RM in banking

What are the four main steps in the risk management process?

1) Identification

2) Assessment/Measure

3) Controling/Managment/Mitigation

4) Monitoring and Reporting

What are some major frameworks and tools used in RM?

Basel II & Basel III

COSO Enterprise Risk Management (ERM)

Sarbanes–Oxley Compliant

What is risk compensation theory?

When individuals may unconsciously adjust their behavior (e.g., drive closer to the car in front) when they perceive an increase in safety, potentially offsetting some of the benefits.

What is survivorship bias?

Whan the data is skewed because the outcomes of those who did not survive (and therefore could not be measured) are missing.

What is the Value of a Statistical Life (VSL)?

This is an economic concept used to estimate the willingness to pay for small reductions in the probability of death. VSL figures vary significantly depending on the methodology, organization, and region.

What are re two fundamentally different sources of uncertainty, and what is the difference between them?

Aleatory uncertainty

• Comes from inherent randomness in a known system

• “Known unknowns”

• Can be modeled with probability distributions and statistics

• Example: probability of rolling a 4 with dice

Epistemic uncertainty

• Comes from lack of knowledge or incomplete understanding

• “Unknown unknowns”

• Hard to quantify; relies on expert judgment, scenarios, qualitative methods (e.g., Delphi method)

• Example: predicting whether a country will default on debt decades in the future

What is the Delphi Method?

It is a structured forecasting method, used when uncertainty cannot be reliably quantified and expert judgment is required. Experts first answer a problem independently and anonymously. Their responses are then summarized and shared back with the group, allowing them to revise their views over several rounds until convergence or stable disagreement is reached.

Steps:

1. Clearly define the question or problem.

2. Select a diverse panel of experts, ensuring anonymity.

3. Experts provide independent, written judgments without group influence.

4. Responses are aggregated into a summary of key themes and differences.

5. The summary is fed back to experts, who revise their answers.

6. The process repeats until consensus or stable disagreement emerges.

Purpose:

• To combine expert knowledge when data is incomplete or unreliable

• To improve judgment quality in complex, uncertain problems

Key benefits:

• Reduces groupthink and social pressure

• Prevents dominance by strong personalities

• Encourages independent thinking followed by informed revision

• Produces more balanced and considered collective judgment

What are the types of near misses?

Harrowing Close Calls: These are dramatic events where disaster was narrowly averted. Examples include a firefighter escaping a collapsing building just in time or a tornado veering away from a town. While impactful, these are rare.

Unremarked Small Failures: These are more common and insidious. They are minor, everyday failures that occur within business operations but do not cause immediate harm. People often misinterpret or ignore the warnings embedded in these failures, treating them as normal operational occurrences or even as proof that systems are resilient. However, these can be harbingers of future crises if conditions change or luck runs out.

What is a normalization of deviance (operational drift)?

This refers to the gradual process by which unacceptable risk becomes normal. Over time, deviations from standard procedures or design specifications, especially those that do not immediately result in negative consequences, become accepted as normal practice. This can lead to a dangerous complacency.

WHat ia an outcome bias?

This cognitive bias occurs when the quality of a decision is judged primarily by its outcome, rather than the quality of the decision-making process itself. Successful outcomes, even if achieved through flawed processes or sheer luck, can lead people to believe the process was sound, masking underlying risks.

What is a latent errors (resident pathogens)?

These are underlying conditions within a system—such as human errors, technological flaws, or poor business decisions—that may exist for extended periods without causing immediate problems. They are often small and seemingly insignificant but can combine with other latent errors or enabling conditions to produce a significant failure or disaster.

What are an enabling conditions?

These are specific circumstances or events that, when combined with existing latent errors, trigger a crisis or catastrophic failure.

What is the Swiss Cheese Model?

It visually represents how accidents occur. It posits that multiple layers of defense (like slices of Swiss cheese) are in place to prevent hazards from causing harm. Each layer has "holes" representing potential weaknesses or failures. An accident occurs when the holes in multiple layers align, allowing a hazard to pass through.

What are two types of failures?

Active Failures: These are errors or violations that occur immediately before an accident and can be directly attributed to an individual's actions or inactions (e.g., a pilot making an incorrect control input).

Latent Failures: These are pre-existing conditions within the system that contribute to the likelihood of an accident. They can be present for a long time and are often embedded in organizational structures, processes, or technology (e.g., inadequate training, poor system design, production pressures).

What are the different leves for barriers/defence to prevent accidents?

• Institutional: Regulatory bodies, industry standards.

• Organizational: Company policies, safety culture, management oversight.

• Professional: Skill standards, ethical guidelines.

• Team: Crew coordination, communication protocols.

• Individual: Personal skills, vigilance, adherence to procedures.

• Technical: Safety equipment, design features, warning systems.

When does the accident/loss occures?

Occurs when active failures and latent failures align, creating a pathway for a hazard to cause damage or injury.

What are the 7 steps for recognizing and preventing near misses?

1) Heed High Pressure - be particularly vigilant during periods of high pressure (e.g., tight schedules, cost constraints).

2) Learn from Deviations - actively investigate any deviation from normal operational procedures or expected outcomes.

3) Uncover Root Causes - when deviations or near misses are identified, focus on addressing the underlying root causes rather than just treating the symptoms.

4) Demand Accountability - ensure that managers and teams are held accountable for their assessments of near misses.

5) Consider Worst-Case Scenarios - proactively explore potential negative consequences that could arise from near misses.

