Risk Insights Magazine Issue One

JULY – DECEMBER 2016
ISSUE ONE
www.risk-insights.com RISK INSIGHTS
The Latest Risk and Regulation Articles and Opinions
Capital
Stress Testing Operational Risk
IFRS 9 Management & FRTB
& Model Risk Risk Americas
Liquidity Risk
FEATURED ARTICLES
Building a CCAR Economic Consistency of IFRS 9

compliant operational risk liquidity requirements with
stress model stress modeling Basel III
READ THE LATEST ARTICLES FROM
YOUR MOBILE DEVICE
KEEP UP TO DATE ON OUR LATEST

RISK MANAGEMENT CONFERENCES
MANAGE YOUR ONLINE

PROFILE
RECEIVE EXCLUSIVE OFFERS
INTERACT WITH THE ATTENDEES

AND PRESENTERS AT OUR
CONFERENCES
Download today
by searching ‘Risk Insights’
on your relevant App store
JULY - DECEMBER 2016 | ISSUE ONE
RISK INSIGHTS
Welcome to our Risk Insights magazine

Welcome to the Center for Financial Professionals’ first issue of the We are continuing to grow our Risk Insights website, monthly
financial Risk Insights magazine. This e-magazine is dedicated to e-newsletter, and are very proud to present you with the first edition
bringing you the latest opinions and articles in financial risk and of our bi-annual magazine. If you would like to contribute to our
regulation from the senior presenters that attend our collection of articles, opinions, and our next edition of the magazine, or simply
leading risk management conferences. wish to provide some feedback please do not hesitate contact me.
In our first edition we cover the latest in capital management, We hope you enjoy the read and on behalf of the entire Center for
liquidity risk, stress testing, model risk, IFRS 9, operational risk, Financial Professionals’ team we wish you a great summer and end
third party risk, and the Fundamental Review of the Trading of 2016.
Book. Readers will enjoy a variety of opinions and insights from
professionals across EMEA and North America from the leading Center for Financial Professionals Team
FIs and solution providers.
Contents
Stress Testing & Model Risk Risk Americas Convention
4 Building a CCAR compliant operational risk 18-19 Looking back at our 2016 event
stress model
6 Reviewing evolving stress testing processes:
BAU, data and the practicalities of running a
stress test Capital Management &
7 Understanding the gains and losses for
institutions on the verge of crossover
Liquidity Risk
20 Key components of LCR/2052a implementation
8 How stress testing is compared to economic
capital 21 Reviewing the potential transition from CRD IV
to CRD implementation
8 PPNR modeling and the role of the stress
testing professional 22 Unexpected consequences of the Volcker Rule
23 Economic liquidity stress modeling
25 Reviewing regulatory requirements to better
IFRS 9 understand the liquidity risk landscape for
10 Consistency of IFRS 9 requirements with Basel III better management and compliance
12 Strategic implications of IFRS 9 on systems
12 IFRS 9 impairment
Fundamental Review of
Operational Risk the Trading Book
13 Establishing an effective governance structure to 26 How do you see the role of the market risk
better account for operational risks professional changing over the next 6-12 months?
14 Conference Review: New Generation Operational 26 The potential pitfalls of operating under an
Risk internal models based approach
15 What is defined as ‘good risk culture’ 27 A look towards the CVA finalisation rules
16 Challenges for a new generation of operational
risk 27 The debate between VaR and ES
17 Third party risk management towards a pragmatic
approach
17 Third party risk management landscape SUBSCRIBE FOR THE NEXT ISSUE
17 Alignment of third party and vendor risk The next issue is scheduled to be released in January
management with operational risk agenda 2017. Register your email to receive the next copy
For the latest financial risk and regulation research and articles please visit www.risk-insights.com 3
JULY - DECEMBER 2016 ISSUE ONE
RISK INSIGHTS | Stress Testing and Model Risk
Building a CCAR compliant

operational risk stress model
CHRISTIANE HOPPE-OEHL
HEAD OF OPERATIONAL RISK AND REVERSE STRESS TESTING, UBS
We interviewed Christiane Hoppe-Oehl Not long ago, US regulators preferred Dwelling deeply into what could go wrong
at UBS to gain insight on her professional quantitative models but the trend is moving and assessing the possible loss amount
experience as Head of Operational Risk towards more expert involvement to make will lead to the right measures being
and Reverse Stress Testing. Christiane up for data issues and enable estimates taken before the risks will materialise.
will be presenting at the Stress Testing of future vulnerabilities which might differ Understanding and therewith preventing
Europe Summit taking place in London, 5-6 substantially from historical observed events which could hurt the bank most is at
October.
losses. However, regulators still want banks the core of risk managements role.
Christiane, can you please tell the to analize their past data and get a good
Center for Financial Professionals’ What are some of the challenges
understanding of relationships to macro-
readers about yourself and your in estimating legal losses under
economic events instead of purely relying
professional experience? stress?
on experts who might be biased or might
I hold a diploma in mathematics. I have have very subjective views on potential Legal losses have increased substantially
worked 20 years in the financial industry losses. Losses observed in operational risk over the past years and the trend for high
covering market, credit and operational were substantial for many banks over the fines hasn’t reversed yet. It is hard to predict
risks. I covered market risk at Bayern LB past 10 years. Increased regulatory scrutiny possible outcomes. Close collaboration
in Munich and Paris. I was responsible for has led to ever higher fines amounting between Legal, Risk, and Finance is
market risk modeling, trader supervision, to billions of losses per bank. There is required to be able to raise awareness
the development of pricing tools, as well significant model risk involved and results and estimate capital impacts while
as trading, pricing, hedging and structuring might differ substantially depending on confidentiality is key. Large legal fines can
of Structured Equity Products. I joined UBS have a significant impact on the companies’
the approach taken. Key is a thorough
10 years ago in credit risk modeling where I stock price, clients and employees,
sensitivity and benchmarking analysis to
put in place a stress governance enhancing
better grasp the correct range of possible reputation and the brand.
the banks risk frameworks. Since two
years I am responsible for the operational future operational risk losses and the
How do you see the role of
risk stress model and enhanced it to resulting impact on the banks capital. the Stress Testing Professional
comply with CCAR standards. Apart from How do you make a CCAR changing over the next 6-12
operational risk, I am responsible for reverse months?
compliant operational risk stress
stress testing and other consequential risks
testing model forward looking? Modelers must learn to sell their models
under stress.
It starts with a diligent risk and educate the business, to move away
We are looking forward to you identification process, involvement of from pure quantitative assessments
presenting at our upcoming Stress
business, senior management and various to a more process oriented role. The
Testing Europe Summit where
internal parties to ensure the current business must learn to judge on models
you will review the building of
CCAR compliant operational risk stress most material risks can be identified and understand their impact on capital.
models, what are the advantages of and measured. This process helps to Collaboration between different entities
using quantitative models over expert raise awareness about key risks and (Risk, Treasury, Finance, Legal) must improve
judgment? improvements in risk management. to get a conclusive bank-wide picture.
4 For
Forthe
thelatest
latestfinancial
financialrisk
riskand
andregulation
regulationresearch
researchand
andarticles
articlesplease
pleasevisit
visitwww.risk-insights.com
www.risk-insights.com
STRESS TESTING
EUROPE 2016
Reviewing Evolving Stress Testing Processes and Requirements
and Moving Towards the Next Phase of Development
5-6 OCTOBER 2016 | LONDON
KEYNOTE REGULATORS PROCESS & MODEL RISK

CONTROLS
EUROPEAN CENTRAL BANK EMBEDDING STRESS TESTING
DATA & BCBS 239 INTO ‘BUSINESSES AS USUAL’
FEDERAL RESERVE BOARD (TBC)
BUSINESS PLANNING ENTERPRISE
AND OTHERS TO BE & RISK MANAGEMENT STRESS TESTING
ANNOUNCED…
LIQUIDITY OPERATIONAL RISK
CO-SPONSORS:
Register today by contacting
CIMCON jesse.hopkins@cefpro.com
Software
Reduce Spreadsheet Risks or calling the team on
+44 (0) 20 7164 6582 | +1 888 677 7007
Reviewing evolving stress testing

processes: BAU, data and the
practicalities of running a stress test
S
ince the financial crisis stress testing business and improve the risk management A final area of discussion is around the
has been increasingly used, most of their organization. One of the reasons practicality of actually running a stress test,
prominently in the US, but also in the that regulators have stress testing exercises particularly running one from its beginning
last few years in the UK and Europe, as a is that they are not confident that banks to end point and the process banks go
key tool in examining the vulnerabilities in are using them internally, and therefore are through. For example, how do banks turn a
banks’ balance sheets and their ability to not in control of their business. Therefore stress testing scenario into a viable scenario
withstand adverse economic scenarios or if banks can use the tools internally to help that can be easily understood for example?
shocks. The theory around the purpose of optimize their business, then satisfying Stress testing scenarios that are produced
stress tests is simple enough, as they allow the regulators demands should become by supervisors are designed for all banks
supervisors to assess banks’ resilience to more straightforward. In other words, in an
taking part in the stress tests, but each
ensure whether or not they are sufficiently ideal scenario banks should be constantly
bank has a unique structure to it. It can
capitalized to withstand such adverse coming up with their own internal economic
therefore be harder for one bank to turn a
scenarios, in the event that one does scenarios to stress throughout the year, so
actually occur somewhere down the line. that when it does come to regulatory stress stress test scenario into a viable scenario in
However, in practice running stress tests is tests it is information that banks already comparison to another bank. Furthermore,
not so simple. have. it can be challenging to craft a scenario into
something that can actually be modeled. It
Due to the ever-increasing stress testing Another area of focus, one that will is all well regulators’ giving banks a scenario
regulatory demands, the Center for inevitably always come up as a key area to test their resilience to, but actually
Financial Professionals conducted extensive throughout risk management is the data modeling this to see how the scenario
research to assess the main stress testing challenges involved in stress testing would play out is more complex. Banks then
challenges that financial institutions are and ensuring that data is used as a tool
have the challenge of actually deciphering
facing. This piece will explore three of the for effective stress testing. A prominent
whether there are credible management
most prominent areas that came up during challenge that banks were in unanimous
actions that can be taken to lessen the
the research; embedding stress testing into agreement on was the linkage between
a ‘Business as Usual’ (BAU) framework for risk and finance, a relatively new concept impact of that particular scenario occurring.
more effective risk management, the ever- where banks are looking across finance Whilst stress testing in theory works really
constant stress testing data challenges and and risk data within stress testing. Within well, in practice it is almost evolving into an
the practicalities of actually running a stress organizations there is still a lot of separation art as much as a science.
test. between risk and finance data, so the Overall there is more for the industry still
challenge is bringing the two together and to ponder as it looks towards the results for
Many during the research highlighted the
trying to ensure some form of consistency.
significance of embedding stress testing this year’s EBA and Bank of England Stress
Risk professionals agreed that overall the
into a BAU framework to ensure more Tests, which are expected to be published
interaction between risk and finance is a
effective risk management across the in early Q3 and Q4 respectively. As stress
pivotal part of stress testing.
organization. The importance of stress testing processes and requirements evolve
testing is not lost on financial institutions, Additionally, stress testing has been there are still many challenges outside
with the Bank of England and EBA receiving increasing interest over the last the ones discussed in this piece that need
conducting regular stress testing exercises few years, both within banks and externally addressing. Network and discuss these
in order to determine how individual banks by the regulators. Inevitably this growth challenges at the Center for Financial
can withstand given economic scenarios, in interest has resulted in more questions Professionals’ Stress Testing Europe
being pushed to the limit of their resources. and therefore an inexorable increase in Summit, where senior regulators and stress
However, it is important for banks to use the quantity of data involved in the stress
testing professionals will come together to
stress testing for internal risk management testing process. This poses increasing
review evolving stress testing processes and
within the organization and not just as a challenges as to the way banks approach
requirements and look towards the next
regulatory tool. Banks spend a lot of money stress testing and the challenge of having
phase of development.
on infrastructure and labour to support something more automated with increased
their relevant stress testing, and it seems a controls around it, reducing the ability to be Visit: www.stress-testing-europe.com for
waste of valuable investment to utilize it by flexible. Therefore, as a whole there is far further information and to view the agenda
just ticking a regulatory box. Banks should more data to grapple within stress testing across the two-day summit.
be deriving value from their investment in comparison to what there was even two
by improving their risk management years ago, and data continues to be an For further information, please get in
capabilities and then using their risk ever-growing challenge for stress testing touch with a member of the team on
management capabilities to manage their experts. +44 (0) 207 164 6582.
6 For
Forthe
thelatest
latestfinancial
financialrisk
riskand
andregulation
regulationresearch
researchand
andarticles
articlesplease
pleasevisit
visitwww.risk-insights.com
www.risk-insights.com
Understanding the gains and losses for institutions

on the verge of crossover
ROBERT CHAN
HEAD OF STRESS TESTING, CITY NATIONAL BANK
When addressing the gains and losses for institutions on When building an effective governance, control and
the verge of crossover from DFAST to CCAR, what are challenge process, what are the key obstacles faced from
the main differences FIs should prepare for when moving gaining ‘buy-in’ from senior management, and how can
over to CCAR? these be overcome?
Staffing is a crucial concern. The difference between DFAST and Senior management must be on board in terms of understanding the
importance of stress testing. It is not just a regulatory exercise but also a
CCAR is night and day. FIs will need to staff up, ideally with people
strategic exercise that can affect the way the institution thinks about risk
with CCAR experience, in the areas of PPNR, documentation,
and governance.
project management, risk management, validation, etc.
This can be overcome by introducing stress testing in board meetings.
Segmentation is a crucial difference. CCAR requires much more It is important to continue to educate the board and emphasize its
granularity. Data granularity is an important part of this. Getting importance in the industry. FIs can point to the scrutiny around peer
buy-in from the business line is also another challenge. banks as the actions taken if not performed well (regulatory restriction of
capital actions).
Scenarios are different. DFAST only requires 3 Fed scenarios: Base,
Adverse and Severely Adverse. CCAR requires 2 additional BHC
specific scenarios of Base and Stressed. Should the assessment of controls and functions in place for
testing and monitoring be done internally or externally?
CCAR requires compliance with regard to the FR Y-14A, FR Y-14Q
The assessment of controls and functions (validation) should be done
and FR Y-14M. The A is the annual CCAR exercise which requires
internally. It is fine if there is some portion that is done externally, but
projections. The Q and M are reporting requirements that require it is important that an internal Enterprise Risk Management team
coordination with the Controller’s office, as they report actuals. understands the scope of testing and what was performed, because
once regulators come in and ask questions, the FI will have to be able
What losses can FIs expect to face when crossing over to to defend methodology, assumptions, etc.
CCAR, and why are these important to consider?
It is also important to bring in an audit team to act as a third line of
The cost of compliance will skyrocket due to increased headcount, defense. First line of defense is model developers, then the validators
data and segmentation requirements, and potential systems (Enterprise Risk Management) serve as the second line, then the
upgrades. auditors serve as the third line.
Reduce Model Risk

Models used for ﬁnancial risk
management and reporting need
to be based on high quality data,
properly documented, auditable,
and allow for version tracking and
veriﬁcation of approvals.
CIMCON Software provides tools
to automate your processes from
discovery and inventory of
models, to link mapping and risk
assessment, error detection &
remediation, and monitoring &
controls.
CIMCON Software, LLC

Reducing End-User Computing RiskTM
www.cimcon.com info@cimcon.com
How stress testing is compared to economic capital

SONER TUNAY
SVP, RISK ANALYTICS, CITIZENS BANK
At Risk Americas 2016 you Therefore, it is quite important to learn from Lastly we looked through some examples
recently led a stress testing the shortcomings of the previous models where integrated credit and PPNR modeling
masterclass where you looked into and methodologies and let this lesson would inform better origination models and
how stress testing is compared to guide us in the next generation of model portfolio management.
economic capital. Why is it important to development.
What are the key challenges
draw this comparison? You also looked at PPNR with scenario design and
Economic Capital modeling has been the modeling, what key aspects did development for successful
leading methodology for measuring the you address? stress testing?
bank’s capital adequacy for a number of PPNR is the new frontier in risk modeling. It A comprehensive scenario design starts
years since early 2000s with the Basel II is not only a new field but also an area where with a good understanding of the macro
framework. However, the 2008 financial crisis integration to bank’s day to day activities economic trends and an understanding of
proved that the methodologies employed in and ultimately to credit loss forecasting is how they relate to the bank’s portfolio. A
the economic capital framework were not as paramount. common approach for many institutions has
helpful to manage the bank capital through a been to repeat the 2008 crisis or stay closer
We looked at the big picture of PPNR
turbulent crisis period. modeling, and worked through its various to the Fed’s severely adverse scenarios from
The new emerging standard is around components. We also prioritized where the previous year.
the Stress Testing methodologies. There the modeling might be most effective as We as practitioners need to start to be more
are some commonalities and also some opposed to some good expert judgment active in relating the headline risk and all of
differences between these two standards. based approaches. its downstream impacts to our portfolios.
PPNR modeling and the role of the

stress testing professional
DAVID INGRAM
HEAD OF TREASURY RISK STRATEGY, MODELING & POLICY, CITI
In regards to PPNR modeling, are there any areas you How do you see the role of a stress testing professional
foresee as being more challenging? changing over the next 6-12 months?
For many institutions, sourcing appropriate data is the The role of a stress testing professional is always evolving.
strongest impediment to building a strong PPNR modeling Externally, regulatory expectations are not static, and evolve over
program. Where data is sufficient for robust modeling, building a the years to reflect the shifting landscape of risks that banks face.
well-governed end-to-end process becomes increasingly difficult as Further, the external economic environment presents new or
institutions grow in size, scope and complexity. Also, thinking about different risks that should be incorporated in capital planning from
PPNR modeling within the context of negative interest rates is a year to year.
more recent challenge.
Internally, one should never be fully comfortable that their capital
How can these challenges be met? planning fully captures all of the risks that face the bank. A “lessons
Over time and in discrete chunks. The mistake that many learned” session at the end of each CCAR cycle is a good time to
institutions make is attempting to remediate everything at once, reflect on what aspects of capital planning function well, and which
and doing everything poorly. It is important to regard the totality components are in need of improvement. Further, capital planning
of an institution’s gaps in practices, and logically prioritize a should be increasingly integrated into business planning over time.
remediation effort in order of the dependence of one component The analytics that support capital planning – from balance sheet
on another, the resources required to undertake the remediation, costing to risk calibration to capital allocation – are ideal tools to
and while progressing from a comparatively aggregate top-down optimize financial performance relative to the capital required to
process to a more granular bottom-up process. support the bank’s different businesses.
8 For the latest financial risk and regulation research and articles please visit www.risk-insights.com
4TH ANNUAL
STRESS TESTING USA:

CCAR & DFAST
Reviewing The Individual Challenges Across CCAR & DFAST And
The Associated Qualitative And Quantitive Elements
NOVEMBER 3-4 2016 | NEW YORK CITY
Last year the Center for Financial Professionals hosted two of the largest stress testing conferences in
North America. In March we welcomed close to 250 professionals to the 3rd Annual Stress Testing USA 2015, and in October we
hosted the DFAST edition of the series with 150 stress testing professionals.
This year we are looking forward to combining these events as we host the 4th Annual Stress Testing USA: CCAR and DFAST
Congress where we anticipate gathering over 300 stress testing professionals to review the 2016 CCAR and DFAST stress tests
and looking ahead to 2017. The leading Congress will feature four dedicated streams on CCAR, DFAST, Quantitative topics, and
Qualitative topics. While the agenda is still to be announced please view our confirmed speakers and event partners below. You
can also join many others in registering for the Congress at the pre-agenda rate. Find out more at www.stress-testing-usa.com
HEAR FROM MORE THAN 40 SENIOR STRESS

TESTING PROFESSIONALS INCLUDING:
KEYNOTE SPEAKER - Tim Clark (tbc)
Deputy Director, Division of
Banking Supervision & Regulation
Federal Reserve Board
Lourenco Miranda Jorge Sobehart
MD, Head of CCAR MD, Risk Architecture
Société Generale Citi
KEYNOTE SESSIONS
Joseph Donat Overview and differentiations across CCAR & DFAST,
John Fleshed
MD Head of CCAR Office, 2016 Stress Tests, Regulatory Overview and Driving
CRO
BMO Financial Group Efficiencies
Wintrust Financial
CCAR STREAM:
Sabeth Siddique Processes and Controls | Reviewing Results | Data |
Ravi Kodali Deputy CRO, Regulatory SR15-18 | Regulatory Guidance
Lead Data Architect Affairs and Capital Adequacy
Deutsche Bank M&T Bank DFAST STREAM:
Requirements | SR15-18 & 19 | Annual Process |
Robert Chan Julian Philips Prioritizing | Evolution | Governance
SVP, Head of Chief Model QUANTITATIVE STREAM:
Quantitative Analytics Risk Officer Developing Models | Data Requirements | Modeling
City National Bank GE Capital Operational Risk | RWA | Quant Methods | PPNR
Modeling
Tally Ferguson Eva Chan QUALITATIVE STREAM:
SVP, Director of Market Head of Enterprise Stress Evolution of Requirements | Risk Appetite | Capital
Risk Management Testing, Americas Planning | Business As Usual | Aligning Risk & Finance |
Bank of Oklahoma Barclays Governance | Risk Identification
RISK INSIGHTS | IFRS 9

4TH ANNUAL
Consistency of IFRS 9
requirements with Basel III
WOLFGANG REITGRUBER
DEPUTY AND FVP IN GROUP CREDIT RISK MODELING, UNICREDIT
FVP, Head of Credit Risk Modeling at applied. How could you justify a simplified In your opinion, would you or
UniCredit, Wolfgang Reitgruber provides approach for IFRS 9 when you have already would you not favor to back test
us with his professional insights on the proven through IRB that your bank can IFRS scenario management?
current IFRS 9 requirements. afford to develop a high-quality model?
The use of (multiple) scenarios to
What would you tell a regulator if your IFRS 9
Wolfgang, can you please tell the develop expected loss forecasts will
model is based on better quality input data?
Center for Financial Professionals’ definitely pose significant challenges
readers about yourself and your What would your business say if you develop
alternative models based on different regarding governance of this mostly
professional experience? judgmental input. First you need to
datasets of cash-flows, collateral and default
I am primarily responsible for development events? At best, you might just confuse have strict processes in place how you
of credit risk methods (rating, scoring, your business. At worst, regulators and update scenarios and their respective
EAD, LGD, risk mitigation) and model accountants might challenge either model. weights applied in the loss estimation.
governance in UniCredit S.p.A. Additionally At a minimum, you will have to develop both Secondly you need to setup an objective
I work as independent researcher in the models on the same underlying “truth” and framework to justify your scenario-
area of credit risk related methods on to provide a certain reconciliation between generating process. It should neither be
basis of regulatory (Basel II/III A-IRB) and both model predictions. overly conservative nor overly aggressive.
accounting (IFRS 9 impairment) standards. Whether you can use standard back-tests
Main achievement was the introduction of What challenges should financial or you have to develop new stochastic
the EL backtest. Currently I work on further institutions be aware of with frameworks to achieve this target is yet to
extending the Impact of Risk framework regards to Credit Risk steering? be seen.
to support development and validation of
Currently credit risk steering is How do you see the role of the
life-time expected loss models in an IFRS 9
based on 2 pillars: P&L – mostly driven credit risk professional changing
environment.
by cost of risk, provisioning changes and over the next 6-12 months?
We are looking forward to write-offs, to cope with the expected value
you presenting at the IFRS 9 of credit risk. And capital – either economic I can speak for the “analytical” part of credit
Impairment & Implementation capital or regulatory, covering concentration risk. Modellers have to become as flexible
Summit where you will be and correlation effects in the portfolio, to as possible to work in an environment of
reviewing the consistency of IFRS 9 cope with volatility of credit risk. So far P&L is ever changing requirements. Regulators
requirements with Basel III. Why do you largely driven by manual effects. Big tickets issue modeling guidance (consultative
feel this is a key talking point? are provisioned manually and only smaller documents, technical standards and so
Let me first clarify: I speak about consistency, exposures are typically provisioned based on on) at a speed never seen before. IFRS
not equivalence. There will definitely be models or parameters. With IFRS 9 this P&L 9 standards are principles-based, which
different expected loss predictions for IFRS 9 impact will significantly increase – caused by means they lack specific rules – on purpose.
compared to IRB frameworks – requirements the pure size of provisions and larger role This does not make life easier for the
differ and they have to support alternative of model-based provisions. Potential model model builder. Finally IFRS 9 models need
purposes (capital requirement to cover risk will additionally contribute to increase to be pragmatic and easy to understand –
volatility versus provisions to cover the P&L volatility. In this environment you need the managerial attention to P&L impacts
expected value). Nevertheless both are a sound steering concept in place, which (through IFRS 9 impairment) is still
expected to predict losses and expect the makes judgmental inputs and their P&L significantly higher than to capital needs
best feasible modeling approach to be effects as transparent as possible. (e.g. through Pillar I and II).
10 financial risk and regulation

For the latest For the latest financial risk and regulation research and articles please visit www.risk-insights.com
esearch and articles please visit www.risk-
LONDON | 20-21 SEPTEMBER 2016
IFRS 9
IMPAIRMENT &
IMPLEMENTATION
Reviewing Progress Across the Three
Phases as the Industry Moves Towards
Parallel Runs and Implementation
KEY TOPICS INCLUDE

Interpretation of the Standard
Secondary Impacts of IFRS 9
Data Processes
Provision Models
Disclosure Requirements
15%
Forward Looking Scenarios
IFRS 9 and Basel III
Business Behavior and Running of the Business
Expected Credit Loss Model DISCOUNT
View the full agenda at www.cefpro.com/ifrs9
15% discount for our readers using discount code: RIMAG30

Register today by contacting
jesse.hopkins@cefpro.com or calling us on +44 (0) 20 7164 6582

4TH ANNUAL
Strategic implications of
IFRS 9 on systems
BRANDON DAVIES
FORMER HEAD OF MARKET RISK, BARCLAYS
T
he implications of IFRS 9 go well variables, indeed they turn out to be the most whilst it is possible to know some aspects
beyond those associated with the important variables in explaining the relation of loan specific data that will be needed to
technical implementation of an between default risks and credit spreads (see implement IFRS 9 and for many sophisticated
accounting standard. – BIS Working Papers No 203 Macro Factors banks this will track their Basel II risk
in the Term Structure of Credit Spreads by parameters as used in their advanced models,
The systems problems of IFRS 9 fall in to
Jeffery D Amato and Maurizio Luisi, Monetary it is not possible to decide on the macro data.
two main implementation categories, Data
and Economic Department March 2006).
and Models. In many instances we are It will also be necessary, if banks use DSGE
used to Data being the main issue but in The uses of macro models populated by macro models, to decide whether to co-operate
this instance a great deal of thought needs variables are in common use by economists in
and have one shared view of the economy or
to go into understanding how to model central banks and national treasuries.
whether each bank should have its own view.
expected loss in respect of individual loans.
Central bankers and national treasuries need
Loan losses are pro cyclical, that is they If each bank had its own view identical banks
to estimate economic cycles to inform policy
differ significantly at different points of the would have different provisions depending
choices such as setting the level of central
economic cycle. To give a valid estimate of on the view adopted, thus resulting in banks
bank discount rates. The model most widely
expected losses on an individual loan basis accounts not being directly comparable. A
used in the UK, and indeed internationally, is
either over one year or to loan maturity it is significant issue for the auditing profession.
a “Dynamic Stochastic General Equilibrium”
necessary to estimate from what point in the
(DSGE) model developed in the UK by the Moreover if banks co-operated would it make
economic cycle the estimate is being made.
National Institute of Economic and Social
sense for them to have a different view from
A number of banks will have risk Research, a version of this model is used by
the BoE? A significant issue for the BoE?
departments, trading operations and the Bank of England. There are commercial
treasuries that are capable of using versions of the model available through Board directors of banks might well see
sophisticated techniques for modeling organizations such as the Adam Smith any difference between their own model
the term structure of credit spreads a vital Institute; it is a macro economic model. outputs and the BoE outputs (as published
function of valuing credit trading operations. by the BoE quarterly) as a risk to the
A DSGE model is not closely related to the
Most models, however, have not included micro economic models as used by bank risk “reasonableness” of their own behaviors in
macro economic variables, not least management departments and much less so signing off such differences.
because of the problems of projecting to accounting models as commonly used for
measures of output, employment and loan provisioning purposes. Brandon also examines the IFRS 9
inflation into the future. standard in detail and the strategic
The problems associated with any bank
The accuracy of such models when back attempting to use a DSGE model are
implications of IFRS 9 for the
tested against actual data is however greatly substantial, banks do not generally store Business, Processes, and Personnel.
improved by the incorporation of macro macro economic data in any detail, so Read the full article here.
IFRS 9 IMPAIRMENT – BRANDON’S VIEW

IFRS 9 incorporates the concept of ECL to some level of losses are inevitable. lifetime expected loss basis.
replace IAS 39’s incurred loss model. Expected loss provisioning is an attempt to Non-performing loans are moved to being
Under the expected credit loss model recognize the reality of running a business provisioned on an incurred loss basis.
impairment would be measured as either: based on making loans.
In practice the application of expected loss
1. An expected credit loss looking forward The concept has a strong basis in
will require the creation of a provision on day
over a 12 month period. micro-economic theory but in practice
1 against any new loan, which is to be carried
turning it in to practice is likely to bring
2. An expected credit loss looking forward at amortized cost, this provision reflects the
many difficulties. In practice the application
over the remaining life of the asset. expected loss on such loans over the next 12
of expected loss will require the creation of
months.
3. Incurred loss, which is reserved for non- a provision on day 1 against any new loan,
performing loans. which is to be carried at amortized cost, this Should a loan underperform its expected
provision reflects the expected loss on such loss through say a downgrading of the
The impairment concept is related to the
loans over the next 12 months. borrowers credit standing, then the loan
difference between ex-anti and ex-post
moves to being provisioned on a remaining
understandings of loan losses. Before the Should a loan underperform its expected
lifetime expected loss basis.
fact (ex-anti) no one makes a loan expecting loss through say a downgrading of the
to incur a loss whereas after the fact (ex-post) borrowers credit standing, then the loan Non-performing loans are moved to being
we know that on a sizable book of loans moves to being provisioned on a remaining provisioned on an incurred loss basis.
12 For the latest financial

