to sell assets to meet payments, make an alternative
investment in financial instruments or plant and equipment, repay maturing

Unit 7 Liquidity Risk Management
debt, or comply with regulatory or corporate directives. If it cannot then sell

an asset at its carrying value, it faces the risk of loss. There are many reasons
why a firm might not be able to sell assets, and any of these can be a contributing
factor in creating a loss:
 The asset might be so large in relation to the issue or market that it
cannot be sold without moving the market
 The market might be thinly traded, unable to absorb an asset sale of
any meaningful size
 The asset may be so esoteric and complex that it attracts few buyers
 The asset might not be readily transferable without some legal effort
 The asset might be subject to restrictions on convertibility, capital
withdrawal or regulatory approval
7.4 Funding Liquidity Risk

Funding liquidity risk is the risk of loss that comes from an inability to fund
assets, payments and other obligations when required. A firm typically uses
some form of debt - payables, short-term notes, repurchase agreements,
commercial paper, deposits, long-term bonds, convertible securities, bank
loans - to finance its operations; any disruption in the funding programme can
lead to funding risk losses.
More specifically, this kind of risk can arise from:

 Inability to rollover, or renew, maturing financing when required
 Inability to access new funding when needed
Say a firm uses short-term debt to finance its operations. To keep funding its
assets or make anticipated payments it might rely on regular rollovers of its
short-term debt. If it cannot do so - maybe depositors are withdrawing funds
to put to work in other assets, lenders generally are pulling away from the
short-term market, or the company is perceived as bad risk - it will be forced
to find alternate, typically more expensive, funds. Likewise, a firm might not
always be able to obtain incremental funding when needed. If it faces
unexpected payments (for example, payments to suppliers, margin calls, and
so forth) and has fully tapped its existing financing sources it must look to
other instruments or markets to cover the shortfall. Again, its only alternative
might be to pay for very expensive borrowing, at greater cost. For example,
if a company with fully drawn commercial paper and bank facilities needs to
make a $100 million emergency payment, it might have to turn to the term
loan market, paying an incremental spread of 50 basis points over its normal
borrowing cost; this translates into an economic loss of $500 000.

7.5 Asset and Funding Liquidity Risk

Asset and funding liquidity risks come together to form the nexus of a firm's
liquidity operations. These two components of liquidity risk should be managed
simultaneously. Asset liquidity risk losses can occur without a corresponding
funding loss (for example, losses generated by marks that do not properly
reflect the risk characteristics of the asset), just as funding losses can also
occur without associated asset liquidation losses (for instance, borrowing at a
higher cost or pledging assets as collateral). However, asset and funding liquidity
risk are intricately linked - if incremental or rollover funding cannot be secured,
and the only recourse is to sell assets (quite probably on a distressed basis),
then a larger loss may result. Indeed, the nexus of asset and funding liquidity
risk can create truly devastating losses.
7.6 Monitoring Liquidity Risk

Since liquidity risk can be damaging it has to be understood, measured,
monitored and managed effectively. Unfortunately, there is no simple way to
measure liquidity risk. The best that can usually be done is to refer to certain
proxies that will indicate the presence, and direction, of liquidity risks.
7.6.1 From an asset liquidity perspective, a firm must

monitor its:
 Asset maturity profile
 Portfolio credit quality mix
 Aged assets
 Concentrated risk positions
Asset maturity profile: By tracking asset maturity a firm knows when assets
will be converted into cash or be written down to zero; allowing reinvestment,
repayment of maturing debt or a lowering of equity. A financial trading firm or
investment company features a fairly high percentage of short-term assets,
while an industrial company has more long-term fixed assets. If the financial
firm's asset maturity profile starts to lengthen, it may be more susceptible to
increased liquidity risk (the same would be true for the industrial company,
though its proportion of assets in the liquid sector is much smaller to begin
with).
Portfolio Credit Quality Mix: The mix of credit quality in the portfolio also
needs to be monitored closely; it should always contain a relatively large

proportion of high-quality assets that can be converted into cash with no (or
minimal) discount in value. This is especially important in a deteriorating credit
cycle, when the credit quality of the assets in the portfolio starts to decline, to
the point where they are far less liquid and cannot be realized without taking
a loss.
Aged assets: Monitoring the size and movement of aged assets - those that
have been on the books for several months but are assumed to be available
for sale - can also be a good liquidity indicator. This proxy is applicable primarily
to trading companies, which should feature regular turnover of assets as a
normal part of the business. If asset turnover slows and more of the balance
sheet shifts into an "aged" category (for example, 90, 120 or 180+ days),
asset liquidity risk is likely to be on the rise. A large amount of aged assets
also often indicates a problem with valuation of these positions. Traders are
very quick to point out when a position is undervalued, but rarely do the
reverse. A position that is overvalued is unlikely to be attractive to others in
the market place and will sit on the books.
Concentrated risk positions: Monitoring concentrated positions can also

help identify problems. As noted earlier, large positions are generally less
liquid than smaller ones; in the extreme, a large position held on a firm's books
may take days, or even weeks or months, to sell at, or near, the carrying
value. Watching the size and number of concentrated positions can serve as
another "early warning" indicator. Balance sheet, off-balance sheet and credit
exposures should be monitored in such a fashion - asset liquidity is just as
relevant in derivatives or credit risk as it is in cash instruments.
7.6.2 Funding liquidity risk can be monitored by looking at:

 Liability maturity profile
 Funding source concentration
 Commitment percentages
 Contingent triggers
Liability maturity profile: Knowing the maturity of liabilities is essential in
understanding what needs to be refinanced, when and at what relative rates,
and whether refunding will coincide with cash from assets coming due. For
instance, if a firm has 75% of its liabilities maturing over a three-month window,
it may not have confidence in its ability to refinance everything. Accordingly, it
has to compare the liability profile with maturing assets, match off any maturing
assets with expiring liabilities and identify other assets that will have to be sold
to meet the liability refunding.

Funding source concentration: Monitoring funding source concentration is vital,

and creating a diversified programme of funding that crosses lenders, markets,
products and maturities is advisable. Concentrations can lead to an increased
incidence of funding-related losses, as the disappearance of a significant
banking source might force the firm to seek more expensive alternatives (or
turn to asset sales).
Commitment percentages: It is also important to monitor the percentage of

lenders willing to extend funding on a truly committed basis (for example,
"escape-proof"); if the percentage starts to decline, the firm's funding liquidity
risk may be on the rise as it could lose access to lines precisely when it needs
to tap them. This becomes especially evident when downgrades are afoot.
Contingent triggers: Facilities with contingent triggers should also be kept

to a minimum (or triggers should have such a remote chance of being set off
that they cannot realistically be a factor). Certain bank facilities contain language
that allows cancellation (or forced repayment) if a firm is downgraded below
certain levels, its stock falls below a pre-specified price, or financial ratios are
breached (for example, leverage, liquidity, earnings). Knowing when these
triggers might come into play, and how they can affect funding access, is an
important part of liquidity management.
7.7 Managing Liquidity Risk

The following techniques can be used to manage liquidity risk:
7.7.1 Balance sheet targets

Managing asset liquidity risk means preserving the most liquid profile possible,
while still functioning within the broad guidelines of a firm's strategy. Industrial
and capital-intensive companies that invest heavily in fixed plant and equipment
do not typically have to remain as liquid as trading/financial companies, since
valuations of their assets are typically not as volatile; indeed, an overly liquid
industrial company is probably not maximizing asset efficiency or meeting its
return targets. Its liquid assets should, however, be truly liquid so that
obligations/contingencies/capital redistribution can be met with ease. Depending
on industry type, a company might elect to hold no more than 20% of its total
assets in liquid form, the balance being held in capital assets.
In contrast, trading and financial companies must remain as liquid as possible

in their operations; though they may be "match funded" (for example, matching

the maturities of assets and liabilities as closely as possible), they run the risk
that funding can be withdrawn (for example, retail depositors may withdraw
money, interbank lenders may pull back lines, the repo market may dry up).
While a lending institution will feature a certain amount of illiquidity in its loan
book (for example, long-term, non-transferable credit facilities), its remaining
assets should be liquid. Though a trade-off between less liquid/higher returning
assets and more liquid/lower returning assets has to be considered, a firm
should manage its operations within such predefined balance sheet targets.
7.7.2 Concentration limits

The management of asset liquidity can also be strengthened by setting
concentration limits. Large concentrated risk positions may be, or can become,
illiquid and should be controlled through specific limits. A firm may wish to
impose concentration limits based on asset type, rating and maturity - these
can serve as a proxy for liquidity: higher rated assets are generally more liquid
than lower rated ones, simple securities are typically more liquid than esoteric
ones, and so forth.
7.7.3 Aged/illiquid inventory penalties

A firm may also consider imposing financial penalties that are directly related
to a business' target liquidity profile. This helps ensure discipline in minimizing
"problem" positions that are too difficult to sell, and avoids the gradual build
up of an illiquid balance sheet. For instance, a firm might apply an internal
monthly financial charge on any position on the balance sheet for more than
90 or 180 days and apply increasing penalties until aged positions are reduced
below some predefined amount; when positions are sold, the sums taken as
penalties can be returned.
7.7.4 Adequate haircuts

As a general operating rule, collateral taken to secure credit exposures or
securities that form part of a broad reverse repurchase agreement operation
(for example, secured lending book) should be as liquid as possible. Even
with liquid, high-quality securities (for example, Treasury Bills), but especially
when a firm cannot get liquid securities, it has to make sure it takes an
appropriate haircut or discount - sufficient to cover possible credit exposures
in the event of forced liquidation. For example, if a firm extends a $10 million
reverse repo loan secured by $11 million of Treasury Bills it should have a big
enough cushion to cover itself in the event the borrower fails to repay the loan

(especially since the securities are valued daily and collateral calls are made
as needed).
However, if the $10 million loan is secured by $11 million of high-yield bonds,
it might not have enough collateral to cover the loan in the event of default.
The high-yield bonds are likely to be far less liquid, and a forced sale to cover
the exposure might generate proceeds of only $7 or $8 million, creating an
open exposure and potential credit loss. Properly "haircutting" any collateral
taken as security is an important way of controlling liquidity-driven losses; this
can be done by defining haircuts by broad asset class and specific security.
These haircuts should be controlled in a very stringent manner by the credit
department rather than the trading desks - so as not to have the inmates
running the asylum! It is worth noting that "lesser quality" assets taken as
collateral should also be counted against relevant concentration limits on the
firms' own positions.
7.7.5 Diversified funding

To manage its funding liquidity risks, a firm can specifically limit the amount of
financing that it derives from any particular market or lending source. This
forces the creation of a funding programme that draws from different markets,
lenders, instruments and maturities - in committed form and with a minimum
of contingent triggers, whenever possible - and with enough buffer to meet
unexpected payments.
It is worth stressing, once again, that liquidity risks can precipitate broader
financial problems at a firm. While a large market or credit risk loss will obviously
be disturbing to stakeholders, a significant liquidity problem can be deadly.
Appropriate sensitivity to this fact, at all levels of the firm, is absolutely critical.
Activity 7.1
?
1. Describe the sources of liquidity risk.
2. Explain why liquidity is considered to be the lifeblood of any business.
3. Explain the link between credit risk and liquidity risk.
4. Describe the main tools used in monitoring liquidity risk.
5. Explain why an otherwise profitable and solvent company can still
collapse due to liquidity risk.

7.8 Summary
This unit looked at the definition of liquidity risk; how liquidity risk can be
decomposed into asset liquidity risk and funding liquidity risk. The two
components of liquidity risk should be measured and managed simultaneously.
Liquidity is a fundamental resource in any business; hence, there should be
concerted effort to identify, measure and manage it prudently.

References
Sons.
Risk Management.
Management.
Sons.
Hill.
McGraw Hill.

Unit Eight
Currency Risk Management
8.0 Introduction
T
he relaxation of exchange controls and the liberalization of cross-border
capital movements have fuelled a tremendous growth in international
financial markets. The volume and growth of global foreign exchange
trading has far exceeded the growth of international trade and capital flows,
and has contributed to greater exchange rate volatility and therefore currency
risk. This unit looks at the sources of currency risk and the attendant risk
management strategies.
8.1 Objectives
 define currency risk

 outline the main sources of currency risk
 describe the main types of limits used in controlling exposure to currency
risk
 explain how firms manage currency risk exposure
8.2 Sources of Currency Risk

Currency risk results from changes in exchange rates between a firm's domestic
currency and other currencies. It originates from a mismatch, and may cause
a firm to experience losses as a result of adverse exchange rate movements
during a period in which it has an open on- or off-balance-sheet position,
either spot or forward, in an individual foreign currency.
Currency risk arises from a mismatch between the value of assets and that of
capital and liabilities denominated in foreign currency (or vice versa), or because
of a mismatch between foreign receivables and foreign payables that are
expressed in domestic currency. Such mismatches may exist between both
principal and interest due.
Currency risk is of a "speculative" nature and can therefore result in a gain or

a loss, depending on the direction of exchange rate shifts and whether a firm
is net long or net short in the foreign currency. For example, in the case of a
net long position in foreign currency, domestic currency depreciation will result
in a net gain for a bank and appreciation will produce a loss. Under a net
short position, exchange rate movements will have the opposite effect.
In principle, the fluctuations in the value of domestic currency that create

currency risk result from changes in foreign and domestic interest rates that
are, in turn, brought about by differences in inflation. Fluctuations such as
these are normally motivated by macroeconomic factors and are manifested
over relatively long periods of time, although currency market sentiment can
often accelerate recognition of the trend.
Other macroeconomic aspects that affect the domestic currency value are the
volume and direction of a country's trade and capital flows. Short-term factors,
such as expected or unexpected political events, changed expectations on the
part of market participants, or speculation-based currency trading may also

Unit 8 Currency Risk Management
give rise to currency changes. All these factors can affect the supply and
demand for a currency and therefore the day-to-day movements of the
exchange rate in currency markets.
8.3 Components of Currency Risk

In practical terms, currency risk comprises the following:
Transaction risk, or the price-based impact of exchange rate changes on

foreign receivables and foreign payables - that is, the difference in price at
which they are collected or paid and the price at which they are recognized in
local currency in the financial statements of a bank or corporate entity.
Economic or business risk related to the impact of exchange rate changes

on a country's long-term or a company's competitive position. For example,
a depreciation of the local currency may cause a decline in imports and larger
exports.
Revaluation risk or translation risk: this arises when a bank's foreign

currency positions are re-valued in domestic currency or when a parent
institution conducts financial reporting or periodic consolidation of financial
statements.
8.4 Policies for Currency Risk Management

The board of directors should establish the objectives and principles of currency
risk management. These should specifically include setting appropriate limits
to the risks taken by the firm in its foreign exchange business operations and
ensure existence of proper internal controls.
8.5 Risk Exposure Limits

