Risk Management Course Outline PDF

1 Course Outline Basic concepts in Risk Management, Risk identification and selection, Risk analysis and control Sources of risks; individual and collective risks. Evaluation and treatment of an organization’s risk. Strategies of Risk management, Concept of loss, risk, financing, Positioning of Risk Management tasks in corporate structure. Challenges in Risk Management References 2 Chapter 1 Basic Concepts in Risk Management Risk and risk management is an inescapable part of an economic activity. Regardless of how careful some- one manages their affairs, the outcome, whether good or bad is seldom predictable with certainty. This means that all business and investors manage risk in the choices they make. Risk management processes and tools make difficult business and financial problems easier to address in an uncertain world. Proper identification and measurement of risk, and keeping risks aligned with the goals of the enterprise, are key factors in management and investment. Portfolio managers need to be familiar with risk management not only to improve the portfolio risk-return outcome, but also because of two other ways in which they use risk management at an enterprise level. Many portfolio assets are claims on companies that have risks, hence managers need to evaluate the companies’ risks and ho those companies are addressing them. The concept of risk management is also relevant to individuals who often take precautions against un- wanted risks. In pursuit of preferred outcomes, such as higher profits, returns, or share price, individuals often do not get to choose outcomes but do choose risks it takes to pursue the outcomes. Important questions often come up but not limited to 1. What is risk management, and why is it important? 2. What does risk in an organization (or an individual) face in pursuing its objectives? 3. How are an organization’s goals affected by risk, and how does it make risk management decisions to produce better results? 4. How does risk governance guide the risk management process and risk budgeting to integrate an organization’s goals with its activities? 5. How does an organization measure and evaluate the risks it faces and what tools does it have to address these risks? 1.1 What is Financial Risk Management ? Risk, broadly speaking is exposure to uncertainty. Risk is a concept used to describe all of the uncertain environmental variables that lead to variation in and unpredictability of outcomes. Risk exposure is the extend to which the underlying environmental or market risks result in actual risk borne by a business or investor who has assets or liabilities that are sensitive to the risks. It is a state of being exposed or vulnerable to a risk. Definition 1.1.1 Risk Management is the process by which an organization or individual defines the level of risk to be taken, measures the level of risk being taken, and adjusts the latter towards the former, with the goal of maximizing the company’s or portfolio’s value or the individual’s overall satisfaction, or utility. Risk management comprises all the decisions and actions needed to best achieve organizational or per- sonal objectives while bearing tolerable level of risk. Risk management is not about minimizing risk; 3 4 CHAPTER 1. BASIC CONCEPTS IN RISK MANAGEMENT but it is about actively understanding and embracing those risks that best balance the achievement of goals with an acceptable chance of failure, quantifying the exposure, and continually monitoring and modifying it. Financial risk management is a process to deal with the uncertainties resulting from finan- cial markets. It involves assessing the financial risks facing an organization and developing management strategies consistent with internal priorities and policies. Addressing financial risks proactively may pro- vide an organization with a competitive advantage. It also ensures that management, operational staff, stakeholders, and the board of directors are in agreement on key issues of risk. Managing financial risk necessitates making organizational decisions about risks that are acceptable versus those that are not. The passive strategy of taking no action is the acceptance of all risks by default. Organizations manage financial risk using a variety of strategies and products. It is important to understand how these products and strategies work to reduce risk within the context of the organizations risk tolerance and objectives. Strategies for risk management often involve derivatives. Derivatives are traded widely among financial institutions and on organized exchanges. The value of derivatives contracts, such as futures, forwards, options, and swaps, is derived from the price of the underlying asset. Derivatives trade on interest rates, exchange rates, commodities, equity and fixed income securities, credit, and even weather. The answers to these questions collectively help define the process of risk management. The ability to estimate the likelihood of a financial loss is highly desirable. However, standard theories of probability often fail in the analysis of financial markets. Risks usually do not exist in isolation, and the interactions of several exposures may have to be considered in developing an understanding of how financial risk arises. Sometimes, these interactions are difficult to forecast, since they ultimately depend on human behavior. The process of financial risk management is an ongoing one.Strategies need to be implemented and refined as the market and requirements change. Refinements may reflect changing expectations about market rates, changes to the business environment, or changing international political conditions, for example. In general, the process can be summarized as follows: Identify and prioritize key financial risks. Determine an appropriate level of risk tolerance. Implement risk management strategy in accordance with policy. Measure, report, monitor, and refine as needed. For many years, the riskiness of an asset was assessed based only on the variability of its returns. In contrast, modern portfolio theory considers not only an assets riskiness, but also its contribution to the overall riskiness of the portfolio to which it is added. Organizations may have an opportunity to re- duce risk as a result of risk diversification. In portfolio management terms, the addition of individual components to a portfolio provides opportunities for diversification, within limits. A diversified portfolio contains assets whose returns are dissimilar, i.e., weakly or negatively correlated with one another. It is useful to think of the exposures of an organization as a portfolio and consider the impact of changes or additions on the potential risk of the total. Diversification is an important tool in managing financial risks. Diversification among counterparties may reduce the risk that unexpected events adversely impact the organization through defaults. Di- versification among investment assets reduces the magnitude of loss if one issuer fails. Diversification of customers, suppliers, and financing sources reduces the possibility that an organization will have its business adversely affected by changes outside managements control. Although the risk of loss still exists, diversification may reduce the opportunity for large adverse outcomes. 1.2 Risk Management Process The process of financial risk management comprises strategies that enable an organization to manage the risks associated with financial markets. Risk management is a dynamic process that should evolve with an organization and its business. It involves and impacts many parts of an organization including treasury, sales, marketing, legal, tax, commodity, and corporate finance. 1.2. RISK MANAGEMENT PROCESS 5 The risk management process involves both internal and external analysis. The first part of the process involves identifying and prioritizing the financial risks facing an organization and understanding their relevance. It may be necessary to examine the organization and its products, management, customers, suppliers, competitors, pricing, industry trends, balance sheet structure, and position in the industry. It is also necessary to consider stakeholders and their objectives and tolerance for risk. Once a clear understanding of the risks emerges, appropriate strategies can be implemented in conjunction with risk management policy. For example, it might be possible to change where and how business is done, thereby reducing the organizations exposure and risk. Alternatively, existing exposures may be managed with derivatives. Another strategy for managing risk is to accept all risks and the possibility of losses. There are three broad alternatives for managing risk: Do nothing and actively, or passively by default, accept all risks. Hedge a portion of exposures by determining which exposures can and should be hedged. Hedge all exposures possible. Measurement and reporting of risks provides decision makers with information to execute decisions and monitor outcomes, both before and after strategies are taken to mitigate them. Since the risk management process is ongoing, reporting and feedback can be used to refine the system by modifying or improving strategies. An active decision-making process is an important component of risk management. Decisions about potential loss and risk reduction provide a forum for discussion of important issues and the varying perspectives of stakeholders. Definition 1.2.1 A Risk Management Framework flows logically from the definition of risk man- agement. It is the infrastructure, the process, the analytics needed to support effective risk management in an organization. The outline below gives the skeleton structure of framework Risk governance Risk identification and measurement Risk infrastructure Defined policies and processes Risk monitoring, mitigation, and management Communications Strategic analysis or integration Governance is the top-level system of structures, rights and obligations by which organizations are di- rected and controlled. It is how goals are defined, authority is granted, and top level decisions are made. Risk Governance is the top-down process of and guidance that directs risk management activities to align with and support the overall enterprise. It entails defining an organization’s risk tolerance and providing overall oversight. It is driven by regulatory concerns as well as fiduciary role of the governing body. Risk management committee is a facet of risk governance that provides top decision makers with a forum for regularly considering risk management issues. Enterprise risk management is an overar- ching governance approach applied throughout the organization and consistent with its strategy, guiding the risk management framework to focus risk activities on the objectives, health and value of the entire organization. Risk identification and measurement is the main quantitative core of risk management; it includes qualitative assessment and evaluation of all potential sources of risk and the organization’s exposure to risks. It involves analyzing the environment for relevant risk drivers, analyzing business or portfolio to ascertain risk exposures, tracking changes in those risk exposures, and calculating risk metrics to size there risks under various scenarios and stresses. Technology has allowed for risk management to be more quantitative and timely in that management can measure and monitor risks, run scenarios, conduct more statistical analysis, work with more complex models and examine more dimensions and risk drivers as well as do it faster. 