guarantees or contractual clauses, mitigate the risk. The alternate process is through “signatures” whereby the transaction proposal is circulated and approval requires agreement between all credit officers. Whether signatures or committees are used for approval, risk officers remain accountable for the risk decisions and decisions are recorded, eventually with comments and recommendations of participating executives.
1.5.2.2 Market Risk and Trading Activities
For market risk, a common risk metric is the sensitivity of a position or of a portfolio of positions. Sensitivities measure the variations of values due to standard shocks on market parameters such as interest rates, foreign exchange rates or equity indexes. There is a variety of sensitivities depending on the type of products and on the risk factors that influence their values. Other risk metrics involve the capital charge for market risk, which embeds other elements of market risk, such as the market volatility and an assessment of the likelihood of losses of various magnitudes.
As the gains and losses in trading are market driven, a risk tolerance has to be defined for the business lines, the desks and the traders. A risk tolerance is an assessment of the maximum loss, for the business line or for desks, considered as acceptable, but which should not be exceeded.
The policies for trading should be comprehensively documented. Limits depend on expectations about market conditions, as formulated in market committees. Market instability might require tighter limits because the chances of large fluctuations are higher. A daily market committee formalizes the current market conditions. Trading desks operate within their limits. Limits are set for the various desks consistently with aggregate market risk. Traders comply with limits by hedging their risks, or unwinding their positions, eventually at a loss.
As risk regulations developed and standard practices for risk management spread across the industry, some common views on the organization of the risk management process emerged.
1.5.3.1 The Risk Department and the “Three Lines of Defense” Model
The three lines of defense model is a convenient scheme used for structuring the roles, responsibilities and accountabilities with respect to decision making, risk controlling and for achieving an effective risk governance bank-wide. It illustrates how controls, processes and methods are aligned throughout large organizations. The three lines of defense are:
• The lines of business.
• The central risk function.
• The corporate audit and compliance functions.
The business lines, or front office, make up the first line of defense and are responsible for identifying, measuring and managing all risks within their scope of business. Business lines have the primary responsibility for day-to-day risk management. As the management of the business line is close to the changing nature of risks, it is best able to take actions to manage and mitigate those risks. Lines of business prepare periodic self-assessment reports to identify the status of risk issues, including mitigation plans, if appropriate.
These reports roll up to the executive management and to a central risk department, which enforces the risk discipline. Standard practices impose that the risk management should be centralized and that a “clean break” exists between risk-taking business lines and risk supervising units. The risk department ensures an assessment and a control of risks independent of the business lines. The department is responsible for the guidance and implementation of risk policies, for monitoring their proper execution complying with documented risk processes. It defines, with the top management, the risk policy of the bank. The chief risk officer reports to the senior executive committee, who ultimately provides the risk department with the power of enforcing risk policies.
Given their roles, the perceptions of the same risk reality by the business lines and the risk department might differ. This difference in perspectives is what adds value to the enterprise as a whole and to the risk management process. However, the effectiveness of the risk process can be questioned when there are compelling business reasons to proceed with a transaction. Enforcing the power of a credit committee requires some arbitration process when conflicts arise. The arbitrage between conflicting parties is handled by more senior levels when the process is not conclusive. Moving up in the hierarchy of the bank guarantees that a conclusion will be reached and that the credit proposal is thoroughly examined at each stage.
The existence of a risk department does not suffice to enforce sound risk practices. Both the first line and the second line are accountable for risk assessment and control. Making the risk department the unique function accountable for risks would relieve the business lines from their risk responsibilities. A centralized risk control unit would be overloaded by the number of risk issues raised by the front offices. In large banks, risk managers are “embedded” within the business lines, but report both to the business lines and to the central risk department. They provide the local risk control within the “first line of defense”.
The third line of defense is that of internal and external auditors who report independently to the senior committee representing the enterprise's stakeholders. The internal auditors' role is to provide an independent review of the effectiveness and compliance to risk policies of the risk processes. Corporate audit activities are designed to provide reasonable assurance that significant financial, managerial and operating information is materially complete, accurate and reliable; and that employees' actions comply with corporate policies, standards, procedures and applicable laws and regulations. The auditors have the capacity to make recommendations and to supervise their execution.
1.5.3.2 The Asset and Liability Management Department
The ALM – asset-liability management – department is in charge of managing the funding and the balance sheet of the bank, and of controlling liquidity and interest rate risks. The function of ALM is the finance function of banks and is often located within the finance department. The scope of ALM extends mainly to the banking portfolio, and less so to trading activities because they rely primarily on short-term financing. For controlling the liquidity risk and the interest rate risk, the ALM sets up limits to future funding requirements and manages the debt of the bank. The interest rate risk is measured by the volatility of target variables such as the net interest income of the bank, using interest rate derivatives.
The ALM committee meets at least monthly, or when needed in adverse conditions. It groups the senior management, the chief finance officer, the head of the ALM team and the executives in charge of business development and commercial policies. The senior management is involved because ALM policies have a strategic influence on the bank's financing profitability. ALM policies also have strong and direct interactions with the commercial policy. The bank exposure to interest rate risk and liquidity risk depends on the product mix in the banking book. ALM policies have also a direct effect on the pricing to clients, as it should absorb the cost of financing the banking book. Furthermore, the ALM unit is in charge of internal prices of funds, the cost of funds charged to lending units and the financial compensation of deposit collection by branches.
1.5.3.3 Enterprise-wide Risk Management (ERM)
Bank-wide management implies that metrics of income and risk at the global bank level be related to similar metrics at the business unit, book and transaction levels.
Policies set global limits and profit objectives at the enterprise level, which are allocated to business units. This top-down process requires that aggregate profit and limits be allocated at lower levels of the hierarchy in a consistent manner. The monitoring and the reporting of risks and performance is bottom-up oriented, starting from transactions, and ending up with aggregated risks and income. Both processes require a sound bank-wide allocation of earnings and of risks.
As funds are transferred to lending activities and from deposits collected, the earnings