A firm has a net position in foreign currency and is exposed to currency risk
when its assets (including spot and future contracts to purchase) and its liabilities
(including spot and future contracts to sell) are not equal in a given currency.
Firms should have written policies to govern their activities in foreign currencies
and to limit their exposure to currency risk and therefore to potential incurred
losses. In principle, limits are established based on the nature of currency risk

and the type of business by which that risk is incurred. These limits, whether
they are expressed in absolute or relative terms, should be related to a firm's
risk profile and capital structure and to the actual history of a currency's market
behaviour.
Limits may be applicable in various timeframes depending on the dynamics of

the particular activity. Limits on dealing/trading are typically established for
overnight positions, but for some extremely dynamic activities, such as spot
trading, intraday limits may be necessary. The less liquid is a currency market
and/or the more volatile is the currency, the lower should normally be set the
currency risk exposure limit.
8.5.1 The net open position limit

The net open position limit is an aggregate limit of a firm's currency risk
exposure. Normally expressed as a percentage of the firm's capital, it may
also be shown in relation to total assets or to some other benchmark. Logically,
the net open position limit represents a proxy for the maximum loss that a
bank might incur due to currency risk. If the exchange rates of currencies in
which a bank holds open positions are perfectly correlated, the limit on a net
open position would be sufficient for currency risk management purposes. In
terms of aggregation of a firm's exposure to various currencies, the perfect
correlation would imply that long and short positions in various currencies
could simply be netted.
8.5.2 Currency position limits

A well-managed firm should also maintain a set of specific limits on its risk
exposure to specific currencies - in other words, it should establish limits on
net open positions in each currency. Currency position limits can apply to
balance sheet revaluation points, overnight positions, or intraday positions.
These limits can be adjusted on a case-by-case basis depending on the firm's
expectations of shifts in the exchange rate between the domestic currency
and the foreign currency.
8.5.3 Stop loss provisions

Most banks that actively participate in currency markets also maintain "stop-
loss" provisions, or predetermined loss exposure limits on various positions
and/or currencies. Stop-loss exposure limits should be determined based on
a bank's overall risk profile, capital structure, and earning trends. When losses

reach their respective stop-loss limits, open positions should automatically be

covered. In volatile or illiquid markets, however, the stop-loss limit may not
be fully effective, and the market may move past a stop-loss trigger before an
open position can be closed.
8.5.4 Concentration limit

The market value of a foreign exchange-denominated contract is normally
sensitive to both the contract's maturity and the exchange rates between the
relevant currencies. High concentration always increases risk. A bank should
therefore establish limits on the maximum face value of a contract in specific
currencies and/or on aggregate face values of all contract combined.
8.5.5 Settlement risk

Settlement can become complex in the context of foreign currency operations,
as it may involve parties in different time zones and hours of operation. An
open position may last for several hours, and while actual losses rarely
materialize the size of a potential loss can be large. While settlement risk can
be mitigated by a request for collateral, a bank should also establish specific
limits on exposure to settlement risk. These limits should be related to the
total amount that is outstanding and subject to settlement risk on any given
day. A bank may also establish limits on settlement risk within the total exposure
limit placed on a counterpart. In such cases, a limit could be viewed as a
component of credit risk.
8.5.6 Counterparty risk

All transactions involving foreign contracts or foreign currency receivables
also involve counterparty risk, that is, the exposure to loss because of the
failure of a counterpart to a contract to make the expected payments. Such
risk may in turn be due to circumstances in the country in which the counterparty
conducts business. This risk is particularly pronounced in countries that lack
external convertibility and where the government imposes restrictions on access
to the foreign exchange market and/or on cross-border foreign exchange
transactions. To minimize the risk, a bank should establish counterparty risk
limits, especially for counterparties in countries that lack convertibility or where
potential exists for the development of a shortage of foreign exchange.

8.5.7 Revaluation or translation

This refers to the points in time when a bank re-values its on- and off-balance-
sheet positions in order to estimate the potential losses that existing positions
might produce. Revaluation is essentially the same as "marking to market,"
except that it pertains to changes (as a result of exchange rate fluctuations) in
the domestic currency value of assets, liabilities, and off-balance-sheet
instruments that are denominated in foreign currencies. Revaluation is an
important risk management tool, regardless of whether or not gains/losses
have to be recognized for tax or supervisory purposes under applicable
accounting regimes.
The frequency of revaluation for internal risk management purposes must be

attuned to specific market conditions and to the degree of currency risk that is
implicit in a bank's operations. When estimating potential gains and losses, a
bank should use conservative estimates of potential future exchange rate
movements. The determination of "realistic" exchange rates for revaluation
purposes can be complex. Estimates are easiest to make for countries with
freely convertible domestic currency and are typically derived from historical
exchange rate movements. For countries lacking convertibility and/or where
rates are subject to manipulation or government intervention, estimates are
difficult to make because rates can change significantly and unexpectedly.
Conservative banks also conduct revaluations under worst-case scenarios.
Clearly, not all positions can always be closed out, particularly in countries
where there is restricted convertibility or market access: the objective is to
determine early enough what measures may need to be taken to protect the
bank.
8.5.8 Liquidity risk concerns

Currency risk management should incorporate an additional liquidity risk-
related aspect. Foreign currency transactions, whether originating on the
balance sheet or off the balance sheet, may introduce cash flow imbalances
and may require the management of foreign currency liquidity. This process
can be carried out using a liquidity or maturity ladder that indicates mismatches
and commitments over time in each currency. A bank may also establish limits
on mismatches in specific currencies for different time intervals.

8.6 Currency Risk Management

Currency risk management can be based on gap or mismatch analysis using
the same principles as liquidity risk and interest rate risk management. The
process should aim to determine the appropriate mismatch or imbalance
between maturing foreign assets and liabilities. This mismatch can be evaluated
in light of basic information such as current and expected exchange rates,
interest rates (both locally and abroad), and the risk-return profile that is
acceptable to bank management.
Banks in many developing countries often handle freely convertible currencies

as a single currency for risk management purposes. The rationale for this
approach is that risk exposure arising from movements in the exchange rates
of hard currencies is much less than that arising from fluctuations in domestic
currency. In addition, the grouping of freely convertible currencies simplifies
currency risk management.
While this system is usually adequate in countries where banks are not engaged
in forward contracts or derivatives, situations exist in which it may backfire.
For example, environmental disasters, political events, and announcements of
unexpectedly bad macroeconomic indicators may promptly and significantly
increase cross-currency risk.
Maturity gaps are typically handled by the use of swaps. This is a relatively
sound risk management practice so long as any changes in exchange rates are
gradual and the size and length of maturity gaps managed systematically and
reasonably well. This procedure, however, can result in high costs for bridging
maturity gaps in situations where sudden and unexpected changes in interest
rates occur that can momentarily influence the market quotations for swap
transactions.
Activity 8.1
1. How do you define currency risk?
? 2. Describe the three categories of currency risk.
3. Explain how currency risk is related to interest rate and liquidity risk.
4. How does currency risk arise?
5. Describe the different types of limits used in currency risk management.
6. Explain how firms manage currency risk.

8.7 Summary
This unit has discussed the main sources of currency risk, and the three main
categories of currency risk which include transaction exposure, translation
exposure and economic exposure. The unit also dwelt on the various limits
used by firms in controlling their exposure to currency risk.

References
Market.
Sons.
Risk Management.
Management.
Sons.
Hill.
McGraw Hill.


Unit Nine
Credit Risk Management
9.0 Introduction
C
redit risk is an unavoidable phenomenon in financial intermediation.
This unit discusses the main sources of credit risk and the various
strategies used in managing and controlling exposure to credit risk.
This unit explains that sound credit policies, effective limits and strong workout
strategies are very crucial in credit risk management.
9.1 Objectives
 explain the risk factors contributing to credit risk

 outline the main considerations taken into accounting when crafting
sound credit policies
 explain the importance of provisions and capital in credit risk
management
 describe the various limits used in controlling exposure to credit risk
9.2 Components of Credit Risk

Credit risk is the likelihood that a debtor or financial instrument issuer is unwilling
or unable to pay interest or repay the principal according to the terms specified
in a credit agreement resulting in economic loss to the banking institution.
Credit risk means that payments may be delayed or ultimately not paid at all,
which can in turn cause cash flow problems and affect bank's liquidity. Credit
risk is still the major single cause of bank failures.
Despite innovation in the financial services sector, credit risk is still the major
single cause of bank failures. The reason is that more than 80 percent of a
bank's balance sheet generally relates to this aspect of risk management.
9.3 Credit Portfolio Management

Institutions should have a sound system of managing credit risk. A lending
policy should contain an outline of the scope and allocation of a bank's credit
facilities and the manner in which a credit portfolio is managed, that is, how
loans are originated, appraised, supervised, and collected. A good lending
policy is not overly restrictive, but allows for the presentation of loans to the
board that officers believe are worthy of consideration but which do not fall
within the parameters of written guidelines. Flexibility must exist to allow for
fast reaction and early adaptation to changing conditions in a bank's earning
assets mix and market environment.
Considerations that form the basis for sound lending policies include the
following:
 Limit on total outstanding loans: A limit on the total loan portfolio is
usually expressed relative to deposits, capital, or total assets. In setting

Unit 9 Credit Risk Management
such a limit, factors such as credit demand, the volatility of deposits,

and credit risks should be considered.
 Geographic limits are usually a dilemma. If a bank lacks understanding
of its diverse markets and/or does not have quality management,
geographic diversification may become a reason for bad loan problems.
On the other hand, the imposition of strict geographical limits can also
create problems, particularly in the case of regions with narrow
economies. In any case, a bank's business market should be clearly
delineated and commensurate with its market knowledge and managerial
and staff experience.
 Credit concentrations: A lending policy should stimulate portfolio
diversification and strike a balance between maximum yield and minimum
risk. Concentration limits usually refer to the maximum permitted
exposure to a single client, connected group, and/or sector of economic
activity (for example, agriculture, steel, or textiles). A lending policy
should also require that all concentrations be reviewed and reported
on a frequent basis.
 Distribution by category: Limitations based on aggregate percentages
of total loans in commercial, real estate, consumer, or other credit
categories are common. Policies related to such limitations should allow
for deviations that are approved by the board.
 Type of loans: A lending policy should specify the types of loans and
other credit instruments that the bank intends to offer to clients and
should provide guidelines for specific loans. Decisions about types of
credit instruments should be based on the expertise of lending officers,
the deposit structure of a bank, and anticipated credit demand. Types
of credit that have resulted in an abnormal loss should be controlled by
senior management or avoided completely.
 Maturities: A lending policy should establish the maximum maturity
for each type of credit, and loans should be granted with a realistic
repayment schedule. Maturity scheduling should be determined in relation
to the anticipated source of repayment, the purpose of the loan, and
the useful life of the collateral.
 Loan pricing: Rates on various loan types must be sufficient to cover
the costs of funds, loan supervision, administration (including general
overhead), and probable losses. At the same time, they should provide
a reasonable margin of profit. Rates should be periodically reviewed
and adjusted to reflect changes in costs or competitive factors. Rate
differentials may be deliberately maintained either to encourage some
types of borrowers to seek credit elsewhere or to attract a specific
type of borrower. Guidelines for other relevant procedures, such as the

determination of fees on commitments or penalty interest rates, are

also an element of pricing policy.
 Lending authority is often determined by the size of a bank. In smaller
banks, it is typically centralized. In order to avoid delays in the lending
process, larger banks tend to decentralize according to geographical
area, lending products, and/or types of customers. A lending policy
should establish limits for all lending officers. If policies are clearly
established and enforced, individual limitations may be somewhat higher
than would normally be expected, depending on the officer's experience
and tenure with the bank. Lending limits could also be based on group
authority, which would allow a committee to approve larger loans.
Reporting procedures and the frequency of committee meetings should
be specified.
 Appraisal process: A lending policy should outline where the
responsibility for appraisals lies and should define formal, standard
appraisal procedures, including reference to reappraisals of renewals
or extensions. Acceptable types and limits on the amount of appraisals
should be outlined for each type of credit facility. Circumstances
requiring appraisals by qualified independent appraisers should also be
described. The ratio of the amount of the loan to the appraised value of
both the project and collateral, as well as the method of valuation and
differences among various types of lending instruments, should be
detailed. A lending policy should also contain a schedule of down
payment requirements, where applicable.
 Maximum ratio of loan amount to the market value of pledged
securities: A lending policy should set forth margin requirements for all
types of securities that are accepted as collateral. Margin requirements
should be related to the marketability of securities. A lending policy
should also assign responsibility and establish a timetable for periodic
pricing of collateral.
 Impairment: A bank should identify and recognize the impairment of a
loan or a collectively assessed group of loans. This should be done
whenever it is neither probable nor assured that a bank will be able to
collect the amounts due according to the contractual terms of a loan
agreement. Impairment can be recognized by reducing the carrying
amount of the loan to its estimated realizable value through an existing
allowance or by charging the income statement during the period in
which the impairment occurs.
 Collections: A lending policy should define delinquent obligations of
all types and specify the appropriate reports to be submitted to the
board. These reports should include sufficient detail to allow for the

determination of the risk factor, loss potential, and alternative courses

of action. The policy should require a follow-up collection procedure
that is systematic and becomes progressively stronger. Guidelines should
be established to ensure that all major problem loans are presented to
and reviewed by the board.
 Financial information: The safe extension of credit depends on
complete and accurate information regarding every detail of the
borrower's credit standing. A possible exception to this rule is the case
in which a loan was originally approved with readily marketable collateral
to be used as the source of repayment. A lending policy should define
the financial statement requirements for businesses and individuals at
various borrowing levels and should include appropriate guidelines for
audited, non-audited, interim, cash flow, and other statements. It should
include external credit checks required at the time of periodic updates.
If the loan maturity is longer than one year, the policy should require
that the bank's officers prepare financial projections with the horizon
equivalent to the loan maturity, to ensure that the loan can be repaid
from cash flow. The assumptions for the projections should be clearly
outlined. All requirements should be defined in such a manner that any
negative credit data would clearly indicate a violation of the bank's
lending policy.
9.4 Credit Origination

Establishing sound, well-defined credit-granting criteria is essential to approving
credit in a safe and sound manner. The criteria should set out who is eligible
for credit and for how much, what types of credit are available, and under
what terms and conditions the credits should be granted. Banking institutions
must receive sufficient information to enable a comprehensive assessment of
the true risk profile of the borrower or counterparty. At a minimum, the factors
to be considered and documented in approving credits must include:
 the purpose of the credit and source of repayment
 the integrity and reputation of the borrower or counterparty
 the current risk profile (including the nature and aggregate amounts of
risks) of the borrower or counterparty and its sensitivity to economic
and market developments
 the borrower's repayment history and current capacity to repay, based
on historical financial trends and cash flow projections
 a forward-looking analysis of the capacity to repay based on various
scenarios and factors both quantitative and qualitative

 the legal capacity of the borrower or counterparty to assume the liability

 for commercial credits, the borrower's business expertise and the status
of the borrower's economic sector and its position within that sector
 the proposed terms and conditions of the credit, including covenants
designed to limit changes in the future risk profile of the borrower; and
 where applicable, the adequacy and enforceability of collateral or
guarantees
Banks need to understand to whom they are granting credit. Therefore, prior
to entering into any new credit relationship, a bank must become familiar with
the borrower or counterparty and be confident that they are dealing with an
individual or organisation of sound repute and creditworthiness. In particular,
strict policies must be in place to avoid association with individuals involved in
fraudulent activities and other crimes. This can be achieved through a number
of ways, including asking for references from known parties, accessing credit
reference bureau, and becoming familiar with individuals responsible for
managing a company and checking their personal references and financial
condition.
Activity 9.1
? 1. A sound credit granting process is the first line of defense against credit
risk. Discuss.
9.5 Nonperforming Loan Portfolio

Nonperforming assets are those not generating income. Loans are often
considered to be nonperforming when principal or interest on them is due and
left unpaid for 90 days or more.
The nonperforming loan portfolio is an indication of the quality of the total

portfolio and ultimately that of a bank's lending decisions.
When assessed within the context of nonperforming loans, the aggregate level
of provisions indicates the capacity of a bank to effectively accommodate
credit risk.
There can be a number of reasons to explain deteriorating loan portfolio quality.