6) Evaluate at Every Stage - implement formal review processes not only after failures but also at key project milestones and even after perceived successes.

7) Reward Transparency - create an organizational culture where employees feel safe and are encouraged to report near misses, errors, and deviations without fear of retribution.

What is an Operational Risk?

Operational Risk (OR) is defined by the Basel Committee on Banking Supervision (BCBS) as the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.

• Exclusions: Strategic and reputational risk are explicitly excluded from the BCBS definition of operational risk.

• Inclusions: Legal risk is considered a component of operational risk.

What are the 6 stages for historical evolution of Operational RM?

1. Denial: Initially, the focus was solely on credit, market, and liquidity risks, with operational risk being dismissed.

2. Ignorance: Acknowledgment of "mistakes" but a belief that significant operational risks did not exist within the institution.

3. Zero Tolerance: A reactive approach where identified operational risks were immediately closed or eliminated.

4. Collect: A phase of gathering and classifying operational risks to gain transparency and understand the landscape.

5. Measure: Utilizing internal and external loss data to measure and simulate operational risks, enabling more active management.

6. Wake Up: Realization that some quantitative models might not fully capture the true nature or potential impact of operational risk.

What are the 7 types of categorizes operational risks?

Internal Fraud: Deliberate actions by insiders that result in loss. Example: Employee theft, misreporting financial data.

External Fraud: Deliberate acts by third parties that result in loss. Example: Hacking, forgery, theft by customers.

Employment Practices & Workplace Safety: Losses arising from violations of employment laws or unsafe working conditions. Example: Workers' compensation claims, wrongful termination suits, discrimination lawsuits.

Clients, Products & Business Practices: Losses due to negligence or misconduct towards clients, or issues with products and business practices. Example: Fiduciary breaches, failure to comply with AML regulations, mis-selling of products.

Damage to Physical Assets: Losses resulting from damage or loss of physical assets due to external events. Example: Natural disasters, terrorism, vandalism.

Business Disruption & System Failures: Losses arising from failures in IT systems, hardware, software, or utility outages. Example: Hardware malfunction, software bugs, power outages.

Execution, Delivery & Process Management: Losses from failed transaction processing, process errors, or counterparty issues. Example: Data entry errors, collateral management failures, trade errors.

What is risk?

A negative deviation from an expected result.

What is a hazard?

The frequency and severity of a perilous event that can adversely impact exposure. Quantifying hazard risk can be challenging due to factors like climate model roughness and long timeframes.

What is an exposure?

The assets that are exposed to the hazard in a given space and time. The growth of settlements in flood-prone areas is an example of increasing exposure, leading to increased risk costs.

What is a vulnerability?

The susceptibility or damageability of an asset to a given intensity of the hazard. This is often an area with less knowledge and research, but it's a key pillar of urban planning and development.

What are the three main types of financial risk?

• Market Risk

• Credit Risk

• Liquidity Risk

What are the the four main types of non-financial risk?

• Operational Risk

• Strategic Risk

• Insurance Risk (Business Risk)

• Reputation Risk

What is a market risk?

Risk of loss due to changes in market prices and rates.

• Equity price risk

• Interest rate risk

• Forex risk (Foreign Exchange)

• Commodity price risk

What is a credit risk?

Risk of loss arising from a counterparty's failure to fulfill contractual obligations or increased risk of default.

• At Transaction Level: Default risk, Downgrade risk, Settlement risk.

• At Portfolio Level: Credit standing of specific obligor, Concentration risk, Systematic risk.

What is a liquidity risk?

• Potential difficulty in meeting short-term financial obligations due to an inability to convert assets into cash without substantial loss.

  • Trading Liquidity Risk: Inability to execute a transaction at the prevailing market price due to a lack of counterparties.

  • Funding Liquidity Risk: A firm's ability to raise necessary cash to roll over debt, meet counterparty requirements, and satisfy capital withdrawals.

What is an operational risk? (RM in FS)

Risk arising from failed internal processes, people, systems, or external events. Examples include fraud, rogue trading, technical errors, and legal issues.

What is a strategic risk?

Risk arising from an unsuccessful business plan, poor business decisions, inadequate resource allocation, or failure to adapt to environmental changes. This is often a key cause of financial distress for large companies.

What is an insurance risk (business risk)?

Risk that inadequate underwriting, product design, pricing, or claims settlement exposes an insurer to financial loss.

What is a reputation risk?

Risk of damage to an entity's standing or public image.

What is a systematic risk?

Risk inherent to the entire market or a market segment; also known as undiversifiable risk. It affects the overall market, not specific stocks or industries.

What is a systemic risk?

Risk of disruption to financial services caused by an impairment of all or parts of the financial system, with potential serious negative consequences for the real economy. It refers to the risk of collapse of the entire financial system or market.

What are three risk assessment methods?

Risk assessment involves evaluating the likelihood and impact of identified risks. Approaches include:

• Qualitative Assessment - focuses on whether existing safeguards are sufficient for credible accident scenarios.

• Semi-quantitative Assessment - classification based on severity/impact and frequency/occurrence.

• Quantitative Assessment - calculations based on severity/impact and frequency/occurrence.

What is a qualitative assessment?

• Relies on expert judgment and descriptive scales.

• Answers the question: "Are the safeguards sufficient for control a creditable accident scenario?"

What is a semi-quantitative assessment?

• Risk Matrix/Heat Map