Professional Documents
Culture Documents
Risk management
Risk is inherent in financial activities, and must be taken into account from the time the decision is taken to initiate a transaction through to its final completion. For this reason, the management of risk is primarily the responsibility of the professions and the regions. After all, the latter are given the particular task of: analysing the risks they initiate verifying that these are compatible with the risk management policy laid down by the company and with their own position regarding risk taking ensuring that these risks are handled in a dynamic manner. Responsibility for controlling the management of risk, for its evaluation and more generally its supervision, is incumbent upon an independent unit attached to the general management. This unit has extensive responsibilities and its task is to cover all the risks generated by the organisations activities. It is involved at all levels of the process of taking and monitoring risk. Its continuing tasks are in particular to draw up recommendations regarding risk policies, to review the portfolio of risk with a forward-looking vision, to work out the methods, procedures and instruments for identifying and monitoring risk, to guarantee quality and efficiency, and to provide exhaustive and reliable reports on risk for the general management. The outcome of this work is first to help reduce the volatility of results and, secondly, to optimise stockholders capital.
Matriser la qualit est une dmarche permanente. Elle passe par le dploiement de dmarches dassurance qualit. Cellesci ont pour but de don-
SUMMARY
June 2005
Credit risks These risks stem from the potential losses that may result if a counterpart defaults. This type of risk is managed according to strict rules set out as part of the strategy and major risk policies of each institution. The main principles declared include the companys requirements regarding ethics (see paper on ethics). Market and interest rate risks This concerns the risks of changes in interest rate, the risk of falls in the share market, exchange risks, and so on.
Liquidity risk This is the risk that an establishment may be unable to meet its commitments. Insurance risks These are the types of risk specific to the insurance sector. They are for example the risk of issuing a policy (risk of death, risk of disasters) and the risk of making provision for non-life incidents.
In addition to financial and insurance risks, operational risks are taking on increasing importance in the insurance world, as they are in banking. In the latter sphere, following the decisions by the Ble committee, these risks are embodied in the new solvency ratios of the European banks, in addition to the credit and market risks. These risks are of various types: Distribution and marketing risks Risks of fraud and money laundering Social risks Security risks and those concerning damage to persons and goods (fire, sabotage, terrorism, etc.) IT risks Risks affecting organisation and processes Legal, regulatory and fiscal risks Image risks.
The organisations have adopted an approach that seeks to enhance their control over this category of risks. It involves a number of aspects: identifying the risks and setting up databases of internal and external operational losses, introducing procedures for the specific monitoring and checking of the different types of operational risks identified, and adopting measures aimed at reducing losses. These tasks of identification, monitoring and prevention are closely coordinated with the professions, regions and the different transverse functions involved (information systems, human resources, legal and fiscal functions, ethical approaches, and so on).
Internal control
Having regard to the scope and diversity of the risks involved in their activities, the French banks have long been concerned about the reliability of their internal control. This approach is set out in rule n 2991-021 of the banking and financial regulation committee (concerning the internal control of credit establishments and investment businesses and which amends rule 97-02)
The principal challenge in internal control is to strengthen the security of banking activities, which complements the quantitative checks that are part of normal care and attention. Internal control comes under the responsibility of the general management and the board of directors of each banking establishment, and involves four different types of objective: The quality and reliability of accounting and financial information, The compliance of transactions, organisation and internal procedures with the applicable legislative and regulatory provisions, with the professional and ethical standards and practices, and with the guidelines of the managing body. The quality of the reporting, information and communications systems, Abiding by the decisions taken by the general management. Generally speaking, internal control is at three levels:
2. INTERNAL AUDIT
This is a permanent arrangement which assesses the efficiency of the internal control system in the organisation it covers. The internal audit is subject to three main principles: independence, impartiality and universality. It thus covers all the activities of the bank, through decentralised teams whose task is to identify the areas of risk in the organisations they work with. In practice they lead to checks on security, compliance and efficiency, and assess the quality of the continuing surveillance of the departments being audited. These arrangements are supplemented by specific audits in those fields that are particularly technical: legal, counterpart risks, computer security, and so on. The work is done under the responsibility of the competent functional divisions (division of risks, financial and accounting divisions, ethical division, legal divisions, etc.).
3. THE GENERAL INSPECTORATE 1. CONTINUOUS MONITORING OF THEIR ACTIVITIES BY THE OPERATIONAL STAFF
This body conducts verification tasks embracing every aspect of the activities and operation of the bank. It reports its observations and recommendations to the general management. The general inspectorate is also charged with monitoring the coherence and efficiency of the internal control system. Since the enactment of the financial security law on 1 August 2003, every establishment is required to draw up an annual report on the operation of the internal control system for the annual general meeting of shareholders. The content of this report is submitted beforehand for inspection by the auditors. Following new requirements on the part of the regulator, the internal control of banks is to be further strengthened in order to: Improve the control and monitoring of external activities by introducing special clauses into the contracts concluded between the banks and certain of their service providers, Intensify control of the compliance of transactions carried out by banking companies in order to make the present system more visible, notably at international level.
This is the cornerstone of internal control, defined as all the arrangements made on a continuous basis to guarantee at operational level the regularity, security and validity of the transactions carried out. Continuous monitoring is in two parts: Routine security, which encompasses all staff, and which is based upon every staff members abiding by the relevant rules and procedures for every transaction they deal with. Formal supervision, which is the obligation upon senior staff to ensure, on a regular basis and according to specified procedures, that employees abide by the rules and procedures governing transactions as well as the efficiency of security on a daily basis.
Associated papers
This paper is illustrated by a selection of good practices applied by financial players in France and elsewhere. They are listed on the website: www.orse.org
The papers on "Finance and Sustainable Development" are based upon the work done by the ORSE Club Finance.