It is unavoidable that banks make mistakes in judgement. However, for most

failed banks, the real problems are systemic in nature and rooted in the bank's
credit culture.
9.5.1 Signs of distorted credit culture

 Self-dealing: An overextension of credit to directors and large
shareholders, or to their interests, while compromising sound credit
principles under pressure from related parties. Self-dealing has been
the key issue in a significant number of problem banks.
 Compromise of credit principles: Arises when loans that have undue
risk or are extended under unsatisfactory terms are granted with full
knowledge of the violation of sound credit principles. The reasons for
the compromise typically include self-dealing, anxiety over income,
competitive pressures in the bank's key markets, or personal conflicts
of interest.
 Anxiety over income: A situation in which concern over earnings
outweighs the soundness of lending decisions, underscored by the hope
that risk will not materialize or lead to loans with unsatisfactory repayment
terms. This is a relatively frequent problem since a loan portfolio is
usually a bank's key revenue-producing asset.
 Incomplete credit information: This indicates that loans have been
extended without proper appraisal of borrower creditworthiness.
 Complacency: This is a frequent cause of bad loan decisions.
Complacency is typically manifested in a lack of adequate supervision
of old, familiar borrowers, dependence on oral information rather than
reliable and complete financial data, and an optimistic interpretation of
known credit weaknesses because of survival in distressed situations in
the past. In addition, banks may ignore warning signs regarding the
borrower, economy, region, industry, or other relevant factors or fail to
enforce repayment agreements, including a lack of prompt legal action.
 Lack of supervision: Ineffective supervision invariably results in a lack
of knowledge about the borrower's affairs over the lifetime of the loan.
Consequently, initially sound loans may develop problems and losses
because of a lack of effective supervision.
 Technical incompetence: This includes a lack of technical ability among
credit officers to analyze financial statements and obtain and evaluate
pertinent credit information.
 Poor selection of risks: This tendency typically involves the following:
 The extension of loans with initially sound financial risk to a level beyond
the reasonable payment capacity of the borrower. This is a frequent
problem in unstable economies with volatile interest rates.

 Loans where the bank-financed share of the total cost of the project is
large relative to the equity investment of the owners. Loans for real
estate transactions with narrow equity ownership also fall into this
category.
 Loans based on the expectation of successful completion of a business
transaction, rather than on the borrower's creditworthiness, and loans
made for the speculative purchase of securities or goods.
 Loans to companies operating in economically distressed areas or
industries.
 Loans made because of large deposits in a bank, rather than on sound
net worth or collateral.
 Loans predicated on collateral of problematic liquidation value or
collateral loans that lack adequate security margins.
9.5.2 Loan loss provisions

In considering potential credits, banking institutions must recognize the necessity
of establishing provisions for expected losses and holding adequate capital to
absorb risks and unexpected losses. The banking institution should factor
these considerations into credit-granting decisions, as well as into the overall
portfolio monitoring process.
9.6 Credit Risk Management Policies

The basis of sound credit risk management is the identification of the existing
and potential risks inherent in lending activities. Measures to counteract these
risks normally comprise clearly defined policies that express the bank's credit
risk management philosophy and the parameters within which credit risk is to
be controlled.
The assessment of a credit risk management function should consider loans

and all other extensions of credit to ensure that the following factors are
considered:
 the level, distribution, and severity of classified assets
 the level and composition of non-accruing, nonperforming, renegotiated,
rolled-over, and reduced-rate assets
 the adequacy of valuation reserves
 management's ability to administer and collect problem assets;
 undue concentrations of credit
 the adequacy and effectiveness of, and adherence to, lending policies
and credit administration procedures
 the adequacy and effectiveness of a bank's process for identifying and

monitoring initial and changing levels of risk, or risk associated with
approved credit exposure
9.6.1 Workout procedures

These are an important aspect of credit risk management. If timely action is
not taken to address problem loans, opportunities to strengthen or collect on
these poor-quality assets may be missed and losses may accumulate to a
point where they threaten a bank's solvency.
Typical workout strategies include the following:

 reducing the credit risk exposure of a bank, for example, by having the
borrower provide additional capital, funds, collateral, or guarantees
 working with the borrower to assess problems and find solutions to
increase loan service and repayment capacity, such as the provision of
advice, the development of a programme to reduce operating costs
and/or increase earnings, the selling of assets, design of a debt
restructuring programme, or changed loan terms
 arranging for a borrower to be bought or taken over by a more
creditworthy party, or arranging for some form of joint-venture
partnership
 liquidating exposure through out-of-court settlement or by taking legal
action, calling on guarantees, foreclosing, or liquidating collateral
9.7 Policies to Limit or Reduce Credit Risk

9.7.1 Large exposure limits
These prevent banks from extending huge credits to single borrowers. These
limits are benchmarked against bank capital. For example, the bank can decide
that exposure to a single borrower should not exceed 20% of its capital.
9.7.2 Related-party lending

Lending to connected parties is a particularly dangerous form of credit risk
exposure. Related parties typically include a bank's parent, major shareholders,
subsidiaries, affiliate companies, directors, and executive officers. A bank's
ability to systematically identify and track extensions of credit to insiders is
crucial. The issue is whether credit decisions are made on a rational basis and

according to the bank's policies and procedures. An additional concern is

whether credit is based on market terms or is granted on terms that are more
favourable with regard to amount, maturity, rate, and collateral, than those
provided to the general public.
9.7.3 Overexposure to geographical areas or economic

sectors
Another dimension of risk concentration is the exposure of a bank to a single
sector of the economy or a narrow geographical region. This makes a bank
vulnerable to a weakness in a particular industry or region and poses a risk
that it will suffer from simultaneous failures among several clients for similar
reasons. This concern is particularly relevant for regional and specialized banks
or banks in small countries with narrow economic profiles, such as those with
predominantly agriculture-based economies or exporters of a single
commodity.
9.7.4 Renegotiated credits

These refer to loans that have been restructured to provide a reduction of
either interest or principal payments because of the borrower's deteriorated
financial position. A loan that is extended or renewed, with terms that are
equal to those applied to new debt with similar risk, should not be considered
as renegotiated debt. Restructuring may involve a transfer from the borrower
to the bank of real estate, receivables or other assets from third parties, a
debt-to-equity swap in full or partial satisfaction of the loan, or the addition of
a new debtor to the original borrower.
9.7.5 Collateral/Guarantees
Banking institutions can utilize collateral and guarantees to help mitigate risks
inherent in individual credits but transactions should be entered into primarily
on the strength of the borrower's repayment capacity. Collateral cannot be a
substitute for a comprehensive assessment of the borrower or counterparty,
nor can it compensate for insufficient information. It should be recognized that
any credit enforcement actions (for example, foreclosure proceedings) typically
eliminate the profit margin on the transaction.
In addition, banking institutions need to be mindful that the value of collateral

may well be impaired by the same factors that have led to the diminished
recoverability of the credit.

Banking institutions should have policies covering the acceptability of various

forms of collateral, procedures for the ongoing valuation of such collateral,
and a process to ensure that collateral is, and continues to be, enforceable
and realisable.
With regard to guarantees, banking institutions should evaluate the level of

coverage being provided in relation to the credit-quality and legal capacity of
the guarantor. Banking institutions should only factor explicit guarantees into
the credit decision and not those that might be considered implicit such as
anticipated support from the government.
9.8 Internal Risk Rating Systems

An important tool in monitoring the quality of individual credits, as well as the
total portfolio, is the use of an internal risk rating system. A well-structured
internal risk rating system is a good means of differentiating the degree of
credit risk in the different credit exposures of a banking institution. This will
allow more accurate determination of the overall characteristics of the credit
portfolio, concentrations, problem credits, and the adequacy of loan loss
reserves.
Typically, an internal risk rating system categorises credits into various classes
designed to take into account the gradations in risk. Simpler systems might be
based on several categories ranging from satisfactory to unsatisfactory;
however, more meaningful systems will have numerous gradations for credits
considered satisfactory in order to truly differentiate the relative credit risk
they pose. In developing their systems, banking institutions must decide whether
to rate the riskiness of the borrower or counterparty, the risks associated with
a specific transaction, or both.
Internal risk ratings are an important tool in monitoring and controlling credit
risk. In order to facilitate early identification, banking institution's internal risk
rating system should be responsive to indicators of potential or actual
deterioration in credit risk for example, financial position and business condition
of the borrower, conduct of the borrower's accounts, adherence to loan
covenants, value of collateral, and so on.
Credits with deteriorating ratings should be subject to additional oversight

and monitoring, for example, through more frequent visits from credit officers
and inclusion on a watch list that is regularly reviewed by senior management.

The internal risk ratings can be used by line management in different

departments to track the current characteristics of the credit portfolio and
help determine necessary changes to the credit strategy. Consequently, it is
important that the board of directors and senior management also receive
periodic reports on the condition of the credit portfolios based on such ratings.
The ratings assigned to individual borrowers or counterparties at the time the

credit is granted must be reviewed on a periodic basis and individual credits
should be assigned a new rating when conditions either improve or deteriorate.
Because of the importance of ensuring that internal ratings are consistent and
accurately reflect the quality of individual credits, responsibility for setting or
confirming such ratings should rest with a credit review function independent
of that which originated the credit concerned. It is also important that the
consistency and accuracy of ratings is examined periodically by a function
such as an independent credit review group.
Activity 9.1
? 1. What are the main sources of credit risk?

2. Why do you think credit risk is the major contributor to bank failure as
opposed to other financial risks?
3. Outline the main considerations that form the basis for sound lending
policies.
4. Identify and explain the key factors considered in performing credit
analysis for a loan application.
5. List and discuss the main symptoms of a distorted credit culture in a
banking organization.
6. Explain the significance of provisions and capital in credit risk
management.
7. Discuss the various limits used in controlling exposure to credit risk.
9.9 Summary
This unit had looked at how credit risk arises. Credit risk is inevitable in
financial intermediation. Financial institutions can control their exposure to
credit risk through the use of various strategies ranging from employing sound
credit appraisal procedures to using various limit systems and use of collateral

and guarantees. Sound workout strategies are also a must because non-
performing loans are an unavoidable occurrence in banking business.

References
Market.
Sons.
Risk Management.
Management.
Sons.
Hill.
McGraw Hill.

Unit Ten
Operational Risk
10.0 Introduction
O
perational risk is inherent in all business operations and cannot be
avoided. This unit looks at the main components and key drivers of
operational risk, the measurement and management of operational risk.
10.1Objectives
 define operational risk

?  describe the two main components of operational risk
 identify the key drivers of operational risk
 evaluate opportunities to reduce operational risk
10.2Definition
Operational risk is not a well-defined concept. In the context of a trading or
financial institution, it refers to a range of possible failures in the operation of
the firm that are not related directly to market or credit risk. These failures
include computer breakdown, a bug in a key piece of computer software,
errors of judgment, deliberate fraud, and so on.
Operational risk remains a fuzzy concept because it is hard to make a clear-

cut distinction between operational risk and the "normal" uncertainties faced
by the organization in its daily operations. For example, if a client failed to pay
back a loan, then one can reasonably inquire if the failure was due to either
"normal" credit risk, or due to human error on the part of the loan officers.
Usually all credit-related uncertainties are classified as part of business risk.
Nevertheless, in certain situations one might say that the loan officer should
have declined to approve the loan, given all the information concerning the
client that was available to him or her at the time of the decision. For example,
if the loan officer approved a loan against the bank's guidelines (maybe he or
she was even given a bribe), then this should be classified as an operational
failure, not a credit loss.
The management of an institution should define what is included in operational

risk in order to minimize the degree of conceptual fuzziness within each firm.
To do this, a typology of operational risk must first be established.
The Basel Committee on Banking Supervision (2003) defined operational

risk for financial institutions as "the risk of loss resulting from inadequate or
failed internal processes, people and systems or from external events."

Unit 10 Operational Risk
10.3Aim and Scope of Operational Risk Management

The fundamental goal of operational risk management should be risk prevention.
The following are some of the important objectives of an Operational Risk
Management Function:
 To formally and explicitly define and explain what the words 'operational
risk' mean to the institution
 To avoid potential catastrophic losses
 To enable the institution to anticipate all kinds of risks more effectively,
thereby preventing failures from happening
 To generate a broader understanding of enterprise-wide operational
risk issues at all levels and business units of the institution - in addition
to the more commonly monitored credit risk and market risk
 To make the institution less vulnerable to such breakdowns in internal
controls and corporate governance as fraud, error, or failure to perform
in a timely manner which could cause the interests of the institution to
be unduly compromised
 To identify problem areas in the institution before they become critical
 To prevent operational mishaps from occurring
 To establish clarity of people's roles, responsibilities and accountability
 To strengthen management oversight at all levels
 To identify business units in the institution with high volumes, high turnover
(that is, transactions per unit time), high degree of structural change,
and highly complex support systems. Such business units are especially
susceptible to operational risk
 To empower business units with the responsibility and accountability of
the business risks they assume on a daily basis
 To provide objective measurements of performance for operational
risk management
 To monitor the danger signs of both income and expense volatilities
 To effect a change of behaviour within the institution and to enhance the
culture of control and compliance within the enterprise
 To ensure that there is compliance to all risk policies of the institution
and to modify risk policies where appropriate
 To provide objective information so that all services offered by the
institution take account of operational risks
 To ensure that there is a clear, orderly and concise measure of due
diligence on all risk-taking and non-risk-taking activities of the institution
The scope of an operational risk management function within an institution
should aim to encompass virtually any aspect of the business process

undertaken by the enterprise. The scope must transcend those business

activities that are traditionally most susceptible to 'operations risk' - that is,
those activities with high volume, high turnover, and highly complex support
systems, for example, trading units, back office, and payment systems. It is
true that the business activities sharing these characteristics have the greatest
exposure to operational risk failures.
10.4Two Broad Categories of Operational Risk

Operational risk is the risk associated with operating a business. Operational
risk covers such a wide area that it is useful to subdivide operational risk into
two components, operational failure risk and operational strategic risk.
10.4.1 Operational failure risk

Operational failure risk arises from the potential for failure in the course of
operating the business. A firm uses people, processes, and technology to
achieve business plans, and any one of these factors may experience a failure
of some kind. Accordingly, operational failure risk can be defined as the risk
that there will be a failure of people, processes, or technology within the
business unit. A proportion of the failures may be anticipated, and these risks
should be built into the business plan.
But it is the unanticipated, and therefore uncertain, failures that give rise to the
key operational risks. These failures can be expected to occur periodically,
although both their impact and their frequency may be uncertain.
10.4.2 Operational strategic risk

Operational strategic risk arises from environmental factors, such as a new
competitor that changes the business paradigm, a major political and regulatory
regime change, and earthquakes and other such factors that are outside the
control of the firm. It also arises from major new strategic initiatives, such as
developing a new line of business or re-engineering an existing business line.
All businesses rely on people, processes, and technology outside their business
units, and the potential for failure exists there too.
Figure 10.1 summarizes the relationship between operational failure risk and
operational strategic risk.

Operational risk
Operational failure risk Operational strategic risk

(Internal Operational Risk) (External Operational Risk)
The risk encountered in the pursuit The risk of choosing an
of a particular strategy due to: inappropriate strategy in response
• People to environmental factors such as:
• Processes • Political
• technology • Taxation
• Government
• Regulation
• Societal
• competition
Figure 10.1 Two Broad Categories of Operational Risk

(Source: Michel Crouhy, Dan Galai & Robert Mark: Risk Management)
The two types of operational risk are interrelated. One should observe that
failure to address a strategic risk issue can easily translate into an operational
failure risk. For example, in a change in the tax laws is a strategic risk. The
failure to comply with the tax laws is an operational failure risk. Once senior
management issues the call to action in response to an external stimulus, there
must be no internal breakdown in the people, processes and technologies
supporting the strategic call to action.
10.5Types of Operational Failure Risk

Types of operational failure risk are shown below:
1. People risk:
 Incompetency
 Fraud
2. Process risk:
a) Model risk
 Model/methodology error
 Mark -to-model error
b) Transaction risk

 Execution error
 Product complexity
 Booking error
 Settlement error
 Documentation/contract risk
c) Operational control risk
 Exceeding limits
 Security limits
 Volume limits
d) Systems and technology risk
 System failure
 Programming error
 Information risk
 Telecommunications failure
Activity 9.2
? 1. Explain the link between operational risk and other risks such as credit
risk and market risk.
10.6Who should Manage Operational Risk?

The responsibility for setting policies concerning operational risk remains with
senior management, even though the development of those policies may be
delegated, and submitted to the board of directors for approval. Appropriate
policies must be put in place to limit the amount of operational risk that is
assumed by an institution.
Senior management needs to give authority to change the operational risk

profile to those who are best able to take action. They must also ensure that
a methodology for the timely and effective monitoring of the risks that are
incurred is in place. To avoid any conflict of interest, no single group within
the firm should be responsible for simultaneously setting policies, taking action,
and monitoring risk.
The authority to take action generally rests with business management, which
is responsible for controlling the amount of operational risk taken within each
business line. The infrastructure and governance groups share with business
management the responsibility for managing operational risk.

The responsibility for the development of a methodology for measuring and

monitoring operational risks resides most naturally with group risk management
functions. Besides ensuring that the risks are transparent and well established,
through measuring and reporting, this function can also attempt to manage the
firm's operational risk on a portfolio basis. Portfolio management adds value
by ensuring that operational risk is adequately capitalized.
Portfolio management also involves providing regular reviews of trends, as

well as analyzing concentrations of operational risk. The risk management
function also needs to ensure that proper operational risk/reward analysis is
performed in the review of existing businesses and before the introduction of
new initiatives and products. In this regard, the risk management function
works very closely with, but independently from, business management,
infrastructure, and the other governance groups.
Senior management needs to know whether the responsibilities it has delegated

are actually being tended to, and whether the resulting processes are effective.
The internal audit function within the bank is charged with this responsibility.
10.7Managing Operational Risk as a Partnership

Operational risk should not be managed on an ad hoc basis, as this may
create lack of coordination among functions such as risk management, internal
audit and business management. The key to success in managing operational
risk more effectively is a partnership between business and its infrastructure,
internal audit, and risk management.
First, the necessary operational risk information has to travel from the
operational environment, which includes infrastructure, corporate governance,
and business units, to the operational risk management function. In return, the
operational risk management function must provide operational risk analyses
and policies to all units on a timely basis-as well as generating firm-wide and
regulatory risk reports, and working with the audit function.
Second, the various businesses in the firm implement the policy, manage the
risks, and generally run their business.
Third, at regular intervals the internal audit function needs to ensure that the
operational risk, management process has integrity, and is indeed being
implemented along with the appropriate controls. In other words, auditors
analyze the degree to which businesses are in compliance with the designated

operational risk management process. They also offer an independent

assessment of the underlying design of the operational risk management
process. This includes examining the process surrounding the building of
operational risk measurement models, the adequacy and reliability of the
operations risk management systems and compliance with external regulatory
guidelines, and so on.
Audit thus provides an overall assurance on the adequacy of operational risk

management.
10.8The Key to Implementing Firm-wide Operational

Risk Management
The following eight key elements can be used to implement a firm-wide
operational risk management framework:
a) Develop well-defined operational risk policies
 The policies should articulate the desired standards for risk
management
 Clear guidelines that may contribute to reduction of operational
risk
b) Establish a common language of risk identification
c) Develop business process maps of each business. Create an operational
risk catalogue
d) Develop a comprehensive set of operational risk metrics
e) Decide how to manage operational risk exposure and take appropriate
action to hedge the risks
f) Decide how to report exposure
g) Develop tools for risk analysis
h) Develop techniques to translate the calculation of operational risk into
a required amount of economic capital
10.9A Four Step Risk Assessment Process for

Operational Risk
Step 1: Inputs to risk catalogue
Operational risk should be evaluated net of risk mitigants. For example, if the
institution has insurance to cover a potential breakdown, then the degree of

risk must be properly adjusted by the insurance premium paid. To obtain a

measure of net operational risk, the required inputs to the risk catalogue must
be able to adequately assess both the frequency of failure occurrences and
the severity of loss given that a failure occurs:
 The assessment for frequency of occurrences may come from both
internal and external reports, such as: audit reports; external audit reports;
regulatory reports; management reports; expense reports; deviation from
business plans, operational plans, and budgets, and so on, and expert
opinion and industry 'best practices'
 An assessment for severity of loss may come from: management
interviews, both pre and post mortem; variances on budgets; insurance
claims; and loss history, whenever possible
Step 2: Risk Assessment Scorecard

Using the risk catalogue and the inputs from step 1, each business or
operational unit will be assessed using a risk scorecard. The risk scorecard
will appropriately identify and assess the nature of operational risk based on
the following broad points:
 Risk categories: people, process, technology, and external
dependencies
 Connectivity and interdependencies: Because the headline risk
categories of people, process and technology cannot be looked at in
isolation, their cumulative effects and interdependencies must be
carefully identified and accounted for
 Change, complexity, and complacency: The sources that drive the
headline risk categories may be due to: a change in the work environment,
e.g., the introduction of new technology to the business unit; the
complexity of products, process or technology; or the complacency
factor due to ineffective management of the unit
 Frequency and severity assessments: Quantifying the likelihood of
breakdown in operational processes is very difficult. It may be simply
'rated' as very likely, not likely, very unlikely and so forth, or a question
relating to the expected number of loss events may be posed. Severity
of loss describes the potential monetary loss to the institution, given the
occurrence of an operational failure. Since actual loss history may be
difficult to come by, some institutions subjectively attach a range of loss
(for example, between $5 million to $10 million for certain failures).
 Net operational risk: Operational risks should be evaluated net of
risk mitigants. For instance, the potential monetary amount lost due to
certain insurable operational failures can be reduced through the use of

risk mitigants, for example, insurance and underwriting. We need to

find out which bank activities are currently covered by insurance policies
and by how much. In addition, a catalogue of insurable bank activities
needs to be prepared.
 Net risk assessment: The combination of all the ingredients in the
risk scorecard gives the overall net risk assessment.
Step 3: Review and Validation

After the risk assessment process is completed (via the risk catalogues) and
risk scorecards for each business unit are produced, it is the responsibility of
the operational risk management committee to review the assessment results
with the management of the respective business unit and other key officers of
the institution. The responsibilities of the committee may include:
 Formulating a set of operational risk policies and guidelines clearly
delineating the actions needed to correct and prevent the operational
problems and issues identified
 Determining the important differences between the unit's own self-
assessment and the independent assessment
 Opining on the ratings in the risk scorecards before publication
 In conjunction with audit and compliance departments, issuing a
mandatory report and list of recommendations to the affected business
units
 Issuing summary risk reporting about the enterprise to the executive
committee
Step 4: Outputs of Risk Assessment Process

The final assessment of operational risk will be formally reported to business
management and internal audit and compliance function and board of directors.
The necessary corrective measures will be initiated and the necessary capital
allocation will be done.
10.10 The Operational Risk Control Process

The following are the major contributors to operational risk management
failures:
a) Lax management structure: lack of adequate management oversight
and accountability; no segregation of duties; too many delays in systems
development; disrespect for audit reports; and ignorance

b) Inadequate assessment of risk: on and off-balance sheet

activities: lack of stress-testing for unexpected market moves;
inappropriate setting of limits; too much risk relative to capital; and
lack of risk-adjusted return measurement
c) Lack of transparency: inaccurate information on capital, solvency
and liquidity; inadequate accounting policies; lack of benchmarks and
comparability; lack of approvals, verifications and reconciliations; and
lack of review of operating performance
d) Inadequate communication of information between levels of
management: lack of escalation process in times of crises; paying too
much 'lip service' in the various risk committees; lack of procedures for
monitoring and correcting deficiencies; and poor communication
between different risk-monitoring groups
e) Inadequate or ineffective audit and compliance programmes
To help facilitate the identification of operational risk failures within the
institution by business unit, it is important that the operational risk management
function is streamlined alongside the risk control, compliance, and audit functions
of the institution. Lessons learned from many highly publicised financial fiascos
all point to the need for the following:
a) Independent management oversight: This includes audit oversight,
risk control and compliance functions, and most definitely senior
management involvement. Each overseer plays the role of independent
'risk monitor', considering such operational performance measures as
volume, turnover, settlement failures, delays, errors, compliance to
market and credit limits, income and expense volatility, effectiveness of
line management, accounting anomalies, and other higher-level controls.
For many business activities of the holding company, this information is
already available within the institution.
b) Self-assessments by individual business units: Line management
has the best knowledge of its own people, the day-to-day processes it
has to go through, the integrity of the systems supporting the business
unit, and the external circumstances that could cause its people, process
and technology to fail. A self-assessment by the individual business units
is, therefore, a key first step in the operational risk assessment process.
10.11 Methods used in Managing Operational Risk

a) Training people and upgrading processes
b) Withdrawing from a business activity

c) Instituting tighter internal controls

d) Transfer the risk to another party through insurance or outsourcing
These are specific controls or programmes designed to reduce the exposure,
frequency, severity, or impact of an event or to eliminate (or transfer) an element
of operational risk. Examples include business continuity planning, IT security,
compliance reviews, project management, and merger integration and
insurance. Various techniques are used to control or mitigate operational risk.
Internal controls and the internal audit process are the primary means of
controlling operational risk.
Activity 10.1
?
1. Explain why there is no agreed-upon universal definition of operational
risk.
2. Distinguish between operational failure risk and operational strategic
risk.
3. How can failure to address a strategic risk issue easily translate into an
operational failure risk?
4. Discuss the importance of internal audit function with regards to
operational risk management.
5. Why do you think firms should adopt a firm-wide approach to
operational risk management as compared to other risks such as market
or credit risk?
10.12 Summary
Operational risk failures can wreak havoc within an organization if not properly
identified, assessed, monitored, controlled and mitigated. Furthermore, if not
sufficiently contained, operational risk also has a tendency to spill over and
cause systemic risk to the broader markets. In spite of its importance for
containing operational risk, it is still more art than science. Operational risk
management continues to be one of the least developed areas of enterprise
risk management in spite of the heightened attention it has received. Perhaps
since operational risk is fundamentally qualitative in nature, it might never be
as developed as other risk areas.

References
Market.
Sons.
Risk Management.
Management.
Sons.
Hill.
McGraw Hill.


Unit Eleven
Strategic Risk Management
11.0 Introduction
S
trategic risk management enables the mitigation of risks and protects
the stability of any organisation. It also acts as a tool for planning
systematically about the future and identifying opportunities. Further, it
assists in effective utilization of corporate assets and can be used to turn
strategic threats into growth opportunities. This unit looks at the various issues
surrounding strategic risk and attendant risk mitigatory measures.
11.1 Objectives
 define what strategic risk is

 outline the common sources of strategic risk
 describe the four components of strategic risk management process
 explain the importance of board of directors and senior management
in the strategic risk management process
11.2 Definition
Strategic risk means the risk of current or prospective impact on a firm's
earnings, capital, reputation or standing arising from changes in the environment
the firm operates in and from adverse strategic decisions, improper
implementation of decisions, or lack of responsiveness to industry, economic
or technological changes. It is a function of:
 the compatibility of a firm's strategic goals
 the strategies developed to achieve those goals
 the resources deployed to meet those goals
 the quality of implementation
The resources needed to implement a firm's strategies are both tangible and
intangible. They include capital and funding, communication channels, staffing
and operating systems, delivery networks, and managerial resources and
capabilities.
11.3 Terminology
Strategic risk management framework means collectively the systems,
processes and controls adopted by a firm to identify, assess, monitor, control
and report strategic risk.
Strategic goal means a general statement of purpose or a short, medium or

long term goal set by a firm in line with its corporate mission and values, with
a view to achieving desired outcomes in relation to growth, efficiency, survival
and control of the environment.
Strategic objective means a specific, measurable and time assigned objective

or target derived from a firm's strategic goal(s).

Unit 11 Strategic Risk Management
Strategic plan means a comprehensive plan formulated by a firm in its strategic

planning process. The plan sets out, among other things, the strategies to be
implemented by the firm, the manner of implementing those strategies, and the
desired outcomes expected of such implementation.
Strategy means the approach, method or course of action that can be taken
by a firm to achieve a particular strategic goal or objective. There are typically
three levels of strategy (i.e. corporate, business, and operational) that may be
employed, the characteristics of which are explained as follows:
 A corporate strategy is concerned with a firm's overall purpose and
development, and relates to how the firm's strategic intent or vision
could be achieved. For example, a firm may decide to attain targeted
growth through strategic alliances, mergers and acquisitions
 A business strategy is usually concerned with how a firm can gain
competitive business advantage, which products or services the firm
should offer to customers, or which markets the firm should operate in.
This level of strategy relates more to the affairs of particular business
units than to the firm as a whole
 An operational strategy is developed to support or facilitate the
implementation of corporate and business strategies. Examples include
strategies for enhancing organizational efficiency, IT infrastructure and
human resources management.
11.4 Common Sources of Strategic Risk

Strategic risk can arise through many ways. However, the common sources
of the risk within corporate institutions are the following:
 competition - through emerging industry rivals;
 technology - shift in technology;
 customer - customer priority shift and over-reliance on a few customers
 economic factors
 regulations
 work processes and procedures
 adequacy of information for decision-making
11.5 Strategic Planning Process

Every institution should put in place a strategic plan which should be supported
by a realistic budget. A strategic plan clarifies an institution's overall purpose,

defines goals and priorities and determines practical approaches for achieving
targeted priorities. If the strategic planning process is not appropriate or if the
assumptions are not realistic, the strategic plan will be flawed thereby exposing
the firm to strategic risk. In this regard, every firm should have an appropriate
strategic planning process encompassing the following:
 support or participation of the board, delegated committees, and senior
management
 participation of staff from various departments
 adequacy of information in developing assumptions in relation to
economic factors, position of the institution compared to competitors,
current competitive position, future market trends and customer needs,
among others
 consistency of the operational plans with the overall objective of the
institution
 assessment of actual performance against strategic plans
11.6 Strategic Risk Management Process

An effective strategic management process should include four key elements:
 strategic planning
 alignment and change management
 implementation and monitoring
 performance evaluation and feedback
11.6.1 Strategic planning

Strategic planning is the process whereby institutions determine the overall
direction and focus of their organisation, establish medium and long term
priorities in line with their corporate mission and goals, and translate those
priorities into appropriate strategies for achieving stated goals and objectives.
This process culminates in the development of a strategic plan and goes
beyond, but may be integrated with, the firm's annual financial planning and
budgeting exercise.
11.6.2 Alignment and change management

Before implementing their strategies, firms should ensure that they have made
proper alignment of internal resources and processes and, if necessary,
managed all change issues (such as those arising from organisational or cultural
changes) to facilitate the achievement of desired outcomes. Interdependencies

between processes across departments (for example, reconciliation of

transaction information between front and back offices using a more advanced
IT system) should also have been addressed so that they can be properly
understood and accounted for during the implementation.
11.6.3 Implementing and monitoring

To determine whether a strategy will succeed or fail, it depends on whether a
firm has adequate resources and capability to implement the strategy and
whether the firm has the ability to effectively monitor and control the progress
of implementation. As such, in addition to strategic planning, firms should
have a process to facilitate the monitoring and control of strategies being
implemented.
11.6.4 Performance evaluation and feedback

Comparison of actual performance to desired outcomes serves as an important
check on the success of implementing approved strategies, and allows
management to take timely remedial actions to address significant deviations
from set targets. Therefore, firms are expected to develop a performance
evaluation system that tracks progress towards achieving both financial and
non-financial targets.
11.7 Key components of a Strategic Risk

Management Framework
An appropriate strategic risk management framework is expected to have the
following components:
 a strategic risk management structure that assigns responsibilities to
various organisational functions to enable firms to achieve their strategic
goals and objectives while managing the risks involved within an
acceptable level
 a strategic risk management process
11.8 Risk Mitigation Factors

Firms should adopt and implement robust strategic risk mitigation measures
and techniques to enhance the achievement of strategic objectives. These

include engaging qualified board and senior management, formulation of

strategic and operational plans, high quality of personnel and proper training,
comprehensive risk management systems and adequate access to information.
11.9 Board and Senior Management Oversight

Board of Directors and Senior Management oversight is an integral part of an
effective strategic risk management programme. The Board of Directors retains
the overall responsibility for strategic risk management of the institution. It is
chiefly responsible for setting corporate strategy and reviewing management
performance in implementing the banking institution's strategic plan.
In turn, senior management has a duty to ensure that there is an effective

strategic risk management process by transforming the strategic direction given
by the board through policy. To do this, senior management should have an
understanding of the nature and level of the various risks associated with the
banking institution's strategic plan and how such risks fit within the overall
business strategies.
11.9.1 Board oversight

The responsibilities of the board of directors with regard to strategic risk
management are to:
 ensure that risk management practices are an intrinsic part of strategic
planning
 establish corporate objectives and values, strategic goals, and a mission
statement describing the purpose of the institution; and ensure that these
are effectively communicated and consistently applied throughout the
institution
 censure that the institution's overall strategic risk exposure is maintained
at prudent levels, and is compatible with developed business strategies
 assess whether the institution's strategic/business plans make sense given
the current economic and competitive environment, consist of reasonable
and measurable targets, and; review the associated Strategic Risk
Management framework periodically to determine that it remains
adequate and appropriate under the prevailing business environment
 assess management's success in implementing the institution's strategic
plan and achieving targets and results
 ensure that strategic direction and initiatives are well conceived and
supported by appropriate management information system, operating

systems, and service delivery networks. The Board must also ensure
that initiatives are supported by capital for the foreseeable future and
pose only nominal possible effects on earnings volatility
 ascertain that strategic initiatives are supported by sound due diligence
and strong risk management systems. Also ascertain that decisions can
be reversed with little difficulty and manageable costs
11.9.2 Senior management oversight

The responsibilities of senior management with regard to strategic risk
management are to:
 ensure that a comprehensive Strategic Risk Management process that
is commensurate with the strategic goals of the institution is in place
 ensure that business continuity plans have been prepared and tested so
that important changes in the business/risk environment are assessed
and catered for
 ensure that management of succession planning is an active ongoing
process, integrated with the institution's strategic plans
 ensure that Strategic Risk Management framework is implemented
throughout the institution and that all levels of staff understand their
responsibilities with respect to Strategic Risk Management
11.10 Policies, Procedures and Limits

Effective management of strategic risk requires that firms establish prudent
policies, procedures and limits approved by the Board to ensure its objective
evaluation and responsiveness to the firm's business environment.
Policies on business strategy are critical in defining the business segments that
the firm will focus on, both in the short and long run.
Policies and procedures should cover all material risks associated with the
firm's business segments defined in the strategic plan. Accountability should
be spelt out clearly and lines of authority clearly defined.
To be effective, policies and procedures should be reviewed on regular basis,

to take into account internal and external changes to the operating environment.
The policies should establish clear guidelines on frequency and procedures
for review of its business strategies.
Policies should be consistent with the firm's broader business strategies, capital
adequacy, technical expertise and risk tolerance. It should take into account
the size, nature and complexities of the banking institution's business plans
and consider past experiences and performances.
Procedures for defining and reviewing a firm's business strategy should ensure
that the following aspects are given adequate consideration:
 the institution's inherent strengths
 its identified weaknesses
 opportunities external to the firm
 external factors that pose threats to the firm
Where appropriate, strategic risk management policies and procedures should
cover the use of risk mitigation techniques.
A set of board approved limits should be put in place to control a firm's

exposure to various quantifiable risks associated with its strategic plan. Risk
limits should be clearly communicated to the business units and understood
by the relevant staff.
11.11 Role of Strategic Risk Management Function

The strategic risk management function has the key responsibility of supporting
the board and senior management in managing a firm's strategic risk and
facilitating change processes that contribute to the firm's organisational
development and continuous improvement.
The strategic risk management function is expected to be particularly involved

in the following aspects of a firm's strategic risk management framework:
 coordinating among functional departments development of the strategic
plan, including conducting environmental/ strategic analyses and
formulating strategies for meeting the firm's strategic goals and objectives
 identifying, assessing and reporting potential risks posed to the firm by
its strategies (for example, expansion into new markets, products or
services) and conducting stress tests for strategic planning and risk
management purposes as an independent risk control
 monitoring and evaluating the progress of implementing the firm's strategic
plan, conducting independent performance reviews and reporting the
progress and review results to the board and senior management directly
 ensuring that any issues and implications that may affect the successful
achievement of the firm's strategic goals and objectives are addressed
in a timely manner

 assisting senior management and functional departments in managing

changes (for example, relating to organisation structure, culture,
technology, systems and people) that may need to be made in order to
implement the firm's strategies, and ensuring effective communication
of such changes within the firm
 providing advice and support on opportunities and options that may be
pursued for the firm's organisational development and continuous
improvement
 consolidating reporting to the board and senior management on strategic
risk issues
11.12 Internal Controls

A firm's internal control structure is critical to the safe and sound functioning
of the firm generally and the management of the firm's strategic direction in
particular. Internal controls are required to ensure that:
 the organisation's structure establishes clear lines of authority
 the institution's systems and structures provide for business continuity
planning
 the process of setting up and reviewing strategic and business plans are
comprehensive and carefully adhered to
Internal and external audits are integral to the implementation of a risk
management process to control risk associated with a banking institution's
business strategy. To carry out their function effectively, internal auditors should
have appropriate independence and status within the firm to ensure that senior
management reacts to and acts upon their recommendations.
The internal audit function should among other things, perform periodic
checking on whether the strategic risk management system is properly
implemented and the established policies and control procedures in respect
of risk management are complied with. The risk management process and the
related internal controls should be examined and tested periodically.

Activity 11.1
?
1. Discuss the common sources of strategic risks for an organization of
your choice.
2. Discuss in detail the main components of the strategic risk management
process.
3. Explain the role of the strategic risk management function.
4. Explain how effective board and senior management oversight
contributes to effective strategic risk management.
5. How important is the internal audit function in the strategic risk
management process?
6. Discuss the various ways firms can mitigate strategic risk in their
operations.
7. Explain any link between strategic risk and other risks faced by firms.
11.13 Summary
The unit discussed the various stages involved in the strategic risk management.
It was noted that board of directors and senior management play a critical
role in the success and effectiveness of the management of strategic risk. The
risk management and internal audit functions also play a complementary role
through quality assuring the effectiveness of and compliance with internal control
systems and policies and procedures.

References
Sons.
Risk Management.
Sons.


Unit Twelve
Basel II and Risk Management
12.0 Introduction
T
he primary function of banking institutions involves financial
intermediation, which exposes them to various financial risks. Regulatory
authorities have instituted various legislation and prudential regulations
to motivate banks to improve their risk management systems. The Basel
Committee on Banking Supervision has introduced the Capital Accords, code
named Basel I, II, and III, in a bid to encourage banks to hold enough capital
for the level of risk inherent in their business. This unit will cover these capital
accords in detail.
12.1Objectives
 define regulatory capital and differentiate it from economic capital

 explain why banks should be regulated
 describe the evolution of the Basel Capital accords
 outline the criticisms of the Basel I and II Accords
 explain the various methods used in the computation of risk capital
charges
12.2The Basel I Accord

The original goal of the 1988 Basel Accord, which came into force in 1992,
was to set minimum capital requirements for commercial banks as a buffer
against financial losses. Its primary objective was to promote the safety and
soundness of the global financial system. A secondary objective was to create
a level playing field for internationally active banks by setting uniform minimum
standards. The Accord applied to internationally active banking institutions
whose failure could cause systemic risk.
Initially, the 1988 Basel Accord covered only credit risk. It required banks to
hold a minimum level of capital of at least 8% of the total risk weighted assets.
Total risk-weighted assets included on-balance sheet and off-balance sheet
items, using risk weights that provided a rough classification of assets by credit
risk. Capital includes the book value of equity on the balance sheet, with
adjustments, as well as other entries such as subordinated debt. The purpose
of this capital is to serve as a buffer against unexpected financial losses. Higher
capital should decrease the probability of failure that could cause instability in
financial markets, and should protect depositors that entrusted their money
with the banks.
12.3Criticisms of the Basel 1 Accord

The 1988 Basel regulations were criticized on several fronts. As is usually the
case with binding regulation, institutions may find ways to get around the
restrictions. This has led to regulatory arbitrage, which is behaviour that defeats
the regulatory requirements. The criticism of the 1988 Basel Accord can be
classified as follows:

Unit 12 Basel II and Risk Management
 Inadequate differentiation of credit risks: the four risk-weight

categories are widely viewed as too crude. For example, the same 100
percent ratio is applied to low risk and high risk borrowers.
 Non-recognition of term structure effects: even when controlling
for the credit rating, the term of the loan is an important factor in
measuring credit risk. A two year loan to an AAA rated company has
very little risk of default. In contrast, 30 year loan to the same company
is much riskier.
 Non-recognition of risk mitigation techniques: these techniques,
such as netting or the use of collateral, decreases the economic credit
risk but are not recognized under the Basel 1 Accord. Netting refers to
a legal agreement whereby payment obligations between two parties
are amalgamated into one single, net obligation. As a result of netting,
counterparty failure will lead to a smaller loss if the amount lent is matched
by the amount borrowed. Similarly, credit losses will be lessened if the
bank holds collateral. The fact that these risk-mitigation techniques are
not recognized under the1988 Basel Accord is a significant problem
because it discourages and even penalizes banks for attempting to
control credit risk better.
 Non-recognition of diversification effects: the Accord does not
recognize that credit risk can, and should be mitigated through spreading
risks across issuers, industries and geographical locations. As long as
correlations between components of the portfolio are below one, simply
summing the capital charges will overstate the true risk. This was a
significant problem because the Accord discouraged diversification.
 Non-recognition of market risk: the 1988 Basel Accord did not
account for the market risk assumed by banks. This omission was
particularly glaring with the growth of proprietary trading activities.
12.4The 1996 Amendment

In 1996, the Basel Committee amended the Capital Accord to incorporate
market risks. This was done because many banks were increasing the scale
of proprietary trading operations. This amendment came into effect at the end
of 1997 and added a capital charge for market risk.
The amendment separates bank assets into two categories, the trading book
and the banking book. The trading book represents the bank portfolio with
financial instruments that are intentionally held for short-term resale and typically
marked-to-market. The banking book consists of other instruments, mainly
loans that are held to maturity and typically valued on a historical cost basis.

12.5The 2004 Base II Accord

Capital markets have undergone major changes since the initial Capital Accord
of 1988. The design of the original credit risk changes had become increasingly
outdated and, even worse, may have promoted unsound behaviour by some
banks.
In 2004, the Basel Committee finalized a comprehensive revision to the Basel

Accord.
The Basel II framework is based on three pillars, viewed as mutually reinforcing:
Pillar 1: Minimum capital requirement

These are meant to cover credit, market and operational risk.
Pillar 2: Supervisory review process

Relative to the previous framework, supervisors are given an expanded role.
Supervisors need to ensure that:
 banks have a process in place for assessing their capital in relation to
risks
 banks indeed operate above the minimum regulatory capital ratios
 corrective action is taken as soon as possible when problems develop
Pillar 3: Market discipline

The Basel II emphasizes the importance of risk disclosure in financial
statements. Such disclosures enable market participants to evaluate banks'
risk profiles and the adequacy of their capital positions. The new framework
sets out disclosure requirements and recommendations. Banks that fail to
meet disclosure requirements will not qualify to use internal models. As internal
models generally lead to lower capital charges, this provides a strong incentive
for complying with disclosure requirements. In essence, the trade off for greater
reliance on a bank's own model is greater transparency.
Basel II provides for finer measurement of credit risk, which will generally
lead to lower capital requirements. In order to maintain the overall level of
bank capital, however, new capital charges are set against operational risk.
Banks are required to carry enough capital to exceed the sum of the credit
risk charge, the market risk charge and the operational risk charge, that is:.

