Any Road Will Do
Is what the Cheshire Cat told Alice. Since she did not know where she was going.
And unfortunately, that is where the European Bank Supervisors seem to be regarding Risk Management. They just published a short paper entitled “High level principles for risk management”, which despite the lofty title gives very little clear guidance at a high level. I will instead point you to something along the same lines that WAS well written that DOES represent actual principles of risk management. I refer you to the BIS report in Interest Rate Risk Management from 1997. Their 11 top principles are listed below.
A. The role of the board and senior management
Principle 1: In order to carry out its responsibilities, the board of directors in a bank should approve interest rate risk management policies and procedures, and should be informed regularly of the interest rate risk exposure of the bank.
Principle 2: Senior management must ensure that the structure of the bank’s business and the level of interest rate risk it assumes are effectively managed, that appropriate policies and procedures are established to control and limit these risks, and that resources are available for evaluating and controlling interest rate risk.
Principle 3: Banks should have a risk management function with clearly defined duties that reports risk exposures directly to senior management and the board of directors and is sufficiently independent from the business lines of the bank. Larger or more
complex banks should have units responsible for the design and administration of the bank’s interest rate risk management system.
B. Policies and procedures
Principle 4: It is essential that banks’ interest rate risk policies and procedures be clearly defined and consistent with the nature and complexity of their activities. These policies should address the bank’s exposures on a consolidated basis and, as appropriate, also at the level of individual affiliates.
Principle 5: It is important that banks identify the risks inherent in new products and activities and ensure these are subject to adequate procedures and controls before being introduced or undertaken. Major hedging or risk management initiatives should be approved in advance by the board or its appropriate delegated committee.
C. Measurement and monitoring system
Principle 6: It is essential that banks have interest rate risk measurement systems that capture all material sources of interest rate risk and that assess the effect of interest rate changes in ways which are consistent with the scope of their activities. The assumptions underlying the system should be clearly understood by risk managers and bank management.
Principle 7: Banks must establish and enforce operating limits and other practices that maintain exposures within levels consistent with their internal policies.
Principle 8: Banks should measure their vulnerability to loss under stressful market conditions – including the breakdown of key assumptions – and consider those results when establishing and reviewing their policies and limits for interest rate risk.
Principle 9: Banks must have adequate information systems for monitoring and reporting interest rate exposures to senior management and boards of directors on a timely basis.
D. Independent controls
Principle 10: Banks must have adequate internal controls for their interest rate risk management process and should evaluate the adequacy and integrity of those controls periodically. Individuals responsible for evaluating control procedures must be independent of the function they are assigned to review.
Principle 11: Banks should periodically conduct an independent review of the adequacy and integrity of their risk management processes. Such reviews should be available to relevant supervisory authorities.
These principles are so universal that you will find that if you simply substitute the name of any other risk for the words “interest rate” in the sentences above, you will still have an excellent list of risk management principles. In fact, just substitute the words “Bank” or even “Insurer” for interest rate above and you now have a complete and coherent set of PRINCIPLES FOR RISK MANAGEMENT.
The most puzzling thing to me is that this BIS report has long been superseded by something with wording much more like the meandering and fuzzy report of the CEBS. Don’t take my word for it, the newest version of this BIS interest rate risk management paper is available on their website. Compare the wording of that report to these crystal clear principles and let me know where you see any improvements.