Risk Management Framework

<h1>Risk Management Framework</h1>Author: <a title="Jide Oniwinde" href="http://www.articlesbase.com/authors/jide-oniwinde/69777.htm">Jide Oniwinde</a> Risk management is the process of identifying, prioritising, assessing, analysing mitigating and controlling risk.  Regulatory challenges have been driving risk management in recent years. Risk management process should involve the appointment of a risk manager who will be responsible and accountable for the design and development of the risk management framework and oversees the implementation of the framework by the business units. The risk manager carries out the ongoing monitoring and reporting to the executive management and the Board explaining the business risks and the effectiveness and efficiency of the risk management practice.  The risk manager recommends changes to the risk appetite or risk tolerance of the company. Risk management should remain relevant and be adding measurable value to the business.  Components of risks should be expressed in the simplest form possible so that it will not be overcomplicated for others in the business to understand. Risk identification The types of risks to which the business is exposed should be identified.  The classification must be relevant to the underlying nature of the business.  It may not be a quick process to consider and identify the risks inherent in a company, but the value of such an exercise should not be underestimated.  The analysis will direct senior management to areas of exposure, and serve as a tool to ensure active tackling of all identified threats to the company. The following headings should act as prompts for the company but this is not exhaustive, these are just the low hanging fruits: Credit risk, Market risk, Liquidity risk, Operational risk, Compliance risk, Regulatory risk, Reputation risk, Litigation risk, Outsourcing risk, Technological risk, Fraud and other fiduciary risk, Foreign exchange risk, Concentration risk, key personnel risk, strategy risk, product risk. Risk Mitigation Credit Risk. <ol> <li>No credit facility.  Receive your cash before you hand over the assets or receive assets before you hand over your cash.</li> <li>Only deal with counterparties and clients that are regulated or recommended.</li> <li>Credit check counterparties with credit agencies for default.</li> <li>Check rating of counterparties at rating agencies.</li> <li>Cash deposits are held with high 'A' rated banks. </li> <li>Loan to be payable early. </li> <li>Loan is secured on quality collateral.  </li> <li>Draft legal agreements to ensure prompt payment and action for delay or non payment.</li> <li>Fees are deducted from client account - set-off /netting rights</li> <li>Daily matching and reconciliation of trades.</li> <li>Segregation of client money</li> <li>Open a position with initial deposit monitor automated real time marked to market position credit profit and debit losses automatically, if outside margin, make margin call for fund injection or reduce exposure, close out position if market movement continues to erode the position.</li> <li>Analyse the current exposure, current replacement cost of the contract by asking “what would it cost to replace the deal in the market, if the counterparty were to default today?”. </li> <li>Analyse the potential exposure likely replacement cost of the contract by  asking “what is an estimate of the maximum likely replacement cost of the contract, if the counterparty defaults in the future?”.</li> </ol>  Market Risk                                                                                                        <ol> <li>Set maximum amount you are prepared to invest in the market.</li> <li>Set stop loss for maximum fall in market you can accept.</li> <li>Set stop loss for maximum rise so as to preserve your profit.</li> </ol>  Liquidity Risk <ol> <li>Overdraft facility</li> <li>Equity financing – easy injection of funds from your investors</li> <li>Cash payable on demand from debtors</li> <li>Predictable inflow and out flow of cash</li> </ol>  Concentration risk <ol> <li>Set concentration limit not more that 25% of total assets in one counterparty</li> </ol>  Operational Risk <ol> <li>Risk database</li> <li>Maintain error register</li> <li>Disaster recovery test/BCP</li> <li>Verification of client identity checks</li> <li>Service level agreement checks</li> <li>Insurance claims promptly made.</li> <li>Staff deputies appointment – no overreliance on one person</li> <li>Training and competence of staff</li> <li>Fraud – 4 eyes, holiday, limits, password, and segregation, preparer of statement is not authoriser.</li> <li>IT system efficiency test</li> <li>Information security</li> <li>Legal risk – review agreements</li> <li>Regulatory risk – interpreter regulations and implement</li> <li>Electronic trading to reduce error </li> </ol> Risk analysis Once the company has completed a process of risk identification, it is likely that there will be a daunting list of risk issues that are, or should be, addressed by the company. The next stage of the process will be to catalogue the risk that the company faces across the business and examine the likely probability of a particular risk being encountered and the likely impact.  Look at the likelihood of occurrence and the consequences or impact if the event does occur i.e. the frequency and severity.  Ideally, analysis should be done by event data so as to make it scientific, so that a design model can be created pushing analytic methods to the absolute limit.  Look at the number of losses and the number of complaints and litigations.  If however the company does not have enough historic data to use to measure loss, the analysis would have to be done by applying judgement based on experience and insight of senior management into the business model and operational infrastructure.  This process will require discussion between those who have an interest in the issues. Risk retention Effective risk management, if embedded into the company’s strategic and operational processes, provides the framework to overcome uncertainty, to help management determine and agree an acceptable level of risk and opportunity.  The challenge, however, is to determine how much risk the business is prepared to accept.  When certain risks are accepted there then has to be an allocation of capital that will be used to absorb and accommodate the risk.  An accurate measure of risk would help in determining the amount of capital required so that the company is not overly conservative and there is no overestimation in a situation where balance sheet is thin so there is no over-allocation of capital. In the same token, risk managers must ensure that the capital does not underestimate risk. Regulatory capital requirements may need to be covered between 3 to 5 times to cater for risks.  The company has to consider assess to capital and ability to raise capital from shareholders and the market condition for raising capital. Risk transfer The whole concept of insurance is based on risk.  The insurer transfers risk off the company’s balance sheet and on to their balance sheet in return for a payment of a premium.  Professional indemnity insurance, liability insurance, error & omission insurance, fraud & fidelity insurance are useful covers that transfer risk. It is important to ensure that the insurer is solid with good credit record and that it pays claims promptly and provides quality service.  The company should also ensure that it can survive the period between the making of a claim and receiving settlement. Another way of transfer is the outsourcing of custodian activities to banks so that client assets can be held by those banks.  Guarantee from a parent company also gives financial backing and comfort in the event of financial insolvency and a bail out to protect the reputation of the group as a whole. Risk control Having process and procedures in place to ensure that the affairs of the company are managed in an efficient manner with an eye on risk exposures.  Use compliance team to monitor compliance with rules and regulation, internal audit to give assurance of effectiveness of control measures, legal support to properly draft contractual language, product approval process for quality, portfolio risk and performance management, self–assessment process, staff training and development, incentive structure that enables staff to consider how much risk they take to make money. Structuring deals with risk in mind, proactive culture rather than reactive, aligning risk appetite or tolerance to strategy. Risk avoidance The company may determine that it would avoid certain strategy or exit certain types of business to avoid the risk involved e.g. not using derivatives.  The risk manager should be able to say ‘no’ to activities that exposes the company to significant risk, explain reasons for saying ‘no’ and obtain acceptance of their position explaining all options that has been considered in reaching that conclusion. Conclusion A robust risk management framework with all the necessary data, analytics and tools will enhance the opportunity and capability to grow value linking growth and risk with return and minimising operational surprises and losses.        About the Author: Article Source: <a href="http://www.articlesbase.com/">ArticlesBase.com</a> - <a href="http://www.articlesbase.com/regulatory-compliance-articles/risk-management-framework-490559.html" title="Risk Management Framework">Risk Management Framework</a>

