Welcome to Session B of the Associate PRM Webinar Series

Anne Jones, Host

Bob Mark, Presenter Webcast Manager
Black Diamond Risk Enterprises PRMIA

This material is the intellectual property of PRMIA and shall not be reproduced or used without the express written permission of PRMIA
1 www.prmia.org
PRMIA 2016
 Welcome to Session B

The Role of Governance in

Risk Management
 Learning Objectives
After completing this session, participants will be able to:
Describe the concept and importance of governance
Define the role of the Board, the relevant committees and
the CRO
Describe risk policies, risk methodologies, risk infrastructure
and escalation
Describe PRMIA Governance Principles
Describe PRMIA Standards of Best Practice, Conduct and
Ethics
Describe how you would benchmark risk governance
Define the standards of a risk association

Reading material is Chapter 4 of the EoRM plus the PRMIA Standards of Best Practice,
Conduct and Ethics, the PRMIA Governance Principles and the PRMIA Bylaws.

3 www.prmia.org
PRMIA 2016
 The Importance of Risk Governance
Major failures in early part of 21st Century Enron, WorldCom,
Global Crossing and more recently Lehman ,Wachovia, etc.

U.S. tightened up legal responsibilities of the Board of a company

(e.g. Sarbanes-Oxley) plus Board oversight requirements
generally adopted globally (Box 4-1, page 152)

McKinsey surveys have showed that governance and risk

governance standards at the board are generally low

Objective of good governance is to improve:

Best practices
Delegation of risk duties and authorisations
Effective implementation of risk controls
Link between risk and remuneration practices (e.g. Dodd-Frank)
Awareness of external stakeholders (shareholders, debt holders,
etc.)

4 www.prmia.org
PRMIA 2016
 Corporate Risk Governance

The board must understand the strategy and the risks and
rewards involved but not micromanage the business
Incorporate the four basic principles of risk management:
Mitigate
Avoid/remove
Accept
Transfer/off-load

Are you serious about risk management?

Does risk management offer a career path?
To whom do risk managers report?
Compare their salaries vs. the business-oriented teams
(revenue generation)
Is there a strong ethical and risk awareness culture?

5 www.prmia.org
PRMIA 2016
 The Board
Definition of risk appetite
Risk compatible with strategy
Four basic options of risk appetite
What are the limits?
Relationship to risk culture

Management of economic performance, not just accounting or

share price
Creation of a risk culture
Creation of the risk infrastructure
Delegation of authority
Board Committees
The Audit Committee of the Board
The Risk Committee of the Board
Need for a Risk Advisory Director?

6 www.prmia.org
PRMIA 2016
 SOX ,Dodd Frank and Exchange Rulings
U.S. examples of trends in regulation:
Sarbanes-Oxley, Dodd-Frank and Basel III
More rigorous legal environment for board, management, auditors
and the Chief Risk Officer
CEO and CFO responsible for published accounts
Adequate oversight, controls and procedures
Increased Executive Compensation disclosures
Whistle Blower protection
Say on Pay
Definition of a Qualified Mortgage
Evolving Regulatory Capital Reform, such as Basel III

U.S. Exchange Rulings

Majority of independent Board Directors
Establishment of Corporate Governance Committee
Alignment of compensation
Obligations on the Audit Committee

7 www.prmia.org
PRMIA 2016
 What is a Risk Advisory Director?
Box 4-3, page 164

Explains risk matters Senior Risk

Presents risk reports Committee
Escalates risk issues CRO & risk managers
Manages risk Board Risk Risk reporting
appetite Committees

Risk
Advisory
Director
Firm Outside
World
The Audit Committee
Regulators
The Business
Professional bodies
Finance information
Rating agencies

8 www.prmia.org
PRMIA 2016
 The Risk Committees
Audit Committee of the Board (non-exec)
Independent verification that the bank is doing what it says it is
doing supported by the audit function
Financial statements and the risk inherent in these
Tends to look after operational risks (non-financial)
Risk Management Committee of the Board
Independent review of the risk identification, measurement,
monitoring and controlling processes
Approves the risk appetite and the risk policies
Senior Risk Committee (exec)
Documents all risk policies
Recommends the amount of risk to be assumed by the banks
strategies and approves their stress testing
Delegates authority to the Chief Risk Officer

(Different banks will have variations of the above governance processes)

9 www.prmia.org
PRMIA 2016
 The Chief Risk Officer
Part of the Senior Risk Committee
The communications of risk to the senior committees
Day-to-day management of risk within the bank within the
tolerances set by the risk committees
Responsible for risk policies, risk methodologies and risk
infrastructure
Manages the corporate risk governance
Provides independent monitoring of the risk limits of the
business lines
Delegation of an amount of risk management to the business
lines (may hold reserve)
May order business units to reduce or close out high risk
positions

10 www.prmia.org
PRMIA 2016
 The Delegation Process Figure 4-1
page 170
Ultimate
sign-off
Board
Approves
Board Risk risk
Committee appetite Approves stress, limits,
new business, etc.
Senior Risk
Committee Manages the CRO

Manages risk
Chief Risk
across the
Officer organisation

Heads of Shares risk

= delegation process Business responsibility

Business
Manages risk and limits Unit
in their business Manager

11 www.prmia.org
PRMIA 2016
 Question #1

Q How should Board of Directors delegate the risk

management authority in an organisation?

a) Through the Audit Committee

b) Through the Risk Management Committee(s)
c) Through the Internal Audit function
d) The Chief Risk Officer is always a Board member

The answer is:

12 www.prmia.org
PRMIA 2016
 Answer to Question #1
Q How should Board of Directors delegate the risk
management authority in an organisation?

a) The Audit Committee is there to oversee the

financial aspects of the company
b) Through the Risk Management Committee(s)
is the right answer
c) The Internal Audit function oversees the risk
function
d) The Chief Risk Officer is not always a Board member

Remember we are talking about the syllabus here. There are companies which do
not follow these recommendations.

13 www.prmia.org
PRMIA 2016
 Managing Risk
Figure 4-2, page171
Senior Management Trading Room Management

Risk Management Operations

Finance
Market and credit risk limits
Policies control the banks operations these, including
exception processes, should be written down
Risk can be managed using VaR but VaR is less effective in
extreme circumstances limits should be linked to scenario and
stress testing
Limits should be set by asset classes (Type A or Tier 1) and by
business, i.e. industry, credit class, maturity, region, etc. (Type
B or Tier 2)
Limits should cater for normal markets and for peaks

14 www.prmia.org
PRMIA 2016
 Monitoring Risk

Daily revaluations in P&L statements all pricing and

valuation assumptions to be verified
Reports on compliance with policy and limits adherence
timely escalation for exceptions
Limit monitoring data must be independent, validated,
representative and in the right format
Exceptions need to be advised BEFORE a position is taken
Limit Type A exceptions should be corrected immediately,
Type B need to be unwound over an agreed but short
time, e.g. one week
Limits need to be constantly monitored against
opportunities and the costs

15 www.prmia.org
PRMIA 2016
 Limit Excess Escalation
Figure 4-3, page 175
Risk management
is advised before
the excess occurs

Excess occurs

Type A Excess on daily Type B

i.e. across the asset class exception report i.e. by business or
concentration

1. Authorise use Risk manager

of a reserve approves a Type B
2. Petition risk excess or orders it
committee to be cleared

16 www.prmia.org
PRMIA 2016
 Risk in New Business

Risk in new business ventures must be evaluated prior to

approval:
An overview of the new venture
A detailed review achievements, risk profile, what could
impact the risk profile
Future initiatives
What financial limits should be imposed to control risk?
What non-financial risks are involved internal = processing,
people, systems; external = legal, regulatory, taxation, etc.

Every current and new business needs limits

There should be a known limits policy that the business knows

of before it plans new ventures

17 www.prmia.org
PRMIA 2016
 The Role of the Audit Function

Independent assessment of the design and

implementation of the banks risk management
Documentation, processes, integrity, accuracy, control
and the integration with business lines
Compliance with the banks risk management objectives
Compliance with regulatory requirements
To evaluate the soundness of the banks risk measures,
including stress testing, and MIS
Validation of risk and risk-pricing models including
completeness and the data used
Verification of the above through back-testing
Production of a statement of audit findings

18 www.prmia.org
PRMIA 2016
Rating The Quality of Risk Management
Box 4-6, page 178

Can the quality of risk management be evaluated? A

possibility is by rating each part of the business on (i) risk
policies, (ii) risk methodologies and (iii) risk infrastructure
This approach could be used by rating agencies to rate the
risk effectiveness of an organisation and subsequently that
organisations credit rating
Risk management should not be controlled by the audit
function this would compromise any independent internal
assessment
Risk management of the Board and the senor risk
committees set the Tone at the Top (A risk culture issue)

19 www.prmia.org
PRMIA 2016
 Example: Rating the Risk Culture in a
Depository Bank vs. Mortgage Bank (Non-Depository)

20 www.prmia.org
PRMIA 2016
Key Risk Culture Indicator (KRCI) Based Scoring Process

CREATING A RISK CULTURE FRAMEWORK: PART TWO

21 www.prmia.org
PRMIA 2016
 Question #2

Q The fixed income team at a bank has reached

110% of their risk limits on their Eurobond
position. It should:

a) Hedge this exposure with a long put

b) Unwind the position now to within 85% of their
limits
c) Develop a strategy to reduce this position within 4
weeks
d) Discuss with the CRO a temporary extension of
limits or a short term exit strategy
The answer is:

22 www.prmia.org
PRMIA 2016
 Answer to Question #2
Q The fixed income team at a bank has reached
110% of their risk limits on their Eurobond
position. It should:

a) Hedge this exposure with a long put a long put would

add to the exposure instead of hedging it
b) Unwind the position now to within 85% of their limits
this would be extremely costly to execute and will
probably result in large losses
c) Develop a strategy to reduce this position within 4 weeks
the risk oversight function should be automatically
aware the position has exceeded limits
d) Discuss with the CRO a temporary extension of
limits or a short term exit strategy the team
should have a conversation with the CRO to decide
what is best way to unwind the position or if the
limit should be temporarily extended

23 www.prmia.org
PRMIA 2016
 Question #3

Q What can be classed as an agency risk?

a) A conflict of interest between the internal audit

department and risk management
b) A conflict of interest between the companys
stakeholders and the Board of Directors
c) A conflict of interest between corporate governance
and senior management
d) A conflict of interest between the interests of the
senior management to assume risks and the
interests of the companys stakeholders

The answer is:

24 www.prmia.org
PRMIA 2016
 Question #3

Q What can be classed as an agency risk?

a) A conflict of interest between the internal audit

department and risk management agency risk is not
defined as conflict of interest between two internal
departments
b) A conflict of interest between the companys stakeholders
and the Board of Directors the Board of Directors are
elected by the company stakeholders
c) A conflict of interest between corporate governance and
senior management corporate governance does not
have interests
d) A conflict of interest between the interests of the
senior management to assume risks and the
interests of the companys stakeholders - agency
risk defines the risk of senior management to
assume too many risks with other peoples money

25 www.prmia.org
PRMIA 2016
 The Basel III Reform of Bank Capital Regulation
Figure 3-2, page 85

New capital ratios Raising the quality of capital Macroprudential overlay

Common equity Focus on common equity
Tier 1 Stricter criteria for tier 1 Leverage ratio
Total capital Harmonized deductions
Capital conservation buffer from capital Mitigating procyclicality
Countercyclical buffer

Mitigating systemic risk

Capital (work in progress)
Capital Ratio = Systemic capital
Risk-weighted assets
surcharge for SIFIs
Contingent capital
Bail-in debt
Enhancing risk coverage OTC derivatives
Securitization products
Trading book
Counterparty credit risk

26 www.prmia.org
PRMIA 2016
 Capital Requirements under Basel II vs. Basel III
Figure 3-3 page 91

Only common equity is eligible for the new capital buffers

16.0%

14.0% 2.5% SIFIs Surcharge

12.0% 2.5% Countercyclical Buffer

10.0%
2% Tier 2

8.0% 1.5% Additional Tier 1

6.0% 4.0% Tier 2 2.5% Capital Conservation Buffer

4.0%
2.0% Hybrid Tier 1
2.0% 4.5% Common Equity Tier 1
2.0% Cove Tier 1
0.0%
Basel II Basel III

Source: Bank for International Settlements

27 www.prmia.org
PRMIA 2016
 Basel III Standardized Approach Risk Weights
Table 3A-4, page 133

Securitization tranches

b Risk weighting based on risk weighting of sovereign in which the bank is incorporated. Banks incorporated
in a given country will be assigned a risk weight one category less favorable than that assigned to claims on
the sovereign, with a cap of 100% for claims to banks in sovereigns rated BB+ to B-.

28 www.prmia.org
PRMIA 2016
 PRMIA Standards*
PRMIA members, including exam takers, must abide by these
Standards to reflect positively on the profession, instil
confidence, and must be consistent with local rules,
regulations and cultural standards
Risk management best practices basic knowledge, rules
and regulations, generally accepted practices, advances in
risk management, diligence, independence and transparency
Professional conduct clarity and accuracy, suitability,
presentation of results, disclosure of limits, high level of
professionalism, supervision of others, departure from
accepted practices, conflicts of interest, confidentiality,
honesty and integrity, fiduciary responsibilities
Ethical behaviour personal behaviour, responsibility,
judgement and independence, use of risk services, respect
Conflict resolution assessment and resolution

*There WILL BE questions on the exam from slides 29 - 34

29 www.prmia.org
PRMIA 2016
PRMIA Ten Principles of Good Governance*
1 Key Competencies
2 Resources and Processes
3 Ongoing Education and Development
4 Compensation Architecture
5 Independence of Key Parties
6 Risk Appetite
7 External Validation
8 Clear Accountability
9 Disclosure and Transparency
10 Trust, Honesty and Fairness of Key People

*There WILL BE questions on the exam from slides 29 - 34

30 www.prmia.org
PRMIA 2016
PRMIA Application of Risk Governance*
The PRMIA principles are applied to:
The Board including the Audit and Risk Committees
Risk management infrastructure
Financial accounting and reporting infrastructure
The organisation as a whole

And the duties of key parties cover:

Members of the Board
The Board member responsible for risk management reporting
Chief Executive Officer
Chief Financial Officer
Chief Risk Officer
Internal audit management
Compliance management
Other senior management within the organisation

*There WILL BE questions on the exam from slides 29 - 34

31 www.prmia.org
PRMIA 2016
 Question #4

Q According to PRMIAs Principles of Good

Governance, which is not a Board function:

a) Defining risk appetite and informing senior

management
b) Be accountable to government for financial stability
c) Understand the risk management infrastructure
d) Understand Value at Risk

The answer is:

32 www.prmia.org
PRMIA 2016
 Answer to Question #4

Q According to PRMIAs Principles of Good

Governance, which is not a Board function:

a) Defining risk appetite and informing senior management

the board should set the risk appetite framework
b) Be accountable to government for financial stability
the Board should not be accountable for systemic
risk
c) Understand the risk management infrastructure the
Board should understand the general infrastructure of the
risk department but should not get too granular
d) Understand Value at Risk-the Board should understand
how to read a risk report which contains measures of risk

33 www.prmia.org
PRMIA 2016
 PRMIA Bylaws*
Focus on:
Mission statement and purpose
Membership and members responsibilities

Also read:
Election of officers
Role of the Board and of officers
Changes of rules
Operation of local chapters

Do not focus on:

Standard legal framework
Financials

*There WILL BE questions on the exam from slides 29 - 34

34 www.prmia.org
PRMIA 2016
 Thank you for viewing this session!

The next session will be

Session C
An Introduction to Financial Markets

Reading material includes Chapters 1-8 of the PRMIA Professional Risk

Managers' Guide to Financial Markets: The Structure of Financial Markets, The
Money Markets, Bond Markets, The Foreign Exchange Market, The Stock
Market, The Futures Market, The Structure of Commodities Markets and The
Energy Markets all of which are downloadable from Web-based Resources on
the PRMIA website at:

Weekly Reading Material

http://www.prmia.org/sites/default/files/references/aprm/AssociatePRMReading1
1.05.14.pdf

35 www.prmia.org
PRMIA 2016