For the latest
risk and
financial
regulation
risk and
research
regulation
and articles
researchplease
and articles
visit www.risk-insights.com
please visit www.risk-insights.com
RISK INSIGHTS | Operational Risk
Establishing an effective
governance structure to better
account for operational risks
GUSTAVO ORTEGA
DIRECTOR & GLOBAL HEAD OF ISSUE & RISK EVENT MANAGEMENT, AIG
The Center for Financial Professionals loss data collection has evolved to become value-add to the business; 2) ensuring
recently asked Gustavo Ortega for his more comprehensive focusing on risk compliance with regulatory expectations
thoughts on effective governance and the events, that is not just internal or external and requirements; and 3) data management
latest challenges within operational risk. loss data, but includes risk events with and ability to consume large volumes of
Gustavo is an operational risk practitioner direct economic losses, timing impacts or data for effective and timely management
with over 15 years industry experience
better known as accounting losses, non- reporting. Operational risk managers
joining the Enterprise Risk Management
financial risk events with defined impacts are faced with enhanced regulatory
organization at AIG in 2013, and currently
Director and Global Head of Internal Loss affecting customers, business operations, expectations, defining and clearly
Data and Issue Management within the reputation, and also errors that may result documenting roles and responsibilities like
Operational Risk Management function. in positive consequences like gains and the 3 Lines of Defense models and creating
near miss events. All of which help inform a common language that risk assurance and
Why do you believe establishing an
the risk profile of the organization from a businesses can speak to.
effective governance structure and
sound operational risk framework is qualitative and quantitative perspective.
What would you say are the five
a key talking point when looking at Risk and Control Assessments are becoming
top operational risks you see for
operational risk as a whole? more targeted and integrated with other
2016?
assurance functions focusing on key business
I believe that without a sound governance and It’s hard to focus on five top operational
processes and outsourced activities. KRIs
a robust operational risk framework there is
which have struggled in providing value in risks in particular when operational risk is so
no benefit in having an operational risk unit.
An effective operational risk unit helps bring the past are now making a comeback serving complex, pervasive and its manifestations of
together informative risk discussions amongst an important element of the framework, in risks can become systemic. I’d like to think that
the business lines and support functions to particular with enhanced risk monitoring. technology risk continues to be the highest
help expedite risk remediation strategies and Scenario analysis have advanced and risk for large financial organizations, this is
promote lessons learned. Operational risk continue to be in high demand in particular coupled with increased risks around cyber and
units provide independent process reviews like with forward looking capital planning security controls. Regulatory continues to be at
end-to-end business reviews and challenge the processes like the Federal Reserve Bank the top of the list in terms of fines and highest
business risk and control activities reassuring requirements on CCAR (Comprehensive priority to risk manage for financial institutions.
optimal risk management. Operational risk units Capital Analysis & Review). In today’s Conduct risk is another risk that is increasing,
drive enterprise change and enable consistent
financial environment, operational risk has in particular with new regulatory expectations
procedures employing common taxonomies
and tools for businesses to self-identify, assess, moved to the top of the CRO agenda and as is the case with the FCA (Financial Conduct
measure, escalate and monitor operational it’s developed from being considered just Authority) in the UK. We cannot forget that
risks. Accountability models are also part “operations risk” or the risks of processing the number one cause of operational risk
of the governance and framework for risk transactions to a more inclusive risk discipline. continues to be people, it is human errors that
management to be effective. It is important continue to account for the highest number
for operational risk units to clearly define the What continues to be the key
and dollars for operational risks and this is the
business roles and their responsibilities to challenges for operational risk
one area that we, as operational risk managers,
ensure appropriate identification, assessment management?
need to continue to focus on, ensuring
and treatment of risks across all operating
units. This is typically achieved through lines of I believe the challenges for operational strong risk culture is embedded into our daily
defense models ensuring effective governance risk management continue to focus around routines to be able to not eliminate errors but
process for managing risks across the enterprise. three key areas, that is 1) demonstrating potentially mitigate the impact of those errors.
How do you describe operational
risk today, and why is it so
important to financial institutions?
Operational risk management is more than
just a numbers game. It is a behavioral
management discipline. Operational risk
has transformed from a simple loss data
collection exercise used for operational
risk capital to a more wide-ranging
function that looks at the quantitative and
qualitative aspects of risk identification,
assessment and measurement. Internal
Conference Review:
New Generation Operational Risk
WRITTEN BY CARRIE COOK, THE RISK UNIVERSE
The Center for Financial Professionals’ which many executives are guilty – does gathering data which turns out to be useless
2nd annual New Generation Operational little to help relations with the C suite. So, and provides no insight into the business.
Risk 2016 conference in London came what should operational risk practitioners But even this discovery should be seen as a
at a pivotal time for the operational risk be reporting to the board and how do victory, because it means the problem can
community. Just days before, the Basel they find a balance between presenting be addressed, perhaps by better educating
Committee on Banking Supervision aggregate, versus more complex, data? those collecting the data, says Rutter. She
had released its latest consultation on Pike says the key is to be prepared to also warned of “cultural antibodies” –
operational risk capital calculation and provide more detailed information when people within the organization who will be
the air was abuzz with differing views on necessary on any assumptions you’ve made resistant to change and will try to kill off
what the proposed changes could mean within your reports, rather than providing your project. “You are going to ask difficult
for the discipline. it all up front. “I suspect that almost no
questions,” she said.
board member will want to go through the
Model behavior Regulation trepidation
mathematical details,” he said. “But they’ll
Naturally, the Basel consultation was the want to understand the assumptions and Meredith Gibson, head of legal risk at
star of the show, with two speaker slots they’ll want to understand the output.” He Santander UK, highlighted what she feels
dedicated to discussing the proposals. added that board members will also need is “the single largest risk” to financial
Peter Mitic, head of operational risk to know about any sensitivities within the institutions: regulatory change. “The
methodology for the UK at Santander and model so they can understand where risk reason it is the greatest risk is because so
Richard Pike, CEO of Governor Software management priorities should lie. many of the rules are very uncertain,” she
and independent non-executive director
Operational intelligence explained. “For MiFID, for example, we do
at Permanent TSB, sat on the panel. Mitic’s
With an emphasis on data in the new not yet have the level two text and we are
observations were largely related to the
Basel proposals, Kirsty Rutter’s session on supposed to be implementing it by January
mathematical elements of the proposed
using big data to enhance operational risk 2018.” With the backdrop of the Senior
standardized model; mostly that there is
management proved interesting and timely. Managers Regime (SMR) adding more
little explanation around how Basel arrived
at the figures used, which is especially Rutter, formerly of Credit Suisse and now complexity, the pressures around regulatory
significant as banks are currently required an independent risk consultant, shared her change are now even higher, requiring
to justify their own calculations when using experience in gathering and interpreting ever-increasing governance measures.
AMA. One delegate asked a valid question: data with the application of emergent “For every one guy on the trading floor
why should we bother trying to model semantic technologies to cultivate what in an investment bank making any kind
operational risk at all if the numbers can’t she calls “operational intelligence”. With of money, there are probably four or five
be trusted? a background in physics and accountancy, people looking at him and telling him what
Rutter describes herself as “the one he shouldn’t be doing. It’s a very tough
Mitic and Pike both felt there is still a place often found raging against the machine”
for modeling, but Pike suggested there is environment,” says Gibson. She added that
– evident in her ambition to challenge MiFID will be a real “game changer” and
too heavy a focus on the capital element management’s tendency to pigeonhole
at present. “I think we need to have better is a regulatory risk which is proving very
operational risk under “fluffy stuff”.
thinking around operational risk than just difficult to prepare for, especially in context
pure capital” he said, “but unfortunately To do this, Rutter needed to filter through of the SMR. “Now senior management are
the white noise to find the white noise going to have to think very carefully about
I don’t think it’s going to change in the
to find information which would capture their role in all of this…If the rules change,
short term.” Mitic felt a major issue with
management’s attention. Her primary how are they going to make certain that
modeling operational risk is that firms are
hurdle, perhaps unsurprisingly, was gaining they know what the rules are in order to
still unable to calculate a maximum capital
access to the data in the first place. “Data
requirement – a problem for which he is prevent them being breached? You could
is usually dispersed across the organization
working to find a solution. spend the entire balance sheet of the bank
and is not linked,” she explained. “It’s
just on regulatory change.” In Gibson’s
Board games owned by different teams and those teams
A common challenge for many operational experience, operational risk and legal
are typically suspicious of you wanting to
risk professionals is getting the board to get access to it…The number of imposed departments have never really interacted in
prioritize their concerns. As a non-executive approvals to get access can cause delay.” an official way when it comes to managing
board member himself, Pike provided a Next came assembling this information regulation – something she thinks should
viewpoint from the other side of the fence in “a sensible, intelligent, speedy way, change. “Let’s face it, regulatory change
and highlighted the problems caused by which was then repeatable”. Rutter advises has everything that operational risk seems
not presenting information to the board in anyone embarking on a similar project not to be: people processes and systems –
concise and digestible format. Citing the to be disheartened if it doesn’t work first because that’s what regulatory change
700-page reports he is often handed before time and to be prepared for uncovering does; it changes the way that people do
meetings, he explained how overloading “unknown unknowns”. It could be that the things; it changes the processes they use to
board members with information – of firm is spending a lot of time and effort do them and the systems they do them on.”
The New Generation Operational Risk series come to NYC later this year - find out more
What is defined as
‘good risk culture’
NEIL HUTCHISON,
HEAD OF ENTERPRISE RISK MANAGEMENT, MARTIN CURRIE
Head of Enterprise Risk Management at point of calling out ‘poor risk culture’ as a changing behaviors and views, sometimes
Martin Currie, Neil Hutchison, talks to contributing factor in enforcement cases, deeply held. This requires a subtlety of
the Center for Financial Professionals on then firms will eventually grind into action approach not necessarily inside of the
how to measure and understand what is and put in place the policies and the public comfort zone of the typical operational risk
defined as good risk culture. pronouncements that support a ‘good risk professional, who may be required to apply
culture’. But this will do very little to effect techniques beyond their familiar toolkit.
Neil, can you tell the Center real change in the organization if this ‘tone
for Financial Professionals’ at the top’ does not filter down through Do you believe the assessment
readers about yourself and your the layers of management to the risk takers of risk culture is possible, can this
professional experience? themselves. really be measured?
I am the Head of Enterprise Risk at Martin So there needs to be a ‘pull’ factor from the There is no doubt that the measurement
Currie, an Edinburgh-based affiliate of other stakeholders in the business, not least of risk culture is challenging. Operational
the Legg Mason investment management the Board. The case for the benefit of a good risk professionals may be required to move
group. Prior to joining Martin Currie in 2008, risk culture needs to be made, and won, with their thinking on from absolute risk indicator
I worked at Deloitte in the Enterprise Risk the management of the firm at a level below thresholds and the traditional ‘death by RAG-
Services practice, advising clients in a broad the Executive. Otherwise, the carefully drafted rating’ method of presentation.
range of industry sectors. words from the C-suite will burn up on entry
to the business. But, at the risk of sounding evangelical, I
The nature and scale of Martin Currie’s
have to believe that it is possible. My view
business requires the Enterprise Risk team What difficulties are faced when is that before culture can be measured, one
to cover all aspects of the risk framework, distinguishing and changing a has to identify the key drivers of risk culture
from the development and maintenance company’s risk culture? (both good and bad) and then continue to
of risk policies and processes, to the
The main challenge in changing a company’s drill down until something emerges that can
provision of assurance to management
and the Board, via the operation of a risk culture is that it is inherently intangible in be assessed and, hopefully, measured in an
range of risk management activities, nature. We all have a feeling of what a ‘good’ empirical way. We have made a start with
including BCP, error management and risk risk culture might look like (and certainly what data that already exists in the business, such
identification and assessment. The team a ‘bad’ culture is), but we might not be able as error / breach rates, complaint volumes,
is also responsible for the promotion of a to put our finger on what the root causes mandatory CBT completion, etc.
positive and constructive risk culture across are or how to measure it. Operational risk
professionals are drawn to the tangible, to This then needs to be overlaid with the
the enterprise. ethereal question of ‘how do we feel about
the measurable and to the visible. Arguably
What internal and external factors culture is none of these and so analysis is the risk culture in the organization?’ We
must an organization have to difficult for an industry brought up on a diet of have found that people are very happy to
reflect a good risk culture? internal controls and processes. offer an opinion in response to this question,
even if they don’t necessarily understand the
For genuine cultural change to take effect, Change is difficult, full stop. Ask anyone who question they are answering!
there needs to be more than just the ‘push’ has been through a significant corporate
factor of greater interest in the subject from restructure or system implementation. But So, in short, yes, I do believe this but, no, I
regulators. Of course, if regulators make a this is doubly true when you are talking about have not cracked it yet.
Challenges for a new generation

of operational risk
RICHARD PIKE,
NON-EXECUTIVE DIRECTOR, PERMANENT TSB
O
perational risk has been around as a discipline in Financial business decisions they make and is simply a regulatory exercise. The
Services since early the 2000s. Over those years it has grown current debate needs to be focused on coming up with models that
to be an important part of any risk department in most can be closely related to and be effected by the business.
financial institutions. Operational risk has also brought new tools and
techniques to risk including RCSA, loss recording, and op risk capital
calculation.
While there have been many successes for the op risk community over “ IT IS NOW CLEAR TO ALL
the years, the discipline is still fighting to prove its strategic value to
senior executives and board members. Due to recent events it is now FINANCIAL FIRM EXECUTIVES THAT
clear to all financial firm executives that operational risks can have
very serious consequences in terms of direct losses (including fines), OPERATIONAL RISKS CAN HAVE
regulatory & client relationships and reputation. So if operational risk
managers can show that they can in fact assist in limiting these effects VERY SERIOUS CONSEQUENCES”
they will have earned that treasured seat at the top table.
As op risk is a second line of defense function in most firms, its focus
has to be on providing clear and concise information to the business in Interdependencies challenge
order for them to make decisions about managing the risks. When the Op risk is replete with situations where individual risks have multiple
business considers op risk to have most of the relevant information to causes and effects that manifest themselves across multiple reporting
help them make a decision they will ensure that op risk is at the table dimensions (legal entities, processes, regulations, etc.). Often risk
when those decisions are being made. people and/or business people will identify these interdependencies
but as they cannot be recorded in the risk systems they are noted in
Op risk has made great strides in terms of capturing and processing
an informal manner or at worst forgotten. This sort of information is of
data. Loss event recording programs, RCSA workshops, KRI
maintenance projects, etc. have all been implemented successfully huge value to the business as it is normally not clear to them from their
across the industry. Unfortunately, not enough time and effort has gone individual silos and so it needs to be identified and captured correctly.
into the analysis and clear reporting of this data in the correct context. Line of sight challenge
There are a number of challenges that the discipline is facing with Op risk has, in general, failed to give a ‘line of sight’ to senior
current tools and techniques that I suggest have to be overcome executives into the risks that they are taking and how they might
before op risk can claim to be proactively analysing and reporting affect the attainment of their objectives. This is mainly due to the
operational risk. fact that there is no clear manner in which to aggregate data across
Goldilocks challenge the various reporting dimensions. This challenge is partly created
We have all struggled with the problem of too much or too little by the ‘materiality challenge’ set out above. The result is that when
information in reports. The nature of op risk means that there will never the business asks to look behind a particular report or result they
be a one size fits all report, however we need to set the bar a lot higher are told that it is a mixture of different metrics (often subjective
in terms of making reports that show the right information to the right and from different systems) and therefore there is no clear way to
people and that are presented in the context of the business decisions ‘drill down’. This leaves business people with a feeling that there
being made. is ‘hocus pocus’ going on somewhere and that the reports cannot
Materiality challenge necessarily be trusted.
There are too many units of measure in op rsk and within individual As the recent financial crisis starts to fade into the past (hopefully)
firms. Op risk teams will provide results in terms of RAG status, OpVaR, and focus turns to capital levels and ROE there is a great
Loss amounts, KRI limit breaches, issue numbers etc. It is also often not opportunity for operational risk to show the business that it has
clearly defined how material these values are in respect of the business the information and the analytical capabilities to add real value to
objectives of the firm. All of this makes it very difficult for the business business decisions at the most senior levels. In order to achieve
to answer the ‘So What’ question. this, operational risk practitioners have to focus on upgrading the
Capital calculation challenge tools and techniques they use to analize and present the data they
The issue of op risk capital is a very thorny one, but in general the have. If the new generation op risk can surmount the challenges
capital calculation has to be more relevant to the business as too many set out above it can earn an important role in the strategic future of
business executives feel that the process has no relevance to any financial institutions.
Third party risk management

towards a pragmatic approach
SIMON LLOYD-HORTON
HEAD OF THIRD PARTY RISK MANAGEMENT
STRATEGY & FRAMEWORK, HSBC
Simon participated at our Vendor & Third opportunities to realise efficiencies if risk
Party Risk Europe Summit and delivered management activities are tailored.
a presentation on the management of What are the key differences in
affiliates/intragroup entities and moving managing intra-group entities/
towards a pragmatic approach affiliates in comparison to other
What are the considerations third parties?
institutions should look into when Although regulators clearly expect the
deciding to outsource via a third risks posed by services delivered both by
party or an intra-group entity? third parties outside the group and those
Institutions should consider the specific provided by entities within the group to be
underlying risks of the service. The service, identified and managed, institutions should
and the manner in which it will be delivered, consider whether exactly the same risk
varies from engagement to engagement. management processes and treatment are
If a ‘one size fits all’ approach is taken the required. This remains a developing area
result can be unidentified risk exposures for the industry and one that would benefit
and inefficiency. Conversely there will be from consideration by practitioners.
Third party management Alignment of third

landscape
party and vendor
TOM GARRUBBA risk management
SENIOR DIRECTOR
THE SANTA FE GROUP/SHARED ASSESSMENTS with the operational
Third party vendor risk is now front and presently struggle with these challenges. risk agenda
center with many C-Suites and Boards of
A great start for organizations is to:
Directors. As today’s digitized business
• Inventory and understand all your third CHRIS RACHLIN
landscape continues to expand, so too does
party vendors and the various scopes of FORMER GLOBAL HEAD OF
the role third party vendors are playing in the
work being performed. OPERATIONAL RISK MANAGEMENT
day-to-day operations in an organization.
Meanwhile, both industry and regulators • Perform this process for any third party SERVICES (INCL. 3RD PARTY RISK
have made it clear that – for organizations vendor coming into possession of, MANAGEMENT), HSBC
and the service providers they do business access to, or exposure to your corporate
data. It’s important to have alignment
with – data protection and privacy must
continue to be top priorities. One must across the risks types. Many
Once that exercise has been completed
always remember; you can outsource the then:
organizations have gone off
work, but not the risk! • Develop a strategy to assess and monitor and implemented different risk
Organizations in various industries continue your vendors to gauge their security and methodologies for vendor or third
to struggle with the delicate balance of privacy posture to ensure third-party party risk compared to operational
moving key initiatives forward by utilising operations adequately secure your key
customer and/or confidential data.
risk. This makes it difficult for senior
vendors, while ensuring compliance with
regulatory guidance and standards, as well management and the board to get
Now comes the big question. What
as their own internal compliance policies. a holistic or comparative risk picture.
“measuring stick” should you use to
Organizations are being increasingly
get an understanding as to third party The use of third parties by banks
pressured by regulators, their customers can be very beneficial for them
data handling controls, and whether
and their own management, to ensure the
those controls are in line with your own and their customers, but it is very
organization is aware of its responsibilities
organization’s controls and compliance?
in performing effective due diligence on difficult to make good risk based
the overall security and privacy posture of Many organizations have crafted or borrowed decisions if the organization
third party vendors. Because of this, third questionnaires or checklists to help them is continuously over or under
party vendor risk has grown to paramount answer this question. However, oftentimes,
importance in the C-Suites and board those instruments don’t go to the level
estimating the level of risk in their
rooms, not just in the UK, Europe and North of granularity needed for assurance, and third parties when trying to compare
America, but also to other parts of the world additionally, the proprietary instruments may it to, say, their overall cyber risk.
where key and critical process are being not be “adopted” by the third party or the
performed by organizations that tend to industry in which they serve.
RISK INSIGHTS | Risk Americas
Risk Americas 2016

