Book 2. Credit Risk

FRM Part 2

CR 2. Governance

Presented by: Sudhanshu

Module 1. Governance and Risk Management

Module 2. Credit Risk Guidelines

Module 1. Governance and Risk Management

Topic 1. Governance and Risk Management

Topic 1. Governance and Risk Management

• Effective governance provides a framework for achieving an organization's objectives.

• A key component is superior risk management, where risk managers help balance business needs with protecting the organization from undue risks.

• The CEO is ultimately responsible for ensuring that adequate governance guidelines have been established and should have the support of their staff.

• The Process of Risk-Taking:

  • Credit Origination: The process of acquiring or creating a credit-sensitive asset. This is typically driven by business units or originators who identify potential transactions.

  • Credit Risk Assessment: The evaluation of a proposed transaction to identify, measure, and price the risk. This step is a collaboration between the originator and the risk manager.

  • Credit Approval: The formal process of obtaining approval for the transaction. This involves an internal approval committee or an individual with delegated authority, based on the transaction's risk.

• Three Lines of Defense Framework:

  • First Line: Business owners who own and manage risks directly.

  • Second Line: Enterprise risk management, compliance, and legal functions that monitor and oversee the first line.

  • Third Line: Internal and external auditors and audit committees who provide independent risk monitoring and assessment.

Practice Questions: Q1

Q1. To ensure an adequate second line of defense, organizations should:
A. include the compliance and legal functions in risk oversight.
B. look primarily to business owners because they own and manage the risks.
C. ensure that the first line of defense has proper oversight of the second line.
D. ensure that the audit function provides an independent risk management role.

Practice Questions: Q1 Answer

Explanation: A is correct.

Effective risk management and control is based on three lines of defense: first line (business owners), second line (enterprise risk management, compliance, and legal functions), and third line (internal and external auditors and audit committees). The second line provides oversight of the first line.

Module 2. Credit Risk Guidelines

Topic 1. Key Principles of Governance

Topic 2. Guidelines (Credit Policies)

Topic 3. Skills

Topic 4. Limits

Topic 5. Oversight

Topic 6. Transaction Parameters

Topic 7. Credit Committee

Topic 1. Key Principles of Governance

• Guidelines: The foundation of a good governance system. They provide the rules and framework for how transactions are conducted. These guidelines should be clearly documented and easy to understand for everyone in the organization.

• Skills: The delegation of authority to individuals with the necessary knowledge and experience is crucial. This ensures that risk-taking is handled by competent professionals who understand the business and the products.

• Limits: These are quantitative controls that define the maximum acceptable level of exposure. By setting clear limits at various levels (e.g., counterparty, sector, or country), the firm can manage its risk appetite and avoid excessive concentration risk.

• Oversight: The independent review and monitoring of risk-taking activities. A strong oversight function, typically led by the CRO, ensures that guidelines and limits are adhered to, and that the risk management process is effective and free from business influence.

Topic 2. Guidelines (Credit Policies)

• Define the rules for how transactions are conducted and should be understandable, concise, precise, and accessible. The language should be clear and straightforward, avoiding legal jargon.

• Content: Guidelines should cover the purpose, methodology, transaction approval flow, how to handle new products and markets, the review process, and consequences for employees who breach or fail to adequately follow them.

• Creation & Approval:

  • Guidelines are sponsored by the CFO or CRO and approved by the Board of Directors and its risk committees.

  • They should be reviewed periodically for content and accuracy, especially after changing regulations, major events like mergers and acquisitions or significant losses.

  • Maintenance: The CRO's office is responsible for drafting, approving, and maintaining the guidelines. Those drafting the guidelines should have sufficient seniority and expertise to deal professionally with potential conflicts with business units.

• Breach & Noncompliance:

  • Breaches should be infrequent. Organizations typically maintain a central database for pre-trade checks to prevent unauthorized trades.

  • Guidelines should include "carve-outs" for unintentional breaches due to external factors, such as foreign exchange rate fluctuations.