Risk management is the process of identifying, prioritising, assessing, analysing mitigating and controlling risk. Regulatory challenges have been driving risk management in recent years.

Risk management process should involve the appointment of a risk manager who will be responsible and accountable for the design and development of the risk management framework and oversees the implementation of the framework by the business units. The risk manager carries out the ongoing monitoring and reporting to the executive management and the Board explaining the business risks and the effectiveness and efficiency of the risk management practice. The risk manager recommends changes to the risk appetite or risk tolerance of the company.

Risk management should remain relevant and be adding measurable value to the business. Components of risks should be expressed in the simplest form possible so that it will not be overcomplicated for others in the business to understand.

Risk identification

The types of risks to which the business is exposed should be identified. The classification must be relevant to the underlying nature of the business. It may not be a quick process to consider and identify the risks inherent in a company, but the value of such an exercise should not be underestimated. The analysis will direct senior management to areas of exposure, and serve as a tool to ensure active tackling of all identified threats to the company.

The following headings should act as prompts for the company but this is not exhaustive, these are just the low hanging fruits:

Credit risk, Market risk, Liquidity risk, Operational risk, Compliance risk, Regulatory risk, Reputation risk, Litigation risk, Outsourcing risk, Technological risk, Fraud and other fiduciary risk, Foreign exchange risk, Concentration risk, key personnel risk, strategy risk, product risk.

Risk Mitigation

Credit Risk.