AN OVERVIEW OF THE LEADING RISK AND REGULATION CONVENTION
CLOSE TO 400 SENIOR FINANCIAL RISK PROFESSIONALS ATTENDED

25 CO-SPONSORS AND EXHIBITORS SHARED THEIR
KNOWLEDGE AND EXPERTISE
70+ SENIOR PRESENTERS PARTICIPATED IN SESSIONS
AND PANEL DISCUSSIONS
BREAKFAST BRIEFING, LUNCHEON ROUNDTABLES,
AND END-OF-DAY COCKTAIL RECEPTION
CRO KEYNOTE SESSIONS ACROSS BOTH DAYS
AND MULTIPLE STREAMS COVERING…
STRESS TESTING & MODEL RISK LIQUIDITY RISK & CAPITAL OPERATIONAL RISK
MANAGEMENT
Analyzing results: CCAR & DFAST Governance, Risk & Compliance
Scenario Analysis Regulatory Changes;
Risk Culture
Model Risk LCR, NSFR, TLAC
RCSA Vendor Management
Data Risk Interest Rate Risk Market Risk
Cyber/ IT Security
PPNR Modeling Basel III Capital Rules
Capital Planning & Modeling
ATTENDED THE CONVENTION? MISSED THE CONVENTION? REGISTER FOR 2017 AT THE
View the photos on Facebook here Purchase the presentations here PRE-AGENDA RATE
www.risk-americas.com
RISK INSIGHTS | Risk Americas
“THE
CONCENTRATION
OF SPECIALISTS
HAS BEEN
EXTRAORDINARY”
CRO, TCF BANK
RISK INSIGHTS | Liquidity & Capital Management
Key components of LCR/2052a implementation

DON MUMMA
MANAGING DIRECTOR, AXIOMSL
LCR requirements will vary significantly plan and governance process to tackle For larger banks in the United States,
by institution. A smaller bank with a very LCR. Once you figure out what you have a fundamental part of this process is
simple business model and simple data will and need, you assemble the team — some 2052a. Currently, there isn’t an LCR report
often lack the requisite LCR subject matter inside with others including consultants requirement in the U.S. per se; rather
expertise. This is a very different challenge and technology providers — looking there is this compliance requirement.
than problems a larger institution will face at those resources, plan around that The Federal Reserve has produced some
team, and then design the governance element mapping that illustrates how
with sprawling data sources, and therefore
process that will guide a firm through LCR 2052a is used in LCR, but there is no real
it’s not a one-size-fits-all approach.
milestones and benchmarks, unit testing, template here yet, and currently 2052a is
Key components involve early self- user acceptance testing and other aspects
actually filed under a separate name, 5-g.
assessment and assembling an optimal of the implementation process.
Putting those two together is an important
component: they’re closely interrelated,
and firms currently implementing LCR
and 2052a separately will risk significant
disconnects.
Therefore, the greatest technology
challenge treasury teams face is to source
relevant granular information across the
bank, as with 2052a compliance, so as to
now proactively monitor the LCR in an
effective and operationally coherent way.
‘Basel IV’: Stay ahead of the game…

‘Basel IV’: Keep ahead of the game…
‘Basel IV’: Stay ahead of the game…
The smarter way for you to tackle SA-CCR, the FRTB and other Basel capital rules
is by using a single platform to run all of your calculations.
AxiomSL uses a flexible platform which updates regulatory and core functionality
independently (just like a smartphone), to help you stay ahead of regulatory
change.
Visit www.axiomsl.com for more information.
Contact us Connect with us

Email: emea@axiomsl.com
London head office: 125 London Wall, London EC2Y 5AJ
Tel.: +44 (0)20 3823 4600
Reviewing the potential transition

from CRD IV to CRD V
ROBERT WAGNER low risk assets, which for instance will give banks incentive to replace
low-risk assets with high-risk assets. In conclusion, we hope to see that
HEAD OF GROUP CAPITAL MANAGEMENT,
the final BCBS proposals and the political process in EU will lead to
DANSKE BANK
implementation of a capital floor, that is calibrated to be a genuine
My primary concern is the new capital floor under “Basel IV”. It seems backstop for banks in all of EU – including the Nordic Region.
to become the binding requirement for many banks and in particular
That being said, I generally support the “Basel IV” review of internal
for Nordic banks and not the backstop it is intended to be. With a
models. The design of the risk-weighted framework has been largely
binding capital floor, the capital requirement for many low risk banks
will de facto be set according to the standardized approaches, and unchanged since Basel II and could rightly be due for a check-up.
thus to a wide extent based on one size fits all risk weights set by I agree with the Basel Committee in that it is important to ensure
regulators. This is not the right way to go. I strongly support keeping that the risk based framework is not 1) unnecessarily complex,
the capital requirements risk based. It is vital that banks are incentivized 2) incomparable across banks and jurisdictions and 3) leading to
to assess and price risk correctly. That would also allow banks to adjust systematically underestimation of risk. However, it is important to take
for jurisdictional differences, which is difficult to do in the one-size fits the interplay with other recent regulatory changes into account and in
all standardized framework. Binding capital floors will skew the price of particularly the overlap between different regulatory initiatives.
FRTB kicked off in May 2012 following Basel Method (SM) which are used to measure
DAVID MCCLEARY 2.5 updates to the market risk framework in Exposure at Default (EAD) in the capital
DIRECTOR - REGULATORY REPORTING
2011. Since then we have been through three adequacy framework. In addition, the IMM
POLICY & CONTROL, public consultations and four Quantitative shortcut method will be eliminated from the
MIZUHO INTERNATIONAL Impact Studies and the Basel Committee framework once the SA-CCR takes effect, which
The biggest problem is expected to publish the Final Policy in is scheduled for 1 January 2017.
for most institutions is January 2016. Early reports which suggest
The SA-CCR compliance date of 1 January
uncertainty and there a longer implementation timeline (end of
2017 is not achievable in the EU because the
is still a significant 2019) will be welcomed by the industry.
European Commission is not empowered under
Some cynical pundits have suggested that
amount of regulatory Part 9/Article 457 of the Capital Requirements
the only other good news to come out of this
change coming Regulation (CRR) to introduce SA-CCR. It is only
will be for those that missed out on Basel
down the pipeline. empowered to ‘make technical adjustment and
2.5. For market risk, it is now a level playing
Institutions need to corrections of non-essential elements’ (Articles
field for all.
understand the impacts of these requirements, 274 and 276 of the CRR). SA-CCR needs to be
which include; The Fundamental Review of the The Final Policy will herald the Sensitivity introduced via revised CRR legislation (CRR v2).
Trading Book (FRTB); The new Standardized Based Approach (new standardized approach)
for market risk and replace Value-at-Risk (VaR) The impact of the SA-CCR hinges on the
Approach for Counterparty Credit Risk
with Expected Shortfall (ES) as a basic netting set. SA-CCR will produce lower capital
(SA-CCR); Revisions to the Operational Risk
risk measure for internal models. Clear requirements than under CEM, but the savings
framework; The Leverage Ratio; The Revised
boundaries will be established between the will be more evident for balanced derivatives
Standardized Approach to Credit Risk; The
banking book and trading book. There will portfolios, and more punitive for highly
Net Stable Funding Requirement (NSFR);
be significant impacts on risk governance directional netting sets. SA-CCR will have
The Revised Framework for Large Exposures;
including risk appetite, risk management significant operational and implementation
Shadow banking rules; Requirements for SFTs;
framework, systems and data management, impacts on institutions. SA-CCR employs
MREL/ TLAC; The Future of “internal ratings-
policies & procedures, trading processes a more risk-sensitive approach to CCR.
based” (IRB) models; and the list goes on.
& controls and retraining. In addition, The calculation algorithm is more complex
It goes without saying that there are significant BSBC interim impact analysis published in and sophisticated. SA-CCR requires more
costs to institutions needing to roll out November 2015, suggests a 4.7% increase data; additional data elements are required
these changes, which are timetabled for in overall minimum capital requirements to meet these risk calculations. The new
implementation from 2017 onwards. and an average increase of 74% in methodology is expected to close out the
As we approach these final years for Basel III aggregate market risk capital differences between Pillar 1 and Pillar 2a capital
implementation, some of these requirements, SA-CCR was finalized by the Basel Committee calculations. Institutions will need to bear in
a number of which began as CRD IV reforms in March 2014. It is the new standardized mind the potential detrimental impacts on the
still need to be finalized. These are being approach for counterparty credit risk (SA- Leverage Ratio (scheduled to implement in
widely referred to as Basel IV or CRD V reforms. CCR) and replaces both the Current Exposure 2018) given SA-CCR impacts on the exposure
Here is a little on two of these requirements. Method (CEM or MTM) and the Standardized measures.
Unexpected consequences
of the Volcker Rule
TALLY FERGUSON
SVP, DIRECTOR OF MARKET RISK MANAGEMENT,
BANK OF OKLAHOMA
Let me discuss three unexpected consequences of the Rule. First, receives floating. Banks seeking to keep the floating rate structure
Risk Mitigating hedging became harder to support. In the May immediately offsets (“mirrors”) the client swap with a derivatives
3-4 Risk Americas convention, I shared mortgage servicing rights dealer, paying fixed and receiving floating. As Robespierre would
example to illustrate how high the analytical and documentation be quick to point out, “immediately” is less than 60 days, making
bar is. I also offered a low-tech but effective solution to avoid these transactions trading transactions. How can banks continue
these requirements. For this article, I offer several broad examples this business? Is it excluded as brokerage activity? Exempted as
for banks to consider. The inset describes what the Volcker rule for the benefit of customer? Exempted as market making? Should
considers risk mitigating hedging. Note the risks hedged must be
banks rebut the presumption that such activity is trading? Likely,
specific and identifiable. “Hedging interest rate risk” is not specific.
precedence will be set over time.
The risk protected by an anticipatory hedge may be hard to identify.
The second bullet of the inset requires hedges to be specific to
a position. This requirement makes Macro-hedging difficult to
defend. As an example, fine tuning net interest income at risk with “AS ROBESPIERRE WOULD
interest rate swaps can involve opening and closing derivative
positions within 60 days. That becomes trading. To show that BE QUICK TO POINT OUT,
activity is permissible under Volcker, the ALM desk must document
the hedge activity as follows: “IMMEDIATELY” IS LESS THAN
• Identify the risk(s) of the hedged positions, contracts, or other
holdings of the banking entity that the purchase or sale is
60 DAYS, MAKING THESE
designed to reduce;
TRANSACTIONS TRADING
• Describe the specific risk-mitigating strategy that the purchase
or sale is designed to fulfill; TRANSACTIONS”
• Distinguish the trading desk or other business unit that is
establishing and responsible for the hedge; and
Finally, consider one last unexpected consequence. Many of the
• Create and retain records that show the hedge complies with
the risk mitigating hedge requirements. Regulators can ask for mid-size banks that reported few or no trading account assets,
this analysis for up to five years, and banks must promptly reported trust accounts under management. With custody of
produce such records. securities accounts come potential for trade errors. Consider a
customer that asks the custodian to sell $100,000 in bonds. In error,
As illustrated at the May 3-4 Risk Americas Convention, records
the bank purchases the $100,000 in bonds. The bank now owns
showing hedge compliance are extensive. They must demonstrate
correlation analysis, and independent testing designed to ensure that $200,000 in bonds. Upon identifying the error, it will sell the position
the positions, techniques and strategies that may be used for hedging. and lock in the loss or gain from the error. Assuming the banks
They must be specific to the risks identified at the outset of the hedge. internal controls are reasonably effective, they will find and correct
These requirements will change the way you document balance sheet the error within 60 days. If not, the bank has considerably bigger
hedges and may change your balance sheet hedging strategies. problems than Volcker Rule documentation. Because the bank in
A second unexpected consequence pertains to transactions entered this example purchased and sold $100,000 of bonds within 60 days,
into for the benefit of customers. I use mirrored customer trades as the transaction is presumed trading. This could be an intriguing
an example. Many mid-size banks offer corporate clients help with opportunity to rebut the presumption of trading. Minimally, the
managing their interest rate risk. The classic fixed for floating interest bank should document the error to leave a clear audit trail that a
rate swap lets borrowers make fixed-rate credit facilities out of floating customer trade, not a speculative whim, set this set of transactions
rate loans. With this swap, the borrower pays the bank a fixed rate and in motion.
15% DISCOUNT
2052A/LCR Using code RIMAG33
FUNDS TRANSFER
PRICING
CCAR
NSFR
LIQUIDITY &
REPORTING
RECOVERY &
RESOLUTION
ENHANCED PRUDENTIAL
STANDARDS
FUNDING RISK USA
TLAC Reviewing Regulatory Expectations Across Liquidity &
Funding Risk for Better Management and
INTRADAY LIQUIDITY
Understanding of Impact on Balance Sheet
SEPTEMBER 27-28, 2016 | MILLENNIUM BROADWAY, NYC
Economic liquidity stress modeling