6 CHAPTER 1. BASIC CONCEPTS IN RISK MANAGEMENT Risk Infrastructure refers to people and systems required to tract risk exposures and perform most of the quantitative risk analysis and allow an assessment of the organization’s risk profile. Infrastructure would include risk capture, a database and a data model, analytic model and systems, a stress and sce- nario engine and an ability to generate reports, as well as amount of skilled and empowered personnel resources dedicated to building and executing the risk frameworks. 1.3 Identifying major Financial Risks Major market risks arise out of changes to financial market prices such as exchange rates, interest rates, and commodity prices. Major market risks are usually the most obvious type of financial risk that an organization faces. Major market risks include: Foreign exchange risk Interest rate risk Commodity price risk Equity price risk Other important related financial risks include: Credit risk Operational risk Liquidity risk Systemic risk The interactions of several risks can alter or magnify the potential impact to an organization. For example, an organization may have both commodity price risk and foreign exchange risk. If both markets move adversely, the organization may suffer significant losses as a result. There are two components to assessing financial risk. The first component is an understanding of potential loss as a result of a particular rate or price change. The second component is an estimate of the probability of such an event occurring. 1.3.1 Interest Rate Risk Interest rate risk arises from several sources, including: Changes in the level of interest rates (absolute interest rate risk) Changes in the shape of the yield curve (yield curve risk) Mismatches between exposure and the risk management strategies undertaken (basis risk) Interest rate risk is the probability of an adverse impact on profitability or asset value as a result of interest rate changes. Interest rate risk affects many organizations, both borrowers and investors, and it particularly affects capital-intensive industries and sectors. Changes affect borrowers through the cost of funds. For example, a corporate borrower that utilizes floating interest rate debt is exposed to rising interest rates that could increase the companys cost of funds. A portfolio of fixed income securities has exposure to interest rates through both changes in yield and gains or losses on assets held. 1.3.2 Absolute Interest Rate Risk Absolute interest rate risk results from the possibility of a directional, or up or down, change in interest rates. Most organizations monitor absolute interest rate risk in their risk assessments, due to both its visibility and its potential for affecting profitability. From a borrowers perspective, rising interest rates might result in higher project costs and changes to financing or strategic plans. From an investor or lender perspective, a decline in interest rates results in lower interest income given the same investment, or alternatively, inadequate return on investments held. All else being equal, the greater the duration, 1.3. IDENTIFYING MAJOR FINANCIAL RISKS 7 the greater the impact of an interest rate change. The most common method of hedging absolute interest rate risk is to match the duration of assets and liabilities, or replace floating interest rate borrowing or investments with fixed interest rate debt or investments. Another alternative is to hedge the interest rate risk with tools such as forward rate agreements, swaps, and interest rate caps, floors, and collars. 1.3.3 Yield Curve Risk Yield curve risk results from changes in the relationship between short and long-term interest rates. In a normal interest rate environment, the yield curve has an upward-sloping shape to it. Longer-term interest rates are higher than shorter-term interest rates because of higher risk to the lender. The steepening or flattening of the yield curve changes the interest rate differential between maturities, which can impact borrowing and investment decisions and therefore profitability. In an inverted yield curve environment, demand for short-term funds pushes short-term rates above long-term rates. The yield curve may appear inverted or flat across most maturities, or alternatively only in certain maturity segments. In such an environment, rates of longer terms to maturity may be impacted less than shorter terms to maturity. When there is a mismatch between an organizations assets and liabilities, yield curve risk should be assessed as a component of the organizations interest rate risk. When the yield curve steepens, interest rates for longer maturities increase more than interest rates for shorter terms as demand for longer-term financing increases. Alternatively, short-term rates may drop while long-term rates remain relatively unchanged. A steeper yield curve results in a greater interest rate differential between short-term and long-term interest rates, which makes rolling debt forward more expensive. If a borrower is faced with a steep yield curve, there is a much greater cost to lock in borrowing costs for a longer term compared with a shorter term. A flatter yield curve has a smaller gap between long- and short-term interest rates. This may occur as longer-term rates drop while short-term rates remain about the same. Alternatively, short-term demand for funds may ease,with little change to demand for longer-term funds. The flattening of the yield curve makes rolling debt forward cheaper because there is a smaller interest rate differential between maturity dates. Yield curve swaps and strategies using products such as interest rate futures and forward rate agreements along the yield curve can take advantage of changes in the shape of the yield curve. The yield curve is a consideration whenever there is a mismatch between assets and liabilities. 1.3.4 Reinvestment or Refunding Risk Reinvestment or refunding risk arises when interest rates at investment maturities (or debt maturities) result in funds being reinvested (or refinanced) at current market rates that are worse than forecast or anticipated. The inability to forecast the rollover rate with certainty has the potential to impact overall profitability of the investment or project. For example, a short-term money market investor is exposed to the possibility of lower interest rates when current holdings mature. Investors who purchase callable bonds are also exposed to reinvestment risk. If callable bonds are called by the issuer because interest rates have fallen, the investor will have proceeds to reinvest at subsequently lower rates. Similarly, a borrower that issues commercial paper to finance longer term projects is exposed to the potential for higher rates at the rollover or refinancing date. As a result, matching funding duration to that of the underlying project reduces exposure to refunding risk. 1.3.5 Basic Risk Basis risk is the risk that a hedge, such as a derivatives contract, does not move with the direction or magnitude to offset the underlying exposure, and it is a concern whenever there is a mismatch. Basis risk may occur when one hedging product is used as a proxy hedge for the underlying exposure, possibly because an appropriate hedge is expensive or impossible to find. The basis may narrow or widen, with potential for gains or losses as a result. A narrower view of basis risk applies to futures prices, where basis is the difference between the cash and futures price.Over time, the relationship between the two prices may change, impacting the hedge. For 8 CHAPTER 1. BASIC CONCEPTS IN RISK MANAGEMENT example, if the price of a bond futures contract does not change in value in the same magnitude as the underlying interest rate exposure, the hedger may suffer a loss as a result. Basis risk can also arise if prices are prevented from fully reflecting underlying market changes. This could potentially occur with some futures contracts, for example, where daily maximum price fluctuations are permitted. In the case of a significant intra-day market move, some futures prices may reach their limits and be prevented from moving the full intra-day price change. 1.3.6 Foreign Exchange Risk Foreign exchange risk arises through transaction, translation, and economic exposures. It may also arise from commodity-based transactions where commodity prices are determined and traded in another cur- rency. Transaction risk impacts an organizations profitability through the income statement. It arises from the ordinary transactions of an organization, including purchases from suppliers and vendors, contractual payments in other currencies, royalties or license fees, and sales to customers in currencies other than the domestic one. Organizations that buy or sell products and services denominated in a foreign currency typically have transaction exposure. Management of transaction risk can be an important determinant of competitiveness in a global economy. There are few corporations whose business is not affected, either directly or indirectly, by transaction risk. Translation risk traditionally referred to fluctuations that result from the accounting translation of financial statements, particularly assets and liabilities on the balance sheet. Translation exposure results wherever assets, liabilities, or profits are translated from the operating currency into a reporting cur- rencyfor example, the reporting currency of the parent company. From another perspective, translation exposure affects an organization by affecting the value of foreign currency balance sheet items such as accounts payable and receivable, foreign currency cash and deposits, and foreign currency debt. Longer- term assets and liabilities, such as those associated with foreign operations, are likely to be particularly impacted. Foreign currency debt can also be considered a source of translation exposure. If an organi- zation borrows in a foreign currency but has no offsetting currency assets or cash flows, increases in the value of the foreign currency vis--vis the domestic currency mean an increase in the translated market value of the foreign currency liability. 1.3.7 Strategic Exposure The location and activities of major competitors may be an important determinant of foreign exchange exposure. Strategic or economic exposure affects an organizations competitive position as a result of changes in exchange rates. Economic exposures, such as declining sales from international customers, do not show up on the balance sheet, though their impact appears in income statements. For example, a firm whose domestic currency has appreciated dramatically may find its products are too expensive in international markets despite its efforts to reduce costs of production and minimize prices. The prices of goods exported by the firms competitors, who are coincidentally located in a weak-currency environment, become cheaper by comparison without any action on their part. 1.3.8 Commodity Risk Exposure to absolute price changes is the risk of commodity prices rising or falling. Organizations that produce or purchase commodities, or whose livelihood is otherwise related to commodity prices, have exposure to commodity price risk. Some commodities cannot be hedged because there is no effective forward market for the product. Generally, if a forward market exists, an options market may develop, either on an exchange or among institutions in the over-the-counter market. In lieu of exchange-traded commodities markets, many commodity suppliers offer forward or fixed-price contracts to their clients. Financial institutions may offer similar products to clients, provided that a market exists for the product to permit the financial institution to hedge its own exposure. Financial institutions in some markets are limited by regulation to the types of commodity transactions they can undertake, though commodity derivatives may be permitted. 1.4. SPECIAL RISKS 9 1.3.9 Commodity Price Risk Commodity price risk occurs when there is potential for changes in the price of a commodity that must be purchased or sold. Commodity exposure can also arise from non-commodity business if inputs or prod- ucts and services have a commodity component. Commodity price risk affects consumers and end-users such as manufacturers, governments, processors, and wholesalers. If commodity prices rise, the cost of commodity purchases increases, reducing profit from transactions. Price risk also affects commodity producers. If commodity prices decline, the revenues from production also fall, reducing business income. Price risk is generally the greatest risk affecting the livelihood of commodity producers and should be managed accordingly. Commodity prices may be set by local buyers and sellers in the domestic currency in order to facilitate local customer business. However, when transactions are conducted in the domestic currency for a commodity that is normally traded in another currency, such as U.S. dollars, the exchange rate will be a component of the total price for the commodity, and the currency exposure continues to be a consideration. Some companies help their clients manage risk by offering domestic commodity prices. The company may fix the commodity price for a period of time or, alternatively,may pass along commodity price changes but allow customers to use a fixed exchange rate for calculating the domestic price. In the latter case, the supplier is effectively assuming the currency risk. Either scenario may be useful for small organizations or those that are only occasional buyers of a commodity and do not wish to manage the risk themselves. 1.3.10 Commodity Quantity Risk Organizations have exposure to quantity risk through the demand for commodity assets. Although quantity is closely tied to price, quantity risk remains a risk with commodities since supply and demand are critical with physical commodities. For example, if a farmer expects demand for product to be high and plans the season accordingly, there is a risk that the quantity the market demands will be less than has been produced. Demand may be less for a number of reasons, all of which are out of the control of the farmer. If so, the farmer may suffer a loss by being unable to sell all the product, even if prices do not change dramatically. This might be managed using a fixed price contract covering a minimum quantity of commodity as a hedge. Contango and Backwardation In a normal or contango market, the price of a commodity for future delivery is higher than the cash or spot price. The higher forward price accommodates the cost of owning the commodity from the trade date to the delivery date, including financing, insurance, and storage costs. Although the cash commodity buyer incurs these costs, the futures buyer does not. Therefore, the futures seller will usually demand a higher price to compensate for the higher costs incurred. In general, the longer delivery is delayed, the more expensive the carrying charges. As delivery approaches, the forward or futures price will converge with the cash or spot price. Markets do not always follow the normal pricing structure. When demand for cash or near term delivery of a commodity exceeds supply, or there are supply problems, an inverted or backwardation market may result. Market participants bid up prices for immediate available supply, and prices for near-term delivery rise above prices for longer term delivery. At least one highly publicized corporate loss occurred as a result of a commodity market that had traded in backwardation for some time. 1.4 Special Risks 1.4.1 Credit Risk Credit risk is one of the most prevalent risks of finance and business. In general, credit risk is a concern when an organization is owed money or must rely on another organization to make a payment to it or on its behalf. The failure of a counterparty is less of an issue when the organization is not owed money on a net basis, although it depends to a certain degree on the legal environment and whether funds are owed on a net or aggregate basis on individual contracts. The deterioration of credit quality, such as that of a securities issuer, is also a source of risk through the reduced market value of securities that an 10 CHAPTER 1. BASIC CONCEPTS IN RISK MANAGEMENT organization might own. Credit risk increases as time to expiry, time to settlement, or time to maturity increase. The move by international regulators to shorten settlement time for certain types of securities trades is an effort to reduce systemic risk, which in turn is based on the risk of individual market participants. It also increases in an environment of rising interest rates or poor economic fundamentals. Organizations are exposed to credit risk through all business and financial transactions that depend on the payment or fulfillment of obligations of others. Credit risk that arises from exposure to a counterparty, such as in a derivatives transaction, is often known as counterparty risk. Default Risk Default risk arises from money owed, either through lending or investment, that the borrower is unable or unwilling to repay. The amount at risk is the defaulted amount, less any amount that can be recovered from the borrower. In many cases, the default amount is most or all of the advanced funds. Counterparty Pre-Settlement Risk Aside from settlement, counterparty exposure arises from the fact that if the counterparty defaults or otherwise does not fulfill its obligations under the terms of a contractual agreement, it might be necessary to enter into a replacement contract at far less favorable prices. The amount at risk is the net present value of future cash flows owed to the organization, presuming that no gross settlements would be required. Potential future counterparty exposure is a probability estimate of potential future replacement cost if market rates move favorably for the hedger, which would result in a larger unrealized gain for the hedger and larger loss in the event of default. The amount at risk is the potential net present value of future cash flows owed to the organization. Counterparty Settlement Risk Settlement risk arises at the time that payments associated with a contract occur, particularly cross payments between counterparties. It has the potential to result in large losses because the entire amount of the payment between counterparties may be at risk if a counterparty fails during the settlement process. As a result, depending on the nature of the payment, the amount at risk may be significant because the notional amount could potentially be at risk. Because of the potential for loss, settlement risk is one of the key market risks that market participants and regulators have worked to reduce. Settlement risk also exists with exchange-traded contracts.However, with exchange-traded contracts the counterparty is usually a clearinghouse or clearing corporation, rather than an individual institution. Sovereign or Country Risk Sovereign risk encompasses the legal, regulatory, and political exposures that affect international trans- actions and the movement of funds across borders. It arises through the actions of foreign governments and countries and can often result in significant financial volatility. Exposure to any nondomestic orga- nization involves an analysis of the sovereign risk involved. In areas with political instability, sovereign risk is particularly important. Concentration Risk Concentration is a source of credit risk that applies to organizations with credit exposure in concentrated sectors. An organization that is poorly diversified, due to its industry or regional influences, has concen- tration risk. Concentration risk is most effectively managed with the addition of diversification, where possible. Legal Risk The risk that a counterparty is not legally permitted or able to enter into transactions, particularly derivatives transactions, is known as legal risk. The issue of legal risk has, in the past, arisen when a counterparty has suffered losses on outstanding derivatives contracts. A related issue is the legal structure of the counterparty, since many derivatives counterparties, for example, are wholly owned special-purpose 1.4. SPECIAL RISKS 11 subsidiaries. The risk that an individual employed by an entity has sufficient authority to enter into a transaction, but that the entity itself does not have sufficient authority, has also caused losses in derivatives transactions. As a result, organizations should ensure that counterparties are legally authorized to enter into transactions. 1.4.2 Operational Risk Operational risk arises from human error and fraud, processes and procedures, and technology and systems. Operational risk is one of the most significant risks facing an organization because of the varied opportunities for losses to occur and the fact that losses may be substantial when they occur. Human Error and Fraud Most business transactions involve human decision making and relationships. The size and volume of financial transactions makes the potential damage as a result of a large error or fraud quite significant. Processes and Procedural Risk Processes and procedural risk includes the risk of adverse consequences as the result of missing or in- effective processes, procedures, controls, or checks and balances. The use of inadequate controls is an example of a procedural risk. Technology and Systems Risk Technology and systems risk incorporates the operational risks arising from technology and systems that support the processes and transactions of an organization. 1.4.3 Other Types of Risk Other types of risk include equity price risk, liquidity risk, and systemic risk, which are also of interest to financial market participants. Risks arising from embedded options are also a consideration. Equity Price Risk Equity price risk affects corporate investors with equities or other assets the performance of which is tied to equity prices. Firms may have equity exposure through pension fund investments, for example, where the return depends on a stream of dividends and favorable equity price movements to provide capital gains. The exposure may be to one stock, several stocks, or an industry or the market as a whole. Equity price risk also affects companies ability to fund operations through the sale of equity and equity-related securities. Equity risk is thus related to the ability of a firm to obtain sufficient capital or liquidity. Liquidity Risk Liquidity impacts all markets. It affects the ability to purchase or sell a security or obligation, either for hedging purposes or trading purposes, or alternatively to close out an existing position. Liquidity can also refer to an organization having the financial capacity to meet its short-term obligations. Assessing liquidity is often subjective and involves qualitative assessments, but indicators of liquidity include number of financial institutions active in the market, average bid/ask spreads, trading volumes, and sometimes price volatility. Although liquidity risk is difficult to measure or forecast, an organization can try to reduce transactions that are highly customized or unusual, or where liquidity depends on a small number of players and therefore is likely to be poor. Another form of liquidity risk is the risk that an organization has insufficient liquidity to maintain its day-to-day operations.While revenues and sales may be sufficient for long-term growth, if short-term cash is insufficient, liquidity issues may require decisions that are detrimental to long-term growth. 12 CHAPTER 1. BASIC CONCEPTS IN RISK MANAGEMENT Embedded Options Embedded options are granted to securities holders or contract participants and provide them with certain rights. The granting of permission to buy or sell something is an option, and it has value. For example, the ability to repay a loan prior to its maturity is an option. If the borrower must pay a fee to repay the loan, the option has a cost. If the loan can be repaid without a fee, the option is free to the borrower, at least explicitly. The value of the option is likely to be at least partially embedded in the interest rate on the loan. Embedded options commonly consist of redemption, call, or similar features in corporate debt securi- ties. Embedded options may also exist in contractual pricing agreements with customers or suppliers or fixed-priced commodity contracts. The option holder is the party to whom the benefits accrue. The op- tion grantor is the party that has an obligation as a result of the embedded option. Embedded options are often ignored or not considered in risk management decisions. However, they affect the potential exposure of an organization and also offer risk management opportunities and therefore should be considered as such. Systemic Risk Systemic risk is the risk that the failure of a major financial institution could trigger a domino effect and many subsequent organizational failures, threatening the integrity of the financial system. Aside from practicing good risk management principles, systemic risk is difficult for an individual organization to mitigate. Higher volumes, especially for foreign exchange and securities trading, increase liquidity, which has benefits to market participants.However, higher volumes also increase systemic risk. Systemic risk can also arise from technological failure or a major disaster. Chapter 2 Strategies of Risk Management 2.1 Introduction Financial risk management addresses factors that concern many organizations. In addition to general business risks, other factors include exposure to market prices, tolerance for risk, an organizations history, and its stakeholders. Assessing these issues for risk management purposes may facilitate useful discussion among decision makers that provides benefits in other areas. The risk management policy is a framework that allows an organization to grow by building decision-making processes instead of treating each decision independently. The policy is a tool for communicating what constitutes an acceptable level of risk to individuals throughout an organization. The procedures that arise from the development of a policy may support performance indicators, incentives for management, and efficiency. Finally, a risk management policy supports the organizations market views and risk appetite. Over time, it can incorporate changes based on growth or recent events. The risk management policy supports financial risk management and its questions: How are we at risk? What is an acceptable level of risk? How much will it cost to manage risk? What are our risk management policies? How do we manage risk within our policies? How do we communicate information in a timely and accurate manner? Although publicly traded companies in many countries have increased requirements to establish policies and procedures to manage risk, all organizations should develop risk management policies to identify and manage risks that reflect their business and industry. The alternative, to do nothing, is to accept all risks by default. 2.2 Risk Profile of an Organization The development of a risk management policy requires an understanding of the organizations risk profile. The risk profile depends, in turn, on attributes such as risk tolerance, financial position within the industry, management culture, stakeholders, and the competitive landscape in which it operates. The risk profile of an organization is unique. The combination of an organizations business, products, and people makes each organizations exposure to risk slightly different. These attributes will be explored in more detail, but they include: Specific exposures that impact an organization Market in which an organization operates Risk tolerance of the organization Management, stakeholders, and the board 13 14 CHAPTER 2. STRATEGIES OF RISK MANAGEMENT Evaluating Financial Exposures The first step in managing financial risk is to identify the relevant exposures. Since broad risks are often composed of a number of different risks, such as price risk, liquidity risk, and volatility risk, all should be considered for their potential impact on the business. For example, it is important to be able to separate market risk from credit risk and liquidity risk. Not all exposures are obvious.A business with foreign currency revenues may have both transaction exposure and economic exposure. If the foreign currency declines against the domestic currency, its revenues (once converted to the domestic currency) will have declined.However, foreign revenues may also decline, since the appreciation of the domestic currency may make the organizations products expensive and therefore uncompetitive. To Hedge or not to Hedge Whether to hedge or not to hedge is a strategic decision.Although most larger organizations use an explicit hedging policy, some do not. The determination of what and how much to hedge depends to a degree on the business, reliability of forecasts, and managements assessment of various exposures. Without hedging, an organization may be exposed to unfavorable as well as favorable market rate and price changes. Although providing an opportunity to increase profits, it also provides opportunity for losses. Hedging may make it easier to budget and allocate organizational resources efficiently. Tolerance to Risk Risk management involves reducing the probability of loss. Determining an acceptable level of risk and exposure then guides risk management strategies. Decisions about how much loss can be tolerated are important organizational guidelines. Risk tolerance is the ability or willingness to withstand risk. It depends on the culture of an organization, which in turn is shaped by its shareholders or stakeholders, managements relationship with them, and their understanding of the risks. The determination of an acceptable level of risk is important, since business and risk are interconnected. Therefore, the risk tolerance decision involves determining a reasonable level of risk commensurate with appropriate opportunity for profit or gain. Management, shareholders, and employees of large and small companies, privately held and publicly traded corporations, financial institutions, investment funds, do- mestic and international governments, and not-for-profit organizations all have a stake in risk manage- ment. The risk tolerance of an organization depends on fundamental cultural issues, as well as the nature of the business and industry. In developing a hedging policy, it may be helpful to consider the following issues: The structure of an