Risk Management
Alex Slahdji
Apprentice foreign trade "Maritime Ship spares parts" | Data analytics Pationate ????
Before crossing a busy road, you first assess that it is safe for you to do so; if you take a toddler to the swimming pool, you make sure that she is wearing inflatable armbands before she gets into the water and that she is never left unattended; you have probably purchased car, home, and/or health insurance to protect you and your family against accidents, disasters, or illnesses. Thus, in the course of your life, you are well acquainted with identifying risks, assessing them, and selecting the appropriate response, which is what risk management is about.
the types of risks that companies in the investment industry??and people working for these companies face. An unintentional error can cause substantial damage to a company, so it is important that you gain a good understanding of the types of risks companies in the investment industry face and that you learn how these risks are managed.
DEFINITION AND CLASSIFICATION OF RISKS
It can be defined as the effect of uncertain future events on a company or on the outcomes the company achieves. One of these outcomes is the company's profitability, which is why the effects of risk on profit and rates of return are often assessed.
Events that have or could have a negative effect, leading to losses or negative rates of return, tend to be emphasised in discussions of risk. Some of these events are external to the company. For example, a company that takes the risk of investing in a country with tight capital controls (or controls on flows in financial markets) may benefit if the capital controls are lifted and the company becomes one of the few foreign companies licensed to buy and sell securities in that country.
Relatively well-defined categories of risk exist, but no standard risk classification system applies to all companies because risks should be classified in a manner that helps managers make better decisions in the context of their particular company and its environment. All companies face the risk of not being able to operate profitably in a given competitive environment, typically because of a shift in market conditions. For example, a company's ability to grow and remain profitable may be affected by changes in customer preferences, the evolution of the competitive landscape, or product and technology developments.
There are three risks to which companies in the investment industry are typically exposed : Operational risk, which refers to the risk of losses from inadequate or failed people, systems, and internal policies and procedures, as well as from external events that are beyond the control of the company but that affect its operations.Compliance risk, which relates to the risk that a company fails to follow all applicable rules, laws, and regulations and faces sanctions as a result. Investment risk, which is the risk associated with investing that arises from the fluctuation in the value of investments.
THE RISK MANAGEMENT PROCESS
A good risk management process helps companies reduce the likelihood and severity of adverse events and enhance management's ability to realise opportunities.
Other costly consequences are also possible, such as sanctions for the breach of regulations, loss of licenses to provide financial services, and damage to the company's reputation and the reputations of its employees.
Risk management is a process that is, a series of actions to achieve a company's objectives. So, an important objective of the risk management process is to help managers deal with this uncertainty and identify the threats and opportunities their company faces.
One of the main functions of risk management is to find the right balance between risk and return. By limiting the effect of events that may derail the company's ability to achieve its objectives while benefiting from opportunities to grow the company profitably, risk management plays an important role in delivering value for these shareholders and investors.
The involvement of the board of directors and senior management in risk management is critical because they set corporate strategy and strategic business objectives. Although directors and senior managers are in charge of setting the appropriate level of risk to support the corporate strategy, risk management should involve all employees.
Risk tolerance is the level of risk that the company is able and willing to take on.
Detect and Identify Events The next step in the risk management process is to detect and identify events that may affect achieving the company's objectives.
Different expected levels of frequency and severity of outcomes can be specified, This type of risk matrix can be used to prioritise risks and to select the appropriate risk response for each risk identified. In practice, the selection of key risk measures is important for the risk management function to be proactive and predictive. The types of key risk measures vary among industries and companies, and they need to be reviewed regularly to ensure that the measures are still relevant and sensitive to risk events.
Select a Risk Response The next step in risk management is to formulate responses to deal with the risks identified in the previous step. For each risk, management must select an appropriate response and develop actions to align the company's risk profile with its risk tolerance.
A risk management process that enables managers to distinguish between the risks that are most likely to provide opportunities and the risks that are most likely to be harmful helps companies generate superior returns. In some cases, the risk is well understood and taking it provides opportunities to create value. This strategy involves taking action to reduce the risk and its effect. This strategy involves moving the risk and its effect to a third party. Policies and procedures provide a framework to help ensure that the risk responses are effectively implemented and monitored.