OTTO HUBER
KEY HIGHLIGHTS
GLOBAL HEAD OF LIQUIDITY RISK, CREDIT SUISSE
Otto, can you please tell the stress modeling in particular is a key talking while addressing the weaknesses of the latter.
Center for Financial Professional point? In case the internal metric is more restrictive,
readers about yourself and your it can be used as universal risk metric for
Unlike classical market risk management
professional experience? liquidity management purposes and will
and modeling, which is quite mature and
I have been with Credit Suisse for over 11 standardized across the industry, liquidity risk thereby automatically ensure regulatory
years. I am currently Global Head of Liquidity modeling is still developing. I believe there compliance.
Risk Management, a role in which I have is a tremendous mutual benefit by sharing
How do you see the role of
global functional responsibility for the second experience across different firms on their
line of defence for liquidity risk management. approaches to liquidity risk modeling. Our liquidity risk professional changing
Before joining the Risk Division in October bank just underwent a significant effort to over the next 6-12 months?
2015, I was in Credit Suisse’s Global Treasury overhaul our internal liquidity risk model and I I reckon most firms have realised that a
in Zurich and New York, where I was am looking forward to sharing my experience
much stronger second line of defence for
responsible for Treasury Risk & Modeling. with peers and to learn from their approaches
liquidity risk management is needed than
In this role I was in charge for the modeling to this topic.
they used to have in the past. Many firms,
View the full
of non-maturing products and non-interest
bearing assets and liabilities, the valuation
agenda at www.cefpro.com/li-
Why is it important to compare including Credit Suisse, have significantly
internal economic liquidity stress
quidityusa
and risk assessment of Treasury-issued debt
and capital instruments, as well as for the
models and regulatory metrics?
increased the second line of defence for
liquidity risk management in terms of size,
Treasury funds transfer pricing methodology. There has to be a link between the seniority, and business proximity. Our team
Before joining Credit Suisse, I studied at the internal liquidity risk model and regulatory has quadrupled over the last 2 years and
University ofReaders can
St.Gallen from save
which 15%
I hold a on metrics.
registration using
If the internal modeldiscount code RIMAG7.
is less restrictive Register
I anticipate it will continue today
to grow – at
PhD in finance. than the regulatory metrics, then a firm cannot a much slower pace though. Therefore,
by contacting jesse.hopkins@cefpro.com or calling
focus on managing to the internal metric. I
the team on +1 888 677 7007 /
At the Risk EMEA 2016 Summit we now have to deliver on our promises
think the internal model shall generally be
you focused on modeling. Why do +44 (0) 20 7164 6582
more restrictive than the regulatory metrics,
to management and the regulators and
you believe that economic liquidity continue the journey we’ve just started.
RUN THE RISK

ONE SYSTEM
COUNTLESS SOLUTIONS
• Securities Analytics and Por tfolio
Management
• ALM and Risk Management

• Advanced Default Modeling
• Liquidity Management
• Fully integrated DFAST and LCR Solutions
www.zmfs.com
Put DCG’s experienced

model validation team to
work and gain quantitative
and governance insights
REGULATORY SUMMER SPECIAL

LANDSCAPE 20% DISCOUNT
on first 20 registrations
ILAAP
LCR
NSFR
INTRADAY LIQUIDITY
DATA
ASSET MANAGEMENT
QUO VADIS
LIQUIDITY MANAGEMENT
LIQUIDITY RISK
CONTROLS
LIQUIDITY RISK MANAGEMENT
15 NOVEMBER, 2016 | LONDON
Reviewing regulatory requirements to better understand the

liquidity risk landscape for management and compliance
L
iquidity Risk Management is an area incorporates adequate risk controls, robust is a challenge faced by all institutions during
of focus for financial institutions and frameworks, regulatory scrutiny and supports our research. The question remains how
regulators globally, with the potential strategic planning and management. organizations can build out systems to
systemic impact of being unable to obtain As is the case across many regulatory support these regulations, whilst ensuring
the necessary liquidity to cover financial changes, there is an element of the flexibility to make unexpected changes
obligations, regulators are cracking down interpretation across the industry and and incorporate new regulation into a firm
to safeguard the industry and reduce the individual organizations when implementing wide risk management programme.
systemic risk of large organizations failing to An area falling under the regulatory changes
regulations. Many changes look to bring
meet obligations. bracket is that of intraday liquidity and the
uniformity across the industry to create a
Liquidity and the associated risks remain a level playing field and ensure comparability necessary reporting requirements. Many
top priority for all financial institutions across across institutions. However the level of internal systems and infrastructures were
the industry, with a range of regulatory interpretation across institutions and various not originally set up to cope with and
changes and uncertainty around the future departments does not always create the facilitate the level or reporting required
of the liquidity landscape, is there a light desired comparability and uniformity. for intraday liquidity, therefore the efforts
at the end of the tunnel for liquidity risk With the language used in consultative for most financial institutions have been a
managers, and an idea of the broader papers often very ambiguous and final huge undertaking, resulting in huge drains
liquidity landscape? Many of the regulatory standards often also similar, it is down to on resources. A second area under the
changes within liquidity risk have been institutions to be subjective around their systems for intraday liquidity reporting is
released by the regulators and interpreted interpretation, which has its benefits and its the data available in the current systems,
by the financial institutions and implemented pitfalls. Allowing for individual, subjectivity the granularity of data required for intraday
or infrastructure changes have commenced. in interpretation of a standard, allows an reporting is far more intricate and a vast
The focus is now shifting to the bigger institution to tailor the changes to their amount to report current positions at any
picture and reviewing how these regulations given point. Institutions are now moving
organization, with smaller institutions often
work alongside each other, with a phase towards understanding the requirements
dubious that the rules are created with large
in period for each regulation, it remains better and therefore beginning to
banks in mind, it gives the opportunity to
unclear the overlaps that will occur and how operationalize the process and build it into
customize to a certain degree.
institutions can alleviate this duplication of a permanent system within the reporting
effort for a more seamless approach. As the However ambiguity can also result in infrastructure, managing this on a daily basis
industry moves closer to implementation infrastructure overhauls and extensive continues to be a challenge, with limited
and finalization of standards, it remains to be draining of resources towards regulatory resources, limited data sets for analysis and
seen whether there is a bigger picture to be compliance, only to fall at the final hurdle, subject matter experts to constantly collect,
seen, whether regulators are taking a case forcing companies to take a better safe collate and report the necessary data. To
by case stance or working towards a bigger than sorry stance and interpret the rules accommodate new and evolving regulations,
goal for the liquidity landscape. Financial as they are stated. Over the last few years, beyond intraday, there has been a clear
institutions must look to improve or develop institutions have seen many large overhauls focus on gaining a better understanding
their current infrastructure to support the in the liquidity space with areas like LCR, and requirement for flexibility in systems and
regulatory demands, adaptability being NSFR, ILAAP, Intraday all coming into play frameworks to be put in place. The levels of
key to accommodating the changes and over the last few and upcoming few years, granularity, accuracy and the requirement of
ensuring not just regulatory compliance, interpreting these to ensure they are aligned maintaining data ahead of time is a crucial
but a good risk management practice that internally and all work adequately together challenge.
RISK INSIGHTS | FRTB
How do you see the role of the market risk

