The main risk categories include strategic business and commercial direction risk, financial liquidity and credit risk and operational risk. Here Amer Shashati focuses on the financial risk category and its associate risk types; liquidity risk and credit risk
We first tackle liquidity risk, which is mainly made up of interest rate volatility risk and mismatch or gaps of size or volume and maturity period of inflows versus outflows or of assets versus liabilities. As we progress we will be formalizing a set of variables that will similarly later be used to tackle other financial risk types.
Balance sheet assets include any given loans that generate income, while liabilities include any debit that has to be paid out. The risk drivers and risk components include assets' interest income volatility and assets minus liabilities net present value (NPV) volatility that can result in gaps in volume or size and in maturity time; while the risk factors which are also the principles that must be the focus of control measures, include stabilizing interest rates, which affect interest income and affect the NPV of future cash flows due to assets' and liabilities' costs and revenues, and hence affect the gaps in size and maturity, and affect banking products' embedded options' revenue such as option for pre-payment or refinancing of loans.
The exposure is based on the current outstanding assets' and liabilities' book values that is sensitive to interest rates volatility, such as those generating interest income and those that can produce gaps in size and maturity due to producing NPV gaps between assets and liabilities, and the extent of banking products' with embedded options.
The events that comprise risk include fluctuation in interest rates income, or fluctuation in NPV of interest rates sensitive assets minus liabilities resulting in gaps in size and maturity time of assets versus liabilities.
Hence the variables including the risk drivers or components that is the focus of any liquidity management policies that establish this risk type appetite level and to mandate this risk type management guidelines on target levels of interest income and NPV, and on managing resulting gaps in size and maturity of assets versus liabilities, are interest income and NPV, where such variables are modeled and monitored to ensure compliance with the relevant established policies and hence give assurance of good liquidity management system. These variables must be accurately and continuously be modeled as they reflect the risk impact, so that interest income can be graphed against future interest rates and further matrixing or graphing of interest income change reflecting the risk factor level against the pair of probability and impact for the different interest rates scenarios or change in interest rates, in order to establish the earnings at risk (EAR) namely interest income risk is a function of interest rate changes per different scenario, and associate probability of such change.
The internal controls system must include the following high-level protection profile (PP) focusing on the enterprise liquidity risk management or asset liability management framework (ALM);
Identify and establish the risk drivers including interest income volatility and assets minus liabilities net present value (NPV) volatility and the associated gaps in size or volume and in time maturity, and associated risk factors such as interest rates;
Identify the risk events including fluctuation in interest rates income fluctuation in the NPV of interest rate sensitive assets minus liabilities resulting in gaps in size and maturity time of assets versus liabilities, and identify and measure the risk exposure including outstanding assets' and liabilities' book values that are sensitive to interest rates volatility;
Establish comprehensive interest rates change scenarios to model the target variables to project and extrapolate in the future where net interest income is equal to interest revenue minus interest costs, can be graphed against future interest rates; and the further matrixing or graphing of interest income volatility or change against the pair of probability and impact for the different interest rates scenarios to establish the earnings at risk or to establish the value at risk and NPV VAR;
Establish different business scenarios that affect the new establishment of assets and liabilities, and continue the modeling exercise to simulate both business scenarios and interest rates scenarios;
Establish optional hedging scenarios based on the preferred business scenarios and the possible interest rates scenarios;
initiate liquidity risk policies that establish appetite level and mandated guidelines, by setting target levels for the target variables including a limit to interest sensitivity and hence an upper limit on interest income risk factor levels or for EAR at a specific confidence level;
Consider the business policies that address the establishing of assets and liabilities when developing the liquidity risk policies;
Create control measures to keep the liquidity risk below appetite level, which includes:
Modifying the business policies relevant to newly establishing assets and liabilities, to reflect and align with the established liquidity risk policy;
Limit the assets and liabilities that are sensitive to interest rates changes and moreover limit establishing new assets and liabilities altogether;
Limit lines without set time profiles, to avoid relevant uncertainties such as those inherent in banking products' options;
Structure the time profile for debits and loans taken, and investments and loans given, to limit liquidity gaps;
Implement cash matching between assets and liabilities to cash flows, to limit liquidity gaps;
Implement hedging tools in order to be ready to make funds available to cover net negative cash flows;
Evaluate hedging tools in order to be ready to invest excess funds due to net positive cash flows.
X-HEAD: Basle II and interest rate risk
Basle II considers the enterprise's internal control processes as the principle tool to be utilised to measure such risk however with the strict requirement that the enterprise makes available to the external supervisors and to the internal assurance unit, the results of risk modeling process through communicating the populated risk register, where this modeling process is to be based on standardised interest rates volatility effects. The enterprise must also prove that such identified risk levels' results have been incorporated in establishing the capital retention level, noting that the only alternative to risk reduction and capital retention is to liquidate the assets and ensure risk avoidance.
Now for credit risk, the risk drivers include exposure and its credit rating of obligor and of the specific transaction, default, credit rating migration across risk ratings scale, and recoveries; while the risk factors which are also the principles that must be the focus of control measures, include managing default and migration.
The exposure is based on the current outstanding assets' or loans' book values that are sensitive to default probability (PD) and/or to credit rating migration.
The risk or events that comprise risk include default of obligor or borrower and fluctuation, particularly the deterioration in credit standing resulting in loss.
Hence the variables and risk drivers or components that is the focus of any credit management policies to mandate the guidelines on target levels of default probability (PD) and credit standing or rating by setting a lower limit on those, are loss given default (lgd), where such variable (lgd) is monitored against pair of migration scenario probability and migration scenario impact. These variables must be modeled as they reflect the lgd or risk impact, where default probability or migration scenario probability can be graphed against default impact or credit migration impact being reflected by the lgd for each probability-impact pair, and further matrixing or graphing risk weights against different pairs of default probability and lgd or impact.
The internal controls system must include the below protection profile (PP) focusing on enterprise credit risk management framework and Basle II compliance evaluation. It also makes sense to move towards complying with the regulatory requirements for risk-based capital retention before moving towards complete economic capital retention requirements. The high level Basle II requirements include capital retention adequacy system inline with the enterprise risk profile namely, Pillar-1, documentation, communication and reporting system that will facilitate supervision to facilitate internal assurance and external verification of the internal controls focused at risk identification, measurement and treatment including risk transfer insurance for residual risk where insured risk should not exceed 20 per cent of identified risk, of the risk management framework namely, Pillar-2, and transparency of the used risk management framework's components that must be based on international best practice that will facilitate market participant conduct comparative analysis, possibly the ability to evaluate business management based on analysis of risk-return measure namely, Pillar-3.
We further draw on the main elements of Basle II, particularly the requirements allowing the use of the 'Advanced Approach' stipulated within the Internal Risk Based (IRB) structure for establishing capital retention adequacy of credit risk regulatory capital, and managing credit risk enterprise-wide. These Basle II guidelines establish the IRB/Advanced Approach requirements for credit risk in conjunction with best practice include the following:
Evaluate, verify and establish the data source, ensuring a balance between data accuracy and data collection practicality, as well as the below mentioned internal and external historical data;
Establish the credit risk components as being the probability of default (PD), the loss given default (lgd) taking into consideration the recovery rate reflecting the risk mitigation measures such as collateral and guarantees, and the exposure at default (EAD), and the effective maturity (M);
Establish an internal system for estimating in other words, modeling each of the risk components, together with a risk-weight function to convert the risk components into risk weights percentages, that is to calculate the risk weights based on the risk components; default probability (PD) and loss given default (lgd), and possibly maturity time schedule. Further model the risk components; PD and lgd, and graph PD against lgd, the risk level factor to establish the risk weight for each asset, and even further using the Board established confidence level you may segment this risk into expected risk, unexpected loss risk and exceptional risk, and focus on setting capital retention for the unexpected portion of the risk;
In order to include the maturity effects on risk weights, you need to make use of the Basle II proposed benchmark risk weight (BRW), which again depends on the PD,
Consider the external rating system and the historical default frequencies in order to establish the internal rating system;
Tabulate the final rating system and the associate risk weights where the risk weights are arrived at through the graphing of PD against lgd, that will be used to calculate risk-weighed assets (risk-weighted asset equals risk weight percentage multiplied by asset size);
Assign established ratings and hence risk weights to each of the assets or loans where such assigned ratings and risk weights must be adjusted based on asset migration across the rating's scale;
Calculate the required capital retention particularly for un-expected loss or risk at a certain confidence level, as the sum of risk-weighted assets, using the established ratings' risk weights deduced from the internal as well external elements (risk-weighted asset equals risk weight percentage multiplied by the asset size);
Calculate the required capital retention for expected loss, through summation of all assets' other than exposures in default and not hedged using EL multiplied by EAD equals PD multiplied by lgd rate multiplied by EAD;
Highlight credit risk concentration due to correlated risk, that if materialised under stress situations can drastically affect the risk profile and also similarly highlight counter-party risk.
The above must be complemented with the following summary of Basle II twelve IRB requirements to facilitate comprehensive Basle II compliance evaluation.
We can now manage liquidity and credit risk in its entirety and are in a position to establish the required risk-based level for capital retention based on the formula; credit risk regulatory capital equals 8 per cent of (credit-risk-weighted assets (risk-weight percentage multiplied by asset size).
Amer Shashati is an independent operational risk management consultant focusing on technology security risk within financial institutions. He has designed unique frameworks for managing operational risk and technology legal liability risk. He can be reached at jimy.shashati@virgin.net
© Banker Middle East 2007