Total capital > Credit risk charge + Market risk charge + Operational risk charge
Total capital
Bank's capital ratio > 8% =
Credit risk + Market risk + Operational risk
12.6Further Developments: Basel III

The credit crisis that started in 2007 has revealed weaknesses in the regulatory
framework. Some banks that appeared sufficiently capitalized experienced
major financial losses that in many cases required government support. In
response, the Basel Committee implemented changes to the Basel II
framework. The goal of these new set of rules is to strengthen the resilience of
the banking system by increasing the amount, quality and coverage of capital.
The market risk framework was revised to increase the amount of capital
required for trading risks. Additional amendments included the following:
 Capital definition: the definition of what constitutes acceptable capital
was changed to exclude some components that turned out not to provide
the desired protection during the credit crisis.
 Leverage ratio: the Basel Committee introduced a limit on leverage
ratio. This is because some banks had adequate capital using the Basel
II rules but ran into difficulties because of their high leverage. This
measure is not risk sensitive because it ignores both the quality of the
assets and hedging effects. The current proposal is to require a minimum
leverage capital of 3% to be included in Pillar 1 by January 2018.
 Liquidity requirements: Throughout the financial crisis, many banks
struggled to maintain adequate liquidity. As a result, the Basel Committee
introduced a global minimum liquidity standard. This includes a 30-day
liquidity coverage ratio, which would allow a bank to convert assets
into cash to meet liquidity needs under a stress scenario. The ratio of
the stock of high-quality liquid assets to the net cash outflows over 30
days must be greater than 100%. To that is added a net stable funding
ratio, which promotes better matching of assets and liabilities. This is
defined as the ratio of the available amount of stable funding to the
required amount, which must be greater than 100%.

12.7Definition of Capital
12.7.1 Basel I and II
The 1998 capital adequacy rules require any internationally active bank to
carry capital of at least 8% of its total risk-weighted assets. The starting point
for the measurement of capital is a bank's financial statements. In the Basel
Accord, capital has a broader interpretation than the book value of equity.
The key purpose of capital is its ability to absorb losses, providing some
protection to creditors and depositors. Hence, to be effective, capital must
be permanent, must not impose mandatory fixed charges against earnings,
and must allow for legal subordination to the rights of creditors and depositors.
The Basel Accord recognizes three forms of capital:
a) Tier 1 Capital or Core Capital

Tier 1 capital includes equity capital and disclosed reserves, most notably
after-tax retained earnings. Such capital is regarded as a buffer of the highest
quality.
 Equity capital or shareholders' funds consist of issued and fully paid
common stock and nonredeemable, noncumulative preference shares
 Disclosed reserves correspond to share premiums, retained profits,
and general reserves.
Goodwill is always subtracted from the book equity. This is an accounting
entry that, after an acquisition, goes into book equity to represent the excess
of the purchase value over book value. It is omitted because it does not
represent funds that can serve as a buffer against losses.
As a result of the credit crisis experience of 2007-2009, there has been

increasing focus on narrower definitions of capital. Notably, core tier 1 capital
excludes preferred equity. Further, tangible common equity excludes preferred
equity and intangible assets. Intangible assets are nonmonetary assets that
cannot be touched, such as patents and trademarks.
Tangible Common Equity = Equity - Intangible Assets - Goodwill -
Preferred Stock
b) Tier 2 Capital (Supplementary Capital)

Tier 2 capital includes components of the balance sheet that provide some
protection against losses but ultimately must be redeemed or contain a
mandatory charge against future income. These include:
 Undisclosed reserves or hidden reserves that are allowed by the

accounting standards. These are reserves that passed through the
earnings statement but remain unpublished. Due to this lack of
transparency as well as the fact that many countries do not have
undisclosed reserves, undisclosed reserves are not part of core capital.
 Asset revaluation reserves, which arise, for instance, from long-term
holdings of equity securities that are valued at historical acquisition costs.
Such capital could be used to absorb losses on an ongoing basis, subject
to some discount to reflect market volatility and future taxes in case of
sales.
 General provisions or loan loss reserves, which are held against future
unidentified losses. These are the result of loan loss allowances, which
are deductions taken against interest income in anticipation of probable
credit losses. These deductions reduce retained profits in tier 1 capital
but may qualify as tier 2 capital to the extent that they do not reflect a
known deterioration in particular assets (in which case they are specific
provisions).
 Hybrid debt capital instruments, which combine some characteristics
of equity and of debt. When they are unsecure, subordinated, and fully
paid up, they are allowed into supplementary capital. These include,
for instance, cumulative preference shares.
 Subordinated term debt, with a minimum original maturity of five years,
and subject to a discount of 20% during the last five years. Subordinated
debt would be junior in right of payment to all other debt in the event of
liquidation.
c) Tier 3 Capital for Market Risk Only

Tier 3 capital consists of short-term subordinated debt with a maturity of at
least two years. This is eligible to cover market risk only.
There are other additional restrictions on the relative amount of various

categories. Of the 8% capital charge for credit risk, at least 50% must be
covered by tier 1 capital. Further, the amount of tier 3 capital is limited to
250% of tier 1 capital allocated to support market risks (tier 2 capital can be
substituted for tier 3 capital if needed).
Key Concept:
The Basel capital adequacy rules require total capital (tiers 1 and 2) to be at least
8% of risk-weighted assets. In addition, tier 1 capital needs to be at least 4% of
risk-weighted assets.

12.7.2 Basel III

The major goal of the so-called Basel III revisions to the Capital Accord was
to increase the level and quality of bank capital. The primary focus was common
equity capital, which is part of tier 1 capital but is viewed as having the best
capacity to absorb losses.
The Basel Committee agreed to increase the level of common equity capital
to 4.5%. Tier 1 capital is increased from 4% to 6%. Total capital is still kept
at a minimum of 8%.
The Committee also added a capital conservation buffer of 2.5%. Banks will
be allowed to draw on this buffer during periods of stress but will be then
subject to constraints on earnings distribution (for example, dividend and bonus
payments). This will bring the minimum ratios for core tier 1, tier 1 and total
capital to 7%, 8.5% and 10.5% respectively.
Basel III introduces additional restrictions on what can count as part of tier 1
capital. For instance, some portion of equity that represents minority interest
in overseas subsidiaries has been disallowed. Other disallowances include
some deferred tax assets and mortgage servicing rights. Additionally, Tier 3
capital is abolished under Basel III.
The above changes are being introduced gradually. Immediate changes would
lead to a contraction of lending to the private sector, which would have negative
effects on already weak economies. If banks cannot raise enough capital to
comply with these new rules, they will be forced to cut down their exposures,
which will constrain the expansion of credit.
Key Concept:
The Basel III increases the minimum capital ratio for core tier 1 capital from 2% to
4.5%, plus a 2.5% buffer, for a total of 7%, to be effective on January 1, 2019.
12.8The Basel I Credit Risk Charge

12.8.1 On-Balance-Sheet Risk Charges
The 1988 Basel Accord applies to the notional of each asset a risk capital
weight taken from four categories as described in Table 13.0 below. Each
dollar of risk-weighted notional exposure must be covered by 8% capital.

Table 12.1 Risk Capital Weights by Asset Class
Weights Asset Type
0% Cash held
Claims on OECD central governments
Claims on central governments in national currency
20% Cash to be received

Claims on OECD banks and regulated securities firms
Claims on non-OECD banks below one year
Claims on multilateral development banks
Claims on foreign OECD public sector entities
50% Residential mortgage loans

100% Claims on the private sector (corporate debt, equity etc)
Claims on non-OECD banks above one year
Real estate
Plant and equipment
(Source: Philippe Jorion, 2010; Financial Risk Manager Handbook,

John Wiley & Sons)
These categories provide an extremely rough classification of credit risk. Those

assets assigned a risk weight of zero have presumably no default risk whilst
claims on corporations are assigned a 100% risk weight, irrespective of the
risk of risk or maturity of the loan.
The credit risk charge is then defined for the balance sheet items as:
Credit risk charge = 8% x (RWA) = 8% x (?RWi x Notionali)
where RWA represents risk-weighted assets, and RWi is the risk weight
attached to asset i.
12.8.2 Off-Balance-Sheet Risk Charges

To account for off-balance sheet items, the Basel Accord computes a credit
exposure that is equivalent to the notional for a loan, through credit conversion
factors. The Accord identifies the following broad categories:

Conversion
factor Asset
100% Guarantees, Bankers' acceptances, Letters of

credit etc.
50% Performance bonds, Commercial Letters of Credit

Commitments with maturity greater than a year
20% Short-term, self liquidating trade-related

liabilities such as documentary credits
0% Short-term commitments or revocable

commitments
For the above categories, the position is replaced by a credit equivalent or

credit exposure, computed as:
Credit Exposure = Credit Conversion Factor x Notional

Activity 12.1
? You are given the following information:

CBZ Bank’s Risk-Weighted Assets: 2010
Risk-weighted Assets in Millions
Risk Weight Category
Item 0% 20% 50% 100% Total
On-BS and Off-BS items 369.0 316.2 225.1 519.7
Credit RW assets 0.0 63.2 112.6 519.7 695.5
Market RW assets 54.8
Others -14.3
Total RW assets 736.0
CBZ Bank’s Capital Requirements: 2010

Capital Amount ($Million)
Equity 116.6
Goodwill -11.3
Others -8.5
Tier 1 96.8
Subordinated Debt 4.0
Loan loss Allowances 9.4
Others 0.4
Tier 2 13.8
Total 110.6
REQUIRED
Using the above information, compute tier 1, tier 2 and tier 1 leverage capital ratios
for CBZ Bank.
12.9Basel II Credit Risk Capital Charge

As under the Basel I Accord, the credit risk charge is computed as the sum of
individual credit risk charges as follows:
Credit Risk Charge = 8% x (?RWi x CEi)
where RW is the risk weight and CE is the credit exposure.
Under the Basel II Accord, banks have now a choice of three approaches for
the risk weights.

12.9.1 Standardized Approach

This is an extension of the 1998 Accord, but with finer classification of
categories for credit risk, based on external credit ratings provided by external
credit assessment institutions. Table 13.1 describes the new weights, which
now fall into five categories for banks and sovereigns and four categories for
corporate.
Table 12.2 Risk Weights: Standardized Approach
Credit Rating
Claim AAA/AA- A+/A- BBB+/BBB- BB+/B- Below B- Unrated
Sovereign 0% 20% 50% 100% 150% 100%
Banks –option 1 20% 50% 100% 100% 150% 100%
Banks-option 2 20% 50% 50% 100% 150% 50%
Short-term 20% 20% 20% 50% 150% 20%
Claim AAA/AA- A+/A- BBB+/BBB- BB+/B- Below B- Unrated
Corporates 20% 50% 100% 150% 100%
Note: Under option 1, the bank rating is based on the sovereign country
in which it is incorporated. Under option 2, the bank rating is based on
an external credit assessment. Short-term claims are defined as having
an original maturity less than three months.
12.9.2 Foundation Internal Ratings Based Approach (FIRB

Approach)
Under this approach, banks are allowed to use their internal estimate of
creditworthiness, subject to regulatory standards. Banks estimate the
probability of default (PD) and supervisors supply other inputs, which carry
over from the standardized approach.

Table 12.3 IRB Risk Weights
Probability
of Default Corporate Residential Mortgage Other Retail
0.03% 14.44% 4.15% 4.45%
0.10% 29.65% 10.69% 11.16%
0.25% 49.47% 21.30% 21.15%
0.50% 69.61% 35.08% 32.36%
0.75% 82.78% 46.46% 40.10%
1.00% 92.32% 56.40% 45.77%
2.00% 114.86% 87.94% 57.99%
The above table illustrates the links between PD and the risk weights for
various asset classes. For instance, a corporate loan with a 1.00% probability
of default would be assigned a risk weight of 92.32%, which is close to the
standard risk weight of 100% from Basel I. Retail loans have much lower risk
weights than the other categories, reflecting their greater diversification.
12.9.3 Advanced Internal Ratings-Based Approach (AIRB

Approach)
Under this approach, banks can supply other inputs as well. These include
loss give default (LGD) and exposure at default (EAD). The combined PDs
and LGDs for all applicable exposures are then mapped into regulatory risk
weights. The capital charge is obtained by multiplying the risk weight by EAD
by 8%. The Advanced IRB approach applies only to sovereign, bank and
corporate exposures and not to retail portfolios.
12.10 Adoption of Approach

Banks with simple portfolios can follow the standardized approach. More
advanced banks are expected to adopt an IRB approach. To be eligible for
the IRB approach, a bank must demonstrate to its supervisors that it meets a
set of minimum requirements. For example, the internal rating system must be
consistent and reliable. Also, banks cannot allocate borrowers across rating
systems or cherry-pick ratings to minimize capital requirements. In addition,
the bank-developed rating system must be approved at the highest level and
subject to independent oversight.

12.11 The Market Risk Charge (MRC)

The capital charge can be computed using two methods. The first is based on
a standardized model, similar to the credit risk system determined by the
Basel rules. Because diversification effects are not fully recognized, this method
generates a high market risk charge.
The second method is called the internal models approach (IMA) and is based
on the banks' own risk management systems.
12.11.1 The Standardized Method

The bank's market risk charge is first computed individually for portfolios
exposed to interest rate risk (IR), equity risk (EQ), foreign exchange (FX)
risk, commodity risk (CO) and option risk (OP), using specific guidelines.
The bank's total risk is then obtained from the summation of risks across the
four categories. Because the construction of the risk charge follows a pre-
specified process, this approach is sometimes called the standardized method.
The bank's total risk is obtained from the summation of risks across different
types of risks, j, on each day, t.
MRCtSTD = ∑MRCtj = MRCtIR + MRCtEQ + MRCtFX + MRCtCO + MRCtOP
The interest rate risk charge is the sum of a general market risk charge, which
typically increases for longer-duration instruments, and a specific risk charge,
which covers against issuer-specific risk. For instance, the weight for long-
term investment grade credits is 1.60%. For equity risk, the general market
risk charge is 8% of the net positions; the specific risk charge is 8% of the
gross positions, unless the portfolio is both liquid and well diversified, in which
case the weight is reduced to 4%. For currency risk, the market risk charge is
8% of the higher of either the net long currency position or the net short
currency positions. For commodity risk, the risk charge is 15% of the net
position in each commodity. Finally, for option risk, several approaches are
possible. In the simplified approach, the capital charge is the lesser of the
market risk charge for the underlying security and the option premium.
The weaknesses of the standardized approach

 The risk classification is arbitrary
 Results in high capital requirements due to its failure to account for
diversification effects

12.11.2 The Internal Models Approach

This method relies on internal risk management systems developed by banks
themselves as the basis for the market risk charge. However, banks can use
internal models only after it has been explicitly approved by the supervisory
authority. Banks must satisfy qualitative requirements first given below:
 Independent risk control unit: the bank must have a risk control unit
that is independent of trading and reports to senior management to
minimize potential conflicts of interest
 Back-testing: the bank must conduct a regular back-testing
programme, which provides essential feed back on the accuracy of
internal Value-at-Risk (VAR) models
 Involvement: Senior Management and the board need to be involved
in the risk control process and devote sufficient resources to senior
management.
 Integration: the bank's internal risk model must be integrated with
day-to-day management. This avoids situations where a bank could
compute its VAR simply for regulatory purposes and otherwise ignore
it
 Use of limits: The bank should use its risk measurement systems to
set internal trading and exposure limits
 Stress testing: The bank should conduct stress tests on a regular basis.
Stress test results should be reviewed by senior management and be
reflected in policies and limits set by management and the board of
directors
 Compliance: the bank should be compliant with a documented set of
policies
 Independent review: An independent review of the trading units and
of the risk control unit should be performed regularly, at least once a
year

Activity 12.2
? 1. What is the best definition of tier 1 regulatory capital?

