ebook img

Risk Appetite as a Core Element of ERM PDF

30 Pages·2011·0.12 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Risk Appetite as a Core Element of ERM

Risk Appetite as a Core Element of ERM: Definition and Process Andrea Cremonino* 2011 Enterprise Risk Management Symposium Society of Actuaries March 14-16, 2011 Copyright 2011 by the Society of Actuaries. All rights reserved by the Society of Actuaries. Permission is granted to make brief excerpts for a published review. Permission is also granted to make limited numbers of copies of items in this monograph for personal, internal, classroom or other instructional use, on condition that the foregoing copyright notice is used so as to give reasonable notice of the Society’s copyright. This consent for free limited copying without prior consent of the Society does not extend to making copies for general distribution, for advertising or promotional purposes, for inclusion in new collective works or for resale. * UniCredit Group, email: [email protected]. The opinions expressed are those of the author and do not represent UniCredit. Moreover, presented concepts, methods and processes are not necessarily used by UniCredit or its affiliates. The author would like to thank Gabriele Stinco, Valeria De Mori, Maurizio Cravero, Alessandra Crimmi and Stefania Restivo. Abstract Risk appetite represents how much risk an organization is willing to assume consistently with its strategy. Each business strategy implies some amount of risk, in terms of the uncertainty of the results will be achieved; therefore, risk appetite represents a fundamental element of enterprise risk management (ERM) as it sets the risk strategies and allows framing for the current risk profile. The goal of this paper is to describe the general idea of risk appetite, its implementation framework and the process to set it within a bank with a strong focus on the interactions with other processes such as planning and control, performance evaluation and communication. It should be remarked that risk appetite requires as precondition a proper risk management framework to be in place, e.g. risk identification, measurement and reporting. Even if risk appetite is a managerial tool, it should comply with regulatory requirements that are shortly described. To provide a full understanding of the risk appetite implementation, how it could be implemented in two other industries—an oil company and a manufacturing firm such as a carmaker—are described. Paper type: Applied. Keywords: Risk appetite, ERM, planning, capital adequacy, performance evaluation, corporate governance, risk control, stress test, banking regulation. 1 1. Introduction Risk cannot be eliminated from corporate management because it stems from the unpredictability of the outcome of business decisions. Consequently, each company sets up, or it is expected to set up, an enterprise risk management (ERM) framework, made by a set of processes, methodologies and tools to ensure the risk is kept within acceptable levels, i.e., consistent with the company risk tolerance that should be set by the senior management and board of directors. The recent crisis and the subsequent amount of company defaults, above all in the financial service industry, underlined the importance of a proper and effective ERM. Therefore, risk appetite represents the core of ERM as it represents the yardstick to compare the current risk profile to. It proves to be more effective if it is embedded in the planning processes in order to have a “forward-looking” ERM that is not a mere reporting or controlling framework. Furthermore, there is a growing trend of greater transparency regarding current and target levels of risk as are represented in the risk appetite. The goal of this paper is to describe the general idea of risk appetite, the process to set it up within a bank and the interactions with other processes. Examples of applications in sectors other than financial services are also provided. Besides this foreword, the paper is organized as follows. The first section presents the risk appetite framework and its components for a bank, taken as a paradigm. Sections 2 and 3 respectively deal with the process and the governance while section 4 looks at regulatory requirements. The extension to other industries besides banks is described in section 5, while the last section summarizes some implementation pitfalls. 2 2. Risk Appetite Framework Risk appetite is a widely spread concept that needs to be structured in a dedicated framework to be implemented in a financial institution. In a more detailed fashion, this framework is formed with the items listed below, which will be described in the following sections: • The definition of risk appetite • Analysis of the relevant stakeholders and their expectations • Sets of metrics that could describe the risk appetite • Purpose of the risk appetite and its usage • The process to set risk appetite 2.1. Risk Appetite Definition Risk appetite represents the decision of how much risk an organization is willing to assume consistently with its strategy. Each business strategy implies some amount of risk, in terms of uncertainty of the results that will be achieved. Even if risk appetite is a widespread concept, the starting point of its framework is the bank defining risk appetite consistently within its culture and business model. This step could sound trivial but it is needed to set up a common ground to avoid any misunderstanding. In this paper, a broad definition is proposed as follows in order to be applied not only to banks or financial companies but across all industries: “Risk appetite is represented by the losses the company is willing and able to stand in order to reach the target results, where potential losses could also be represented by their drivers.” It is appropriate to emphasize that the definition of risk appetite both in terms of variables included and their values depends on the bank’s business model and related risk profile; for instance, a commercial bank should have a stronger focus on credit risk while a merchant bank on market one. The level of risk appetite metrics depends on the bank’s strategy because the higher the target profits, the higher the risks assumed, which means greater risk appetite. 