No credit facility. Receive your cash before you hand over the assets or receive assets before you hand over your cash.
Only deal with counterparties and clients that are regulated or recommended.
Credit check counterparties with credit agencies for default.
Check rating of counterparties at rating agencies.
Cash deposits are held with high 'A' rated banks.
Loan to be payable early.
Loan is secured on quality collateral.
Draft legal agreements to ensure prompt payment and action for delay or non payment.
Fees are deducted from client account - set-off /netting rights
Daily matching and reconciliation of trades.
Segregation of client money
Open a position with initial deposit monitor automated real time marked to market position credit profit and debit losses automatically, if outside margin, make margin call for fund injection or reduce exposure, close out position if market movement continues to erode the position.
Analyse the current exposure, current replacement cost of the contract by asking “what would it cost to replace the deal in the market, if the counterparty were to default today?”.
Analyse the potential exposure likely replacement cost of the contract by asking “what is an estimate of the maximum likely replacement cost of the contract, if the counterparty defaults in the future?”.

Market Risk

Set maximum amount you are prepared to invest in the market.
Set stop loss for maximum fall in market you can accept.
Set stop loss for maximum rise so as to preserve your profit.

Liquidity Risk

Overdraft facility
Equity financing – easy injection of funds from your investors
Cash payable on demand from debtors
Predictable inflow and out flow of cash

Concentration risk

Set concentration limit not more that 25% of total assets in one counterparty

Operational Risk

Risk database
Maintain error register
Disaster recovery test/BCP
Verification of client identity checks
Service level agreement checks
Insurance claims promptly made.
Staff deputies appointment – no overreliance on one person
Training and competence of staff
Fraud – 4 eyes, holiday, limits, password, and segregation, preparer of statement is not authoriser.
IT system efficiency test
Information security
Legal risk – review agreements
Regulatory risk – interpreter regulations and implement
Electronic trading to reduce error

Risk analysis

Once the company has completed a process of risk identification, it is likely that there will be a daunting list of risk issues that are, or should be, addressed by the company. The next stage of the process will be to catalogue the risk that the company faces across the business and examine the likely probability of a particular risk being encountered and the likely impact. Look at the likelihood of occurrence and the consequences or impact if the event does occur i.e. the frequency and severity.

Ideally, analysis should be done by event data so as to make it scientific, so that a design model can be created pushing analytic methods to the absolute limit. Look at the number of losses and the number of complaints and litigations. If however the company does not have enough historic data to use to measure loss, the analysis would have to be done by applying judgement based on experience and insight of senior management into the business model and operational infrastructure. This process will require discussion between those who have an interest in the issues.

Risk retention

Effective risk management, if embedded into the company’s strategic and operational processes, provides the framework to overcome uncertainty, to help management determine and agree an acceptable level of risk and opportunity. The challenge, however, is to determine how much risk the business is prepared to accept. When certain risks are accepted there then has to be an allocation of capital that will be used to absorb and accommodate the risk.

An accurate measure of risk would help in determining the amount of capital required so that the company is not overly conservative and there is no overestimation in a situation where balance sheet is thin so there is no over-allocation of capital. In the same token, risk managers must ensure that the capital does not underestimate risk. Regulatory capital requirements may need to be covered between 3 to 5 times to cater for risks. The company has to consider assess to capital and ability to raise capital from shareholders and the market condition for raising capital.

Risk transfer

The whole concept of insurance is based on risk. The insurer transfers risk off the company’s balance sheet and on to their balance sheet in return for a payment of a premium. Professional indemnity insurance, liability insurance, error & omission insurance, fraud & fidelity insurance are useful covers that transfer risk.

It is important to ensure that the insurer is solid with good credit record and that it pays claims promptly and provides quality service. The company should also ensure that it can survive the period between the making of a claim and receiving settlement. Another way of transfer is the outsourcing of custodian activities to banks so that client assets can be held by those banks. Guarantee from a parent company also gives financial backing and comfort in the event of financial insolvency and a bail out to protect the reputation of the group as a whole.

Risk control

Having process and procedures in place to ensure that the affairs of the company are managed in an efficient manner with an eye on risk exposures. Use compliance team to monitor compliance with rules and regulation, internal audit to give assurance of effectiveness of control measures, legal support to properly draft contractual language, product approval process for quality, portfolio risk and performance management, self–assessment process, staff training and development, incentive structure that enables staff to consider how much risk they take to make money. Structuring deals with risk in mind, proactive culture rather than reactive, aligning risk appetite or tolerance to strategy.

Risk avoidance

The company may determine that it would avoid certain strategy or exit certain types of business to avoid the risk involved e.g. not using derivatives. The risk manager should be able to say ‘no’ to activities that exposes the company to significant risk, explain reasons for saying ‘no’ and obtain acceptance of their position explaining all options that has been considered in reaching that conclusion.

Conclusion

A robust risk management framework with all the necessary data, analytics and tools will enhance the opportunity and capability to grow value linking growth and risk with return and minimising operational surprises and losses.

Rate this Article:

0 / 5 stars - 0 vote(s)

Re-Publish

Article Source: http://www.articlesbase.com/regulatory-compliance-articles/risk-management-framework-490559.html

Article Tags: Risk Management

Related Videos
Related Articles
Ask / Related Q&A

Play

How to Customize Results Graphs in @RISK

Play

How to Add Graph Markers in @RISK

Play

How to Overlay Results Graphs in @RISK

Play

How to Create a Scatter Plot from any Graph Window in @RISK

Play

How to Create a Scatter Plot from a Tornado Graph in @RISK

Latest Regulatory Compliance Articles
More from Jide Oniwinde

An Alcoholics Viewpoint Of AA Online

By: Ed Philips | 26/12/2009
Discover how to quit drinking as revealed in Ed Philips "Alcoholics Anonymous Online" support guide, which offers tried and tested alcoholic addiction methods to quit drinking within 21 days.

Benefits of a Home Staging Career

By: Karen Schaefer | 26/12/2009
Have you ever imagined having a high-paying career that lets you use your creativity and flair for decorating and home design? Are you looking for a job that allows you to have more time, make more money and work in an industry you love? Then Home Staging is right for you.

How Much Is Child Support In New York State?

By: marryzalaa | 22/12/2009
When permanent child support may not be issued immediately, the magistrate may issue temporary child support.

New Brazilian Regulation Surrounding Foreign Capital

By: Staff Journalist | 18/12/2009
LaCrosse Global Fund Services explains changing Brazilian fund regulation, CVM 450 and 456, giving local funds access to international financial instrument

Brazil’s Improving Corporate Governance

By: Staff Journalist | 18/12/2009
Damian Hampson comments on lectures from the Terrapin Alternative Investment Summit Brazil, specifically looking at recent improvements made in the countries corporate governances.

Registration of Foreign Corporation in the Philippines

By: Dennis P. Ramm | 10/12/2009
The Executive Branch of the Philippine Government has various agencies, instrumentalities, departments, bureaus and entities that are under the control and supervision of the Philippine President. The different heads of the agencies and departments are considered as an alter-ego of the President.

Other than the area of pornography, there are very few ways to censor internet

By: Paul Ingersole | 08/12/2009
The FCC will issue fines to any entity that falls under free to air broadcasting who participates in programming that involves obscenities, vulgar behaviors, nudity, or libel. These finds are high dollar amounts ranging from $250,000 to $375,000 per incident.

The Challenges of Managing Urban Growth and Implication to Real Estate Professionals

By: Fattah Adewale Aderinto | 03/12/2009
urban population growth can be explained in term of natural increase in population, rural-urban migration and city annexation into surrounding rural areas. Urban city or mega city within a country has been a victim of any urbanization because they offer number of competitive advantages such as higher wages, education, health care, and social cultural attractions, that all result in a better quality of life for the poorest members of the society

Disaster Recovery /Business Continuity Test Evidence Report

By: Jide Oniwinde | 30/04/2009 | Regulatory Compliance
Disaster Recovery /Business Continuity Test Evidence ReportThe test result should be recorded to show whether everything worked as expected, and if it did not, what happened and why, and what deficiencies were noted in the plan and its action task lists, supporting facilities, locations, etc. Record details of any revisions required to the plan and/or supporting facilities, locations, etc.

12 Qualities of a highly effective Regulator

By: Jide Oniwinde | 03/04/2009 | Regulatory Compliance
12 Qualities of a highly effective Regulator.

Anti-money Laundering Procedures

By: Jide Oniwinde | 02/08/2008 | Regulatory Compliance
Money Laundering is the process of hiding and disguising the true origin and ownership of the proceeds of crime. It is usually linked to criminal activities such as organised crime, corruption, drug related crime and terrorism.

Be A Dynamic And Effective Compliance Officer

By: Jide Oniwinde | 19/07/2008 | Regulatory Compliance
The compliance officer is a gatekeeper whose role is to stop and prevent wrong doing in the firm. The compliance officer is there to maintain the integrity of the firm and be the first line of defence against fraud, market abuse, misconduct. The compliance officer is there to demonstrate the firm’s discharge of its duties of due care, skill and diligence. The role is usually mandatory under financial services regulations.

Risk Management Framework

By: Jide Oniwinde | 19/07/2008 | Regulatory Compliance
Risk management should remain relevant and be adding measurable value to the business. Components of risks should be expressed in the simplest form possible so that it will not be overcomplicated for others in the business to comprehend.