LO 39.3: Explain the role of an RAF in managing the risk of individual business lines within a firm, and describe best practices for monitoring a firms risk profile for adherence to the RAF.
Generally speaking, the RAF helps to ensure that each business lines strategies are congruent with the firms desired risk profile. The various business line managers each submit a medium-term business plan to senior management and/or the board to determine if it is consistent with the RAF. Such determinations are often made with stress tests or scenario analyses. Afterward, the RAF will set the risk limits allocated to each business line based on its desired risk profile.
Additionally, the RAF considers the integrated nature of the business lines within the firm. For example, the RAF can help determine how much a given business lines medium-term business plans has to be amended in order to allow another business lines proposal to be approved. In other words, there may be some borrowing of the risk appetite allotment from a business line in order to take advantage of the current opportunity in another business line. Familiarity with the RAF by business line managers would dramatically decrease the number of plans that fall well outside acceptable bounds. A clear RAF assists the firm in preventing risk appetite drift when economic conditions change.
2018 Kaplan, Inc.
Page 27
Topic 39 Cross Reference to GARP Assigned Reading – Senior Supervisors Group
RAF M e t r i c s f o r M o n i t o r i n g R i s k P r o f i l e
Examples of metrics that can be monitored as part of an effective RAF are as follows:
Capital targets (economic capital, tangible common equity, total leverage) or capital-at- risk amounts. Liquidity ratios, terms, and survival horizons.
Risk sensitivity limits. Risk concentrations by internal and/or external credit ratings.
Net interest income volatility or earnings-at-risk calculations. Value at risk (VaR) limits.
Expected loss ratios.
Asset growth ceilings by business line or exposure type.
Economic value added.
Post-stress-test targets for capital, liquidity, and earnings.
Performance of internal audit ratings.
The firms own credit spreads.
It is important to ensure that the metrics used to monitor risk are appropriate to the users of the information. Therefore, the risk metrics should be divided into classes, depending on who is receiving the information w ithin the firm. For example:
Directors should receive high-level metrics (less detail) that reflect the firms key risks.
CEO, CFO, CRO should receive more detailed metrics than directors. CEO, CFO, CRO should receive more detailed metrics than directors. Business line leaders should receive very detailed metrics, especially in relation to their respective business lines.
R i s k D a t a I n f r a s t r u c t u r e