organization may provide clues about its risk tolerance. In a closely held company, for example, a majority of shareholders might be management and founders families. With a small number of stakeholders, risk tolerance may be higher because information flows more easily and provides stakeholders with more assurance. However, family companies may also exhibit dynamics that adversely affect financial risk tolerance, particularly if some family members have a greater understanding of, or interest in, the subject, than others. The business of the organization may provide guidance in risk tolerance. Financial institutions, for example, are typically (though not always) more conversant with financial risks. Major market risks such as interest rate risk and credit risk are key components of the business of a financial institution. Companies with a trading history may also have a higher tolerance for risk than other organizations. The origins of the business may impact organizational culture for decades. For example, some commodities trading houses have been in the trading business longer than some countries have been in existence. If the founders took great risks in achieving success, or if they have a background in speculation, risk tolerance may be strongly impacted (positively or negatively) as a result. The characteristics of the stakeholders should be considered. In publicly traded companies, the stakeholders including employees and shareholders; can walk away if they do not like the risks the company is taking on. By contrast, stakeholders of government, or even charitable, organizations do not generally have the ability to opt out. In addition, they may have little or no understanding 2.2. RISK PROFILE OF AN ORGANIZATION 15 of the financial risks of the organization and little tolerance for paying a higher price for services (or receiving fewer services in the case of a charitable organization). Risk tolerance may therefore be lower in such organizations. Acceptable Risk Exposures It is easy to focus on common risks, or on events that have occurred in recent history, at the expense of events that occur infrequently but have major impact. Significant risks are those that are material to an organization. Materiality1 varies by organization. Consider these questions when assessing and quantifying acceptable loss: What is a material individual loss? What are the aggregate acceptable losses over a period of time such as one year? What is the maximum amount that the organization can afford to lose? Can the organization reduce the potential impact of a maximum loss scenario? Risks are events and described as high or low probability. If an event occurs, it has the potential for losses that range in size from small to large.Often, one measure is high and the other is lowfor example, a high probability of a small loss. This type of loss might be represented by routine exchange rate fluctuations. The most dangerous risks are those with a low probability of occurring but the potential for a large loss. Sometimes known as icebergs, these risks appear suddenly and can result in large losses. The failure of a counterparty and the resultant loss could be an example of such a risk. Once an acceptable level of exposure has been established, management can determine how to reduce the potential for loss to an acceptable level. Competitive Landscape An important consideration in making hedging decisions is the expected activity of competitors. If an organization hedges and its major competitors do not, the organization may be at a disadvantage if market rates or prices move favorably.The reverse is also true. If the organization hedges and exchange rates move adversely, the organization may have an advantage over its competitors. Changes to an organizations pricing structure, as a result of changing costs,may cause customers to buy or consume more or less. Financial risk can sometimes be passed on to customers or end users in the form of price adjustments, reducing the impact to the organization. This is most often possible when demand is inflexible or slow to react to price changes. The activities of competitors and the market affect the competitive landscape in the following ways: Propensity of customers to accept risk through rising prices Willingness of vendors to offer fixed-price contracts or dual currency pricing How products are priced Where product inputs, including commodity components, are sourced Alternative inputs to products and sources of inputs Commodity components 1 There is little point in providing information which is so detailed as to be unintelligible, or making minute adjustments which have no real effect on the picture portrayed by financial statements 16 CHAPTER 2. STRATEGIES OF RISK MANAGEMENT 2.2.1 Why should Firms manage Risk? Classic portfolio theory tells us that investors can eliminate asset-specific risk by diversifying their hold- ings to include many different assets. As asset-specific risk can be avoided in this fashion, having exposure to it will not be rewarded in the market. Instead, investors should hold a combination of the risk-free asset and the market portfolio, where the exact combination will depend on the investors appetite for risk. In this basic setup, firms should not waste resources on risk management, as investors do not care about the firm-specific risk. From the celebrated Modigliani-Miller theorem, we similarly know that the value of a firm is independent of its risk structure; firms should simply maximize expected profits, regardless of the risk entailed; holders of securities can achieve risk transfers via appropriate portfolio allocations. It is clear, however, that the strict conditions required for the Modigliani-Miller theorem are routinely violated in practice. In particular, capital market imperfections, such as taxes and costs of financial distress, cause the theorem to fail and create a role for risk management. Thus, more realistic descriptions of the corporate setting give some justifications for why firms should devote careful attention to the risks facing them: Bankruptcy costs. The direct and indirect costs of bankruptcy are large and well known. If investors see future bankruptcy as a nontrivial possibility then the real costs of a company reorganization or shutdown will reduce the current valuation of the firm. Thus, risk management can increase the value of a firm by reducing the probability of default. Taxes. Risk management can help reduce taxes by reducing the volatility of earnings. Many tax systems have built-in progressions and limits on the ability to carry forward in time the tax benefit of past losses. Thus, everything else being equal, lowering the volatility of future pretax income will lower the net present value of future tax payments and thus increase the value of the firm. Capital structure and the cost of capital. A major source of corporate default is the inability to service debt. Other things equal, the higher the debt-to-equity ratio, the riskier the firm. Risk management can therefore be seen as allowing the firm to have a higher debt-to-equity ratio, which is beneficial if debt financing is inexpensive. Similarly, proper risk management may allow the firm to expand more aggressively through debt financing. Compensation packages. Due to their implicit investment in firm-specific human capital, managerial level and other key employees in a firm often have a large and unhedged exposure to the risk of the firm they work for. Thus, the riskier the firm, the more compensation current and potential employees will require to stay with or join the firm. Proper risk management can therefore help reducing the costs of retaining and recruiting key personnel. 2.2.2 Does Risk Management improve Firm Performance? Analysis of the risk management practices in the gold mining industry found that share prices were less sensitive to gold price movements after risk management. Similarly, in the natural gas industry, better risk management has been found to result in less variable stock prices. A study also found that risk management in a wide group of firms led to a reduced exposure to interest rate and exchange rate movements. Researchers have found that less volatile cash flows result in lower costs of capital and more investment. It has also been found that a portfolio of firms using risk management would outperform a portfolio of firms that did not, when other aspects of the portfolio were controlled for. Similarly, a study found that firms using foreign exchange derivatives had higher market value than those who did not. 2.3 Managing Operational Risk 2.3.1 Operational Consideration Operational risk encompasses people, processes, and technology, and its management requires consider- ation of operational issues. A few operational considerations may be useful: Maintain cash forecasts for various currencies and keep them current. Ensure employees have an opportunity for training and skills enhancement. 2.3. MANAGING OPERATIONAL RISK 17 Consider implementing job sharing or cross training to enhance team. Ensure adequate reporting to team, management, and board. Determine backups of both key data and employee roles. Maintain good relationships with financial institutions and other vendors. Ensure appropriate controls to guard against illegal activities, including money laundering. Managing operational risk relies on the following tools: Contingent processing capability if the business relies on payment or other data processing. Well-developed internal controls. Use of internal audit. Exception reporting for items that are missed, errors, or otherwise noteworthy Different laws and regulations apply to different kinds of organizations around the world. Some of the following considerations may be addressed, or even restricted, by local laws and regulations, others not at all. This discussion is intentionally general in the sense that it presumes any operational issues will be undertaken within the more stringent laws and rules of either the local environment or the home country. Internal Controls Internal controls are perhaps the most important tools for managing operational risk. In fact, many large losses at banks can be attributed to internal control failures. The board of directors has final responsibility for ensuring that appropriate internal controls are implemented. Effectiveness of internal controls should periodically be tested and amended as necessary. Appropriate division or segregation of duties among staff members is a key internal control. For example, confirmation