2.2. Analysis of Stakeholders The risk appetite must be compared and set consistently with the stakeholders’ expectations and requirements because it is a key component of the bank’s strategy. In fact, all stakeholders deem the amount of risk held by a bank as well its evolution over time to be a core issue. Broadly speaking, the following categories of stakeholders are considered: • Debtholders • Shareholders • Regulators and supervisors • Governments 3 2.2.1. Debtholders The debtholders are those that provide the bank with its funding and are mainly interested in the solvency of the bank, i.e., the capacity to fully and in a timely manner keep all the bank’s obligations. Even if all are bank creditors, it is appropriate to put them in three groups: • Depositors • Banks • Bondholders First, as long as there is a guarantee scheme that refunds deposits in full, depositors could be uninterested in the bank management, including its risk appetite. As in the recent financial crisis, many governments provided blanket guarantees (e.g., Germany and Ireland) that exceeded the scheme underpinning the banking system; therefore in this paper, the focus is on the last two groups. With this regard, the decision-making process of banks’ bondholders often relies materially on the evaluation of the issuer as expressed by its rating. That means the primary focus of a bondholder is on capital and liquidity strength as a proxy of the bank solvency as also represented by the rating agencies and their evaluation mechanisms. In fact, from a debtholder’s point of view, capital acts as a buffer to absorb losses because it is more junior than any kind of debt. 2.2.2. Shareholders Shareholders profit is defined in a residual way, i.e., what is left from the bank income after all the other stakeholders have been paid back could also mean suffering a loss. Therefore, shareholders are interested mainly in the bank’s profitability and its variability over time because their decision-making criteria are if the bank’s expected profits are adequate in comparison to the carried risks. Consequently, shareholders’ concerns about the risk appetite are represented by the earning variability and its drivers. Often, shareholders’ perspective could be proxied by the equity analysts that express the potential evolution of the bank value. 2.2.3. Regulators and Supervisors Regulators and supervisors play a key role in the financial markets and strongly impact the behavior of the different players. Concerning the risk appetite, several regulatory elements shape it heavily in terms of tools and amounts. This includes the Basel Accord, where regulators set out the key metrics for assessing banks’ risks, capital and capital adequacy, namely the risk weighted assets (RWA), Tier 1 and then their ratio, defined as Tier 1 ratio. Such influences have been strengthened in the forthcoming innovations to the regulatory framework Basel III, where compulsory metrics are introduced not only with regard to capital adequacy but also concerning liquidity. 4 On the other hand, it is fundamental how supervisors use such metrics in assessing the banks’ soundness in their on- and off-site examinations. In a more detailed way, supervisors pay careful attention to the bank’s decision-making process and the outcome in terms of the actual risk profile. That means supervisors are not only interested in mere solvability but also in medium-term business sustainability and therefore have a perspective that exceeds the debtholders’. Banks’ risk appetite frameworks then both heavily rely on regulatory metrics and on supervisory expectations as embedded in current and forthcoming regulation. 2.2.4. Governments There is a new category of stakeholders—government—both in terms of lawmakers reshaping the legislative landscape, e.g., with the Dodd-Frank Act in United States and the Capital Requirement Directive (CRD) in the European Union, and as a special kind of shareholder further to bailing out some financial institutions. As a matter of fact, State interventions extended deposit guarantee schemes and supported banks via loans, with actual lending or guarantees offered, or by security repurchase agreements, massive bond-purchase programs and huge recapitalizations. Therefore, governments are keener on keeping banks from suffering large losses or being able to withstand the losses to avoid additional burden for the taxpayers. For instance, the Volcker Rule could be seen as a pre-emptive measure to prevent banks from assuming too much risk. Therefore, bank decision on risk appetite cannot be not compliant with government expectations. Moreover, governments often became banks’ shareholders and thus they could substantially set the risk appetite while in other cases they negotiated covenants and action plans as a condition of rescue packages, which could materially impact risk appetite, for instance, leading to disposing of or shutting down some business lines deemed too risky. 2.3. Set of Metrics The aforementioned definition of risk appetite must be translated in a set of metrics in order to be embedded into the bank management. In this section, first the criteria underlying the choice of the variables will be outlined to set up a general structure, then the main categories will be described and, for each of them, some examples will be provided. The metrics belonging to the same category broadly address the same issue, but there is no unique or obvious choice as it depends on what targets the bank wants to achieve and the issues the bank would like to stress. Of course the choice of the metrics heavily relies on the bank business model, system development and degree of sophistication, for instance if there are economic capital in place or not. The metrics chosen to steer the business activities and three kinds of paradigms will be presented in section 2.2. 