A Risk Management Classic

I had occasion recently to search the Basel website to try to document the history of their involvement in risk management. 

The oldest document that is still available there that has the term Risk Management in its title is July 1994, Risk Management Guidelines for Derivatives.  That matches up with my impression that modern risk management can be traced back to the efforts of banks and banking supervisors to contain the risks associated with derivatives trading that had lead to several blow-ups in the early 1990’s. 

But the first real classic is the next oldest document on the Basel website,  Principles for the management of interest rate risk, from September 1997.  That document clearly lays out the structure and process for a full scale risk management system.  If you take that link, it will tell that the 1997 document has been superceded.  But if you look at the 2004 update and the 1997 original, you will see that they have added lots of details and lost most of the clarity to the original.  So if you want trees, take the 2004 version, if you want forest, like me, you would prefer the original 1997 version. 

What I particularly liked about the original is that it really wasn’t about interest rate risk at all.  It really captured the essence of risk management and applied that essence to interest rate risk.  Therefore, I believe that the document can easily be used as a guide to building a risk management system for any risk. 

The document is built around 1o Principles:

The role of the board and senior management

Principle 1: In order to carry out its responsibilities, the board of directors in a bank should approve strategies and policies with respect to interest rate risk management and ensure that senior management takes the steps necessary to monitor and control these risks. The board of directors should be informed regularly of the interest rate risk exposure of the bank in order to assess the monitoring and controlling of such risk.
 Principle 2: Senior management must ensure that the structure of the bank’s business and the level of interest rate risk it assumes are effectively managed, that appropriate policies and procedures are established to control and limit these risks, and that resources are available for evaluating and controlling interest rate risk.
Principle 3: Banks should clearly define the individuals and/or committees responsible for managing interest rate risk and should ensure that there is adequate separation of duties in key elements of the risk management process to avoid potential conflicts of interest. Banks should have risk measurement, monitoring and control functions with clearly defined duties that are sufficiently independent from position-taking functions of the bank and which report risk exposures directly to senior management and the board of directors. Larger or more complex banks should have a designated independent unit responsible for the design and administration of the bank’s interest rate risk measurement, monitoring and control functions.

Policies and procedures

Principle 4: It is essential that banks’ interest rate risk policies and procedures be clearly defined and consistent with the nature and complexity of their activities. These policies should be applied on a consolidated basis and, as appropriate, at the level of individual affiliates, especially when recognising legal distinctions and possible obstacles to cash movements among affiliates.
 Principle 5: It is important that banks identify the risks inherent in new products and activities and ensure these are subject to adequate procedures and controls before being introduced or undertaken. Major hedging or risk management initiatives should be approved in advance by the board or its appropriate delegated committee.

Measurement and monitoring system

Principle 6: It is essential that banks have interest rate risk measurement systems that capture all material sources of interest rate risk and that assess the effect of interest rate changes in ways that are consistent with the scope of their activities. The assumptions underlying the system should be clearly understood by risk managers and bank management.
 Principle 7: Banks must establish and enforce operating limits and other practices that maintain exposures within levels consistent with their internal policies.
Principle 8: Banks should measure their vulnerability to loss under stressful market conditions – including the breakdown of key assumptions – and consider those results when establishing and reviewing their policies and limits for interest rate risk.
Principle 9: Banks must have adequate information systems for measuring, monitoring, controlling and reporting interest rate exposures. Reports must be provided on a timely basis to the bank’s board of directors, senior management and, where appropriate, individual business line managers. 

Internal controls

Principle 10: Banks must have an adequate system of internal controls over their interest rate risk management process. A fundamental component of the internal control system involves regular independent reviews and evaluations of the effectiveness of the system and, where necessary, ensuring that appropriate revisions or  enhancements to internal controls are made. The results of such reviews should be available to the relevant supervisory authorities. 




I would generalize these with very simple editing.  Here is Generalized Principle 1:

Principle 1: In order to carry out its responsibilities, the board of directors in a firm should approve strategies and policies with respect to  risk management and ensure that senior management takes the steps necessary to monitor and control these risks. The board of directors should be informed regularly of the  risk exposure of the firm in order to assess the monitoring and controlling of such risk.

This was done by simply deleting 2 instances of the words “interest rate” and exchanging the word “firm” for the word “bank”. 

This mindless editing can be done to almost every one of the 10 principles and the result is not just usable, but is a very clear and basic guideline for any risk management program. 

That is what makes this a classic.

Explore posts in the same categories: Enterprise Risk Management, ERM, Interest Rate Risk, Risk Management


You can comment below, or link to this permanent URL from your own site.

One Comment on “A Risk Management Classic”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: