Absolute indicators of risk of appetite. Determination of risk appetite. Methods and procedures for assessing the risk appetite of a credit institution
Risk appetite is the degree of risk that an organization as a whole considers acceptable in the process of creating value. It is a reflection of the risk management philosophy and, in turn, influences corporate culture and the style of the organization. Many organizations measure risk appetite in qualitative terms - as high, medium or low - while others use quantitative measures that reflect and balance goals for growth, return and risk. Thus, a company with a relatively high risk appetite may allocate a significant portion of its capital to high-risk projects, such as investments in emerging markets. In contrast, a company with a relatively low risk appetite may try to limit the short-term risk of large capital losses by investing only in mature, stable markets. Risk appetite is directly related to the organization's strategy. It is taken into account when developing a strategy because different variants strategies expose the organization to varying levels of risk. Risk management helps management choose a strategy that balances the expected amount of value created with risk appetite. Risk appetite is the most important factor taken into account when allocating resources. Management allocates resources between divisions and projects based on the organization's risk appetite and the division's plan to achieve the desired level of return on investment. Management takes into account risk appetite when forming the organizational and personnel structure, as well as when organizing business processes and building infrastructure in order to effective management and risk monitoring. Acceptable levels of risk are related to the organization's objectives. Tolerable risk is an acceptable level of deviation from a stated goal, so it is best measured in the same units as the corresponding goal. In determining acceptable risk, management must consider the relative importance of the relevant objectives while ensuring that acceptable risk is consistent with the organization's risk appetite. Activities within acceptable risk levels provide management with confidence that the organization will not exceed the level of risk appetite, which, in turn, provides a relative guarantee of achieving its goals.
You can also find the information you are interested in in the scientific search engine Otvety.Online. Use the search form:
More on the topic of risk appetite:
- Stomach cancer. Clinic. Diagnostics. Differential diagnosis. Treatment methods. Gastric cancer is a malignant tumor of mucosal epithelial cells. In terms of frequency, it ranks second to third among
- 85. Risk groups for extrapulmonary tuberculosis (osseous-articular, genital urinary).
- 2. Health and illness. Risk factors in preschool age. Children's health groups. Improving the health of frequently ill children in the family and preschool educational institutions.
The concept of “risk appetite” is quite young; its emergence can be associated with the development of the concept of risk management in an organization. A clear definition of “risk appetite” has not yet been developed, but it is obvious that an attribute of risk will always be the uncertainty faced by physical and legal entities in the course of its activities. In this regard, risk categories such as objective risk (force majeure), market risk (credit risk, liquidity risk, tax risk, investment risk), operational/production risk.
Despite this, the first step in building a company’s risk management will be to determine the “risk appetite” itself, in other words, the measure of risk that the subject considers acceptable for himself. Thus, the level of “risk appetite” will be influenced by the subject’s strategy, and the “risk appetite” itself will influence the degree of development of all other components of the risk management process. Thus, the higher the risk appetite, the less detailed and reliable the risk management processes will be. However, this does not mean that establishing a high “risk appetite” is undesirable for the subject. It all depends on economic feasibility expenditure of resources on the implementation of risk management processes and possible losses in the event of risks occurring.
So what is the relationship between risk appetite and audit risk? As shown world practice, and as reflected in ISAs (International Standards on Auditing), it is impossible to express any reasonable assurance about financial statements without studying the activities of the audited entity and without assessing the risks associated with the activities. Understanding the subject’s risks comes from an understanding of the subject’s goals and strategies and serves to identify possible distortions in financial statements, while understanding the risk management process serves as an understanding of the system internal control which can also serve to identify the risks of material misstatement in the financial statements and obtain an understanding of management's attitude toward internal control.
From the auditor’s point of view, an established risk management process in the audited entity can reduce the time spent studying risks by using information from the entity itself, gain confidence in the reliability of certain components of internal control, and reduce the volume of audit procedures.
As part of the audit, the formation of the “risk appetite” category can be represented as follows:
In other words, the “risk appetite” category determines what further actions to take regarding the residual risk based on the appropriate strategy. If a company decides to pursue an aggressive policy, the level of its “risk appetite” is steadily growing. Based on this, the auditor needs to increase audit risk and increase the scope of audit procedures.
Finally, let us give an example where ineffective risk management of a company led to negative financial and reputational consequences not only for the company itself, but also for the auditor. It's about about the high-profile litigation between the British company British Sky Broadcasting (BSkyB) and the system integrator Electronic Data Systems Corp., owned by a corporation Hewlett-Packard. In 2000, BSkyB awarded EDS a £48 million contract to implement an IT solution for customer support (CRM systems). The contract was terminated two years later, BSkyB completed the implementation using its own specialists and sued EDS for misrepresentation regarding the scope and quality of services provided during the tender. The “risk appetite” of EDS managers was probably too high to limit the promises made by BSkyB at the sales stage to the actual capabilities of the integrator and clearly state in the contract the scope of services that will actually be provided. It can be judged that the EDS auditor did not carry out a sufficient assessment possible risk due to EDS's failure to fulfill its obligations.
In conclusion, I would like to once again emphasize the role of risk assessment in the activities of an organization not only on the part of the economic entity, but also on the part of the audit company that audits the financial statements of this entity. Ineffective management of the company’s “risk appetite” and insufficient attention to it on the part of the auditor can lead to negative consequences for both parties.
Daria Plisko
assistant auditor BLcons Group
There are many valuable tools and techniques that can help mitigate risk and manage earnings volatility.
It is useful to divide the cost of risk into two categories – retained risks and transferred risks. The category into which a given risk falls depends on the organization's risk appetite. The term risk appetite also has several meanings, but according to the most common one, risk appetite covers more than the concept of insured risks and is a method that helps determine the possible profits or losses that a company is willing to bear. Risk appetite can be measured different ways– from analysis of enterprise performance indicators to the intuitive sense of the right direction that arises among managers and boards of directors.
What is important about the concept of risk appetite is that it clearly indicates the risks that a company can bear and the risks that it should transfer. If risk appetite is aligned with all stakeholders, both inside and outside the organization, it can ensure:
1) better strategic decision making (due to more efficient distribution of financial and human capital);
2) introduction of a risk management culture with traditions of transparency and more efficient practices corporate governance;
Stored risks can also be divided into two categories:
Business, project and investment risks – This category considers risk as uncertainty relative to expectations and thus covers the company's ability to earn profits or suffer losses. To succeed, an organization needs to take risks. However, this approach implies that the risks taken are measured and carefully studied in order to make optimal strategic decisions. Useful techniques for dealing with such risks include studying uncertainty over time, discounted cash flow analysis, decision tree analysis, and many other specific techniques.
Loss prevention and risk mitigation – this category is used to manage the risk of loss. Techniques used here include quality control, safety oversight, loss control, traditional risk management and asset protection. Among other things, these measures include risk prevention, risk reduction, and financial risk management techniques for effectively managing the funds allocated to cover the losses remaining after the implementation of all measures.
The cost of transferred risks can be managed in whole or in part through methods such as a conditional contract or strategic alliance. The cost of risk can also be managed through financial risk transfer techniques such as insurance, hedging and derivatives. This aspect of risk management has traditionally been strong in insurance companies, brokers and banks.
18. Risks when forming a securities portfolio .
Let us now consider the role of risk in the formation of a securities portfolio. The risk associated with the acquisition of certain types of securities is due to the fact that the expected income from them is a random value; it can take on different numerical values with certain probabilities.
Probability characterizes the degree of certainty of the occurrence of some event. The probability of a guaranteed event is taken as one, and the probability of an impossible event is taken as zero. The probability of a random variable is greater than zero, but less than one, and the sum of the probabilities of all its possible values is equal to one.
There are two main ways to determine the probability of a random event occurring: objective (historical) and subjective (forecast). An objective assessment of probability is derived from statistical processing of the results of observations of repeating processes that generate random events. This way we can determine the probability that in April current year in Moscow the average monthly temperature will be above zero or that on December 31 there will be no traffic accidents in the city. Sometimes an objective assessment of the probability of the occurrence of some random event can be given a priori: for example, the probability of getting the number 3, as well as any other number from 1 to 6, when throwing a six-sided die is 1/6. A subjective assessment of probability comes down to a more or less reasonable forecast of the frequency of occurrence of possible values of a random variable. Investment calculations usually involve new technologies and therefore subjective estimates of probability.
Based on the given probabilities of random variables, various algorithms are constructed for determining their average expected values. Most often, the expected value is calculated as a probability-weighted average. So, if in next year The firm's profit with probability 0.1 can be either 15 or 30 deniers. units, with a probability of 0.2 - both 18 and 24 days. units and with a probability of 0.4 - 20 days. units, then the expected value will be
0.1(15 + 30) + 0.2(18 + 24) + 0.4 20 = 20.9 den. units
Since quantitative estimates of probability are not always reliable, the actual value of the predicted value may not coincide with the expected one. This is where the concept of risk arises: there is a risk that the actual value will not coincide with the expected value. Probability of deviation actual value from the expected one, the wider the spread of the values of the random variable, the greater. Therefore, as a measure of the risk inherent in a decision with a probabilistic outcome, the so-called standard deviation () is used - the root-mean-square absolute deviation of the possible values of a random variable from the expected one. In the example above, there is a risk of not making a profit of 20.9 den. in the coming year. units will be
= [(20,9 - 15) 2 + (20,9 - 18) 2 + (20,9 - 20) 2 + (20,9 - 24) 2 + (20,9 - 30) 2 ] 0,5 = 11,7.
The quantity 2 is called dispersion or variation.
19. Games with nature.
In some tasks that lead to games, there is uncertainty caused by the lack of information about the conditions under which the action is carried out (weather, consumer demand, etc.). These conditions do not depend on the conscious actions of the other player, but on objective reality. Such games are called games with nature. A person in games with nature tries to act prudently, the second player (nature, consumer demand) acts randomly.
The game conditions are given by the matrix 
.
Let the player have a strategy A 1 ,A 2 , …, A m, and nature is a state IN 1 , IN 2 , …, In n. The simplest situation is when the probability is known p j every state of nature In j. Moreover, if all possible states are taken into account, p 1 + p 2 + … + p j+ … +pn= 1.
If player A chooses a pure strategy A i, then the mathematical expectation of winning will be p 1 a i 1 + p 2 a i 2 + … + p n a in. The most profitable strategy will be the one that achieves
(p 1 a i 1 + p 2 a i 2 + … + p n a in).
20. Example of matrix game analysis .
Matrix games, concept of games theory. M. and. - games in which two players (I and II) with opposing interests participate, and each player has a finite number of pure strategies. If player I has m strategies, and player II - n strategies, then the game can be given ( m ´ n)-matrix A = ||a ij ||, where a ij is the payoff of player I if he chooses the strategy i (i = -1, ..., m), and player II - strategy j (j = 1, ..., n). Following general principles behavior in antagonistic games (a special case of which are M. and.), player I tends to choose such a strategy i 0, at which it is achieved
;
Player II seeks to choose a strategy j o, at which it is achieved
;
If v 1 = v 2, then a pair( i 0 , j 0) constitutes a saddle point of the game, that is, the double inequality holds
; i = 1, ?, m; j = 1, ?, n.
The number is called the game value; strategies i 0, j 0 are called the optimal and pure strategies of players I and II, respectively. If v 1 ≠ v 2, then always v 1 < v 2; in this case, there is no saddle point in the game, and the optimal strategies of the players should be sought among their mixed strategies (that is, probability distributions on the set of pure strategies). In this case, players operate with mathematical expectations of winnings.
The main theorem of the theory of M. and. (Neumann's minimax theorem) states that in any microstructure. there are optimal mixed strategies X*, y*, at which the achieved “minimaxes” are equal (their total value is the value of the game). For example, a matrix game has a saddle point at i 0 = 2, j 0= 1, and the game value is 2; a matrix game has no saddle point. For her, optimal mixed strategies are X* = (3 / 4 , 1 / 4), y*= (1 / 2 , 1 / 2); the game value is 1/2.
To actually find optimal mixed strategies, they most often use the possibility of combining M. and. to linear programming problems. You can use the so-called iterative Brown-Robinson method, which consists of sequential fictitious “playing” of a given game with the players choosing in each given game their pure strategies, the best against the opponent’s accumulated strategies at that moment. Games in which one player has only two strategies are easy to solve graphically.
M. and. can serve as mathematical models of many simple conflict situations in the fields of economics, mathematical statistics, military affairs, and biology. Often, “nature” is considered as one of the players, which is understood as the entire set of external circumstances unknown to the decision-maker (another player).
21. Difficulties in testing complex analytical hypotheses.
The developed solution is a complex of interconnected software modules, operating on a single platform and database, allowing to solve problems of a diverse range from assessment financial condition counterparties to managing risks in all their forms, including calculating limits, their planned (target) signal values, determining the size of existing and required capital, indicators of its sufficiency and other indicators of risk appetite.
In PC "RISKFIN. Prof" included all the best, most in demand, useful, from the experience, competence and practice of specialists and experts of the company "RISKFIN", saving the effort and time of risk managers, analysts in the form of a pre-prepared set of methodological developments and software settings
Methods and procedures for assessing the risk appetite of a credit institution
Farrakhov I.T., RISKFIN LLC, Deputy general director on development
A version of the article prepared by the author(s) for the press was published in the journal
"Risk management in credit organization" №4, 2011.
Introduction
Currently, credit institutions mainly use single-factor models to analyze their possible losses, which is not always adequate and justified. This methodology involves the simultaneous use of an unlimited number of risk factors, both to assess the total banking risk(risk - appetite), and for assessing its individual components.
In international and domestic practice, various methods are used to assess the magnitude of possible losses by credit institutions, the majority of which use either single-factor models or models with risk factors of the same type. Models that simultaneously use credit, market and other types of risk factors for analysis are extremely rare. This situation does not allow credit institutions to adequately assess the amount of their possible total losses as a whole for the entire financial portfolio because single-factor models do not allow for simultaneous changes in multiple risk factors.
In the recommendations of the Basel Committee on Banking Supervision, significant attention is paid to the issues of assessing the capital adequacy of a credit organization in a single context with assessing the amount of total risk. The purpose of the proposed methodology is to develop unified approaches to the quantitative assessment of possible losses that a credit institution may incur in the future during the implementation process various types risk.
Retail lending: portfolio management technology. Retail Lending: How to Manage Portfolios
Risk manager: in dreams of management
Sometimes it seems that risk management has reached a dead end. Risk managers “measure, record the presence or document risks, assuring everyone around them that risks and their reduction are the main goal of managing an organization,” as Alexey Sidorenko wrote in his series of articles. The last point, convincing everyone around that risk reduction is the main goal of business management, is very useful from the point of view of self-positioning and self-promotion of risk managers. Global initiatives like Basel I-II-III-etc-etc are the cash cows of consultants (we actually really like them!).
But business leaders are often simply annoyed by risk managers. Therefore, business unit managers often try to ignore risk managers, and sometimes they are simply fooled. At best, they look at risk management as an inevitable cost of being in business, and simply demand that risk managers avoid problems with regulators.
Isolation from the real world in which profits are made makes the day-to-day work of risk management boring, meaningless and merciless to the people who do it. And these people are qualified: they are good at building mathematical models, making predictions, and identifying patterns. Neglect of this experience, the waste of working time by these people is an unaffordable luxury in an era of declining margins, fintech and growing objectively existing risks.
So how do you make risk management business-oriented while still being risk management? What real-world problems (beyond regulatory compliance) can risk management solve for businesses? How can risk managers help improve business performance? How to make sure that business units and risk management work in the same team? What management decisions need to be made to achieve these goals?
One answer to all these questions is the Risk Appetite Declaration.
Declaration of risk appetite: what is it?
A declaration of risk appetite is a formal document that lists risks, risk factors, their target values, threshold values, upon reaching which certain decisions must be made. This document also formally sets the target level of economic capital adequacy to cover risks, the volume of the required liquidity buffer, as well as the target return on capital.
This definition is a tribute to dead letters and can destroy any sound idea in the bud. It is meaningless from the point of view of the real needs of business development. Everything that is mentioned in this definition is either invented or imagined by risk managers. For a declaration of risk appetite to be worth more than the paper on which it is printed, it needs to be specific.
A list of specific management decisions and actions. The main source of management actions is business goals. Risk also does not exist in itself, but represents the failure to achieve these goals. Therefore, the Declaration of Risk Appetite should contain a list of objectives. The management actions listed in the Declaration are tied to goals, but have different conditions for their application. They also depend on our attitude to risks.
Attitude to risks - key moment in building risk management focused on management actions. It is impossible to manage all risks. You don't need to manage all risks. If we minimized all risks, there would be no sources of profit left. Therefore, you need to decide from the very beginning:
What risks do we accept (and transfer to our shareholders, leaving the management of these risks to them);
What risks do we manage, that is, what risks are in the area of our business and our competence;
What risks we and our shareholders prefer to avoid, and our shareholders are not prepared to take under any (reasonable) circumstances.
By classifying the risks in this way, we can focus on those that we manage and (to a lesser extent) those that we accept. The cause of any risk is a change in risk factors. Risk factors may have different qualitative characteristics and quantitative measures. Some of these characteristics and measures are tied to probability, some to the impact that the realization of risk has on the organization. Some risk measures are expressed in units of financial results (the amount of profit or loss), some are focused on risk in a narrower sense of the word.
Management actions and decisions depend on the situation. Some are simply planned in advance depending on the stage life cycle portfolio or transaction. Some should be taken in response to an external event. Actions can be natural in the normal course of business, or they can be extreme and anti-crisis. An example of the latter type of action is selling with a stop loss.
Procedures for regularly monitoring a transaction or portfolio we manage must also be described in the Risk Appetite Statement.
Thus, the Declaration of Risk Appetite is not only and not so much about risks. This is about business in general. An effective Risk Appetite Statement is more of an investment statement designed to address all internal management concerns.
Declaration of risk appetite in bank management
An effective Statement of Risk Appetite permeates the bank management process. It sets the starting point for planning, since it defines the target characteristics of the portfolio that the bank forms.
It also regulates the lending process. The image of the target borrower, the rules of lending and risk taking are an integral part of the Declaration.
It defines the rules and methods of portfolio management. Managing an established portfolio of retail loans is a complex task. This is much more difficult than managing securities portfolios. The terms of the loans are fixed and cannot be changed unilaterally. The secondary loan market is not liquid. Selling them requires lengthy and scrupulous preparation. Therefore, selling as a portfolio management tool in crisis situation- the tool is practically inaccessible. But sometimes the Declaration of Risk Appetite in terms of prepayment risk may dictate the need for unilateral easing of loan conditions and set the rules for such easing.
Because the Risk Appetite Statement sets out the objectives of the retail loan portfolio, it can be used to assess the performance of that portfolio. Profits and losses of business units, financial results, risk-adjusted, are calculated based on the assumptions specified in the Declaration. Moreover, if any risks materialize, onlyDeclaring risk appetite allows you to distinguish between bad luck and failure of risk management.
Key risk indicators for retail lending
Widely used indicators of retail loan portfolio risk include the average reserve rate per possible losses by portfolio, share of overdue loans, 0+3mob (share of loans overdue within the first three months after issue), 30+6mob (share of loans whose overdue period exceeds 30 days, overdue in the first six months after issue), volumes of written-off portfolio loans. All these indicators are relatively easy to calculate. However, they all have one drawback: they are not leading, and therefore their use in portfolio management is difficult.
Instead, we recommend using more complex indicators, such as LTS, specific LTS, forecasts of provisions for possible losses, forecasts of delinquency volumes and delinquency frequencies. The computational complexity of these indicators is easily compensated by specialized information systems, such as . However, in return, the risk manager receives the ability to manage.
For example, as a result of portfolio ripening, the volume of reserves for possible losses increases, and therefore the economic capital available to the bank to cover accepted risks decreases. At the same time, the generation of young loans generates good returns, which initially cover the costs associated with reserves and capital. The optimal choice of the moment of selling loans (securitization) allows you to double the bank’s return on capital.
The most important characteristic of a loan portfolio is LTS (loss-to-sale). This value represents the accumulated losses across a generation of loans. LTS grows, maturing over the entire lifetime of a generation and depends on the initial contractual term of the loans and the credit quality of the borrowers. Specific LTS is a derived characteristic of the credit quality of borrowers (the influence of the initial contract term of loans has been removed). The concept of specific LTS was originally developed by Vladimir Babikov. In essence, the formation of rules for issuing loans is a procedure for linking specific LTS to client characteristics (debt-to-income ratio, region of the borrower, level of education, industry, etc.). Therefore, when formulating the Declaration of Risk Appetite, the risk manager must determine the target level of specific LTS.
Analytical procedures (for example, those implemented in the Roll Rate Analytic System®) allow you to model the impact of GDP growth rates, unemployment and other macroeconomic factors on delinquency rates, LTS and specific LTS. According to the requirements of the Basel Committee, credit ratings must be assigned to borrowers taking into account possible deterioration of economic conditions or unexpected events (see §§414-416 in International Convergence of Capital Measurement and Capital Standards, clause 12.13 of Bank of Russia Regulation 483-P). Objective LTS analysis - practically effective method ensure compliance with this requirement.
Issuance of loans
Lending procedures should be based on the Statement of Risk Appetite and ensure that the resulting portfolio meets its objectives. The cornerstone of these procedures is the scorecard. With their help, the diversity of borrower characteristics is converted into an aggregated score. This allows you to form an unambiguous decision whether to issue a loan to a given client or not. However, the decision rule must take into account not only the current characteristics of the borrowers, but also their possible evolution over time. This is not only a requirement of common sense, but also of regulatory standards. Consequently, the scoring system should link the characteristics of borrowers with the specific LTS of the portfolio that the bank wishes to create.
Moreover, scoring cards must cover more than just credit risk in terms of specific LTS. They must also take into account customer behavior, in particular their early repayment of loans. Why is this so important? If the added value of the loan portfolio is initially 10% of the loan amount, early repayment of 30% of the portfolio per year reduces the added value to negative -40% of the loan amount. In other words, a borrower who repays loans early brings losses to the bank. The experience of our clients shows that taking into account client behavior when constructing scoring cards (together with taking into account their credit quality, of course) allows you to increase profits fivefold while reducing the volume of new issues by half (which reduces the bank’s costs when attracting resources).
Declaration of Risk Appetite: A Working Example
As stated above, the Risk Appetite Declaration governs all aspects of bank portfolio management, namely:
Target return on capital and other key portfolio performance indicators;
Risk targets;
Portfolio volume and other characteristics;
Indicators that should be constantly monitored, as well as their threshold values, the violation of which entails making management decisions.
These principles are illustrated in the figure.
Forming a Declaration of Risk Appetite is a complex task. But it is worth solving. The result of using hidden reserves that will be released as a result proper organization business process, justifies all costs. Aligning portfolio goals and management procedures facilitates bank management. The result is higher returns on capital, even in an era of increased competition, economic crises, increased regulation and renewed barriers to entry. High-quality risk management guarantees business owners good nights. True, some amateurs call it luck for some reason.
He who has ears, let him hear! Having risk management, let him make a profit!