Practice Questions: Q1

Q1. A firm’s risk management unit is updating their guidelines relating to transaction approval and delegation. Risk managers are worried that even when transactions fall within available credit limits, foreign exchange volatility may cause breaches in these limits. Which of the following guideline parameters would be most appropriate to deal with this type of outcome?
A. The guidelines should include a carve-out for breaches that are due to foreign exchange rate volatility.
B. Breaches in the credit limit due to foreign exchange rate movements should be immediately escalated to the chief risk officer (CRO).
C. The guidelines should treat each breach in the credit limit as an error by the originator, because currency movements should be anticipated.
D. Breaches in the credit limit due to foreign exchange rate movements should be immediately escalated to the risk commiee of the board of directors.

Practice Questions: Q1 Answer

Explanation: A is correct.

The firm should include a carve-out in the guidelines to allow for breaches of credit limits due to external factors not within the control of the firm. It is not prudent to treat these breaches as an originator error, and it is not necessary to escalate them if the guidelines include the carve-outs.

Topic 3. Skills

• Authority must be delegated to professionals with the proper skills and experience.

• Risk managers should:

  • Have a solid understanding of the business and products.

  • Understand that the risk function is often viewed by originators as an impediment to business growth and should therefore establish good relations with them.

  • Act in an advisory role to the business, as they are not a profit center and typically lack veto rights. They can, however, escalate dissenting views via written memos to credit committees.

• Delegation of Authority:

  • The process has two key steps: (1) Assigning risk parameters to each transaction (amount of exposure, credit quality, tenor), and (2) Delegating authority based on those parameters.

  • Approval levels are based on transaction risk; simpler, low-risk transactions can be approved at lower levels, while higher-risk transactions require senior management involvement. An approval flow chart is often used to summarize this process.

Topic 4. Limits

• Also known as credit lines, they represent the maximum dollar loss an organization is willing to accept.

• Limits can be set at the aggregate organizational level and then assigned to specific businesses, counterparties, sectors, or countries.

• The setting of limits is based on a combination of assessing risk exposures and management's intuition, which is often influenced by regulators and rating agencies.

Practice Questions: Q2

Q2. Which of the following statements about risk managers’ reporting structure is most accurate?
A. To be most effective, risk managers should report to the business unit heads.
B. To preserve their independence, risk managers should report directly to the CRO.
C. Risk managers should have dotted line reporting to both the CRO and business unit heads.
D. To ensure effective risk governance, risk managers should report directly to the board of directors.

Practice Questions: Q2 Answer

Explanation: B is correct.

Risk managers should report to the CRO instead of the business unit heads to ensure they remain independent and free of business influence. CROs have influence at the top organization level including the CEO and risk committees. It would not be feasible for risk managers to report directly to the Board, which deal with broad oversight of risks rather than more granular risk matters.

Topic 5. Oversight

• Effective oversight requires independence, strong qualifications, closeness to the business, and an open mind.

• Independence:

  • Risk management should not be located within a profit center.

  • To ensure independence, risk managers should report to the CRO (Chief Risk Officer) instead of business unit heads. The CRO typically reports directly to the CEO and has direct access to the Board's risk and audit committees.

• Balancing Act:

  • A good risk manager balances business needs with protecting the organization's interests.

  • While independent, they should still be familiar with the business units, profit drivers, and transaction structures.

Topic 6. Transaction Parameters

• Credit-sensitive transactions are defined by three key parameters:

  • Amount of Exposure: The measurement of potential losses.

  • Credit Quality: The assessment of the creditworthiness of counterparties to understand the risk of losses.

  • Length of Exposure (Tenor): The period of time an organization is exposed to potential losses.

Topic 7. Credit Committee

• A committee of senior executives that makes decisions on important or high-risk transactions.

• The committee should have a charter that clearly lays out the approval processes.

• Membership: Should include members from key functions such as business units, risk management, tax and accounting, compliance, and legal.

• Role of the Chair: The chair's role is to solicit opinions, facilitate objective discussion, and direct the committee to a vote if there is no consensus.

• A well-functioning committee will have a track record of both approving and declining transactions.

Practice Questions: Q3

Q3. A firm recently developed a model to help summarize the creditworthiness of each of its counterparties. Which of the following risk parameters of a credit-sensitive transaction does this most likely represent?
A. Tenor.
B. Credit quality.
C. Maximum loss.
D. Amount of exposure.

Practice Questions: Q3 Answer

Explanation: B is correct.

Parameters of credit-sensitive transactions include credit quality (assessing the creditworthiness of counterparties and the risk of losses due to counterparty exposure), the amount of exposure (measuring losses), and length of exposure (period during which risk exposure exists).