2. Consider a bank balance sheet with common stock of $600 million,
unrealized long-term marketable equity securities gain $5 million,
allowance in anticipation of possible credit losses of $5 million, goodwill
of $30 million. Compute tier 1 and tier 2 capital for this bank.
3. Consider the following financial data for a bank: shareholders' funds
$627.4 million, retained earnings $65.6 million; undisclosed reserves
$33.5 million; goodwill $21.3 million; subordinated debt $180 million;
specific provisions $11.7 million. Calculate the ratio of tier 2 to tier 1
capital.
4. Explain the main weaknesses of the Basel 1 Accord; and the
improvement introduced in Basel II.
5. Discuss the possible reasons why major banks experienced heavy credit
losses during the credit crisis in 2007 despite their use of the Basel II
framework.
6. Discuss the importance of capital in banking business.
7. Explain the link between liquidity risk and credit risk.
12.12 Summary
The Basel II Accord represents a major step forward for the measurement
and management of banking risks. It creates more risk-sensitive capital charges
for credit risk, market risk and operational risk. Like any set of formal rules,
the Basel II rules leave open some possibilities of regulatory arbitrage, due to
discrepancies between economic and regulatory capital for some assets. The
losses suffered during the credit crisis in 2007 have highlighted major
weaknesses in credit risk management. The system of capital charges has
missed an important element of banking risk, which is liquidity risk. The need
to recapitalize major banks by government proves that capital levels were not
adequate to protect against a major financial crisis. This justifies the addition
of a liquidity risk charge under Basel III.

References
Basel |Committee on Banking Supervision (2006) International Convergence
of Capital Measurement and Capital Framework Standards; A
Revised Framework, Comprehensive Version.
Management.
Sons.
Hill.


Unit Three
Case Study on Risk

Management Failure
13.0 Introduction
T
he list of crises, near collapses, and effective collapses involving financial
institutions is endless. However, some cases catch the attention of the
regulators, and especially the media, and thus drive developments and
trigger the implementation of new regulations. This in turn forces the industry
to develop new approaches and new processes. This unit covers the story
behind the collapse of Barings Bank. Valuable risk management lessons from
this case study are covered in the unit.
13.1Objectives
 identify the risk factors that contributed to the collapse of Barings

 deduce valuable risk management insights from the case study
 explain in what ways the collapse of Barings could have been averted
13.2Barings Bank
13.2.1 Background
Barings PLC went bankrupt because it could not meet the trading obligations
incurred by Nick Leeson, a British trader at Barings Futures (Singapore).
The unauthorized trading positions were made in a fraudulent account from
1992 to 1995. The credit crisis caused by Leeson led to more than $1.39
billion in losses on futures contracts in the Nikkei 225, Japanese Government
Bonds (JGB), and euroyen, and options in the Nikkei 225. The value of the
venerable 200-year-old Baring Brothers & Co Bank was reduced from roughly
$615 million to $1.60, the price it brought from ING, a Dutch financial
institution.
Leeson started engaging in unauthorized trading in 1992, and he lost money

from day one. In 1994 alone he lost $296 million; however, through creative
deception, he showed a gain of $46 million in that year. The primary locus of
blame for all the activities that eventually brought down Barings was the lack
of an adequate control system to monitor and manage traders' activities.
Without such a system in place, unscrupulous traders like Leeson were able
to take advantage of the firm and engage in unauthorized activities. Moreover,
the environment that allowed the hiding and manipulation of trades, which
went virtually undetected, was again directly attributable to Barings' lack of
adequate controls. Between 1992 and 1995, the management of Barings had
no real concept of Leeson's true profit and loss positions. This is because the
details of account 88888 were never transmitted to treasury officials in London.
Account 88888 was used by Leeson to cross trades with other Barings
accounts and to show false gains on these accounts (while the actual losses
were accumulating in the 88888 account). Due to this, Leeson was able to
show a flat book exposure while in reality he had huge long and short positions.
Leeson probably could have gotten away with his scheme free and clear if it
were not for the Kobe earthquake that shattered the Japanese equity markets.

Unit 13 Case Study on Risk Management Failure
Leeson was authorized to trade Nikkei 225 futures contracts and options
contracts on behalf of clients on the Singapore International Monetary
Exchange (SIMEX). A Nikkei 225 futures contract is a bundle of stocks that
are equal in proportion to the stocks that make up the Tokyo Stock Exchange
Nikkei 225 Stock Average. The value of the futures contract is derived from
the value of the Nikkei 225 average. A long Nikkei 225 futures position is in
the money if the Nikkei 225 average increases, because the futures price will
be lower than the actual value of the underlying asset.
Leeson was allowed to take advantage of the arbitrage opportunities that

existed between the price of Nikkei 225 futures contracts listed on the Osaka
Securities Exchange vs. the Tokyo Stock Exchange and the SIMEX. Barings
referred to this arbitrage activity as switching. It was imperative to hedge all
major proprietary trading positions undertaken on behalf of Barings Securities
so that the firm would not be exposed to a large risk. For example, a short
futures position is hedged by a long futures position. The gain in the long
position will exactly counteract the losses if the short futures position loses
value. Leeson was only allowed to make unhedged trades on up to 200 Nikkei
225 futures, 100 Japanese Government Bonds, and 500 euroyen futures
contracts. However, Leeson greatly exceeded these allowable limits in
unauthorized and unhedged futures trades and exposed Barings to a large
amount of risk. His positions were unhedged to maximize the gains if the
market moved in a direction favourable to his position.
The hedged portion of his position would have to meet margin requirements
due to unfavourable market movements. Leeson also engaged in the
unauthorized sale of Nikkei 225 put and call options, because doing so meant
he could generate premiums without having to meet margin calls. His positions
in the options markets were also unhedged in order to maximize his potential
gains.
13.2.2 Cause
Leeson was hired as general manager of the newly established Barings Futures
(Singapore) office in the spring of 1992. The most notable aspect of his position
was that he was in charge of settlement operations and was the Barings Futures
floor manager on the SIMEX trading floor. Barings Futures was a subsidiary
of Barings Securities. Nick Leeson was the general manager of the Barings
Futures (Singapore) office, and he was to report to both the London and
Singapore offices. The Singapore office would oversee Leeson's trading
activities on the SIMEX, and the London office would oversee his futures
and options settlements. However, Barings Securities was a very political

company. Individual managers at the field offices, such as Singapore, were

fiercely protective of their control over their specific offices. It was difficult for
the London headquarters to exercise control over the field offices. Either the
managers had excellent past performance, meaning that central control was
unnecessary, or they had strong personalities and could successfully thwart
attempts from headquarters to increase oversight.
Gordon Bowser, risk manager at Barings Securities (London), was to be

responsible for Leeson's futures and options settlements. The senior
management of the Singapore office included James Bax, the managing director
of the Singapore office and a master of Barings office politics, and Simon
Jones, the finance director of the Singapore office and an expert at settling
stock trades, but also the possessor of a legendary temper. The pair was
known as "Fortress Singapore." Jones took offense at sharing Leeson's
oversight responsibilities with Bowser. He felt that if the Singapore office was
to oversee Leeson's trading activities on the SIMEX, then it should also
oversee his settlements activities.
Bax communicated this disagreement to London, but it was never resolved

because the London office did not want to usurp the authority of the Singapore
office. The key people in the Singapore office did not fully understand Leeson's
role in the organisation or were not interested in monitoring his activities. Bax
thought Leeson was only running settlements. Jones took little interest in
supervising Leeson because he was sharing this responsibility with London.
Mike Killian, head of Global Equity Futures and Options Sales at Barings
Investment Bank, on whose behalf Leeson executed trades on the SIMEX,
was also responsible for Leeson's activities. However, Killian did not like to
take oversight responsibilities and preferred to take credit for a profitable
operation. As a result, it was unclear to whom Leeson reported, and his activities
were not scrutinized.
On July 3, 1992, Barings Futures (Singapore) established error account 88888

as required by the SIMEX. A few days later, Leeson asked his computer
consultant to modify the CONTAC software programme so that the trading
activity, prices of trades, and positions associated with error account 88888
would not be reported to the London office. A fourth item, margin balances,
remained on the report. Leeson knew that trading activity, prices of trades,
and positions were processed by the London office and downloaded into
First Futures (Barings' internal reporting system) and that margin balances
were ignored. Leeson stated that Gordon Bowser had ordered the action

because the volume of trades made by Barings Futures (Singapore) on the

SIMEX was difficult to settle.
In September 1992, Bowser provided the Barings Futures (Singapore) office

with error account 99002, which was to be used as the Barings Futures SIMEX
error account. Account 99002 was to be reported to London. However,
Leeson kept error account 88888 active to deliberately hide trading losses
and unauthorized trades.
Leeson needed funds to meet margin calls and support accumulating losses
on his unhedged futures trades. In August 1992, Bowser surprisingly granted
Leeson permission to receive funds from London without providing specific
information on how these funds would be used. Leeson argued that the difficulty
of raising funds from Japanese banks and the peculiarities of SIMEX margin
calls required him to have easy access to funds. From 1992 until the collapse,
Leeson was able to request and receive funds to meet the margins calls on his
unauthorized trades without scrutiny
Leeson used his position running the back office to further conceal his trading
activities. At the end of September 1992, he asked the settlements staff to
temporarily debit a Barings receivable account at Citibank Singapore and
credit the funds to error account 88888. The transfer was performed in order
to hide Leeson's trading losses from Barings Securities (London) monthly
reports, which were printed at the end of the month. This first such transaction
coincided with the end of Barings Securities' financial year and the start of
Deloitte and Touche's 1992 accounting audit. At this time, Leeson also forged
a fax from Gordon Bowser stating that error account 88888 had an insignificant
balance. The fax kept the accounting firm from discovering his activities.
The specific method Leeson used to cover up his losses and inflate Barings
Futures profits was the cross-trade. In a cross-trade, buy and sell orders for
the same firm occur on an exchange. Certain rules apply; for example, the
transaction must occur at the market price and the bid or offer prices must be
declared in the pit at least three times. Leeson would cross-trade between
error account 88888 and the following accounts:
 92000 [Barings Securities (Japan), Nikkei and Japanese Government
Bond Arbitrage]
 98007 [Barings (London), JGB Arbitrage]
 98008 (Euroyen arbitrage)
This was done to make the trades appear legal per SIMEX rules. Back office
staff at Barings Securities (Singapore) would then be ordered to break the

trades down into many lots and record them in the Barings accounts at prices
differing from the purchase price. In general, the cross-trades were made at
prices higher than what Leeson had paid on the SIMEX. In performing cross-
trades, Leeson could show a profit for his trading activities on various Barings
accounts. However, the gains in accounts 92000, 98007, and 98009 also
generated a corresponding loss, which Leeson buried in error account 88888.
This activity required the complicity of the Barings Securities (Singapore)
clerical staff, which would have been easy to secure by the person in charge
of the back office-Nick Leeson.
Leeson was selling straddles on the Nikkei 225. His strategic underlying
assumption was that the Nikkei index would be trading in the range of 19,000
to 19,500. In this range he would rake in the money on the premiums of the
sold options, while the calls and puts he sold would expire worthless. However,
after the Kobe earthquake on January 17, 1995, the Nikkei dropped to
18,950. At that point the straddle strategy was shaky. Leeson started to lose
money on the puts, because the (short) value of the put options he sold was
starting to overtake the (long) value of the premiums received from selling the
puts and calls. Then he made a dangerous gamble; he believed that the market
was overreacting and on January 20, three days after the earthquake, he
bought 10,814 March 1995 futures contracts. On January 23, the Nikkei
dropped 1,000 points to 17,950, and at that point Leeson realized his gamble
was a huge mistake. He was facing enormous losses from the long positions
that he had just bought, along with unlimited losses on the puts.
In addition to selling straddles, Leeson's reported arbitrage strategy was to

go long or short the Nikkei 225 futures on the Osaka exchange, while
simultaneously going the other direction on those same Nikkei 225 futures on
the SIMEX. This strategy would theoretically take advantage of temporary
mispricing differences of the same futures contract on two different exchanges.
Since these products were essentially identical (they derived all of their intrinsic
value from the same underlying security), any large price differences between
the Osaka and SIMEX Nikkei 225 March 1995 futures contracts would be
short-lived (or nonexistent) in an efficient market. This trading strategy is what
Barings referred to as switching. In reality, however, Leeson ignored the
switching and was long the March 1995 contract on both exchanges.
Therefore, he was doubly exposed to the Nikkei 225 instead of being hedged.
On January 20, the Osaka exchange lost 220 points and the SIMEX lost
195. If Leeson were short on the SIMEX, the net effect would have been
(?220 + 195) = ?25. However, he was long on both exchanges; therefore, on

January 20 he had a loss of (?220 ? 195) = ?415. During January and February
of 1995, Leeson suffered the huge losses that broke Barings.
13.2.3 How Leeson hid the trades

It is legal for an institution to separate a trade made on an exchange, assuming
that the trade is large and that its size might affect the market price of the
position. This is done through "block transaction," which effectively splits the
transaction into smaller transactions with different counterparts. Leeson traded
this way within the Barings accounts (also known as cross-trading). After the
transactions, however, when he was splitting the trades into the different
accounts, he decided the price at which each trade should be recorded, and
did not use the actual price of the trade. This is illegal. Although the sum of the
small transaction matches the overall trade, and the books were flat, Leeson
was crediting gains to the Barings accounts and was offsetting them by
recording losses in the 88888 account. Since he was always losing money, he
kept recording losses in this account, and was showing gains in the official
books. This way Leeson fooled everybody at Barings and was able to show
a profitable net position. Barings' treasury never audited account 88888, which
more accurately depicted Leeson's true profits and losses. Account 88888
was a ticking bomb that exploded in February 1995 and broke Barings.
13.2.4 Leeson's assumptions

