ERM Lecture 2

24 September 2016

 Started with review, very heavy on risk identification and monitoring.

 Risks can indeed change through time, hence there must always be monitoring.
 Remember that when you look into the company, assess it through both external and internal
events.
 Two dimensional matrix in assessing risks: (1) frequency and (2) impact of the risk.
 Went back to review on Basels I, II, III
 Dwelled on the Herstatt Bank incident that triggered the Bank of International Settlements. FYI,
the Herstatt Bank incident is when the German Bank, Herstatt shipped out their Deutsche Marks
and had a bankruptcy issue due to the time difference issue from US to Germany. This prompted
the “Continued Linked settlement platform” that did away with the limitation of time
differences between transactions.
 Basel I started the whole minimum capital issue and only focused on one risk: credit risk.
 Risk Weighted, i.e. you are taking into consideration the risks involved, and you consider the
amount of risk that the company will have to consider. Risk weighting is pretty much the same
as the risk charges that you can see when it comes to RBC risk rating.
 Basel II focused more on international standard of regulators. There are still capital
requirements but it covers other risks more than credit risk in Basel I, i.e. operational risks and
market risks.

External Environment Assessment

Credit risk can be calculated in 3 ways:

1. Standardized approach
2.
3. Advanced IRB – Banks can use scorecards, more tailor fitted than the previous approach since it
takes into consideration idiosyncratic variables on the bank.

Operational Risk Calculation

1. Basic indicator approach – Only focuses on annual revenues

2. Standardized approach – takes into consideration business lines vis-à-vis annual revenues
3. Internal measurement approach – Based on the internally developed risk management
framework of the bank.

Internal Environment Assessment

 Facility scheduling (takes into consideration manpower issues, e.g. why hire 70 people when 50
people can already be efficient) vs. Capacity scheduling (Why use all 5 machines when you can
have optimum production at 3?)
 Value Chain analysis: the better relationship you have with your suppliers and customers, the
lesser risks that there will be. Having a value chain analysis approach is most useful.
  Formula for Value Chain analysis: Divide your company’s operations between the primary
activities and support activities. Then BENCHMARK with companies with the similar industries.

Risk Assessment

 This is important since a company is always fraught with risk. However, there must be a clear
delineation on whether or not these risks are material or not.
 Also the company’s hands are tied down due to budgets, so it wouldn’t exactly want to waste
money on risks that aren’t that important.
 Prioritization is a condition sine qua non. Take note however, that this isn’t arbitrary. These risks
have to be ultimately measured.
 Risk assessment allows companies to gain on how much they can invest in the future.

TREC and MORE

 TREC – not emanating from a singular risk, but interrelated (Starting Point)
 MORE – there is a rippling effect (Contagion)

N.B. If you are into risk management, do not only look at the problem head on. Look at all angles for
this is how you prepare for the materiality of your risk.

Severity (S) does not only cover potential losses. You must also determine cleanup costs and contagion
(C) with the total loss (E). Add these two factors with the potential losses and you will have the full
amount of your severity.

S=E+C–R
R = Recovery since after all, you are a company and you can definitely recover through insurance,
mitigation processes and the filing of suits. (Take not of the other formulas that you can use in the
handouts.

Not enough to solving shiz. You must also do your best to correlate the data that you have and solve for
the distribution of the losses.

Distribution, i.e. normal and beta distribution, which dwells on the frequency of the event. Most useful
of course to correlate the frequency and the impact.

 Learn to avoid black boxes and make all processes transparent. Also, heavy emphasis on
documentation so that you can come back to stuff should you want to have a take on the risks
that you have encountered in the past.

Four things to know by heart:

1. How risks behave

2. When they are likely to materialize
3. Their potential size
4. What can be done about them