professional changing over the next 6-12 months?
DIONISIS GONOS ANUSHMAN PRASAD
DIRECTOR, CO-HEAD QUANTITATIVE MANAGING DIRECTOR
ANALYTICS FOR MARKET RISK, MOODY’S COPAL AMBA
BARCLAYS
It’s a big period of change. While the theoretical The role of the market risk professional has been evolving fast post the financial
requirements of the FRTB framework are not too crisis in accordance with Basel 2.5 regulations. We see this evolution pick up
challenging, the implementation details, system more steam as the framework takes a concrete shape. While we believe that
and architecture requirements are. The market risk banks and financial institutions will eventually come to grips with understanding
professional will need to get involved in almost the framework itself, the real challenge seems to be in implementing this
every detail of the implementation and architecture framework. The demand for high quality data and increased processing power
(from time series, to proxies, sensitivities calculation, may arise from calculation of multiple market risk measures at various liquidity
scenario generation, valuation, P&L, reporting horizons and asset classes, default risk charge, and non modellable risk factors.
allocation and explain) to ensure that all the Hence a market risk professional will need to adapt and update their skills to
components can work together optimally to get the not only meet the modeling challenges but also the software implementation
needed accuracy and provide the business and Risk challenges related to storage and complex processing of such large scale data.
Management the tools to navigate this complex This may even demand use of cloud computing and non-relational data bases
framework. frameworks to process unstructured data.
The potential pitfalls of

operating under an internal
models based approach
THOMAS HOUGAARD
SENIOR PROJECT MANAGEMENT OFFICER, FRTB PROGRAMME, NORDEA
At the Risk EMEA 2016 Summit you restrained by the netting opportunities of of how the set of principles in the final FRTB
looked into the potential pitfalls of the standardized framework. rules in practise will be translated into law –
operating under an internal models which will have implications for what must be
How can professionals prepare if
based approach. Why is this such a built in terms of market risk infrastructure. At
internal models fail?
key talking point? the same time it is my general understanding
At this stage we can honestly say that it With the current design of the framework that most market participants agree that one
looks like it will be much more difficult it is not unlikely that the model assessment must proceed with high urgency if one wishes
to receive and maintain internal model triggers for IMA (especially the P&L attribution to be able to have an Internal Model ready
approval than has previously been the case. test) periodically can force individual desks and approved by the indicated timeline in the
And further that in the current form, several onto the standardized approach. In practice final version of the FRTB rules as published by
of the components of the IMA framework that means that one needs to prepare the Basel Committee for Banking Supervision.
will require a lot of work both within mitigating actions for managing capital In practise this means that one must decide
individual banks and across the industry to consumption for both IMA and SMA even on a series of large investments before there
translate into workable processes as well as if one aims for Internal Model Approval. is a clear picture of what exactly needs to
economically efficient business models. I would therefore encourage all banks to be built. This is one of the main reasons why
develop comprehensive capabilities and Nordea has chosen to follow an agile project
What would you say are the understanding of the future standardized
ramifications of certain desks management approach to implementing our
approach for market risks. project.
being bumped to standardized?
What key challenges do you On the methodological side I think that the
Clearly this is a capital issue. Interestingly
believe lie ahead for the market largest challenge will be that we must move
though even for the small subset of
risk with the finalisation and move from risk models that are appropriately
desks for which the capital impact of
towards implementation of FRTB
this would be manageable there will be conservative to capture all material risks to
standards?
consequences. That is because the logic risk models that with a fairly high degree of
and economics of how to hedge market One of the most important challenges that certainty can replicate actual P&L. This is not a
risks in a capital efficient way will be I see is that we have limited or no visibility trivial exercise.
RISK INSIGHTS | FRTB
A look towards the

CVA finalisation rules
MARTIN DELLOYE
REGULATORY WATCH
& POLICIES
BNP PARIBAS
The debate
the real world. It also accepts
Are there any areas within the CVA that extreme events initiated
financial rules you anticipate as being by exogenous shock feed upon
more challenging?
CVA risk is an area where striking the right
between VaR themselves. And it takes into
account the incentives to “game”
balance between simplicity, comparability and
risk sensitivity is particularly challenging. and ES the risk measurement system
and that extreme contingent risk
On the one hand, some regulators consider the (e.g. out of the money options)
proposed advanced approach – IMA-CVA – is may create reward and no VaR
overly complex. On the other hand, the industry
claims that the standardized approaches – SA-
BRANDON DAVIES measured risk.
CVA and BA-CVA – are not risk-sensitive enough. FORMER HEAD OF MARKET RISK,
BARCLAYS Regulators are being persuaded to
A constructive dialogue between the Basel
Committee and the industry is essential to
move towards an ES-based system
reach a good consensus. Unfortunately, the by what happens in markets, where
Value-at-Risk (VaR) is a measure
Committee’s timeline is very tight (finalisation of prices are not normally distributed
the rules expected by September 2016) and a of losses due to “normal” market
and empirical studies show that
second consultation is out of time. movements which means it ignores
asset price distributions exhibit “fat
extreme outcomes. By ignoring the
Back on IMA-CVA, it is well acknowledged that tails” (leptokurtosis).
it is challenging to implement. Under IMA-CVA, tail risks, VaR creates an incentive
banks would have: to take excessive but remote risks. The mathematics of such
• To produce a wide range of CVA sensitivities Consider an investment in a coin- distributions imply far higher
on a daily basis which require an upgrade flip. A £100 bet on tails at even capital requirements than normal
of calculation capacity.
money creates a VaR to a 99 per distributions and that analysis of
• To comply with eligibility tests (P&L attribution cent threshold of £100 as you will the tails is more important than
& backtesting).
lose that amount 50 per cent of the that of the variance from the mean
Nonetheless, it seems reasonably achievable with time, which obviously is within the – this means an ES measure is more
some fine-tuning and sufficient time to adapt.
threshold. In this case the VaR will relevant than VaR.
Could you give us a brief outline on equal the maximum loss.
the shortcomings of the current CVA ES also invariably produces a far
framework?
Compare that to a bet where you higher capital requirement than VaR
The current framework has a number of which suggests the latter provides
shortcomings among which:
offer 127 to 1 odds on £100 that
heads won’t come up seven times a gross under estimate of risk and
• The Advanced Approach introduces a capital.
hypothetical regulatory CVA distinct from in a row. You will win more than
the true accounting CVA. What is 99.2 per cent of the time, which
ultimately capitalized is the hypothetical However ES also ignores the
exceeds the 99 per cent threshold.
regulatory CVA which distorts the essential probability, that the rare tail risk
As a result, your 99 per cent VaR is
link between economic risk truly incurred data observations are far less stable
and capital. zero even though you are exposed
observations than the common
to a possible £12,700 loss. In data observations around the
• Only the credit spread risk of CVA is
captured. other words, an investment bank mean average of a distribution.
wouldn’t have to put up any capital Projections of risk based on an
• Proxy credit spread hedges are not eligible.
to make this bet. assumed distribution will be stable
• Both market risk hedges and non-eligible
credit hedges are capitalized as but if the tail observations are the
open positions under the market risk In contrast, Expected Shortfall is result of dynamic and conditional
framework. a measure that takes into account processes such projections may
• The standardized approach is not a the fact that tail risks and extreme prove to be very accurate wrong
credible fallback to the advanced events happen frequently in numbers.
approach as it is not risk-sensitive at all.
Sometimes you have
something really good
to show for yourself
RiskTech ®
RiskTech ®
RiskTech ®
2016 Category Winner 2016 Category Winner 2016 Top Ten

IFRS 9 Regulatory Reporting
www.wolterskluwerfs.com
ADVERTISE ON RISK INSIGHTS, E-NEWSLETTER AND RISK INSIGHTS MAGAZINE

Feature your company and thought-leadership in our next Risk Insights magazine, the online website,
and our monthly newsletter. We send out our Risk Insights to over 350,000 professionals every month.
Visit www.risk-insights.com for our media pack or contact us on +44 (0) 20 7164 6582 | +1 888 677 7007
CONNECT WITH US

Risk Insights Magazine Issue One

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Risk Insights Magazine Issue One

Transféré par

Droits d'auteur :

Formats disponibles

JULY – DECEMBER 2016

Building a CCAR Economic Consistency of IFRS 9

KEEP UP TO DATE ON OUR LATEST

MANAGE YOUR ONLINE

RECEIVE EXCLUSIVE OFFERS

INTERACT WITH THE ATTENDEES

Welcome to our Risk Insights magazine

RISK INSIGHTS | Stress Testing and Model Risk

Building a CCAR compliant

RISK INSIGHTS | Stress Testing and Model Risk

KEYNOTE REGULATORS PROCESS & MODEL RISK

RISK INSIGHTS | Stress Testing and Model Risk

Reviewing evolving stress testing

RISK INSIGHTS | Stress Testing and Model Risk

Understanding the gains and losses for institutions

Reduce Model Risk

CIMCON Software, LLC

RISK INSIGHTS | Stress Testing and Model Risk

How stress testing is compared to economic capital

PPNR modeling and the role of the

RISK INSIGHTS | Stress Testing and Model Risk

STRESS TESTING USA:

HEAR FROM MORE THAN 40 SENIOR STRESS

RISK INSIGHTS | IFRS 9

10 financial risk and regulation

RISK INSIGHTS | IFRS 9

LONDON | 20-21 SEPTEMBER 2016

KEY TOPICS INCLUDE

15% discount for our readers using discount code: RIMAG30

RISK INSIGHTS | IFRS 9

IFRS 9 IMPAIRMENT – BRANDON’S VIEW

12 For the latest financial

RISK INSIGHTS | Operational Risk

RISK INSIGHTS | Operational Risk

RISK INSIGHTS | Operational Risk

RISK INSIGHTS | Operational Risk

Challenges for a new generation

RISK INSIGHTS | Operational Risk

Third party risk management

Third party management Alignment of third

RISK INSIGHTS | Risk Americas

Risk Americas 2016

CLOSE TO 400 SENIOR FINANCIAL RISK PROFESSIONALS ATTENDED

RISK INSIGHTS | Risk Americas

RISK INSIGHTS | Liquidity & Capital Management

Key components of LCR/2052a implementation

‘Basel IV’: Stay ahead of the game…

Visit www.axiomsl.com for more information.

Contact us Connect with us

RISK INSIGHTS | Liquidity & Capital Management

Reviewing the potential transition

RISK INSIGHTS | Liquidity & Capital Management

RISK INSIGHTS | Liquidity & Capital Management

SEPTEMBER 27-28, 2016 | MILLENNIUM BROADWAY, NYC

Economic liquidity stress modeling

RISK INSIGHTS | Liquidity & Capital Management

RUN THE RISK

• ALM and Risk Management

• Fully integrated DFAST and LCR Solutions

Put DCG’s experienced

RISK INSIGHTS | Liquidity & Capital Management

REGULATORY SUMMER SPECIAL

Reviewing regulatory requirements to better understand the

RISK INSIGHTS | FRTB