The facts just discussed show the reasons behind Barings' collapse. When
reading them, one openly wonders what made Leeson so aggressive in the
derivatives markets, why he thought he could profit from such aggressive
tactics, and why he thought he could cover up his activities from his employer.
In every case involving huge derivative position losses, one usually sees the
"double-down" mentality take effect. In this case, Leeson sealed his fate the
first day he decided to eschew the official Barings derivatives trading strategy.
He was destined to eventually put himself in a net loss position due to the
risky nature of the products he was trading.
Once he did this, he had no other option but to keep doubling down in the
hope that he could extricate himself from the situation. He could not merely
cap his losses and walk away, as that would mean he would have to inform
Barings management of his improper trading, and he surely would have been
fired by the firm at that point. That is why he did not hedge his positions once
he started losing money. To do so might have saved Barings from its eventual
collapse, but it would not have been enough to save his job. So, instead, he

covered up his illicit trading practices and kept raising the stakes. Leeson had
been trading derivative products improperly for some time prior to the disaster
in early 1995. Because of his experience, albeit limited, with the Japanese
equity markets, he felt confident enough to take some rather large risk positions
in early 1995. The Nikkei 225 index had been trading in a very tight range at
the beginning of January 1995. Between January 4 and January 11, for example,
the Nikkei stayed between 19,500 and 19,700. With his double-long futures
position on the SIMEX and OSE and his straddle options, Leeson was betting
that the Nikkei 225 index would increase or remain flat. If it stayed flat, he
would collect the premiums from his sold put and call options and these options
would expire worthless. If the index increased greatly in value, the premium
from the sold put options would partially offset the losing call option positions
he sold, and he would more than make up for this difference with the windfall
profits from the double-long futures positions on the SIMEX and OSE. Aside
from his confidence in the volatility and future direction of the Nikkei index,
there is another reason Leeson took such a large market gamble. As the case
details, Leeson was already ?208 million in the hole as of the end of 1994.
13.2.5 Effect
When a terrible earthquake rocked Japan on January 17, 1995, the Nikkei
plummeted. Many people explain Leeson's last crazy behaviour as evidence
that he believed the Nikkei was still undervalued and had overreacted to the
disaster, and so continued to add to his futures positions.
Leeson had already built a large quantity of positions. Many people may ask
why he did not hedge those positions by building other positions in his account.
This is a good question, but Leeson's dilemma was this: he still believed prices
would rise and his position would eventually break even or be profitable.
However, even if he wanted to hedge those loss positions, he could not do
so. If he used the official accounts, which would be reported to Barings, he
had to establish huge positions, and he didn't believe the price would crash
deeper. Therefore, this strategy seemed too risky. But he could not hedge in
his internal 88888 account, either, because in financial trading, a first-in-first-
out rule is followed. Leeson's hedging position was to liquidate all his Nikkei
long and Japanese Government Bond (JGB) and euroyen short positions.
Thus, the floating loss became realized loss, and Leeson could find no place
to recoup these huge losses. What he had to do was to keep them and roll
them over with floating loss (a nominal loss not booked yet). In this light, it is
very easy to understand the later actions of Leeson. Holding onto the belief
that prices would rise, in order to protect his long Nikkei futures, short JGB,

and euroyen futures positions and in order to stop the crash of his short put
options positions, Leeson executed his final strategy by placing huge amounts
of orders to prop up the market.
Barings was on its way to collapse without realizing it due to a continuation of

the deceptive practices that Leeson had engaged in since mid- 1992. Between
January 23 and January 27, 1996, he lost approximately $47,000,000 but
was able to present a $55,000,000 profit to London by cross-trading between
error account 88888 and Barings account 92000. The London office heard
rumours that Barings was not able to meet its margin calls in Asia, but was not
concerned because it felt this rumour was based on its long Nikkei futures
positions on the Osaka exchange, which were supposedly hedged by
corresponding short Nikkei futures position on the SIMEX. After all, Leeson's
official trading policy was to short Nikkei 225 futures on SIMEX to hedge
Barings' long positions on the Osaka exchange. However, he went long on
Nikkei 225 futures, did not hedge these positions, and exposed Barings to
significant risk. During January and February 1995, Leeson was still able to
receive funds from London to meet margin calls without being questioned.
The payments forwarded to Singapore equalled $835 million, whereas Barings
only had $615 million in capital. By late February the exposure in the Nikkei
futures and options markets that Leeson created was larger than Barings could
handle. The enormity of the Nikkei 225 futures margin calls and the losses on
the put options bankrupted Barings.
13.2.6 The risk areas affected

The collapse of Barings could have been avoided by:
 Making all Barings traders meet London International Financial Futures
Exchange (LIFFE) standards
 Managing account settlement and trading functions separately using
management information systems
 Exercising rigorous management oversight
a) Market Risk
The risks of Leeson's strategy should be clear. If the market suffered a sharp
decline, Leeson would be exposed to tremendous potential losses. The
premiums from the call options he sold would have been locked-in profits,
since these options would expire worthless in a sinking market. However, the
put options he sold were increasing greatly in value as the market declined.
With strike prices between 18,500 and 20,000 on the Nikkei 225 index,

Leeson faced massive risk on these short put options if they became deep in
the money. As the Nikkei plunged down under 18,000 in mid-February 1995,
that is, exactly what happened. The losses on these short options greatly
exceeded the premiums gained on the expired sold call options. Of course,
Leeson's double exposure to the March 1995 Nikkei futures contract also
left him open to the risks associated with the declining Japanese equity market.
When he bought the additional 10,814 contracts on January 20, he further
increased this risk. Between January 20 and February 15, the Nikkei dropped
an additional 850 points. A declining Nikkei index was a large and obvious
market risk that Leeson faced with his derivatives book in early 1995. In
addition to market risk, Leeson was also leaving himself exposed to event
risk-the risk that something unexpected and not directly related to the market
could affect the market. A great example of event risk is the Kobe earthquake
of January 17, 1995, which negatively impacted Leeson's prospects for two
reasons. First, it helped send the Nikkei index into a tailspin. Second, the
earthquake caused increased volatility in these equity markets. Increased
volatility adds value to options, both calls and puts. As Leeson was short
options at this time, this increase in volatility further helped to destroy him.
The short put options exploded in value as they became deeper in the money
and as volatility increased.
b) Credit Risk
By late February, Barings' exposure in the Nikkei futures and options markets
was larger than the bank could handle. The enormity of the Nikkei 225 futures
margin calls and the losses on the put options bankrupted Barings. Leeson
created counterparty exposure for other institutions, which finally collapsed
the bank.
An appropriate management of counterparty risk and reporting of specific

instrument exposures to counterparties would have been an additional signal
for management that some exposures were intolerable.
c) Operational Risk
As a result of Barings' derivatives disaster, the market has attempted to head
off potential government regulation by improving industry self-regulation. New
standards have been developed in accordance with the regulations created
by the SEC, FSA, and other national regulators of derivatives sales practices,
capital standards, and reporting requirements. Most, if not all, financial firms
participating in derivatives have taken a hard second look at their control

systems as a result of the Barings collapse. Indeed, some have wondered

why a disaster such as this hadn't happened earlier. Valerie Thompson, an
experienced trader at Salomon Brothers in London, claims that the deregulation
of the British financial sector in the 1980s created a vacuum that was filled by
inexperienced traders in the 1990s. Thompson observed that traders were
created overnight without the benefit of proper training because firms such as
Barings were chasing markets previously dominated by the Americans and
Japanese. This inexperience contributed to Leeson's undoing; he didn't have
the knowledge or experience to admit his mistakes to upper management.
Perhaps the collapse of Barings was an unfortunate, yet necessary, lesson

that the market needed to learn. Graham Newall of BZW Futures notes that
upper management now regularly inquires about activity in the omnibus account.
Merrill Lynch Futures' Tom Dugan notes that firms are far less tolerant of
individual stars these days and that everyone is held accountable for his or her
actions. At the Futures Industry Association Exposition in Chicago in October
1996, most industry experts agreed that technology is a key ingredient in
preventing scams such as Leeson's in the future. Risk management computer
systems have been developed and improved as a result of Barings' demise.
Nick Leeson was obviously a man of questionable character, and this was
evident before he was transferred to Barings Securities (Singapore). He was
scheduled to appear in court due to the accumulation of unpaid debt and had
already been taken to court and ruled against on another unpaid debt charge.
Leeson would not have been allowed to trade on the LIFFE due to these
problems, and therefore Barings should not have allowed him to trade on the
SIMEX. Making one person responsible for managing settlements and the
trading floor created a conflict of interest. Leeson was able to use his influence
in the back office to hide his actions on the trading floor. Assigning one of
these responsibilities to a different manager would have kept Leeson from
developing the ability to deceive the London office. Better management
information systems were needed to ensure that all account information was
available at a central location and that the complete status of all open accounts
was known. Finally, Barings management should have monitored Leeson's
activities more proactively. Audits should have been performed more frequently
and audit recommendations should have been immediately implemented or
followed up on. Clearer lines of reporting should have been established, and
office politics should not have stood in the way of proper supervision.
After analyzing Leeson's trading and operations activities, the question arises
as to what role and responsibility risk management had or could have had. In
general, three levels of risk management and valuation processes should be

implemented by financial institutions: information and risk reporting, risk control,

and risk management.
13.2.7 Information and risk reporting

This is a basic process in measuring risk. The senior managers receive the
information and reports showing risk created by trades and investments. The
reporting side should provide complete, accurate, audited, and precise
professionally standard information. Risk reporting is essential in valuing and
managing risk.
Leeson violated the principles of risk reporting. He secretly opened account

88888 and sent false information to Barings from the time he arrived in
Singapore. He controlled both the front and back offices at Barings Futures
(Singapore), which meant he was both chief trader and head of settlements.
Taking advantage of his excessive power, he suppressed the information in
account 88888, made unauthorized trades, and manipulated profits.
The Barings risk reporting system was flawed. First, there was no one to
supervise and assist Leeson in completing the reports and delivering reliable
information to his managers. Second, the managers never investigated or
doubted the credibility of Leeson's trading activities as detailed in his reports.
If the managers understood the nature of Leeson's job, including arbitrage by

taking advantage of the price differences between the SIMEX and the Tokyo
Stock Exchange or the Osaka Securities Exchange, they would have been
suspicious of the unusual level of profits. Arbitraging the price differences of
futures contracts on separate exchanges entails very low risk. The fact that
Leeson could make such a huge profit from almost riskless trading is counter
to fundamental modern financial theory, which states that low risk equals low
return and high risk equals high return. One question should have arisen: if
such a low-risk and simple arbitrage could yield such high returns, why did
rival banks not execute the same arbitraging strategy? In addition, as the volume
of arbitraging trading increases, the price differences tend to decrease, and
therefore the potential profit from arbitrage also likely shrinks. Why could
Leeson continue arbitraging? Unfortunately no Barings executive recognized
the obvious. Even when Leeson's performance accounted for 20 percent of
the entire firm's 1993 profits and about half of its 1994 profits, no one tried to
determine where the enormous profits were coming from.

13.2.8 Risk control

Risk control is used to set position limits for traders and business units to
prevent individuals from having too much power. It can be used to measure
the risk in a variety of risky activities in diverse markets. Leeson continued his
unauthorized trading by taking advantage of his positions. He never controlled
the risk in his trading in Nikkei, JGB, and euroyen futures as well as straddles
in Nikkei options. He took extreme positions without hedging the risk and
continued to execute a faulty strategy. The market exposure of his positions
exceeded Barings' total capital. In 1994, Barings transferred $354 million to
Barings Futures (Singapore) for the margin call from the trading Leeson
explained as risk-free arbitrage. It is astonishing that no one even asked Leeson
to justify his requests.
13.2.9 Risk management

Risk management includes the analysis and measurement of positions and
strategies. It requires investment experience to supervise the exposures and
the persons taking the exposures. Barings had neither the risk controls nor the
risk measurement in place to analyze the exposure taken by Nick Leeson,
nor the analytical framework to monitor where the huge profits came from
and what kinds of risks were being taken to generate the profits.
13.2.10 Systemic risk

The systemic risks in the Barings case were substantial. However, all of the
appropriate organisations moved to mitigate the problems created by the
debacle. The Singapore stock exchange reacted quickly on the same day
Barings was not able to cover the margin calls. The national banks provided
additional liquidity to ensure that the markets in London and Singapore did
not fall into a liquidity gap. The systemic risk was limited as the loss for
counterparty risk was limited to a one-day uncovered margin call, which was
settled by Barings and later through ING Groep, which acquired the bankrupt
Barings. The systemic risk was further contained by the fact that Leeson's
speculation was not supported by an unheated market environment (such as
in the months before the October 1987 crash) or the turmoils around the
ruble and the Russian bond crisis in August and September 1998.
13.2.11 Additivity of Risk Management Framework

The regulatory, supervisory, and corporate governance framework failed
completely in the Barings case. The key failures were by weak managers who

did not take responsibility for establishing systems and processes that would
have prevented the bankruptcy of Barings. The capital adequacy framework
should have required higher capital to support the risk of Leeson's trading
strategy, as the strategy did not allow matching and offsetting of the transactions.
The internal and external bank auditors should have realized the speculative
background and informed the appropriate supervisory authority.
Activity 13.1
? 1. Could the collapse Barings Bank have been prevented?

2. Where was the failure of corporate governance at Barings Bank?
3. What measures should be implemented to prevent such trends and
subsequent losses to an organization?
4. What risk management lessons can be learnt from the Barings Bank
case?
5. Explain the contribution of market, credit and operational risk types to
the collapse of Barings Bank.
13.3Summary
This unit covered the case study on Barings Bank. The case study showed
how lax risk management processes could contribute to corporate failure.
Sound corporate governance practices, coupled with strong internal controls
and best risk management practices are the bedrock of corporate success.

References
Sons.
Hill.
McGraw Hill.


Biah422 Module - NB Please Cover Only The First 3 Units of This Module and All Units in Fince305 Module

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Biah422 Module - NB Please Cover Only The First 3 Units of This Module and All Units in Fince305 Module

Uploaded by

Copyright:

Available Formats

Bachelor of Commerce in

Internal Auditing Honours

P.O. Box MP1119

The Zimbabwe Open University is a distance teaching and open

Cover design: Terence Ndhlovu

Layout and design: C. S. Nhari

Typeset in Garamond, 12 point on auto leading

© Zimbabwe Open University. All rights reserved. No part of this publication

Content Reviewer: L.F. Mareya

Editor: S.T. Magumise

The six hour tutorials should be so structured that the

Session I (Two Hours)

Session II (Two Hours)

Session III (Two Hours)

Conclusion for this course, but also to prepare yourself to

Unit One: Understanding the Concept of Risk

Unit Two: The Risk Management Process

Unit Three: The Risk Management Framework

Unit Four: Enterprise-wide Risk Management Framework

Unit Five: Market Risk Management

Unit Six: Interest Rate Risk Management

Unit Seven: Liquidity Risk Management

Unit Eight: Currency Risk Management

Unit Nine: Credit Risk Management

Unit Ten: Operational Risk

Unit Eleven: Strategic Risk Management

Unit Twelve: Basel II and Risk Management

Unit Thirteen: Case Study on Risk Management Failure

Risk management encompasses a broad range of concepts and techniques,

Unit 4 discusses the Enterprise-wide Risk Management Framework and

Units 5, 6, 7, 8, 9, 10 and 11 focus on the main types of risks facing

Unit 12 is about Basel II as it relates to risk management within those financial

2 Zimbabwe Open University

Understanding the Concept of

1.2. What is Risk?

Risk versus probability

Risk versus threat

4 Zimbabwe Open University

All outcomes versus negative outcomes

The engineering definition of risk is defined as the product of the probability

Risk = Probability of an accident times consequence in lost money/deaths.

In contrast, risk in finance is defined in terms of variability of actual returns on

1.2.2 Three common fallacies about risk

1.2.3 Risk and uncertainty

Zimbabwe Open University 5

Uncertainty is used to describe the situation when it is not possible to attach a

Uncertainty is said to exist in situations where decision-makers lack complete

Uncertainty can often be interpreted as prophecy, since a prophecy is not

1.2.4 The duality of risk

1.2.5 Risk and return

6 Zimbabwe Open University

1.2.6 Risk and innovation

The first full-fledged examples of insurance and risk pooling showed up at

1.2.7 Risk and exposure

Zimbabwe Open University 7

1.2.8 Attitudes to risk

One of the major contributions from successful risk management is to ensure

1.3 Primary Sources of Risk

Risk comes from many sources as follows:

8 Zimbabwe Open University

1.4 Categorization of Risks

Corporate risks are broadly classified into:

1.4.1 Business risks