RISK MANAGEMENT FUNCTIONS
Risk management functions vary by company, but it is typical for companies in the investment industry to have a stand-alone risk management function with a senior head, often called the chief risk officer, who is capable of independent judgment and action. But it is the members of the business functions, such as portfolio managers or traders, who "own" the risk of their deals. Therefore, it is important for risk management to be part of the company's corporate culture and to be fully integrated with core business activities.
The risk management and compliance groups operate as a second line of defence, assisting and advising employees and managers while maintaining a certain level of independence. An internal audit function then forms the third line of defence. Thus, risk and audit committees of the board will often hear presentations from the heads of risk management, compliance, and internal audit.
BENEFITS AND COSTS OF RISK MANAGEMENT
Risk management provides a wide range of benefits to a company. It can help by :
All of these benefits should enhance the company's ability to create value. The costs of establishing risk management systems include tangible costs, such as hiring dedicated risk management personnel, putting in place procedures, and investing in systems, and intangible costs, such as slower decision making and missed opportunities. So, allocation of resources to risk management should be based on a cost-benefit analysis. It is difficult to weigh the costs and benefits of risk management precisely because it is impossible to observe, let alone measure, the cost of potential catastrophes that are averted.
OPERATIONAL RISK
Banks, like most companies, have tried to learn from past events and plug the holes in their systems and controls to prevent similar events from occurring. The failure of Barings Bank in 1995 revealed the danger of not segregating front and back office activities properly. In the small bank branch of Barings in Singapore, the same individuals managed both types of activities.
An initial trading loss??because of a human error was hidden in the accounting system?, and subsequent losses accumulated until they exceeded the bank's equity capital. Because of a loss of trust, some of these executives had to resign when the truth was revealed, even if they had performed successfully in their position.
Risk taking should also be considered in the structure of compensation, for example when defining bonus payments for employees. It is particularly important for employees who expose the company to significant risks, such as traders and investment staff. A good compensation system should take into account the level of risk undertaken for a given level of return and should reward those who achieve returns without taking excessive risks. An example of an incentive that could lead to perverse behaviour is rewarding traders for profits regardless of the risks they take. In practice, traders generating substantial losses typically lose their jobs and reputations, but they usually do not have to pay back much compared with the compensation they previously received.
Failures of IT and communication systems can paralyse business operations or greatly reduce their efficiency, harming the company's profitability via lower revenues, higher costs, or a combination of both. One source of risk is the behaviour of employees who do not follow internal policies and, for instance, download unauthorised applications for personal or business use.
Key controls to protect systems and business information include the establishment and communication of internal policies for users and IT technical staff, the creation of appropriate security standards and configurations for systems, and the allocation of adequate personnel and technical resources to maintain a well-controlled IT environment. The protection of confidential information is also important in the investment industry. Data privacy has received a great deal of prominence recently because of a number of cases in which companies and government agencies have allowed people's private information to enter the public domain, exposing them to the risk of fraud.
A company should understand how data are produced and flow internally, classify the information by sensitivity, assess the risks of data loss, and adopt appropriate preventative measures. Complying with Internal Policies and Procedures The structure of a company varies with size and business activities engaged in, but there are features common to all companies. In larger and more complex companies, the roles and levels of authority will be formally defined and the business processes mapped out in more detail, usually embedded in corporate management systems. Policies and procedures should explicitly set out the delegation of authority and define clear responsibilities and accountability. These definitions form the basis for the monitoring of and control over business processes and provide feedback mechanisms.
The segregation of duties is an important principle that international companies and regulators and other authorities in many countries require and recommend. In accounting departments, there should also be a clear separation between those who enter items into the accounts and those who reconcile the bank statements with the cash balances in the accounting system.
Managing the Environment The type of environment in which a company operates can add layers of uncertainty that need to be addressed. Political Risk Political risk is the risk that a change in the ruling political party of a country will lead to changes in policies that can affect everything from monetary policy (money supply, interest rates, and credit) and fiscal policy??to investment incentives, public investments, and procurement.
In these instances, a change in administration or policies can affect the value of an investment. Political risk is inherent in all countries and should always be considered, even if it is perceived to be relatively remote.
Legal Risk Legal risk is the risk that an external party will sue the company for breach of contract or other violations. The role of an in-house legal expert is crucial to controlling legal risk. An important control in managing the legal risk of these external relationships is to have legal experts review every contract. Another control is to use template agreements and standard contract terms and conditions that have been reviewed and approved by the legal team. The storage of records, documents, and all forms of communication must also be in line with legal requirements for all relevant jurisdictions,
Settlement risk?: ?is the risk that when settling a transaction, a company performs one side of the deal, such as transferring a security or money, but the counterparty does not complete its side of the deal as agreed, often because it has declared bankruptcy. In the case of bankruptcy, it may take months or years to receive assets through a bankruptcy resolution procedure and the proceeds may only be a fraction of the original nominal amount of debt. clearing houses may step in to assume the risk of a counterparty failing to meet its contractual obligations. Other arrangements to reduce this risk are margin requirements, discussed in the Derivatives section, or standardised agreements.
领英推荐
COMPLIANCE RISK
Compliance risk is the risk that a company fails to comply with all applicable rules, laws, and regulations. The risk of non-compliance with laws and regulations is higher than non-compliance with internal policies and procedures because sanctions can be applied.
Ensuring compliance with rules and regulations has often been viewed as a rather mundane chore, but the rapidly changing regulatory environment has recently brought compliance to the forefront of business priorities. The trend has reversed with the re-imposition of greater regulation and oversight.
Framework for Legal and Regulatory Compliance Every company has to follow a set of rules, beginning with the statutory laws and other regulations imposed by regulatory bodies. Because of their importance in the financial system, banks and insurance companies have historically been subject to heavy regulation, with detailed rules and scrutiny from regulatory authorities. Often the greatest consequences are the damage to the company's reputation and the loss of existing and potential business opportunities.
Whistle-blowing has become an important way for authorities to learn of violations, and provisions to protect and reward whistle-blowers have been strengthened in the wake of financial scandals.
Corruption, which is defined as the abuse of power for private gain, has received heightened attention because of tightened laws and regulations on bribery and increased regulatory scrutiny, investigations, prosecutions, and fines.
Firms that operate through agents and other third parties should be aware that their responsibility for preventing corruption extends to the actions of these third parties.
Tax Reporting Compliance with tax regulations is complicated because the principles and rules vary considerably by jurisdiction. Companies are continuously developing financial and legal structures, often with the intention of minimising taxes overall.
A more aggressive approach is to seek to exploit loopholes in the tax code, low-tax jurisdictions?, and other grey areas. There is a technical difference between "tax avoidance", which means using tax code provisions to minimise the tax that is owed, and "tax evasion", which means not paying taxes in violation of the tax law.
Insider Trading There are laws that prohibit the trading of a security when in possession of important confidential information pertaining to the security in question. Companies must implement policies and procedures to ensure that traders understand the laws and that nobody in the company will be in the position to violate them.
Anti-money-laundering legislation is a set of rules to prevent money derived from criminal activities from entering the financial system and acquiring the appearance of being from legitimate sources. These rules require companies in the financial services industry, including those in the investment industry, to obtain sufficient original or certified documentation to perform a formal risk assessment on each client and counterparty; the procedures of such an assessment are called know-your-customer procedures.
International agreements defining basic principles and requirements for anti-money- laundering frameworks have been developed and are implemented with slight variations according to the jurisdiction. That is, a company can be subject to severe sanctions as a result of not following required procedures and record keeping, regardless of whether any suspicious transactions are handled or any actual damage is caused.
INVESTMENT RISK
investment risk is the risk associated with investing.
Companies in the investment industry typically experience three broad types of investment risk:
Market risk which is the risk caused by changes in market conditions affecting prices.
Credit risk which is the risk for a lender that a borrower fails to honour a contract and make timely payments of interest and principal.
Liquidity risk which is the risk that an asset or security cannot be bought or sold quickly without a significant concession in price.
A common theme for success in all types of investment risk management is the need to understand the risks and price them accurately.
Market Risk which arises from price movements in financial markets, can be classified into the risks associated with the underlying market instruments:
For example, an asset management firm may use the following risk budgeting steps: Quantify the amount of risk that can be taken by the firm Set risk budgets and limits for each asset class and/or investment manager Allocate assets in compliance with the risk budgets Monitor to ensure that risk budgets are respected Market risks that cannot be tolerated must be mitigated, and companies have different alternatives available.
Credit Risk When assessing the creditworthiness of borrowers, it is important to consider both their ability and willingness to repay their debts. Some of those borrowers still had the ability to keep paying their mortgage loans but decided to default and let the bank take possession of the property. The expected loss from credit exposure is a function of three elements:
The amount that is at risk may be reduced if collateral or guarantees from third parties are included. The value of collateral assets for a lender depends on their liquidity and marketability that is, how easy it is to sell the assets to a third party and at how much of a discount if sold on short notice.
There are various approaches to managing credit risk, Set limits on the amount of exposure to a particular counterparty or level of credit rating allowed.
Credit default swaps are often used when companies want to protect themselves against the risk of a loss in value of a debt security or index of debt securities, Lending to governments or state-owned companies creates another type of credit risk.
Sovereign risk is the risk that a government will not repay its debt because it does not have either the ability or the willingness to do so. The unique aspect of sovereign risk is that lenders have limited legal remedies available to compel the borrower to repay or to be able to recover the assets themselves.
A government can also prevent borrowers in its country from repaying their debts to foreign investors for example, by implementing currency controls to make it difficult or impossible for money to leave the country.
Liquidity Risk Liquidity refers to the ability to buy and sell quickly without incurring a loss. Firms in the investment industry face a greater level of liquidity risk than, say, manufacturers. When markets are illiquid either temporarily, such as during financial crises, or more structurally, such as in some emerging markets the ability to trade assets is substantially reduced, which has a negative effect on these firms.
VALUE AT RISK
Value at risk??was developed in the late 1980s and is now a widely used metric. It relies on some of the statistical concepts, such as standard deviation, VaR gives an estimate of the minimum loss of value that can be expected for a given period with a given level of probability.
For example, an asset management firm may estimate that a portfolio has a VaR of $1 million for one day with a probability of 5%. This means that there is a 5% chance that the portfolio will fall in value by at least $1 million in a single day, assuming no further trading.
Put another way, a loss of $1 million or more for this portfolio is expected to occur, on average, once in 20 trading days. Weaknesses of VaR There are also weaknesses inherent in the VaR measure of risk.
VaR gives an estimate of the minimum, but not the maximum, loss of value that can be expected. Referring back to the earlier example, the asset management firm can expect a loss of at least $1 million 12 or 13 times a year (5% of the approximately 250 trading days a year).
VaR does not indicate the maximum loss of value the portfolio manager can expect to bear in one day, and it does not guarantee that a loss in excess of $1 million will not happen more frequently than a dozen times a year. In practice, VaR often underestimates the frequency and magnitude of losses, mainly because of erroneous assumptions and models. For example, it is often assumed that returns are normally distributed and follow the bell- shaped distribution.
The use of historical data and the assumption of a normal distribution may work relatively well in normal market conditions but not during periods of market turmoil. The global financial crisis of 2008 is a case in point. Once the crisis hit, the number of days when trading losses exceeded the daily VaR and the amount of those losses were substantially higher than predicted.
Some banks reported that the frequency of losses was 10 to 20 times higher than the VaR predictions, and some banks recorded losses that significantly reduced their equity capital. These complementary techniques include scenario analysis and stress testing, which focus on the effect of more extreme situations that would not be fully captured or evaluated with VaR. The firm may also engage in stress testing by examining the effect of extreme market conditions, such as a liquidity crisis, to make sure that it would be resilient and would survive the crisis. It is worth noting that the weaknesses related to VaR apply to all measures that rely on models. The risk arising from the use of models is collectively known as model risk. This risk is associated with inappropriate underlying assumptions, the unavailability or inaccuracy of historical data, data errors, and misapplication of models.
Slahdji Mohamed Oussalem
Business Coach Consultant en stratégies ??accompagner les CEO et les équipes à croitre sereinement ??. ?? 2600 entrepreneurs accompagnés ?? 5000 personnes formées ?? Une activité croissante sur 4 continents
3 年A very important point. Thank you so much Mohamed Oussalem Slahdji