2.3.1. Criteria for the Metrics The full embedding of risk appetite into the bank’s processes requires translating the definition of risk appetite into a full set of metrics that should meet some broad criteria, which are outlined below. 5 First, such metrics must be quantifiable in order to properly steer the business as qualitative statements could not provide an unambiguous target. Second, the set of metrics should be able to provide a full picture of the bank’s risk profile. That could be achieved either by using synthetic metrics, i.e., metrics that represent the aggregation of risks, or the main variables for the key risks. This potential choice will be described in section 2.3.2. We would like to underline that completeness of the risk profile is meant across the subsidiaries and the business lines. Needless to say, if the risk profile should not be adequately captured, the risk appetite could turn out to be useless or even misleading. On the other hand, the risk appetite is effective only if it is cascaded down to all the subsidiaries and/or business lines. In this process, the metrics could be transformed to be applied at a more detailed level. Third, the metrics should be able to capture and represent completely the risk financing, i.e., the means to fund the losses, realized or potential, that could show up. In a more detailed way, the unexpected losses are faced by capital and therefore are represented in the capital adequacy domain. Expected losses, on the other hand, are funded as cost because they represent a component of business running, for instance, provisions in the performing portfolio that are set aside in commercial lending. 2.3.2. Proposed Set of Metrics In order to be properly used in running the bank’s business, the picked-up metrics should be able to address the concerns of all the relevant stakeholders, namely stockholders, bondholders, regulators/supervisors and governments. In this paper, the proposed risk appetite framework is made by the following categories of metrics to provide a clear target setting to support business activities and meet the stakeholders’ expectations: • Capital adequacy • Earning variability • Liquidity • Risk • Business specific The metrics above address the perspective of stakeholders as outlined in the previous section while providing a strong control of the business activities according to a framework flexible enough to be applied across all companies. For instance, capital adequacy is the main concern of regulators/supervisors as well as a focus issue of rating agencies, while shareholders are concerned with earning variability and governments with both of them, while everyone is interested in risk levels. For each category, some metrics are presented as well as their purposes and usages. It is appropriate to emphasize that in the proposed framework, risk appetite sets out the boundary conditions business activities should be run within. Therefore, we do not include the variables that usually represent the economic targets such as revenues, profits or value creation, e.g., as represented by Economic Value Added™ (EVA) or risk-adjusted return on risk-adjusted capital (RARORAC). 6 Risk appetite, as discussed in section 3, should be led, or at least jointly led, by the risk management functions and not be involved in setting profitability targets. 2.3.3. Capital Adequacy Metrics Although capital adequacy is a clear concept, it could be described under different points of view represented below, with regulatory rulings playing the lion’s share. Pillar 1 Pillar 1 is a component of the Basel framework and represents the minimum capital requirements banks have to hold. Needless to say, the metrics envisaged in Pillar 1 must be included in the risk appetite framework to avoid the bank not being compliant with the mandatory regulatory regime. In a more detailed way, the related metrics are the following: • Tier 1 ratio, defined as the ratio of Tier 1 to RWA, where the former represents the high quality capital and the latter the standard regulatory measure of risks1 • Total capital ratio, defined as total capital, made by the sum of Tier 1 and Tier 2, divided by RWA • Core Tier 1 ratio, Core Tier 1 represents the highest quality component of Tier 1 and it is expressed as percentage of RWA While the first two metrics are regulatory, the last is a common market benchmark widely used above all by rating agencies and equity analysts. The recent financial crisis proved that these indicators could not be reliable enough and then regulators introduced a simplified and more robust metric, i.e., the leverage ratio. Actually, this happens to be more a set of metrics than a specific metric and could be defined as the ratio of total assets to equity. Pillar 2 While metrics envisaged in Basel II Pillar 1 make up a standard yardstick to assess the capital adequacy across all financial institutions, under Pillar 2, banks are strongly encouraged to develop their own tailor-made risk measures that address some of the shortcomings of regulatory measures. Unexpected loss is then represented by the economic or internal capital, which is a statistical measure assessing the maximum potential loss with a set confidence level.2 Economic capital is supposed to capture the diversification among the different risk types and the concentration or diversification within each risk type. ______________________ 1 In a more detailed fashion, Tier 1 is made up by equity plus some debt instruments named “hybrids” minus some items to be deducted as shareholdings in other financial institutions. RWA are the weighted sum of the banks’ assets by coefficients, usually between 0 and 100 percent, that represent their risk. Tier 2 is made up by debt instruments that are the most junior of all, besides the hybrids. 2 Economic capital should be the aggregated economic capital, i.e., the aggregation of the economic capital related to single risk types. Basel II legislation speaks about internal capital that is supposed to. 7 These effects are not captured by RWA because they are the sum of those related to trading items and credit positions, which means assuming no diversification among risk types. Moreover, RWA are calculated on the assumption of a perfectly granular credit portfolio, i.e., made by a very large number of totally uncorrelated counterparties, and therefore they do not reckon with concentration risk. Consistently with the economic capital concept, banks could develop their own metric of available capital that could be wider than a regulatory metric or, as a first definition, equal to that. The related capital adequacy metric, also name as risk-bearing capacity, is the ratio of available capital to economic or internal capital. Other Metrics There are a few other, less common types of metrics. For instance, a new metric has been used to represent a bank’s capital: the tangible common equity (TCE), namely the equity less preferred or saving shares and minus intangible assets that are more difficult to dispose of in critical situations or with very unpredictable selling prices. The consequent capital adequacy metric is the ratio of TCE to RWA or the simpler TCE to total assets. Usage It is recommended to include a couple capital adequacy variables in the risk appetite framework as minimum. Of course, at least one should be related to Pillar 1, and the choice depends on the strategic view of the bank. If it deems that both capital and subordinates are scarce resources in terms of market availability, it should consider the total capital ratio. Otherwise, it could deal with the Tier 1 or Core Tier 1 ratio, where the latter is most suitable should the bank be listed or publicly rated as it is a common market benchmark. The Pillar 2 metric could be useful for sophisticated institutions as it offers a complementary view rather than the regulatory one. Above all, it is suitable for banks with a diversified portfolio or investment banks with large market exposures. Nevertheless, capital ratios according to Pillar 1 and Pillar 2 must be set consistently to avoid any inconsistencies. In any case, leverage ratio should be included because it provides a more robust approach and a direct comparability with competitors, besides having been recently added as a regulatory requirement to Basel III. 2.3.4. Earning Variability Metrics Shareholders are interested in the bank’s profits and its variability but while the former is out of the risk appetite scope, the latter should be in. The most obvious metric is earning at risk (EaR), which represents the volatility of the profits. This is a statistical variable used as a proxy of the potential return variability. This metric could be assessed under a historical perspective or a forward-looking one, where the future volatility is expressed in the function of the forecast business portfolio. 8 As for leverage ratio, EaR is more a family of metrics than an individual one as there are several degrees of freedom in defining it. First, there are different statistical procedures, data frequencies and time series lengths, besides the different definitions of earnings that could be adopted, such as: • Net or tax gross profits • Profits or other profitability measures such as earnings before interest, taxes, depreciation and amortization (EBITDA) • Profits with/without extraordinary items Another metric could be the probability of loss. Even if it sounds interesting, it is difficult to measure and pretty unstable and therefore we do not deem it appropriate to include it in the risk appetite framework. Nevertheless, this metric could be meaningful for banks with heavy trading operations where the number of days with negative profit and losses could be used as a proxy. To minimize the risk of losses, a very useful indicator for commercial banks is the cost of risk, defined as the ratio of credit losses to credit exposure. Credit exposure could be expressed in terms of RWA, notional amount or exposure at default (EAD). Notional amount is the plainest measure but it is not very forward looking as it does not capture the potential evolution over time. This is represented by the EAD, a statistical measure forecasting the exposure to counterparty should it default, for instance, fully using the committed credit lines. On the other hand, neither of them provide insight about the position risk that is, for instance, measured with RWA. Lastly, we would also underline that earning variability must be included in risk appetite because it directly impacts the capital adequacy as retained profits make up the largest capital source. Usage Commercial banks are highly recommended to adopt cost of risk as one of their metrics as credit risk is the most important risk category. The exact definition depends on the overall strategy and on the availability of statistical parameters to further the adoption of internal models. To facilitate the discussion with business functions, as discussed in section 1.5, it is better used as credit exposure on a simple notional basis or with RWA, while for credit losses, the accounting provisions offer a more straightforward link with profit. More sophisticated banks are better able to develop EaR but a monthly series of income statements are needed to have a reliable statistical measure. That implies quite a good control system to achieve the necessary data quality. This is not so straightforward should the company have undergone merger and acquisition operations or material reorganization, which could cause data breaks. The choice of the metric underlying EaR depends on the bank strategy in terms of performance management. Net profits offer the clearest solution and the most straightforward alignment with shareholders’ expectations and capital adequacy. On the other hand, it is affected by tax code and extraordinary events most employees could not be accountable for, as discussed in section 1.4 and 1.5, and therefore it is more appropriate to adopt a metric such as EBITDA or gross operating income that better represent the recurrent profits. 9

Description:
Keywords: Risk appetite, ERM, planning, capital adequacy, performance evaluation, . losses because it is more junior than any kind of debt. 2.2.2.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.