should be separate from trading. Risk management reporting should be separate from trading. Separation may require an administrative or support function that can independently price and report on transactions when no formal risk oversight function exists. Other important control structures include approvals, reconciliations, and verifications. One of an organizations greatest vulnerabilities comes from the potential for errors and fraud. If losses can be concealed, and an employee is tempted to do so because of pressure to generate profits or for other reasons, the organization is at tremendous risk, particularly since the largest losses are likely to be concealed with great effort. The subject of internal control is complex and beyond the scope of this brief discussion. An adequate, effective audit program, monitoring, and a clear audit trail, in part derived from appropriate processes and reporting, is also critical. Liaison with professionals with audit, tax, and legal expertise is encouraged. Compensation of Personnel An organization that does not wish to speculate on financial market movements should not motivate its employees to speculate. However, even when employee compensation is based on something other than correct market forecasts, there may be subtle or implicit messages that accurate market forecasts are a definition of good performance. All managers should be able to identify opportunities to encourage the behavior that is warranted under the circumstances. An appropriate compensation structure for finance personnel should suit the risk tolerance of the organization. Performance for bonuses should be considered carefully. Compensation is an important signal of performance expectations, particularly in the treasury department, where the process of mark-to-market is ongoing. Finance personnel who are compensated with a profit-derived bonus are more likely to be motivated to take risks in pursuit of enhancement of the organizations (and their own) bottom line. Staff should know what is expected of them, and their compensation should reflect these expectations. An industrial company that does not wish to speculate in financial markets will want compensation based on something other than correct market bets. Likelihood of fraud increases with employees in serious financial difficulty or with addictions such as gambling or drugs. Prospective employees should be screened carefully to the extent permissible by law to avoid potential problems. 18 CHAPTER 2. STRATEGIES OF RISK MANAGEMENT Management Involvement Management oversight and accountability is extremely important. Involvement of key management, as well as internal and external audit professionals, can also offer guidance in the area of controls. Management must have an appropriate level of knowledge about organizational risks to develop policies and acceptable strategies and monitor compliance. In addition, deficiencies highlighted by audit or review should be corrected immediately, and feedback should ensure that problems have been corrected. Conflict of Interest Management should be aware of the potential for conflicts of interest. If staff are influenced to transact business with certain institutions, these influences may have an impact on the independence of decisions made by staff. Although most finance professionals are familiar with issues of conflict, senior management should communicate exactly what is expected of treasury and finance personnel. This is especially true with respect to professional relationships with others in the business. Both actual and perceived conflicts of interest should be considered. For example, employees have been encouraged to do business with a financial institution in exchange for preferential treatment for themselves or family members. This puts the organizations welfare in conflict with that of the employee and does not put the interests of stake- holders first. Some organizations prohibit personal transactions with dealers and financial institutions that do business with the organization to reduce potential for conflict. Staff Training and Skills Knowledgeable, well-rounded staff are an asset to any organization. Employees should be provided with opportunities for training and skills enhancement. This may require a dedicated training budget or allocation, as well as management support for training. Employees should be encouraged to learn about other financial activities of the organization. Cross training is an opportunity to broaden employee skills and enhance a team, facilitate succession planning, avoid reliance on one or two key individuals, and ensure that other employees can step in quickly in the event of a sudden departure. Employee rotation may also make it harder for employees to cover up inappropriate actions, thus potentially reducing the likelihood of fraud, intentional misinformation, or unauthorized transactions. The hiring of financial personnel needs to be considered in the light of professional duties. Emphasis on specialization of finance personnel means that a financial manager has access to new, highly specialized personnel, but they need to fit into the organizations culture objectives, particularly with respect to risk management attitudes. Financial Institution and Vendor Relationships Maintenance of good relationships with financial institutions and other vendors is important. Good rela- tionships with an appropriate number of financial institutions or dealers, with at least one backup, should be maintained. Overreliance on, or a majority of transactions with, one institution or individual repre- sentative should be questioned. Relationship maintenance includes ensuring that correct documentation is provided when a new employee joins who is responsible for transactions. A list of authorized dealing personnel should be provided to counterparties on at least an annual basis and whenever a change occurs. Financial institutions should be informed in writing when key employees have left the organization. This helps to avoid opportunities for errors, embarrassment, or intentional misrepresentation. Monitoring Exposures An important operational activity is to monitor exposures. It is important to keep up to date with market or regulatory changes that might affect a currencys convertibility or liquidity, especially for emerging-market currencies. In addition, maintain an understanding of counterparty issues and monitor counterparty viability, as well as agency ratings. Exposure to high-quality counterparties is preferable, though not a guarantee of loss prevention. Organizations using exchange-traded contracts such as futures must ensure that margin can be administered by someone else, in the event of a margin call, if key personnel are unavailable. 2.3. MANAGING OPERATIONAL RISK 19 Communication and Reporting Appropriate and adequate reporting to team, management, and the board is important, as is a feedback loop that enables report recipients to ask questions and offer suggestions for improvement. Reporting should include both exposures and risk management activities. Reporting and communications mecha- nisms should ensure that management and the board receives regular risk reports containing communica- tion about risk exceptions, deviations from policy, reports about deficiencies, unusual losses, or anything else that would permit management and the board to better assess exposures and risk. Reporting should be adequate to ensure adherence to risk management policies and limits and deviation from policy. In- formation should be available based on different criteria and detail, although this, in part, depends on the systems being used to produce the reports. Forecasts and Reconciliations Cash forecasts have a variety of purposes. First and foremost, they are used to manage an organizations liquidity and obligations. Forecasts and reconciliation of actual transactions to forecasted transactions also assist in the important identification of errors and certain fraudulent items. From a risk management perspective, cash forecasts should be developed and maintained for the various currencies in which an organization has cash flows. A gap or mismatch between cash inflows and cash outflows for a particular currency provides information about gaps where funding is required or to assess foreign currency exposure. A forecast will assist in determining whether a gap is a timing issue or an exposure issue. Not only does a cash forecast assist in highlighting areas of market exposure, but it also assists in liquidity management. Liquidity management ensures that an organization is adequately solvent to meet its immediate and short-term obligations. Reminder systems or other automated tools should be used to ensure that cashflows are properly anticipated and that key payment dates are met. Other date-sensitive issues, such as option expiry dates, should also be tracked closely. Reconciliations should include analysis of brokerage fees or commissions that may provide clues about trading volumes or unauthorized trading. Risk Oversight Typically, treasury activities are overseen by one or more members of senior management, and ultimately, by the board of directors. The board should have a good understanding of the financial risks faced by the firm, provide leadership in the development of policies to measure and manage those risks, and ensure that management executes the plans quickly and effectively. The risk oversight function should be an independent function with reporting responsibility to top-level senior management and the board of directors, with a level of skills appropriate to the position. Marking to Market Marking to market involves repricing financial instruments, and sometimes the underlying exposures the instruments manage. It is an important risk management process. Large accumulated gains and losses should be monitored and assessed for potential follow-up action. When marking to market, it is im- portant to include all determinants of market value. For example, certain derivative products might be difficult to liquidate quickly, and a liquidity impact (premium or discount) may be appropriate.Nontraded transactions with a counterparty whose credit quality has declined substantially since the transaction was initiated might also require a pricing assessment of liquidity. Marking to market should include the use of industry-standard pricing models. One reason for access to pricing models is to ensure that the organization is receiving competitive pricing on its transactions. Pricing models should be documented and periodically evaluated against an external source, so that discrepancies between those used internally and those used by external market participants can be de- termined. It is also useful to check that internal mark-to-market prices would be comparable to those calculated using the documented pricing models. If pricing can be manipulated internally, it increases opportunity for loss. Exchange-traded financial instruments can be valued using a realtime data vendor, since these instruments are standardized, and market prices for various contracts may be observed di- rectly. Prices for actively traded money market and fixed income securities, and some over-the counter derivatives, can also be found on several major data vendors. 