The Four Key Risks for Risk Exposure Management
Risk exposure management is the measurement and control of risk exposure at all levels of aggregation in a banking organization. Risk exposure management is an important element of risk management and has a significant impact on capital adequacy. Risk Management in the banking world is about ensuring that the bank has sufficient capital set aside to be able withstand stress events and shocks. Banks set aside capital for different types of risk. Four of the main bank capital areas for which risk exposure management is required are shown in the diagram below.
- Prudent Valuation risk is the risk that the bank’s valuations are not calculated correctly. Incorrect valuations can result from poor market data, errors in methodology and model errors
- Credit Risk is the risk that the bank does not get repaid the money it is owed. It primarily impacts the banking book
- Operational Risk is the risk that the bank loses money due to operational error. E.g. human error or failure of IT systems
- Market Risk is the risk that the bank loses money due to adverse movement in market rates or prices. It primarily impacts the trading book
Of these four risks, Credit Risk and Market Risk receive the most attention and have the highest impact on bank capital. They also overlap and impact on one another, making risk exposure management a complex task, because aggregating or netting risk exposures needs to be possible at all levels of a bank, e.g. desk, asset type, legal entity within the banking group, country, business line across a region. The source of this complexity and the need to have standardized identifiers, referred to as aggregation keys, to enable aggregation, is described below.
Bank capital for credit risk is calculated using the capital adequacy ratio. This is also known as capital to risk-weighted assets (RWA) ratio. It is a measure of the bank’s financial strength calculated using its capital and its credit-related assets. The capital adequacy ratio is calculated by dividing a bank’s capital by its risk-weighted assets. There are two tiers for calculating the capital used to calculate the capital adequacy ratio. Tier 1 capital contains equity capital, ordinary share capital, intangible assets, and P&L reserves. It is easily identifiable and measureable and it is the capital that is used to absorb losses due to unforeseen credit risk events materializing. Tier 2 capital on the other hand is seen as less secure than Tier 1 capital and comprises unaudited retained earnings, unaudited reserves, and general loss reserves. The capital from both tiers are summed and divided by RWA to calculate a bank’s capital adequacy ratio. RWAs are calculated by assigning weights to the bank’s loan portfolio based on the determined riskiness of each group of loans. Under Basel 2, the minimum capital adequacy ratio is 8%. Under Basel II it is 10.5%. Regardless of regulations, good governance requires that risk exposure management policies and processes suit the business model of the institution.
Bank Capital for Market Risk is calculated using a set of rules, weights and calculations prescribed by the regulator. The piece of regulation that is currently most relevant for market risk capital is the Basel Committee on Banking Supervision, Minimum Capital Requirement for Market Risk, issued in January 2016, also known as “Fundamental Review of the Trading Book” (FRTB). At a high level, under FRTB, regulators will allow banks to calculate market risk capital using either an internal models approach (IMA) or a standardized approach (SA). It is less expensive from a capital charge perspective for a bank (or trading desk) to use the IMA, i.e. each trading desk will be required to set aside less market risk capital under the IMA, assuming their risk exposure management and their available risk factor data are comprehensive. However, from an infrastructure, systems and operational cost perspective, the calculation of capital under IMA is more expensive. Banks, therefore, will choose to go with IMA as long as the infrastructure costs of doing so are not prohibitive. The diagram below illustrates the key data flows involved under both SA and IMA. A few observations from a data perspective:
- The Standardized Approach does not require market data (daily or historical)
- The Standardized Approach requires today’s market risk positions (i.e. risk sensitivities) as well as a set of risk weights and correlations prescribed by the regulator
- The Internal Models Approach requires a trading desk to calculate market risk capital using a Value-At-Risk (VaR) or Expected Shortfall (ES) methodology
The calculations for both VaR and ES are based on historical P&Ls calculated using historical time-series.
Market Risk and Credit Risk Overlap
The calculations for Market Risk and Credit Risk are not mutually exclusive. There is overlap between the two risks in two key areas:
- Credit Valuation Adjustment (CVA). CVA is an adjustment to the bank’s valuation of its derivative portfolio to account for the credit risk inherent in derivative positions that are in-the-money. The overlap here between credit risk and market risk stems from the fact that valuation of the derivatives portfolio is subject to market risk whereas in-the-money derivatives (counterparties owe the bank money on uncollateralized derivatives trades) is subject to credit risk
- This accounting standard requires that the reserves set aside for the credit risk inherent in a bank’s banking book be calculated using market rates (usually credit spreads). Generally speaking the banking book is a held-to-maturity book and it is not impacted at all by market rates. IFRS9 is a type of exception
Risk Exposure Management – Aggregation Keys for Exposure Aggregation in Both Credit Risk and Market Risk
Risk exposure management for both Credit Risk and Market Risk requires the calculation and aggregation of risk exposures. In Credit Risk the risk exposure is the notional value of the credit-risky loan, adjusted for its risk weight. In Market Risk the P&L of every trade contained in a desk’s portfolio is sensitive to the daily changes in market rates. These sensitivities are market risk sensitivities. Risk exposures can be used in calculations at many levels throughout the bank. The ability to aggregate them using a commonly agreed approach using standardized, firm-wide identifiers is, therefore, essential. The diagram below provides an overview of the process of aggregating risk exposures using standardized identifiers, called aggregation keys.
Standardizing Aggregation Keys is Fundamental to Risk Exposure Management
Without infrastructure and systems that can generate standardized aggregation keys then exposures cannot be netted / aggregated and it will be impossible for a bank to calculate its market and credit risk capital – as well as comply with regulations such as BCBS 239. The key dimensions that these aggregations are required for are
Unique identifiers are required across each of these dimensions and data management principles for risk exposure management, such as lineage, data hierarchies, audit and quantitative library integration need to be adhered to in order to ensure exposure-based calculations are performed correctly.