20 CHAPTER 2. STRATEGIES OF RISK MANAGEMENT Periodic pricing or mark-to-market should be undertaken by individuals other than the traders involved in the transactions, preferably from within the risk oversight or management function. This may require individuals other than those executing transactions to become familiar with, and have access to, pricing software and real-time data. Prices should not be supplied by those responsible for undertaking the transactions (e.g., traders). Policies Management and board members require an understanding of risks for the development of policies. Stated policies on financial risk, exposures, and limits assist in the management of financial risk. Policies should include acceptable instruments and strategies. Limits should encompass the amount of exposure the firm has defined as acceptable risk and loss limits associated with it, and the limits on various types of transactions. Policy issues include: 1 Existence of policies, 2 Adherence to policies and 3 Periodic review of policies. Policies are developed by management, and significant policies are approved and reviewed by the board. Policies should be periodically reviewed for any necessary changes or updates. Management should be capable of ensuring adherence to risk management policy through oversight and reporting. System Considerations Operational risk arises from technology and systems. Managing this risk often involves control of access to networks and trading systems, particularly third-party systems that support both real-time data and transactions, control of access to locations where technology or networks can be accessed, and employee use of hard-to-break passwords and log-in/log-out rules. Data should be protected through onsite and offsite data backups, with availability of a remote location in the event of a physical evacuation. The ability to conduct transactions from real-time vendor systems is a source of exposure. Often these systems are presumed by management to be interactive price retrieval data systems, but some permit messaging and trading. Therefore, they should not be accessible by disgruntled former employees or unauthorized individuals such as consultants, visitors, or other employees. Internal and external systems should support multiple access and authority levels. Some employees may be permitted to change or modify records, others can enter new records, and some employees can only read records. Reports should be protected against an employee modifying report parameters, such as those used for exception reports, through the use of report-writing tools. The ntegration of systems or software to manage cashflows, market risk, and credit risk is useful. Spreadsheets are widely used in both financial and nonfinancial organizations, but reliance on them, combined with lack of controls, can create operational exposure. Significant losses have resulted from erroneous calculations contained in spreadsheets. Creating an inventory of spreadsheets and their uses, complexity, and potential for error or misuse may help to highlight areas of risk. Systems should provide timeliness, accuracy, security and integrity, consistency, completeness, and relevance in the provision of data to the organization and its stakeholders. As technology is a fairly complex area, the guidance of professionals in this area is highly recommended 2.3.2 Special Issues Trading and Leverage Special risks exist in organizations where trading, with or without the use of leverage, is involved. Since trading organizations such as dealers and commercial banks use large numbers of dealers and capital, the risks are naturally greater for an operational failure. It is critical to manage these risks proactively. Trading can be purely speculative, or it can be a form of trading that optimizes business flows. The nature of trading is similar to a continuum, with pure trading at one end and complete hedging at the other end. An organizations position on the continuum depends to a certain degree on the organizational view of risk versus return. Merger and Acquisition Merger and acquisition situations present specific operational risks that need to be managed, not only during the often-lengthy transition phase but also after the transition is completed. The additional risks arise from the fact that it is more difficult to manage risk across an organization that might be 2.3. MANAGING OPERATIONAL RISK 21 geographically distant and involve various systems. In addition, different business cultures and practices may need to be taken into account, along with potentially different legal and regulatory environments. Centralization Many large multinational corporations and financial institutions have centralized trading, risk manage- ment, or treasury operations2. These operations manage regional, or in some cases worldwide, exposures by netting hedging and liquidity requirements among members of the group. Centralization has certain advantages, including the potential to reduce transaction costs associated with hedging. It may allow smaller group members access to skilled professionals in the operational center. However, the biggest consideration in centralization is risk, which arises through reduced control in key operational areas and through more reliance on reporting and quantitative measures. Strong operational controls and effective reporting become particularly important in centralized organizations. 2.3.3 Industry Recommendations Core Principles for Managing Multinational Financial Exchange Risk arose from a 1998 study of foreign exchange risk management multinational corporations sponsored by General Motors and undertaken by Greenwich Treasury Advisors LLC. The study surveyed 31 large multinational corporations with for- eign exchange exposure arising from business activities: 13 American, 2 Japanese, and 13 European companies with average sales of U.S.$50 billion. A follow-up study looked at the activities of an addi- tional 33 U.S.multinational corporations with average sales of U.S.$11 billion. Twelve core principles for managing foreign exchange exposure were used by a majority of firms. The core principles include fun- damental principles, trading-volume-related principles, and principles related to risk-appetite. Although they specifically reflect foreign exchange exposure management, the principles may also be helpful in the management of other financial risks. Fundamental Principles 1. Document foreign exchange policy. Document a foreign exchange policy approved by senior man- agement or the board of directors. Critical policy elements include hedging objectives, hedgeable exposures, hedging time horizon, authorized foreign exchange derivatives, the extent to which po- sitions can be managed upon views of future foreign exchange rates, compensation for foreign exchange trader performance, and hedging performance measures. 2. Hire well-qualified, experienced personnel.Have a sufficient number of qualified, experienced per- sonnel to properly execute the companys foreign exchange policy. 3. Centralize foreign exchange trading and risk management. Centralize the foreign exchange trading and risk management with the parent treasury, which may be assisted by foreign hedging centers reporting to parent treasury. 4. Adopt uniform foreign exchange accounting procedures. Require uniform foreign exchange account- ing procedures, uniform exchange rates for book purposes, and multicurrency general ledgers for all foreign exchange transactions. Monthly, reconcile the parent treasurys foreign exchange hedging re- sults to the groups consolidated generally accepted accounting principles (GAAP) foreign exchange results. 5. Manage foreign exchange forecast error. If anticipated foreign exchange exposures are being hedged, manage the forecast error and take steps to minimize it to the greatest extent possible. 6. Measure hedging performance. Use several performance measures to fully evaluate historic hedging effectiveness. Evaluate current hedging performance by frequently marking to market both the outstanding hedges and the underlying exposures. 2 Group of 31: Core Principles for Managing Multinational Financial Exchange Risk, The Group of 31/Greenwich Treasury Advisors LLC. Copyright 1999 by Greenwich Treasury Advisors LLC. 22 CHAPTER 2. STRATEGIES OF RISK MANAGEMENT Trading Volume Related Principles 1. Segregate the back office function. Segregate back office operations such as confirmations and settlements from trading. If trading volume is sufficient, use nostro accounts and net settle. 2. Manage counterparty risk.Have credit rating standards and evaluate counterparty risk at least quarterly. Measure credit exposure using market valuations, not notional amounts, against assigned counterparty credit limits. Use ISDA or other kinds of master agreements with at least major counterparties. 3. Buy derivatives competitively. Execute the foreign exchange policy by competitively buying foreign exchange derivatives with appropriate trading controls. Risk-Appetite Related Principles 1. Use pricing models and systems. Have in-house pricing models for all derivatives used. Use au- tomated systems to track, manage, and value the derivatives traded and the underlying business exposures being hedged. 2. Measure foreign exchange risk. Understand the full nature of the foreign exchange risks being managed with a combination of risk measures such as value-at-risk, sensitivity analysis, and stress testing. 3. Oversee treasurys risk management. Independently oversee treasurys risk management with a risk committee to review and approve treasurys risk-taking activities and strategies, exposure and counterparty credit limits, and exceptions to corporate foreign exchange policy. Depending on the level of foreign exchange risks being managed, have either a parttime or a dedicated function to review treasurys compliance with approved risk management policies and procedures. 2.3.4 Recommendations A seminal report by the Group of 303 more than a decade ago addressed how both dealers and end-user organizations could better control the risks associated with the use of derivatives. It remains a classic set of fundamental risk management principles and may be useful to decision makers involved in risk management. The relevant recommendations of the Group of 30 are: 1. The role of senior management. Dealers and end users should use derivatives in a manner consis- tent with the overall risk management and capital policies approved by their boards of directors. These policies should be reviewed as business and market circumstances change. Policies governing derivatives use should be clearly defined, including the purposes for which these transactions are to be undertaken. Senior management should approve procedures and controls to implement these policies, and management at all levels should enforce them. 2. Marking to market. Dealers should mark their derivatives positions to market, on at least a daily basis, for risk management purposes. 3. Market valuation methods. Derivatives portfolios of dealers should be valued based on mid-market levels less specific adjustments, or on appropriate bid or offer levels. Mid-market valuation ad- justments should allow for expected future costs such as unearned credit spread, close-out costs, investing and funding costs, and administrative costs. 4. Identifying revenue sources. Dealers should measure the components of revenue regularly and in sufficient detail to understand the sources of risk. 5. Measuring market risk. Dealers should use a consistent measure to calculate daily the market risk of their derivatives positions and compare it to market risk limits. Market risk is best measured as value at risk using probability analysis based on a common confidence interval (e.g., two standard deviations) and time horizon (e.g., a one-day exposure). 3 Group of 30 Global Derivatives Study Group; Derivatives: Practices and Principles,Washington, DC, July 1993. 2.3. MANAGING OPERATIONAL RISK 23 Components of market risk that should be considered across the term structure include absolute price or rate change (delta); convexity (gamma); volatility (vega); time decay (theta); basis or correlation; and discount rate (rho). 6. Stress simulations. Dealers should regularly perform simulations to determine how their portfolios would perform under stress conditions. 7. Investing and funding forecasts. Dealers should periodically forecast the cash investing and funding requirements arising from their derivatives portfolios. 8. Independent market risk management. Dealers should have a market risk management function, with clear independence and authority, to ensure that the following responsibilities are carried out: Development of risk limit policies and monitoring of transactions and positions for adherence to these policies Design of stress scenarios to measure the impact of market conditions, however improbable, that might cause market gaps, volatility swings, or disruptions of major relationships, or might reduce liquidity in the face of unfavorable market linkages, concentrated market making, or credit exhaustion. Design of revenue reports quantifying the contribution of various risk components, and of market risk measures such as the value at risk. Monitoring of variance between the actual volatility of portfolio value and that predicted by the measure of market risk. Review and approval of pricing models and valuation systems used by front- and back-office personnel, and the development of reconciliation procedures if different systems are used. 9. Practices by end users. As appropriate to the nature, size, and complexity of their derivatives activities, end users should adopt the same valuation and market risk management practices that are recommended for dealers. Specifically, they should consider regularly marking to market their derivatives transactions for risk management purposes; periodically forecasting the cash investing and funding requirements arising from their derivatives transactions; and establishing a clearly independent and authoritative function to design and assure adherence to prudent risk limits. 10. Measuring credit exposure. Dealers and end users should measure credit exposure on derivatives in two ways: Current exposure is the replacement cost of derivatives transactions that is, their market value. Potential exposure is an estimate of the future replacement cost of derivatives transactions. It should be calculated using probability analysis based on broad confidence intervals (e.g., two standard deviations) over the remaining terms of the transactions. 11. Aggregating credit exposures. Credit exposures on derivatives, and all other credit exposures to a counterparty, should be aggregated taking into consideration enforceable netting arrangements. Credit exposures should be calculated regularly and compared to credit limits. 12. Independent credit risk management. Dealers and end users should have a credit risk management function with clear independence and authority, and with analytical capabilities in derivatives, responsible for the following: Approving credit exposure measurement standards Setting credit limits and monitoring their use Reviewing credits and concentrations of credit risk Reviewing and monitoring risk reduction arrangements 13. Master agreements. Dealers and end users are encouraged to use one master agreement as widely as possible with each counterparty to document existing and future derivatives transactions, including foreign exchange forwards and options. Master agreements should provide for payments netting and closes out netting, using a full two-way payments approach. 24 CHAPTER 2. STRATEGIES OF RISK MANAGEMENT 14. Credit enhancement. Dealers and end users should assess both the benefits and costs of credit enhancement and related risk-reduction arrangements.Where it is proposed that credit downgrades would trigger early termination or collateral requirements, participants should carefully consider their own capacity and that of their counterparties to meet the potentially substantial funding needs that might result. 15. Promoting enforceability. Dealers and end users should work together on a continuing basis to iden- tify and recommend solutions for issues of legal enforceability, both within and across jurisdictions, as activities evolve and new types of transactions are developed. 16. Professional expertise. Dealers and end users must ensure that their derivatives activities are undertaken by professionals in sufficient number and with the appropriate experience, skill levels, and degrees of specialization. These professionals include specialists who transact and manage the risks involved, their supervisors, and those responsible for processing, reporting, controlling, and auditing the activities. 17. Systems. Dealers and end users must ensure that adequate systems for data capture, processing, settlement, and management reporting are in place so that derivatives transactions are conducted in an orderly and efficient manner in compliance with management policies. Dealers should have risk management systems that measure the risks incurred in their derivatives activities, including market and credit risks. End users should have risk management systems that measure the risks incurred in their derivatives activities based on their nature, size, and complexity. 18. Authority. Management of dealers and end users should designate who is authorized to commit their institutions to derivatives transactions. 19. Accounting practices. International harmonization of accounting standards for derivatives is desir- able. Pending the adoption of harmonized standards, the following accounting policies are recom- mended: Dealers should account for derivatives transactions by marking them to market, taking changes in value to income each period. End users should account for derivatives used to manage risks so as to achieve a consistency of income recognition treatment between those instruments and the risks being managed. Thus, if the risk being managed is accounted for at cost (or, in the case of an anticipatory hedge, not yet recognized), changes in the value of a qualifying risk management instrument should be deferred until a gain or loss is recognized on the risk being managed. Or, if the risk being managed is marked to market with changes in value being taken to income, a qualifying risk management instrument should be treated in a comparable fashion. End users should account for derivatives not qualifying for risk management treatment on a mark-to-market basis. Amounts due to and from counterparties should only be offset when there is a legal right to set off or when enforceable netting arrangements are in place. Where local regulations prevent adoption of these practices, disclosure along these lines is nevertheless recommended. 20. Disclosures. Financial statements of dealers and end users should contain sufficient information about their use of derivatives to provide an understanding of the purposes for which transactions are undertaken, the extent of the transactions, the degree of risk involved, and how the transactions have been accounted for. Pending the adoption of harmonized accounting standards, the following disclosures are recommended: Information about managements attitude to financial risks, how instruments are used, and how risks are monitored and controlled Accounting policies Analysis of positions at the balance sheet date Analysis of the credit risk inherent in those positions For dealers only, additional information about the extent of their activities in financial instru- ments 2.3. MANAGING OPERATIONAL RISK 25 Summary 1 (Operation Risks:) Operational risk arises from the possibility of error, fraud, or a gap in procedures or systems. It is one of the most prevalent risks that organizations face. Operational risks are exacerbated in situations where additional risks exist, such as during mergers or acquisitions, trading environments, or geographically diverse organizations. Management of people, processes such as reporting and controls, and an assessment of the techno- logical risks an organization faces may be useful in identifying and managing operational risk.

Risk Management Course Outline PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue